IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Microsoft Azure Cloud Meets CJIS Compliance in California

Microsoft's cloud platform meets FBI security requirements to open doors for deployment in counties, cities and agencies statewide.

Microsoft gained a major endorsement Wednesday from the California Department of Justice when it ruled the company's cloud platform Azure compliant with criminal justice security standards.

The DOJ approval, tied to the FBI’s Criminal Justice Information Services (CJIS), effectively clears the path for California’s state, county and city jurisdictions to procure Azure for their data storage and government apps. Cities and counties have traditionally procured such cloud technologies across departments, with criminal justice agencies serving as a major roadblock to wide procurements due to their stringent security requirements. Critical in CJIS standards are employee background checks, detailed quarterly security updates and physical access to a provider’s private cloud infrastructure.

Microsoft is meeting these standards for a second time since its Office 365 Suite passed CJIS review in October 2013.

“That’s really at the core of the agreement: California has a contractual commitment from Microsoft to meet or exceed the CJIS standards,” Stuart McKee, Microsoft’s chief technology officer of state and local government, told TechWire, sister publication to Government Technology.

Complying with many security requisites are many of Microsoft’s cloud competitors, such as Google, but still are not CJIS compliant because they do not permit physical access to their facilities -- but they do comply with the Federal Information Security Management Act (FISMA).

The National Institute of Standards and Technology website, the federal organization responsible for FISMA, lists Google’s moderate FISMA rating as high enough to protect sensitive information, but not information where a security breach may result in “major damage to organizational assets, major financial loss, or severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries.”

Amazon Web Services is Microsoft’s other significant rival in the space, and according to its site, serves its clients by complying with some of the CJIS requirements.

For Microsoft, McKee said it is hoped that the agreement inspires confidence for public-sector customers to deploy a range of cloud technologies, such as storage for on-body police video camera footage and archiving criminal records. Likewise, Microsoft’s added commitment is hoped to inspire current internal California providers that support state-operated cloud facilities to embrace the common CJIS standards.

CalCloud, California’s private cloud infrastructure is serviced by IBM, and McKee argues an equal regulatory environment should require both internal government providers like IBM and external providers like Microsoft to be judged under the same conditions.

“Just holding your data internally doesn’t inherently make it more secure." McKee said. "That’s unfortunately a misnomer. Candidly, there are some challenges we do have with the CalCloud arrangement because it does, in many ways, restrict competition."

Jason Shueh is a former staff writer for Government Technology magazine.
Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.