|Subject:||CJIS Compliant File Sharing Solution|
|Creation date:||4/21/22 4:28 PM|
|Last modified on:||4/22/22 1:22 PM|
This article will serve as a resource for understanding how the Criminal Justice Information Services(CJIS) Security Policies interact with SynaMan. CJIS Security Policy outlines certain information security guidelines, requirements and data handling that pertain to CJI (Criminal Justice Information). According to the FBI, the Policy empowers CJIS Systems Agencies (CSA) with the insight and ability to tune their security programs to their risks, needs, budgets, and resource constraints while remaining compliant with the baseline level of security set by the CJIS Security Policy.
SynaMan is an ideal remote file-transfer/sharing solution for individuals as well as corporate users, offering a cost-effective way to quickly and easily transfer files of any type and size to any machine running a variety of operating systems. SynaMan is used by countless organizations and entities in the Criminal Justice world, to help them share and manage documents and other data.
Many of the CJIS Security Policies do not explicitly pertain to SynaMan use, such as policies that have to do with System Level events – however, there are a few that do. Outlined below are these policies that are directly controllable through SynaMan, however, each of them still have a component that is only configurable by your local system administrators.
For reference purposes, the full CJIS Security Policy can be found on the FBI’s Website here: CJIS Security Policy Document
Below you will find the various sections that SynaMan has some influence over that directly relate to the CJIS Security policy.
Policy Area 1: Information Exchange Agreements The information shared through communication mediums shall be protected with appropriate security safeguards. The agreements established by entities sharing information across systems and communications mediums are vital to ensuring all parties fully understand and agree to a set of security standards.
This is a shared responsibility between SynaMan and your organization's System Administrators. SynaMan has the ability to impose industry standard Security Controls such as Two-Factor Authentication (2FA), Strict Password Policy, and strict Access Control Mechanisms.
Policy Area 4: Auditing and Accountability Agencies shall implement audit and accountability controls to increase the probability of authorized users conforming to a prescribed pattern of behavior. Agencies shall carefully assess the inventory of components that compose their information systems to determine which security controls are applicable to the various components. Auditing controls are typically applied to the components of an information system that provide auditing capability (servers, etc.) and would not necessarily be applied to every user-level workstation within the agency. As technology advances, more powerful and diverse functionality can be found in such devices as personal digital assistants and cellular telephones, which may require the application of security controls in accordance with an agency assessment of risk.
This section refers to audit logging capabilities and requirements.
This is a shared responsibility between SynaMan and your organization's System Administrators. SynaMan has powerful audit logging capabilities that can log the interactions of users with the system, as well as administrators with the system. Your administrators can monitor these logs to ensure that your organization's security constraints are being followed properly.
Relevant subsections: 5.4 | 126.96.36.199 | 188.8.131.52 | 5.4.3 | 5.4.4 | 5.4.5 | 5.4.6
Policy Area 5: Access Control Access control provides the planning and implementation of mechanisms to restrict reading, writing, processing and transmission of CJIS information and the modification of information systems, applications, services and communication configurations allowing access to CJIS information.
This section refers to access control mechanisms.
This is a shared responsibility between SynaMan and your organization's System Administrators. SynaMan comes with powerful access controls that provide the SynaMan administrators the ability to restrict reading, writing, processing and transmission of all data it handles. Your System Administrators can apply further access controls at the system-level to protect the system itself.
Relevant subsections: 5.5.2 | 184.108.40.206 | 220.127.116.11 | 18.104.22.168 | 22.214.171.124 | 5.5.3 | 5.5.4 | 5.5.5 | 5.5.6
This section refers to authentication mechanisms, passwords, and their respective requirements. SynaMan has the ability to enforce strict password requirements as well as 2 Factor-Authentication (2FA) to ensure that authentication standards are met.
Relevant subsections: 126.96.36.199 | 188.8.131.52.1 | 184.108.40.206.2 | 5.6.2 | 5.6.3
Policy Area 8: Media Protection Media protection policy and procedures shall be documented and implemented to ensure that access to electronic and physical media in all forms is restricted to authorized individuals. Procedures shall be defined for securely handling, transporting and storing media
This is a shared responsibility between SynaMan and your organization’s system administrators. SynaMan can be configured to meet your organization's media protection policy with ease. SynaMan only grants authorized users access to “virtual folders” containing data. Without authorized access, a user cannot see the data. In addition to this, public links hide any non-relevant or specified data, only allowing recipients to download specific files or upload to an undisclosed location.
Relevant subsections: 220.127.116.11
Policy Area 10: System and Communications Protection and Information Integrity Examples of systems and communications safeguards range from boundary and transmission protection to securing an agency’s virtualized environment. In addition, applications, services, or information systems must have the capability to ensure system integrity through the detection and protection against unauthorized changes to software and information. This section details the policy for protecting systems and communications infrastructures.
This is a shared responsibility between SynaMan and your organization’s system administrators. SynaMan inherently comes with “boundaries” that shield your data from unauthorized access. SynaMan can also integrate with 3rd-Party antivirus software to mitigate against hidden threats.
Relevant subsections: 18.104.22.168 | 22.214.171.124 | 126.96.36.199 | 188.8.131.52 | 184.108.40.206
If you have any questions regarding specific policy requirements and SynaMan, please contact our support team at email@example.com.