Texas CJIS compliance for law enforcement agencies
Texas DPS doesn't just adopt the FBI's CJIS Security Policy v6.0 - as the state's CJIS Systems Agency, it explicitly requires protection measures more stringent than the federal baseline. ComplianceLattice tracks the federal foundation both documents share.
A federal baseline, with named exceptions on top
The Texas CJIS Security Policy supplement, published by DPS, states plainly that Texas adopts more stringent protection measures than the CJISSECPOL in specific, named areas - not vague language, but enumerated requirements. Two examples: cloud solutions that process, store, or transmit CJI must run in an authorized FedRAMP Moderate or FedRAMP High environment, and offshore personnel outside the U.S., U.S. territories, tribal lands, or Canada cannot have unescorted logical access to CJI systems.
Everything underneath those Texas-specific additions is the same work every CJIS-connected agency in the country does - access control, authentication, audit logging, incident response, and the rest of CJIS v6.0's 20 policy areas. ComplianceLattice tracks that full federal baseline today, which covers most of the ground before you get to Texas's specific overlays.
The FedRAMP cloud requirement in particular is easy to miss if your agency is evaluating a cloud vendor against the federal CJIS Security Policy alone - the federal baseline doesn't universally require FedRAMP authorization the way Texas does. If your agency is working through the Texas CJIS Security Policy supplement requirements now, reach out - alpha tester feedback directly shapes what we build first.
- All 20 CJIS v6.0 policy areas, the federal baseline Texas's supplement builds on
- Evidence vault with expiration tracking for background checks and training renewals
- Pre-built policy templates you can adapt for Texas-specific requirements
- One-click audit export for your DPS or FBI assessor