RuneSight Security logo RuneSight SecurityCybersecurity Advisory
Service / Compliance Advisory

CJIS Compliance Advisory.

Data flow review, gap assessment, and a remediation roadmap for any software that accesses, transmits, or stores Criminal Justice Information. Most agencies require this before they will sign a contract or share data.

Request a quote Book intro call
01 / The requirement

What the CJIS Security Policy actually requires.

The FBI's Criminal Justice Information Services Security Policy governs how criminal justice information is accessed, transmitted, and stored. Arrest records, warrants, criminal history, incident data. Any vendor whose software touches that information must demonstrate alignment with the policy before most agencies will share data or sign a contract.

The policy covers access control, audit logging, encryption, personnel security, incident response, and physical protection. It gets updated regularly. And it was written for large government agencies, not the small software companies that now build the tools those agencies run on.

If you are building software for law enforcement, public safety, or corrections markets, CJIS is not a future consideration. It is a condition of the first contract.
02 / Who needs it

If you fit one of these, CJIS applies to you.

  • GovTech startups building software for law enforcement or corrections markets
  • Established software vendors adding law enforcement agencies as customers
  • Public safety tech companies handling dispatch, records management, or mobile data
  • VC-backed companies in the public safety or GovTech space
  • Small law enforcement agencies evaluating vendor compliance before procurement
03 / Engagement

What is included.

Two to three weeks from kickoff to delivery, depending on scope and how well-documented your current data flows are.

  • Review of data flows that touch Criminal Justice Information
  • Gap assessment against CJIS Security Policy requirements
  • Access control, audit logging, and encryption review
  • Personnel security and training gap identification
  • Practical remediation roadmap
  • Documentation support for agency agreements and audits
  • Executive summary suitable for investor or agency review
04 / Pricing

Fixed fee, scoped to your environment.

Pricing depends on the size and complexity of your in-scope environment and current documentation state. Send a short note about your context and you will have a number within one business day.

05 / Process

How the engagement runs.

Discovery call

Thirty minutes to confirm scope, your current data architecture, and what the agency or investor is specifically asking for.

Data flow mapping

Document where CJI enters and exits your system. This is often the step where the real exposure becomes visible.

Gap assessment

Review your current controls against CJIS Security Policy requirements. Access, logging, encryption, personnel, physical.

Roadmap and documentation

Prioritized remediation roadmap plus documentation to support agency agreements, procurement reviews, and investor diligence.

Ready to get this in front of the agency?

Send your context and timeline. You will hear back within one business day.

Request a quote Book intro call
Related services

Related work.

CMMC Level 1 Readiness

Common parallel track for vendors serving both defense and law enforcement markets.

Fractional CISO

Ongoing advisory to close gaps and stay current as the CJIS Security Policy updates.

Security Audit in a Day

Broader posture review if CJIS is one of several compliance concerns.