CJIS Password Policy Requirements
The Criminal Justice Information Services (CJIS) is a service provided by the Federal Bureau of Investigation (FBI) for law enforcement, national security and intelligence community partners, and the general public. The CJIS was established in 1992 and is the largest division of the FBI. The purpose of CJIS Compliance is to protect the United States while preserving civil liberties.
To be CJIS complaint, law enforcement agencies must follow these password requirements for all user accounts under CJIS Code 220.127.116.11.1:
- Be a minimum length of eight (8) characters on all systems.
- PNot be a dictionary word or proper name.
- Not be the same as the User ID.
- Expire within a maximum of 90 calendar days.
- Not be identical to the previous ten (10) passwords.
- Not be transmitted in the clear outside the secure location.
- Not be displayed when entered.
A password filter is recommended to improve compliance and meet NIST password requirements. The previous four recommendations can be met using the . Many companies trying to reach NIST SP 800-53 compliance have already implemented our software and are NIST compliant. The nFront Password Filter product can provide your company the ability to achieve all seven requirements of CJIS Code 18.104.22.168.1. Many law enforcement agencies have already adopted the nFront Password Filter on their network to ensure better security by disabling the use of weak, easily hacked passwords. The dictionary file that is provided with the nFront Password Filter is 100% customizable to include you company name, industry terms, and other proper names.