Government clouds are not all the same so we’re starting a dialogue on our strategy for building the Microsoft Government Cloud, exploring several areas we believe are highly valuable differentiators. Details matter when government, defense and intelligence agencies decide which cloud platform will deliver their mission critical services to citizens and constituents.
Today I’m going to talk about how we support compliance with Criminal Justice Information Services, or CJIS. It’s part of our industry leading compliance portfolio and represents our commitment to doing the hard work to make compliance simpler for our customers. CJIS is the most critical compliance requirement for state and local governments adopting the cloud as it ensures police and public safety personnel use information technology securely and with the right privacy controls.
CJIS has been built into Azure from the beginning
Nearly four years ago, we made a very deliberate decision to comply with the applicable controls in the CJIS Security Policy, starting work on an approach that would ultimately satisfy the US Justice Department and CJIS Systems Agencies in all 50 states. We quickly learned there was no silver bullet, no simple step to achieving compliance and no single federal agreement covering all states. Our approach is to attest to each state CJIS Systems Agency that Microsoft meets the applicable requirements of the Policy. The Policy has 13 security areas of which four are particularly critical to agency requirements and Microsoft’s approach:
- State approval of applicable Microsoft employees thru fingerprint and background screening. Yes – we are really giving the fingerprints of our operational staff to each state!
- CJIS Security Awareness Training completed by each employee with potential access to data with 30 days of assignment. This exceeds by five months the CJIS Security Policy requirement of six months.
- Signed addendum by Microsoft as a corporation and each applicable employee. Every employee is individually committing to meet CJIS standards as a condition of their employment.
- State review and acceptance of Microsoft attestation to CJIS controls thru review of security reports and physical data center inspection.
No other provider provides the transparency and insight that Microsoft provides with regards to CJIS.
With 23 states (and growing) – Microsoft is the CJIS cloud leader
In December 2012 Microsoft was the first hyperscale cloud provider to contractually attest to the applicable CJIS controls with a signed CJIS management agreement and CJIS Security Addendum. It was three years before any other major cloud provider. Since 2012, we have worked one-by-one to sign agreements with 23 states and our goal of reaching all 50 remains very much in sight.
Why CJIS matters – smarter, faster and better mission focus
Police body worn video cameras are one of the biggest emerging technology disruptions today in justice and public safety and its applicability under CJIS continues to evolve in every state. We’re prepared to support each state’s decision with our comprehensive CJIS strategy.
A compelling example of how law enforcement and the cloud come together is innovation by the Miami-Dade Police Department. Miami-Dade police chose to work partner with Microsoft, VIEVU to build and deploy secure solutions based on Microsoft Azure Government. Already, the solutions have helped the Miami-Dade Police Department transform its operations, better engage the public, and increase transparency with citizens. As said by Juan J. Perez, director of the Miami-Dade Police Department:
“We wanted to be at the forefront of technology to be able to capture evidence that couldn’t be gleaned another way. But we also knew we needed to approach the implementation of body-worn cameras thoughtfully to ensure the most positive impact for everyone involved.”
Read more about Miami-Dade’s story on our Transform Blog.
Miami-Dade and VIEVU are not alone – hundreds of states and partners such as The State of California and partners like Taser have made the same choice.
What this means for you
We are committed to building a Government Cloud you can trust and that means meeting or exceeding the standards required to transform mission critical government and defense workloads to the cloud. Public safety services provided by US state and local governments is one of these workloads and we are proud to offer the deepest and most comprehensive compliance to CJIS in the market today.
Unlike other providers in the market, we don’t have partial coverage, don’t make unsubstantiated claims, and we don’t require our Government customers to use third party software. We believe compliance should be simplified and transparent and allow government agencies to focus on meeting their missions.
I invite you to sign up for a Free Azure Government Trial, to experience the security and trust of the Microsoft Government Cloud.