Introduction to CJIS Requirements and naviGO Software
Local, state, federal law enforcement and criminal justice agencies have started to comply with the recent mandatory authentication policy requiring advanced authentication when accessing the Criminal Justice Information System (CJIS) database. This system provides agencies with access to information such as fingerprint records, criminal histories, and sex offender registrations to name a few. The advanced authentication that is being put into place requires users to provide two forms of identification, physical and “something you know”, in order to access the highly sensitive information stored in the database. Physical identification would be when a contactless smart card is placed on a reader, and “something you know” would be when the user has to input a password or PIN number.
Many organizations today are already making use of new technology for access to parking garages, buildings, and computers. For the project I am currently working on, a HID OMNIKEY RFID contactless card reader is being used to demonstrate the strong authentication methods of naviGO software. NaviGO software, in combination with both contact and contactless readers, simplifies deployment of strong authentication and works well with Windows operating systems.
NaviGO’s Ease of Use
Many people today are already becoming familiar with contactless card technology whether for work, school, or at their local gym. Contactless readers are being installed in entrance ways and gates to regulate access to only those who have an active account with the organization. There are many different types of contactless cards, most common are the types that are similar to the standard credit card or ID. The NaviGO Server works with many types of smart cards including Crescendo, digital certificates, iClass, Prox, and Knowledge Based Authentication (KBA). Some new types of smart cards include some that can be put on a key ring, or stickers that can be used to grant access into buildings and computers.
Using naviGO software, administrators can control user credentials issued via contactless cards. The naviGO Administrator's Portal gives the ability for strong authentication to be customized based on policies or rules set by each organization. NaviGO can use information stored in Microsoft’s Active Directory to issue smart card credentials and apply user roles based on the group permissions (i.e. Administrators with Full Access, Users with Limited Access). Since many organizations are already using contactless cards for building access, this software will make use of the existing access cards to provide two-factor authentication.
Since most people are already familiar with access cards, they won't have to learn anything new or rely on calling a help desk to use the same card that let them enter the building to logon to their computer. This will make the transition for following the new authentication policies painless and less confusing.
Closing Remarks about Security
An administrator can setup default PINs for new employees as well as a default set of Emergency Access questions. A number of questions are predefined in the naviGO Workstation, but unique questions can be made and added to the system depending on the administrators’ preferences. Additionally, rules for setting a PIN can be customized for added security. Email alerts can be setup using the naviGO Administrator’s Portal to keep users informed of PIN or Password expirations and Unintended access.
NaviGO Software has helped make advanced authentication much easier for small and large companies. For more information about how this specifically applies to the CJIS Mandate, CJISMandate.com.
Thank you for taking the time to read my blog about naviGO Software and the CJIS Advanced Authentication Mandate. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.
To learn more about Action Identity, and how we can assist in making your organization CJIS compliant, visit our website.
Interested in learning more? Check out these entries:
What is IDM?
Messaging Protocols SOAP vs. REST, Which One's Better?