The Criminal Justice Information Services (CJIS) Security Policy is a comprehensive set of security guidelines established by the United States Federal Bureau of Investigation (FBI). Its purpose is to ensure that sensitive Criminal Justice Information (CJI) is safeguarded with the highest standards across its full lifecycle—from generation and use to storage and transmission. Cloud storage providers and other technology partners must adhere to these standards when handling data for law enforcement, public safety organizations, and other entities. You can review the full CJIS Security Policy on the FBI website.
Storj provides cloud storage solutions that meet CJIS requirements through stringent security protocols, ensuring compliance for handling CJI with appropriate controls and best practices.
Yes, Storj offers a CJIS-compliant cloud storage solution when configured correctly. This means law enforcement agencies, federal law enforcement organizations, and public safety entities can store and process criminal histories, background checks, and other CJI in line with the FBI’s requirements. Storj incorporates the necessary regulatory controls and supports minimum security requirements defined under the CJIS Security Policy.
Storj's distributed and encrypted storage model ensures the secure processing of CJI while adhering to state laws, federal laws, and the varied requirements of your jurisdiction for CJIS compliance.
Storj excels at securing data through encryption at every stage of the data lifecycle. Data stored on Storj’s distributed cloud platform is encrypted using AES256-GCM authenticated encryption. This ensures that data is safe at rest and during transit. Importantly, customers maintain exclusive control of their encryption keys, a fundamental principle of CJIS compliance and a best practice for managing sensitive data.
Additionally, encryption ensures that even in the unlikely event of unauthorized access, the data remains inaccessible without the encryption keys. Storj’s approach empowers customers to safeguard their CJI while maintaining security in alignment with national institute of standards (NIST SP) guidelines.
Storj employs an innovative distributed storage architecture by dividing objects into encrypted segments and erasure-encoded pieces. These pieces are redundantly stored across a global network of storage nodes to achieve high durability and availability. Even if part of the network fails, the redundancy ensures no loss of data or availability, satisfying durability and security requirements critical for the full lifecycle of CJI.
This distribution strategy supports the use of CJI in environments that demand non-stop access while ensuring compliance with the stringent authorization management programs required by regulatory standards. It provides flexibility for customers to meet federal risk management expectations and other security criteria laid down by uniform agreements and state governments.
Absolutely. Storj enables customers to choose their infrastructure setup, providing unparalleled flexibility for CJIS cloud storage. You have options to store encrypted, erasure-encoded pieces of CJI data on:
• Storj's global network of geographically diverse, heterogeneous storage nodes,
• A subset of nodes restricted to specific geographic regions
• Nodes operated in SOC2 certified facilities, or
• Nodes operated on your organization’s infrastructure.
This flexibility ensures Storj meets the unique storage needs and security regulations of your jurisdiction.
Yes, Storj employs a zero-trust model by separating encryption and authorization management for data access controls. This robust approach ensures there’s no direct link between CJI stored on the infrastructure and the access permissions. Such exclusive control of encryption processes aligns with federal laws and the security program goals outlined under CJIS Security Policy guidelines.
Metadata stored on Storj is encrypted by default using AES 256 GCM authenticated encryption, the same standard applied to object data. This encrypted metadata includes object paths, keys, and any user-supplied information about uploaded files. Storj stores metadata in SOC2 certified facilities and distributes it across a highly available, fault-tolerant network for enhanced concurrency and durability.
This secure architecture ensures compliance with NIST SP requirements and guarantees metadata protection throughout the full lifecycle of data usage.
Storj offers two secure models for data transfer via its cloud services—a client software approach named Uplink and a hosted HTTP endpoint model called Edge Services.
• Edge Services: Includes a hosted S3-compatible Gateway and the Auth Service, operated in SOC2-certified facilities. All transfers to and from Edge Services utilize HTTPS with TLS 1.2+ encryption, maintaining confidentiality and data integrity during transit.
• (Optional) Uplink Client: Features end-to-end encryption, where all data is encrypted on the client side before leaving. This data remains encrypted during transfer and storage, ensuring robust protection against vulnerabilities.
By leveraging these methods, Storj ensures data compliance and security in alignment with CJIS security requirements.
Yes, Storj’s experienced support team provides resources to help customers meet the regulatory expectations of the CJIS Security Policy. Whether you’re integrating services for use of cloud services to process sensitive CJI, conducting background checks under federal law, or adhering to the requirements of state governments, Storj delivers guidance and tools to ensure your compliance strategy aligns with law enforcement best practices.
Storj stands out as a dependable cloud provider for CJIS compliant cloud storage due to its advanced security features, flexible storage options, and adherence to the strict data security protocols required by federal law enforcement agencies. Its distributed storage model minimizes risks, and the exclusive control provided to customers over their encryption keys supports seamless compliance with CJIS requirements and NIST SP guidelines.
For any public safety organization or law enforcement agency seeking a robust and forward-thinking cloud storage solution tailored to handle the full lifecycle of CJI, Storj offers unparalleled peace of mind and innovative performance.
