VIDIZMO Compliance with CJIS Security Policy Resource Center

• Role-Based Access Control (RBAC): Assigns specific permissions based on user roles, ensuring only authorized individuals access relevant data. This aligns with CJIS Security Policy Control SP 800-53 Rev. 5, AC-2 (Account Management) and AC-3 (Access Enforcement). 

• Granular Permission Settings: Fine-tunes access further, controlling viewing, editing, sharing, and other actions for individual users or groups. 

• Two-Factor Authentication (MFA): Adds an extra layer of security by requiring a secondary verification step beyond passwords. This aligns with CJIS Security Policy Control SP 800-53 Rev. 5, AC-2 (Account Management) and AC-3 (Access Enforcement). 

• Limited access: Only authorized personnel can access CJI data based on their roles and permissions. 

Strong Authentication Mechanisms

• Secure Password Protocols: Enforces complex password requirements, password aging policies, and regular password resets. 

• Single Sign-On (SSO Integration): Leverages existing organizational authentication systems for centralized control and improved user experience. 

• Predefined Roles: Offers pre-configured roles with specific permissions for common user types (e.g., investigators, evidence custodians). 

• Customizable Roles: Allows customization of roles and permissions to match specific organizational needs and security protocols. 

• Auditing and Reporting: Tracks user activity and access attempts, providing detailed records for accountability and compliance reporting. 

• Audits Logs: VIDIZMO maintains comprehensive audit logs that capture critical events, including user actions, system modifications, and access attempts. 

• Automatic Audit Log Reporting: VIDIZMO generates audit log reports, providing a detailed overview of system activities. 

• Chain of Custody Tracking: VIDIZMO’s DEMS should facilitate effective chain of custody tracking for digital evidence, ensuring its authenticity and admissibility in court. 

• VIDIZMO has established a well-defined incident response plan to promptly identify, contain, and remediate potential security incidents involving CJI data. This proactive approach minimizes risks and ensures data integrity. This meets CJIS Security Policy Control: SI-7. 

• VIDIZMO collaborates with Azure and AWS for incident response, relying on their robust procedures for infrastructure security, prompt notification of data breaches, and joint communication to ensure coordinated response and minimize incident impact. 

• VIDIZMO will promptly report security incidents to its internal team and notify affected customers according to established procedures. VIDIZMO conducts a thorough analysis to understand the root cause of the incident and prevent similar occurrences in the future. Document lessons learned from each incident to continuously improve security posture. 

• Azure and AWS operate secure data centers featuring multi-layered access controls, biometric authentication, and security patrols. Advanced environmental controls safeguard against physical threats like fire and flooding. Video surveillance and intrusion detection systems ensure real-time monitoring. Regular security audits and penetration testing are conducted to identify and address vulnerabilities, ensuring a high level of physical security in their state-of-the-art facilities.

• Data Encryption: While Azure and AWS encrypt data at rest and in transit, VIDIZMO's encryption features within the platform provide an additional layer of security for your CJI data. 

• User Authentication: VIDIZMO's role-based access control and strong authentication mechanisms further restrict access to data within the platform, even if physical access to the underlying infrastructure were compromised. 

• Conduct background checks for employees: VIDIZMO emphasizes the importance of conducting thorough background checks for all employees who have access to data. 

• Provide security awareness training: VIDIZMO places a strong emphasis on continuous security awareness training for its personnel. Regular training sessions are conducted to educate personnel on the latest threats, phishing techniques, and the importance of maintaining a security-conscious mindset. 

• Scheduled Deletion: Set automated deletion schedules for specific data types or retention periods, ensuring timely and secure disposal. 

• Manual Deletion: Securely delete individual data items through user-initiated actions with confirmation steps. 

• Azure and AWS: Both providers offer secure data deletion methods for data stored within their infrastructure, adhering to relevant regulations. 

• Infrastructure Security: AWS and Azure cloud providers have robust vulnerability management programs for their underlying infrastructure, including regular assessments, patching, and proactive measures to identify and address potential security weaknesses. 

• Regular Assessments: VIDIZMO conducts regular vulnerability assessments of its platform using industry-standard tools and methodologies. 

• Prioritization and Remediation: Identified vulnerabilities are prioritized based on severity and potential impact, with timely remediation plans implemented. 

• Secure Coding Practices: VIDIZMO follows secure coding practices and development methodologies to minimize the introduction of vulnerabilities in the platform. 

• Security Patch Management: VIDIZMO promptly applies security patches for any identified vulnerabilities within its software components. 

• Regular Assessments: VIDIZMO conducts periodic risk assessments using industry-standard frameworks and methodologies, systematically evaluating potential threats and vulnerabilities across its platform and infrastructure. 

• Shared Responsibility: Both VIDIZMO and its cloud providers, Microsoft Azure and Amazon Web Services (AWS), contribute to risk assessment by sharing threat intelligence and vulnerabilities identified within their respective domains. 

10. Policy and Procedure Development 

VIDIZMO addresses CJIS Control 25 by emphasizing the establishment and enforcement of security policies and procedures.

• Documentation: VIDIZMO provides easily accessible documentation detailing its internal security policies and procedures, serving as a valuable reference for users to understand best practices.
• Transparency: VIDIZMO ensures transparency by keeping users informed about any changes to security policies and procedures through regular communication channels. This commitment to documentation and transparent communication aligns with CJIS Control 25, fostering a secure and well-informed user environment within VIDIZMO.