Hope your summer is going well and you’re staying cool. It’s a tad warm here in North Florida as I’m sure it’s the same where you are.

Well, things are certainly heating up in the CJIS world with the release of the latest update to the CJIS Security policy, version 5.9.5. I reckon with the summer all nice and warm, we’re all ready to “dive in” (yes, I know it’s sad, but I am dad, so I have an excuse.) 

The good news is that there’s only one section or control family that will be updated: Section 5.7 Configuration Management. This is the section that requires agencies to have an up-to-date network diagram. The not so good news is that the section is going from eight controls to over fifty. Yeah, that’s a big jump.

Network diagrams are still required, as are settings for least functionality. New to the section is the requirement for policies regarding configuration management. The good news is the FBI CJIS ISO staff has provided each state ISO with some samples that should help with writing or updating policies.

Another addition we’ll find is the inclusion of priorities and implementation deadlines which should help guide your focus regarding all of these new controls, not just configuration management. I’m not sure if this will be in the policy itself or as part of the Companion and Requirements document (that’s the spreadsheet the ISO staff puts together that only focuses on the controls/requirements.)

I’m not saying this prioritization/implementation information is going to fix all of your problems, but it will help you get an idea of where to focus your resources. Of course, your CSAs and ISOs play a big part in that process too.

Finally, this should be the last update before CJISSECPOL version 6.0 gets released. I’m not sure when, but it could be anywhere from December to January of 2025. Keep your eyes peeled.

As always, if you have questions about these updates CJIS ACE is here to help you understand them in order to be compliant. For CJIS ACE Insight customers, we can go through this together as Insight gets updated. If you are interested, please let me know.