INDIANAPOLIS, IN – (January 13, 2025) – StateRAMP, the leading authority in cloud security standards for state and local governments, is proud to announce the official adoption of the StateRAMP CJIS-Aligned Overlay. This new overlay is the culmination of months of rigorous collaboration between StateRAMP’s members, key state and local government stakeholders, industry leaders, and advisors from the Federal Bureau of Investigation’s Criminal Justice Information Services Division (FBI CJIS). It marks a critical advancement in harmonizing cloud security standards tailored to meet the specific needs of criminal justice agencies.
Developed in coordination with CJIS advisors and driven by valuable member feedback, the StateRAMP CJIS-Aligned Overlay is designed to provide a unified solution for aligning the CJIS Policy 5.9.5 requirements with the StateRAMP Moderate Impact Level baseline controls. With this overlay, state and local agencies, along with their providers, gain clear, actionable guidance on a product’s likelihood of CJIS conformance—a major step in aiding government decision-makers in evaluating cloud-based solutions for the criminal justice community.
Key Highlights of the CJIS-Aligned Overlay:
- Incorporates 15 new controls unique to CJIS Policy 5.9.5 and not previously included in StateRAMP’s Moderate Impact Level baseline requirements.
- Adds 59 control parameters for standards where CJIS Policy 5.9.5 is more prescriptive or restrictive, ensuring stronger alignment with CJIS requirements.
- Modifies 76 control parameters to meet or exceed CJIS’s defined security specifications, enhancing the robustness of StateRAMP’s baseline controls.
This overlay provides essential directional guidance on a product’s CJIS conformance, ultimately empowering agencies to make informed, secure cloud procurement decisions. The StateRAMP CJIS-Aligned Overlay will officially launch in January 2025 and align with CJIS Security Policy v5.9.5. Further updates are anticipated as CJIS releases new versions, including CJIS Policy 6.0, which is expected to encompass additional StateRAMP controls.
“The StateRAMP CJIS-Aligned Overlay underscores our commitment to framework harmonization,” said Leah McGrath, Executive Director of StateRAMP. “This milestone is a testament to the dedication of our members and the invaluable guidance of our CJIS advisors, who have worked tirelessly to ensure that the overlay meets the highest standards of cloud security for criminal justice agencies.”
In addition to advancing security standards, the CJIS-Aligned Task Force is actively engaging with auditors and consultants to support the overlay’s implementation, providing essential resources for existing and new cloud-based products seeking StateRAMP Authorization. The task force is also collaborating with public and private sector leaders to champion best practices and facilitate broad adoption of the CJIS-Aligned Overlay.
For more information on the StateRAMP CJIS-Aligned Overlay and to explore how it supports robust, CJIS-aligned cloud security solutions, visit stateramp.org.
About StateRAMP
StateRAMP is the leading authority on cloud security standards for state and local governments, providing a standardized approach to assessing and authorizing cloud services. StateRAMP empowers government agencies and their vendors to navigate the complexities of cloud security with confidence. Learn more at stateramp.org.