Document information

Document ID:8894
Subject:CJIS Compliant File Sharing Solution
Creation date:4/21/22 4:28 PM
Last modified on:4/22/22 1:22 PM


CJIS Compliant File Sharing Solution SynaMan

This article will serve as a resource for understanding how the Criminal Justice Information Services(CJIS) Security Policies interact with SynaMan. CJIS Security Policy outlines specific information security guidelines, requirements, and data handling that pertain to CJI (Criminal Justice Information). According to the FBI, the Policy empowers CJIS Systems Agencies (CSA) with the insight and ability to tune their security programs to their risks, needs, budgets, and resource constraints while remaining compliant with the baseline level of security set by the CJIS Security Policy.

What is SynaMan

SynaMan is an ideal on-premise file-transfer/sharing solution for individuals and corporate users, offering a cost-effective way to quickly and easily transfer files of any type and size to any machine running various operating systems. SynaMan is used by countless organizations and entities in the Criminal Justice world to help them share and manage documents and other data.

Here is a list of a few benefits of using SynaMan:

  • On-Premise/Private Cloud - No third-party will ever see your files.
  • Secure - Sharing files securely is embedded into its DNA from the start. Features like Multi-Factor Authentication, Single Sign-On, Access Logs, and integration with anti-viruses keep your environment safe from external threats.
  • Unlimited transfers - No caps on bandwidth or file size. Easily share files like surveillance videos, database files, audio recordings or any other type of digital artifact.
  • Unlimited users - Create as many users as you need*.

* - When combined with perpetual licensing model.

How SynaMan Helps You Stay Compliant With CJIS

Many of the CJIS Security Policies do not explicitly pertain to SynaMan use, such as policies that have to do with System Level events; however, there are a few that do. Outlined below are these policies that are directly controllable through SynaMan, however, each of them still have a component that is only configurable by your local system administrators.

For reference purposes, the full CJIS Security Policy can be found on the FBI's Website here: CJIS Security Policy Document

Important Sections

Below you will find the various sections that SynaMan has some influence over that directly relate to the CJIS Security policy.

Policy Area 1: Information Exchange Agreements The information shared through communication mediums shall be protected with appropriate security safeguards. The agreements established by entities sharing information across systems and communications mediums are vital to ensuring all parties fully understand and agree to a set of security standards.

This is a shared responsibility between SynaMan and your organization's System Administrators. SynaMan has the ability to impose industry standard Security Controls such as <Two-Factor Authentication (2FA/MFA), Strict Password Policy, and strict Access Control Mechanisms.

Policy Area 4: Auditing and Accountability Agencies shall implement audit and accountability controls to increase the probability of authorized users conforming to a prescribed pattern of behavior. Agencies shall carefully assess the inventory of components that compose their information systems to determine which security controls are applicable to the various components. Auditing controls are typically applied to the components of an information system that provide auditing capability (servers, etc.) and would not necessarily be applied to every user-level workstation within the agency. As technology advances, more powerful and diverse functionality can be found in such devices as personal digital assistants and cellular telephones, which may require the application of security controls in accordance with an agency assessment of risk.

This section refers to audit logging capabilities and requirements.

This is a shared responsibility between SynaMan and your organization's System Administrators. SynaMan has powerful audit logging capabilities that can log the interactions of users with the system, as well as administrators with the system. Your administrators can monitor these logs to ensure that your organization's security constraints are being followed properly.

Relevant subsections: 5.4 | 5.4.1.1 | 5.4.1.2 | 5.4.3 | 5.4.4 | 5.4.5 | 5.4.6

Policy Area 5: Access Control Access control provides the planning and implementation of mechanisms to restrict reading, writing, processing and transmission of CJIS information and the modification of information systems, applications, services and communication configurations allowing access to CJIS information.

This section refers to access control mechanisms.

This is a shared responsibility between SynaMan and your organization's System Administrators. SynaMan comes with powerful access controls that provide the SynaMan administrators the ability to restrict reading, writing, processing and transmission of all data it handles. Your System Administrators can apply further access controls at the system-level to protect the system itself.

Relevant subsections: 5.5.2 | 5.5.2.1 | 5.5.2.2 | 5.5.2.3 | 5.5.2.4 | 5.5.3 | 5.5.4 | 5.5.5 | 5.5.6

This section refers to authentication mechanisms, passwords, and their respective requirements. SynaMan has the ability to enforce strict password requirements as well as 2 Factor-Authentication (2FA) to ensure that authentication standards are met.

Relevant subsections: 5.6.2.1 | 5.6.2.1.1 | 5.6.2.1.2 | 5.6.2 | 5.6.3

Policy Area 8: Media Protection Media protection policy and procedures shall be documented and implemented to ensure that access to electronic and physical media in all forms is restricted to authorized individuals. Procedures shall be defined for securely handling, transporting and storing media

This is a shared responsibility between SynaMan and your organization’s system administrators. SynaMan can be configured to meet your organization's media protection policy with ease. SynaMan only grants authorized users access to “virtual folders” containing data. Without authorized access, a user cannot see the data. In addition to this, public links hide any non-relevant or specified data, only allowing recipients to download specific files or upload to an undisclosed location.

Relevant subsections: 5.8.2.1

Policy Area 10: System and Communications Protection and Information Integrity Examples of systems and communications safeguards range from boundary and transmission protection to securing an agency’s virtualized environment. In addition, applications, services, or information systems must have the capability to ensure system integrity through the detection and protection against unauthorized changes to software and information. This section details the policy for protecting systems and communications infrastructures.

This is a shared responsibility between SynaMan and your organization’s system administrators. SynaMan inherently comes with “boundaries” that shield your data from unauthorized access. SynaMan can also integrate with 3rd-Party antivirus software to mitigate against hidden threats.

Relevant subsections: 5.10.1.2 | 5.10.3.1 | 5.10.4.1 | 5.10.4.2 | 5.10.4.4

Questions?

If you have any questions regarding specific policy requirements and SynaMan, please contact our support team at support@synametrics.com.



User comments

Posted by Amir Halfon on 8/29/22 11:08 AM

I am glad single sign-on was added recently. It is very helpful.


Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users?

Important: This area is reserved for useful tips. Therefore, do not post any questions here. Instead, use our public forums to post questions.

Navigation

Social Media

Powered by 10MinutesWeb.com