Is Your Police Department Compliant With CJIS’s Updated MFA Security Policy?

  • July 31, 2025
  • Sean Smith
  • 3 min read

CJIS MFA Requirements Are Changing — Is Your Police Department Prepared?
From the team at Black Rock Technologies

Starting October 1, 2024, the FBI’s Criminal Justice Information Services (CJIS) division will require multi-factor authentication (MFA) on all systems accessing Criminal Justice Information (CJI) — regardless of whether users are working inside a secure facility or remotely.

In the past, MFA was only required for remote access. That’s no longer the case. Now, every endpoint — every user — must use MFA to access sensitive criminal justice data, even from inside police departments, sheriff’s offices, or court systems.

At Black Rock Technologies, we’ve worked with countless municipalities and law enforcement agencies, and we understand how important compliance, security, and simplicity are. These changes may feel overwhelming, but the good news is that the path forward is clear — and we’re here to help.

Why This Matters

Whether your team is reviewing reports, updating case files, or pulling records in the field, if you’re touching CJI, this mandate applies. Here’s why compliance is critical:

  • Avoid Penalties: Non-compliance can lead to fines, investigations, and the risk of losing access to essential systems.

  • Prevent Breaches: MFA can stop over 99% of unauthorized login attempts, making it one of the most effective cyber defenses available.

  • Minimize Risk: One compromised account can jeopardize an entire agency. MFA adds an essential layer of protection.

  • Build Public Trust: Cyberattacks against law enforcement and municipal networks are on the rise. Proactive security shows your community you’re serious about keeping their data safe.

What Should You Do Next?

  1. Take Inventory
    Make a list of all devices and systems your team uses to access CJI — including desktops, laptops, mobile phones, and cloud-based apps.

  2. Implement MFA
    Choose a solution that works for your agency — such as authenticator apps, text codes, or biometric logins. If you need help selecting or configuring one, our team is ready to assist.

  3. Train Your Staff
    The best technology only works if your people understand it. We recommend short, targeted training to help users adopt MFA without disruption.

More Than Just MFA

While the new MFA requirement is top of mind, it’s only one piece of CJIS compliance. Agencies also need to ensure:

  • Data is encrypted in transit and at rest

  • Audit logs are maintained and reviewed regularly

  • Access is tightly controlled, with unique credentials for each user

  • Incident response plans are documented and tested

  • All staff receive ongoing security awareness training

Partner With Black Rock Technologies

CJIS compliance isn’t optional — but it doesn’t have to be complicated. Black Rock Technologies specializes in helping municipalities and law enforcement agencies across Michigan and beyond implement secure, cost-effective IT and cybersecurity solutions.

Whether you need help rolling out MFA, building a compliance roadmap, or managing your IT remotely through our Civic IT service, we’re here to support your mission.

Let’s keep your systems compliant, your data secure, and your community safe.

Contact us today to schedule a free consultation or learn more about how we can help.

Sean@Black-Rock.Tech

734-768-0807

BRT – CJIS Compliance

Terms and Conditions - Privacy Policy