DCJIS compliance for Massachusetts law enforcement agencies
Massachusetts agencies accessing CJIS systems answer to two authorities at once: the FBI's CJIS Security Policy v6.0, and the Department of Criminal Justice Information Services' 803 CMR 7.00 - a state regulation, not just an adopted policy - layered on top of it. ComplianceLattice tracks the federal baseline both share.
One regulation, one shared foundation
803 CMR 7.00 is the Massachusetts regulation governing the Criminal Justice Information System (CJIS), administered by DCJIS. Every agency with direct access to CJIS or the information it contains must comply with it - and unlike a policy manual a department can choose to formally adopt, it carries the force of state regulation.
The bulk of that compliance work - access control, authentication, audit logging, incident response, personnel security, and the rest of CJIS v6.0's 20 policy areas - is the same work every CJIS-connected agency in the country has to do. ComplianceLattice tracks that full federal baseline today, covering most of the path to 803 CMR 7.00 compliance before you get to the Massachusetts-specific requirements.
803 CMR 7.00 has a requirement most other states don't: every agency with direct CJIS access must execute a new CJIS User Agreement with DCJIS annually, and again immediately whenever the agency head, CJIS representative, backup representative, or technical representative changes. That makes Massachusetts CJIS compliance a recurring administrative obligation, not a one-time baseline to hit and forget. If your agency is working through 803 CMR 7.00 requirements now, reach out - alpha tester feedback directly shapes what we build first.
- All 20 CJIS v6.0 policy areas, the federal baseline 803 CMR 7.00 builds on
- Recurring task tracking for your annual CJIS User Agreement renewal, so it doesn't slip past due
- Evidence vault with expiration tracking for background checks and training renewals
- One-click audit export for your DCJIS or FBI assessor