Microsoft Azure Government Meets Criminal Justice Information Services (CJIS) Requirements
Posted on December 18, 2014
Last week I spoke in Washington D.C. at an event announcing the general availability of Microsoft Azure Government. At the event, which was keynoted by Microsoft CEO Satya Nadella, we announced a lot of new features and developments that are important to our public sector customers. Among the key announcements was that Azure Government is the first hyperscale commercial infrastructure cloud platform to be capable of meeting CJIS requirements for federal, state and local governments. Over the last few years, I’ve had the privilege of working with public safety professionals including State CJIS Officers and the FBI Advisory Policy Board (APB). I’m not sure why other providers are not willing to directly address CJIS requirements, but I do know compliance is a commitment, not a checkbox. The CJIS Division of the Federal Bureau of Investigation operates systems that provide state, local, and federal law enforcement and criminal justice agencies with access to critical criminal justice information including, personal information such as fingerprint records, criminal histories, and sex offender registrations. Federal, state, and local governments that want to access the CJIS through a cloud-based solution are required to use a cloud service provider that adheres to the CJIS Security Addendum, which mandates screening of personnel with access to CJIS-related data, and appropriate controls to protect the full lifecycle of data. Because of these strict requirements, many state and local governments have had difficulty accessing CJIS from anything but on-premise solutions. The participation of Microsoft Azure Government makes this much easier for agencies, and expands the scope of coverage to state agencies already using Microsoft Office 365 for CJIS workloads. A current list of Microsoft Azure Government in-scope services is published on the Microsoft Azure Trust Center section Compliance by Service. In-scope services currently include: Virtual Machines, Cloud Services, Storage, SQL Database, Active Directory, Virtual Network, and Traffic Manager. Additional, current information on Azure Government compliance is available at https://azure.com/trustcenter.