CJDN compliance for Minnesota law enforcement agencies
Minnesota agencies accessing criminal justice information answer to the FBI's CJIS Security Policy v6.0 and the Bureau of Criminal Apprehension's CJDN Network Security Policy - a directive document defined by Minnesota Statute 299C.46 that names its own encryption specification. ComplianceLattice tracks the federal foundation both share.
A federal baseline, with a named encryption spec
The BCA's directive doesn't just point to the federal CJIS Security Policy - it names a specific technical requirement: every device accessing or transmitting CJI must be FIPS 140-2 compliant with a 128-bit symmetric key. Access to the CJDN itself is limited to employees the BCA has certified, and every local agency, criminal justice or not, has to appoint its own Local Agency Security Officer.
Underneath that named encryption spec, the substance is the same work every CJIS-connected agency in the country does - access control, authentication, audit logging, incident response, and the rest of CJIS v6.0's 20 policy areas. ComplianceLattice tracks that full federal baseline today, covering most of the ground before you get to Minnesota's CJDN-specific requirements.
A named 128-bit symmetric key requirement is specific enough to fail a technical review if a vendor's default configuration doesn't match it exactly - worth confirming with any cloud or software vendor handling CJI in Minnesota, not just assuming "FIPS compliant" covers it. If your agency is working through BCA's CJDN Network Security Policy requirements now, reach out - alpha tester feedback directly shapes what we build first.
- All 20 CJIS v6.0 policy areas, the federal baseline CJDN builds on
- Evidence vault with expiration tracking for background checks and training renewals
- Pre-built policy templates you can adapt for Minnesota-specific requirements
- One-click audit export for your BCA or FBI assessor