GL Solutions interviews StateRAMP Executive Director Leah McGrath about StateRAMP’s adoption of the StateRAMP CJIS-Aligned overlay. She explains why StateRAMP chose to pursue this and how the change benefits your regulatory agency.
StateRAMP offers states a comprehensive and consistent security assessment of their vendors. The FBI’s Criminal Justice Information Services (CJIS) Security Policy sets security standards that criminal justice and non-criminal justice agencies must comply with to access and protect criminal justice information
“StateRAMP represents the shared interests of state and local governments, third party assessment organizations, and service providers with IaaS, SaaS, and PaaS solutions,” StateRAMP explains on the StateRAMP website. “We believe in the values of transparency, standardization, and community. As an advocate for strong but fair cybersecurity standards, StateRAMP works to bring together service providers, policy makers, industry experts, and government officials to drive the future of cybersecurity.”
Leah McGrath: StateRAMP is excited to announce the adoption of the StateRAMP CJIS-Aligned Overlay. This new overlay is the culmination of months of rigorous collaboration between StateRAMP’s members, key state and local government stakeholders, industry leaders, and advisors from the Federal Bureau of Investigation’s Criminal Justice Information Services Division (FBI CJIS). It marks a critical advancement in harmonizing cloud security standards tailored to meet the specific needs of criminal justice agencies.
Developed in less than a year, in coordination with CJIS advisors and driven by valuable member feedback through a focused Task Force, the StateRAMP CJIS-Aligned Overlay is designed to provide a unified solution for aligning the CJIS Policy 5.9.5 requirements with the StateRAMP Moderate Impact Level baseline controls.
The CJIS-Aligned Overlay includes specific parameter definitions that go beyond StateRAMP’s Moderate Impact Level baseline requirements to align with the CJIS Security Policy Requirements.
Key Highlights of the CJIS-Aligned Overlay:
Leah McGrath: The FBI CJIS Security Policy contains specific requirements for the protection of criminal justice information that impacts states, local governments, and providers, who have expressed challenges with how to demonstrate compliance and conformance to the standards.
Under the leadership of the FBI CJIS Director, the CJIS Security Policy requirements have largely been updated to align with the National Institute of Standards & Technology (NIST) Special Publication 800-53, which is also the foundation of StateRAMP’s security program. Given the alignment and the present challenges among our members, there was an opportunity for further harmonization with StateRAMP’s baseline requirements to develop the CJIS-aligned overlay.
Leah McGrath: With this overlay, state and local agencies and their providers gain clear, actionable guidance on a product’s likelihood of CJIS conformance—a major step in aiding government decision-makers in evaluating cloud-based solutions for the criminal justice community.
Leah McGrath: The overlay was recommended by the StateRAMP CJIS-Aligned Task Force on November 7th, approved by the Standards and Technical Committee on November 14th and adopted by the StateRAMP Board of Directors on November 18, 2024. It will become effective in January 2025.
Leah McGrath: I am incredibly proud of the effort by the StateRAMP team, Program Management Office, and task force members. With their dedication and hard work, StateRAMP has become the first organization to operationalize federal regulatory harmonization in this way.
Regulatory harmonization is a strategic imperative for StateRAMP, and we expect to continue these efforts expanding to other federal frameworks in 2025.
The following articles provide additional resources about StateRAMP and CJIS, including the FBI CJIS security policy, along with the StateRAMP CJIS overlay.
Trying to grasp the basics of StateRAMP? Or trying to understand the differences between StateRAMP vs. FedRAMP? A member of the StateRAMP Provider Leadership Council tackles your frequently asked questions. Bill Moseley, a member of the council and CEO of GL Solutions, sheds light on StateRAMP FAQs—from the many benefits to the technical aspects, including StateRAMP compliance.
StateRAMP answer this question, along with many others on their StateRAMP FAQ page. Beyond the basics, StateRAMP also answers questions related to: StateRAMP involvement, the StateRAMP Security Snapshot, as well as StateRAMP requirements and processes.
StateRAMP launched the CJIS-Aligned Task Force to develop a CJIS-aligned overlay for its Moderate Impact Level baseline, enhancing cloud security for the criminal justice sector. In collaboration with FBI CJIS advisors, state and local government leaders, and industry experts, the overlay guides service providers in aligning their products with CJIS security requirements. While not an official certification, the initiative simplifies CJIS conformance evaluation, promoting framework harmonization and empowering agencies to make informed cloud security decisions.
The StateRAMP and CJIS Overlay resource page focuses on StateRAMP’s initiative to enhance cloud security within the criminal justice sector by harmonizing frameworks. StateRAMP explains the collaborative effort by state and local government stakeholders, industry leaders, FBI CJIS advisors and StateRAMP to develop an overlay for its Moderate Impact Level baseline controls to align with CJIS requirements.
GL Solutions joined StateRAMP as a member in 2023. The company remains on track to obtain a “Ready” status—a StateRAMP verified status—by early 2025. In addition, Bill Moseley, CEO of GL Solutions, serves on StateRAMP’s Provider Leadership Council. In that role he advises StateRAMP on vendor challenges. He also stays informed about important StateRAMP updates.
GL Solutions celebrates over 25 years of helping state regulatory agencies better serve the public with their licensing and permitting software, GL Suite. GL Suite transforms and digitizes operations for scores of agencies and departments nationwide; state agencies from Alaska to Connecticut use GL Suite to improve processes and outcomes.
GL Solutions brings you in-depth reporting on the challenges facing regulatory agencies and the solutions that empower agencies to transform operations and modernize services. Join our mailing list to receive the latest news and solutions for regulatory agencies.
