You are viewing limited content. For full access, please sign in.

Question

Question

Is Laserfiche Cloud compliant with CJIS Standards?

Laserfiche Cloud
Updated July 9
asked on February 21, 2020

We have law enforcement agencies that are interested in Laserfiche Cloud however I need to ensure that Laserfiche Cloud is (or can be configured) to be compliant with CJIS Standards for CJI.  Are there any considerations for an organization considering a move to Laserfiche Cloud?

0 0

Answer

SELECTED ANSWER
replied on February 21, 2020 Show version history

Hi Nathan,

While Laserfiche Cloud meets many compliance standards, including undergoing an annual SOC 2 Type 2 audit, CJIS is not currently one of them. The current U.S.-based Laserfiche Cloud offering is based in AWS's commercial regions, not AWS GovCloud. As I understand it, there are technical, policy, and personnel controls required for CJIS compliance that are only present in AWS GovCloud at this time.

Law Enforcement agencies looking for a cloud-based option to store CJI in Laserfiche can self-host Laserfiche in AWS GovCloud or Microsoft Azure Government. Both offer CJIS compliance resources, some of which you can find below:

Building CJIS Compliant Solutions in AWS GovCloud

Criminal Justice Information Service Compliance on AWS

CJIS Security Policy on AWS - Quick Start

Microsoft 365/Azure Government CJIS Overview

Azure CJIS Background

Azure CJIS Implementation Guidelines

 

4 0
View 3 previous replies
replied on February 24, 2020

This is excellent, thanks for the clarification!

0 0
replied on February 24, 2020

Welcome!

0 0
replied on June 18, 2020

Sam, do you know if there are any plans to offer it in the AWS GovCloud in the future?

1 0
replied on June 18, 2020

Bryan, while on our radar, it's not something we're actively working toward at the moment. Offering Laserfiche Cloud on AWS GovCloud in and of itself doesn't accomplish much. What organizations are really after is CJIS and FedRAMP compliance for the solution as a whole. While the SOC 2 controls Laserfiche Cloud currently addresses mostly overlap with CJIS/FedRAMP by merit of their shared basis in NIST SP 800-53, there are numerous areas that would require small changes for full alignment, not to mention the audit work itself.

We're currently focusing our Laserfiche Cloud development efforts in two main areas:

  1. Achieving functional parity with self-hosted systems
  2. Enabling ways for self-hosted systems to leverage Cloud features

 

Once we're satisfied with the progress on those fronts, we'll likely turn to addressing more specific use cases like CJIS.

1 0
replied on November 30, 2022

Any updates on CJIS compliance with Laserfiche Cloud?

0 0
replied on November 30, 2022

No updates for CJIS on Laserfiche Cloud at this time. It's something we remain aware of. If you have specific customers with CJIS workloads that are interested in migrating to Laserfiche Cloud, it would be helpful if you reached out to your Laserfiche sales contact with the list. This can help us gauge demand and prioritize accordingly during long-term roadmap planning.

CJIS compliance for a SaaS offering is both a huge amount of upfront and ongoing work to check all the boxes and has significant associated expenses, especially if we have to use higher cost AWS Gov Cloud services on the backend. 

0 0

Replies

replied on July 8

I just wanted to check in and see if this was actively being worked on by Laserfiche? I have a few clients that really want to move to Laserfiche Cloud, but are unable to because of this issue.

1 0
replied on July 8

We are looking at it alongside a broader FedRAMP initiative for Laserfiche Cloud, as there is significant overlap in the controls. That's not an official statement that we're definitely doing it, just a note that yes, it's on the table and if we proceed, likely something we'd tackle while working on FedRAMP over the next ~1-3 years or so.

There has been one significant development on AWS' side in this regard. Previously, only AWS GovCloud was validated for CJIS workloads. Supporting CJIS in Laserfiche Cloud would have necessitated creating an entirely new region on AWS GovCloud, a significant undertaking. 

However, on 06 Oct 2023, AWS announced that their US Commercial regions (where LF Cloud US runs today) supported the necessary controls for CJIS workloads. See: AWS Public Sector Blog - Continued innovation in CJIS compliance in both AWS GovCloud (US) and AWS US Commercial Regions

With a separate GovCloud region no longer a pre-req, the feasibility of CJIS on Laserfiche Cloud has gone way up. There's still a ton of work to implement and document all the CJIS controls though. Just because those controls are now available in the AWS US Commercial cloud doesn't mean they're automagically set up for you, only that their absence is no longer a hard blocker. 

As I mentioned in an earlier comment, the best thing you can do is reach out (or have your clients reach out) to Laserfiche Sales contacts and express interest to help drive prioritization.

1 0
replied on August 15, 2023

Has there been any update? I have a client asking about CJIS compliance. Thanks!

0 0
replied on August 15, 2023

No updates. Sam's latest response still holds - you should discuss with your sales contact so we can use that information to prioritize this effort.

1 0
replied on July 9

Thank you for the update, @████████.  Add to your list that the State of Oklahoma is interested in using Laserfiche Cloud when the FedRAMP is in place.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...