Skip to main content

Leading law enforcement agencies adopting Microsoft Azure Government services, citing Microsoft’s CJIS compliance approach

leading-law-enforcementFrom Charlotte-Mecklenburg Police Department in North Carolina to Los Angeles Police Department (LAPD) and Oakland Police Department in California, law enforcement agencies are transforming with modern mobile and cloud technologies, enabling their success.

From the footage captured by body-worn cameras to fingerprint files, criminal records and surveillance video, to identity management and storage services, the digital media information and evidence that law enforcement officers collect is vitally important and deserves the highest standard of protection, regardless of jurisdiction.

This view is shared within the law enforcement field. To prioritize such protections, just this month, the International Association of Chiefs of Police (IACP), the largest organization of police leaders in the U.S., issued updated guidelines recommending that cloud storage of all criminal justice information — including video — should comply with the FBI’s Criminal Justice Information Services (CJIS) Security Policy.

We agree with the IACP. This is why Microsoft Azure Government is the only hyper-scale cloud platform that is contractually committed to meeting the FBI’s CJIS requirements. Furthermore, for Microsoft, CJIS compliance isn’t just a check box. While other technology companies claim to support CJIS requirements, many are vague on the subject and details around it or how they work with law enforcement agencies to meet the mandatory security and privacy needs. In recognition of this, we offer five questions that we believe law enforcement organizations should ask every cloud provider:

  1. Do you support national standards like the FBI’s CJIS Security Policy for protecting criminal justice information?
  2. Will you contractually commit in writing to managing data in accordance with the FBI’s CJIS Security Policy?
  3. Do you have a separate, fully isolated cloud platform for U.S. federal, state, and local government customers?
  4. Have the personnel working in your cloud provider’s data center passed a fingerprint-based CJIS background check provided by the FBI or your state’s CJIS Office?
  5. Will you contractually commit to audits to demonstrate that you are providing full support for CJIS compliance?

At Microsoft, we can attest that we support and agree to all of these crucial components. Microsoft’s industry-leading approach to supporting CJIS compliance is one of the primary reasons why law enforcement agencies like the Los Angeles Police Department (LAPD), the San Bernardino County Sheriff’s Department, and the Oakland Police Department have chosen Microsoft’s Cloud for Government platform.

Los Angeles Police Department“The fact that Microsoft contractually committed to CJIS compliance by signing the FBI’s CJIS Security Addendum and having their employees background-checked by California DOJ helped give the LAPD the confidence that we could begin to leverage Azure Government for our most critical, sensitive workloads,” says Sanjoy Datta, information security officer, LAPD. “It is rare that vendors, on their own initiative, take the trouble to comply with the multiple regulatory frameworks that law enforcement, as well as all state and local government agencies, are required to meet. Microsoft has exceeded the LAPD’s expectations in this regard by taking on the difficult requirements of the CJIS regulatory regime and meeting them head-on.”

San Bernardino County Sheriff’s Department“In an ever-increasing threat environment, where the Internet and systems are continually being targeted, we decided that all our systems should meet CJIS requirements across the enterprise,” says Ted L. Byerly, team leader for Networking, Security and Infrastructure at the San Bernardino County Sheriff’s Department. “Since we had decided to adopt cloud technologies going forward and Microsoft committed to building a government community cloud that met CJIS requirements, we felt we had a perfect solution. Microsoft committed to the same requirements we require of all our other vendors, so we knew we made the right decision.”

Oakland Police Department“Once we get our video onto the Azure platform we can aggregate it, we can learn from it, we can make the database proactive to tell us things,” says Oakland Police Department Officer Dave Burke. “We can run a keyword search against all the audio and pull up videos where certain things were said. From an emergency management or even a court and judicial process perspective, this really opens the door.”

Other leaders in the law enforcement community recognize that providing CJIS-level security to all criminal justice information protects both agency data and citizen privacy. In a USA Today column, Michael Chertoff, former secretary of the Department of Homeland Security, said, “Criminal justice information needs good security because it is information about citizens, often at their most distressed and vulnerable.” But there is a standard that can help meet this need, he adds: “Fortunately, law enforcement agencies have a good model to consider adopting when storing data in the cloud, one that addresses both security and privacy issues: the recently issued FBI policy on Criminal Justice Information Services Security Policy.”

Microsoft understands just how much of a priority security is to law enforcement agencies across the U.S. As more law enforcement agencies turn to the cloud, we will continue our commitment to providing the most secure solutions to our customers.

To learn more about Microsoft’s comprehensive commitment to compliance and CJIS, please visit the Azure Trust Center:

Michael Donlan

Vice President, Microsoft’s State and Local Government