< All Topics

Enabling CJIS Compliance Policy

Hosted~FTP~ Enterprise T2+ accounts have the feature to enforce users to be CJIS compliant on an account, group, or individual level. For CJIS compliance to be enabled on a group or user level, the account admin must have certain option(s) enabled. There are 2 levels of CJIS compliance to enforce: CJIS Basic, or CJIS Advanced. Our recommendation is to use CJIS Advanced to be fully compliant.

Steps to enable on an account-level

  1. Login as the account admin through the web interface and click on the Setup tab in the navigation bar
  2. Scroll down to the options checklist and enable Create logs in FTP folder… on the same line, also check mark Logins and Transfers (This is mandatory for CJIS compliance)
  3. Continue to scroll down to Account-level Options and check Customize on Enforce compliance for all users
  4. Select Enforce compliance for all users CJIS Advanced
  5. Continue to Enforce password policy for all users and click Customize
    • Select Enforce compliance for all users
  6. Click on the Configure button and set the password policy to be CJIS Advanced compliant
    • Minimum length of 20 characters
    • Prevent dictionary words must be on
    • Prevent any from global list of breached passwords must be on
    • Prevent reuse of last 10 passwords
    • Password expiry must be lower than or equal to 365 days
  7. Continue to scroll down to Force only secure protocols for all users (ftps/https/sftp) and check Customize
    • Select Enforce compliance for all users
  8. Click Save to enforce the changes
    • The new password policy will take effect immediately
    • Passwords aging older than the requirement will need to be changed
    • Passwords nearing expiry will be notified 7 days prior to expiry date via email
      • The account admin will also be notified if there is no email assigned to the user

Note: If the settings were not properly setup, an error will occur with the following message and requirements to enforce.

 

Steps to enable for groups

  1. Login as the account admin through the web interface and click on the Setup tab in the navigation bar
  2. Scroll down to the options checklist and enable Create logs in FTP folder… on the same line, also check mark Logins and Transfers (This is mandatory for CJIS compliance)
  3. Continue to scroll down to Account-level Options and check Customize on Enforce compliance for all users
  4. Select Allow overrides in group/user setup
  5. Continue to Enforce password policy for all users and click Customize
    • Select Allow overrides in group/user setup
  6. Continue to scroll down to Force only secure protocols for all users (ftps/https/sftp) and check Customize
    • Select Allow overrides in group/user setup
  7. Click Save to enforce the changes
  8. Click on the Users tab > Groups sub-header to get to your list of Groups
    • Select the Group in the list to open settings or create a new Group using the Add button (Learn how to setup groups here)
    • New Group
  9. Locate Enforce compliance for all users in group and select the Customize option
    • Select Enforce compliance for all users in group CJIS Advanced
  10. Locate Force only secure protocols for all users in group (ftps/https/sftp) and select the Customize option
    • Select Force only secure protocols for all users in group (ftps/https/sftp)
  11. Locate Enforce password policy for all users in group and select the Customize option
    • Select Enforce custom password policy for all users in group
  12. Click the Configure button and set the password policy to be CJIS Advanced compliant
    • Minimum length of 20 characters
    • Prevent dictionary words must be on
    • Prevent any from global list of breached passwords must be on
    • Prevent reuse of last 10 passwords
    • Password expiry must be lower than or equal to 365 days
  13. Click Save to enforce the changes
    • The new password policy will take effect immediately
    • Passwords aging older than the requirement will need to be changed
    • Passwords nearing expiry will be notified 7 days prior to expiry date via email
      • The account admin will also be notified if there is no email assigned to the user

Note: If the settings were not properly setup, an error will occur with the following message and requirements to enforce.

Steps to enable on individual users

  1. Login as the account admin through the web interface and click on the Setup tab in the navigation bar
  2. Scroll down to the options checklist and enable Create logs in FTP folder… on the same line, also check mark Logins and Transfers (This is mandatory for CJIS compliance)
  3. Continue to scroll down to Account-level Options and check Customize on Enforce compliance for all users
  4. Select Allow overrides in group/user setup
  5. Continue to Enforce password policy for all users and click Customize
    • Select Allow overrides in group/user setup
  6. Continue to scroll down to Force only secure protocols for all users (ftps/https/sftp) and check Customize
    • Select Allow overrides in group/user setup
  7. Click Save to enforce the changes
    • Note: Alternatively, if the user is part of a group, in the group settings you can select Allow overrides in user setup
  8. Click on the Users tab and locate the user in the list or by using the search field
  9. Click on the user to open their settings and scroll down to the list of Options
  10. Locate Enforce compliance for this user and check Customize
    • Select Enforce compliance for this user CJIS Advanced
  11. Locate Force only secure protocols for this user (ftps/https/sftp) and check Customize
    • Select Force only secure protocols for this user (ftps/https/sftp)
  12. Locate Enforce custom password policy for this user and check Customize
    • Select Enforce custom password policy for this user
  13. Click the Configure button and set the password policy to be CJIS Advanced compliant
    • Minimum length of 20 characters
    • Prevent dictionary words must be on
    • Prevent any from global list of breached passwords must be on
    • Prevent reuse of last 10 passwords
    • Password expiry must be lower than or equal to 365 days
  14. Click Save to enforce the changes
    • The new password policy will take effect immediately
    • If the password age is older than the requirement, it will need to be changed
    • If the password is nearing expiry, the user will be notified 7 days prior to expiry date via email
      • The account admin will also be notified if there is no email assigned to the user

Note: If the settings were not properly setup, an error will occur with the following message and requirements to enforce.

Table of Contents