Investigating CJIS? Lock down password compliance with Specops

When we think about criminal justice and cybersecurity, the imagination isn’t immediately drawn to compliance. Meeting policy requirements isn’t as flashy or exciting as a hooded hacker using a laptop to defeat their foes.  The realm of cybercrime is known for tall tales, mysterious individuals, and underground digital spaces that both Blackhat and Whitehat hackers are known to dwell in. But let’s face it; the industry is also full of standards and procedures which are often overlooked in Hollywood and headlines.

So, when we say the FBI has a cybersecurity headache – we don’t just mean ransomware gangs and cyber-attacks from hostile nations. They also want to ensure any State or Local entities handling sensitive data related to US criminal justice are doing so in a secure way. However, navigating these best practices can be intimidating or difficult without the right help.  We’ll explain how the ‘Specops Experience’ makes compliance with the password and MFA requirements simple and stress-free.

The CJIS Active Directory challenge 

Near the end of 2024, a new challenge reared its head for State and Local entities seeking to adhere with the FBI’s Criminal Justice Information System (CJIS). While changes to this standard are not unusual, the update in late 2024 has flipped the script on what it means to be compliant with password policies. Suddenly, hardening Active Directory security became a top priority.

Within months, auditors and compliance officers began to demand that those handling Criminal Justice Information (CJI) must abide by the latest rules, including new Password composition policies which differ from previous years. The biggest change here shows up in IA-5 section (1)(a) Memorized Secret Authenticators and Verifiers, which now includes a requirement to check saved passwords against a known compromised password list at least quarterly. 

For a full rundown of password and MFA requirements, check out our other post on CJIS requirements here.

Compliance challenge accepted!

While these new requirements may not seem overly complicated, Active Directory doesn’t natively provide functionality to address this. Yet for any entities seeking to comply with CJIS, this compliance issue must be addressed. For the past several years, Specops has been providing a solution to organizations across the US (and globally) known as “Breached Password Protection”. 

With this feature enabled, our Specops Password Policy solution continuously scans an organization’s Active Directory against our (growing) database of over 4 billion breached passwords. If a user is found to be using a compromised password, they’re notified to change to a new one that meets your CJIS-compliant password policy. Setting up a compliant policy is quick and simple.

It may come as no surprise that Specops has also identified a recent uptick in interest from US Cities and States seeking to meet this need. While our solutions have long cited CJIS and other frameworks, the urgency to meet this need has grown rapidly and Specops has the proven track record to accept that challenge head-on. 

Rapid deployment: ‘The Specops Experience’

The “Specops Experience” for Password Policy and Breached Password Protection offers Onboarding services designed to take the stress out of meeting and enforcing CJIS Password best practices. New customers benefit from: 

• Step-by-step guidance that makes Active Directory integration easy. 
• Personalized support from specialists who understand the requirements. 
• Fast feedback loops which ensure timely and seamless rollout.

Continuously block 4 billion+ compromised passwords in your Active Directory

The results to expect

The influx of customers onboarding with Specops saw immediate wins: 

• Immediate risk reduction as breached passwords were found and quickly addressed using our database of over 4 billion compromised passwords. 
• Quick deployment turnaround, helping customers to meet deadlines with confidence. 
• Record-high satisfaction scores, reflecting trust in both the product and the onboarding experience. 
• Peer referrals surged, as customers shared their success stories with industry colleagues. 
• Rapid user adoption, as users took advantage of the Immediate End-User Feedback built into the UI.

Looking for help with CJIS compliance? 

For many institutions, access to CJIS is critical and could be withheld without solutions like Specops Password Policy & Breached Password Protection. Interested to see how Specops Password Policy could fit in with your environment? Book a live demo today.