You are viewing limited content. For full access, please sign in.

Question

Question

Is Laserfiche Cloud compliant with CJIS Standards?

Laserfiche Cloud
Updated August 15, 2023
asked on February 21, 2020

We have law enforcement agencies that are interested in Laserfiche Cloud however I need to ensure that Laserfiche Cloud is (or can be configured) to be compliant with CJIS Standards for CJI.  Are there any considerations for an organization considering a move to Laserfiche Cloud?

0 0

Answer

SELECTED ANSWER
replied on February 21, 2020 Show version history

Hi Nathan,

While Laserfiche Cloud meets many compliance standards, including undergoing an annual SOC 2 Type 2 audit, CJIS is not currently one of them. The current U.S.-based Laserfiche Cloud offering is based in AWS's commercial regions, not AWS GovCloud. As I understand it, there are technical, policy, and personnel controls required for CJIS compliance that are only present in AWS GovCloud at this time.

Law Enforcement agencies looking for a cloud-based option to store CJI in Laserfiche can self-host Laserfiche in AWS GovCloud or Microsoft Azure Government. Both offer CJIS compliance resources, some of which you can find below:

Building CJIS Compliant Solutions in AWS GovCloud

Criminal Justice Information Service Compliance on AWS

CJIS Security Policy on AWS - Quick Start

Microsoft 365/Azure Government CJIS Overview

Azure CJIS Background

Azure CJIS Implementation Guidelines

 

4 0
View 3 previous replies
replied on February 24, 2020

This is excellent, thanks for the clarification!

0 0
replied on February 24, 2020

Welcome!

0 0
replied on June 18, 2020

Sam, do you know if there are any plans to offer it in the AWS GovCloud in the future?

1 0
replied on June 18, 2020

Bryan, while on our radar, it's not something we're actively working toward at the moment. Offering Laserfiche Cloud on AWS GovCloud in and of itself doesn't accomplish much. What organizations are really after is CJIS and FedRAMP compliance for the solution as a whole. While the SOC 2 controls Laserfiche Cloud currently addresses mostly overlap with CJIS/FedRAMP by merit of their shared basis in NIST SP 800-53, there are numerous areas that would require small changes for full alignment, not to mention the audit work itself.

We're currently focusing our Laserfiche Cloud development efforts in two main areas:

  1. Achieving functional parity with self-hosted systems
  2. Enabling ways for self-hosted systems to leverage Cloud features

 

Once we're satisfied with the progress on those fronts, we'll likely turn to addressing more specific use cases like CJIS.

1 0
replied on November 30, 2022

Any updates on CJIS compliance with Laserfiche Cloud?

0 0
replied on November 30, 2022

No updates for CJIS on Laserfiche Cloud at this time. It's something we remain aware of. If you have specific customers with CJIS workloads that are interested in migrating to Laserfiche Cloud, it would be helpful if you reached out to your Laserfiche sales contact with the list. This can help us gauge demand and prioritize accordingly during long-term roadmap planning.

CJIS compliance for a SaaS offering is both a huge amount of upfront and ongoing work to check all the boxes and has significant associated expenses, especially if we have to use higher cost AWS Gov Cloud services on the backend. 

0 0

Replies

replied on August 15, 2023

Has there been any update? I have a client asking about CJIS compliance. Thanks!

0 0
replied on August 15, 2023

No updates. Sam's latest response still holds - you should discuss with your sales contact so we can use that information to prioritize this effort.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...