1-855-888-4387 (Toll Free) 1-416-532-4387 (Intl)

CJIS Compliance

What is Criminal Justice Information?

CJI refers to the FBI CJIS-provided data necessary for law enforcement agencies to perform their mission and enforce the laws, such as biometric, identity history, person, organization, property, and case/incident history data. CJI also refers to data necessary for civil agencies to perform their mission, including, data used to make hiring decisions.

Introduction

Hosted~FTP~ relies on the successful track record of Amazon Web Services (AWS) that have developed a suite of security and privacy features to attract a customer base that use the AWS cloud for storing a wide range of sensitive federal, state and municipal government data, including Criminal Justice Information (CJI) data. Hosted~FTP~ has embedded in its implementation of AWS services features that dramatically improve the security and protection of PII, PHI and CJI data.

Exclusive use of Amazon Web Services infrastructure

To support law enforcement customers, Hosted~FTP~ utilizes only Amazon Web Services (AWS) infrastructure that is committed to a strong position of compliance across a wide range of frameworks and has documented direct alignment of applicable CJIS requirements in their AWS CJIS Security Policy Workbook. Hosted~FTP~ deploys our FTP application services securely on AWS by leveraging the specific AWS security features required to comply with the CJIS Security Policy requirements including:

– law enforcement clients can enforce all FTP traffic (FTPS/SFTP) to be encrypted in transit from the transfer device to our Hosted~FTP~ AWS system. This includes not only the data, but also the credentials and the file names/folder names.
– all browser based transfers use HTTPS which automatically encrypts not only the data, but also the credentials and the file names/folder names.
– all data is encrypted on arrival at the Hosted~FTP~ site
– all data is encrypted in AWS S3 data storage with AWS provided options
– all access to law enforcement data can not only be protected with log in credentials but the account admin can also enforce  multi-factor authentication
– Hosted~FTP~ensures secure access by any support/operations area using AWS Identity and Access Management (IAM) with multi-factor authentication
– Hosted~FTP~ tracks all logging and monitoring with S3 loggingAWS CloudTrailAmazon CloudWatch, and AWS Trusted Advisor
– All account access is automatically logged and an audit log is available for all logins and file transfer activity in the Files Logs folder for all Hosted~FTP~ (law enforcement) customers.

Criminal Justice Information Services (CJIS) Security Policy review

Criminal Justice Information Services (CJIS) Security Policy Area Detail Compliance/Comments
CSP 5.3 Policy Area 3: Incident Response:

There has been an increase in the number of accidental or malicious computer attacks against both government and private agencies, regardless of whether the systems are high or low profile. Agencies shall: (i) establish an operational incident handling capability for agency information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities; (ii) track, document, and report incidents to appropriate agency officials and/or authorities. ISOs have been identified as the POC on security-related issues for their respective agencies and shall ensure LASOs institute the CSA incident response reporting procedures at the local level. Appendix F contains a sample incident notification letter for use when communicating the details of an incident to the FBI CJIS ISO.

Hosted~FTP~ has reviewed the IT Security Incident Response form in section F and has updated their internal reporting procedures to generate a completed incident report as necessary.

 

 CSP 5.10.1.5 Policy area 5.10.1.5 Cloud Computing:

Organizations transitioning to a cloud environment are presented unique opportunities and challenges (e.g., purported cost savings and increased efficiencies versus a loss of control over the data). Reviewing the cloud computing white paper (Appendix G.3), the cloud assessment located within the security policy resource center on FBI.gov, NIST Special Publications (800- 144, 800-145, and 800-146),as well as the cloud provider’s policies and capabilities will enable organizations to make informed decisions on whether or not the cloud provider can offer service that maintains compliance with the requirements of the CJIS Security Policy. The metadata derived from CJI shall not be used by any cloud service provider for any purposes. The cloud service provider shall be prohibited from scanning any email or data files for the purpose of building analytics, data mining, advertising, or improving the services provided.

Hosted~FTP~ does not scan any email, files, credentials, file-names, folder names or any other type of metadata for the purpose of building analytics, data mining, advertising or any other type of intended corporate use.

 

CSP Appendix G3 – Cloud Computing  G.3 Cloud Computing White Paper recommendations
Governance Hosted~FTP~ has put in place

audit mechanisms and tools to ensure organizational practices are followed throughout the system life-cycle.

Compliance Hosted~FTP~ ensures that the jurisdiction of all data stored at an AWS location in the US remains at a single AWS location. We maintain strict privacy and security controls and ensure that no electronic discovery requirements compromise the privacy or security of data and

applications

Hosted~FTP~ has put in place

audit mechanisms and tools to ensure organizational practices are followed throughout the system life-cycle.

 Trust The law enforcement service has sole responsibility for the data/files stored at Hosted~FTP~. We continuously monitor the security state of our service for on-going risk management decisions.
 Architecture  Hosted~FTP~ uses all best practices in the design and configuration of our AWS infrastructure to support our FTP cloud services.

We have been at AWS for seven years and are expert at their acrchitecture.

 Identity and Access Management  

We ensure that safeguards are in place for secure authentication,
authorization, and identity and access management functions,
are suitable for the roles of all individuals in our organization.

 Software Isolation Our SaaS employs very sophisticated logical isolation techniques for restricting access to the multi-tenant software architecture
 Data Protection  

Access to data is securely controlled with user credentials as well as the ability to configure Multi-Factor authentication (MFA). We encrypt all data in transit, on arrival at the SaaS and at rest. We also have “chain of custody” on the data that fingerprints the file before S3 storage and compares when retrieved to ensure no data tampering.

 Availability Our SaaS service SLA is 99.99+ %
 Incident Response We monitor and support our services with live chat, ticket and phone support midnight to 7 PM EST daily (M-F) and monitor all AWS logs and incidents 7x24x365.

We would inform all law enforcement and enterprise level clients of any security breach and have in place DR and DoS plans.

Getting Started
Signing up for a Free Trial
Basic steps to Setup
Purchasing your account
Choosing the right account type: Enterprise and SMB
Logging into your account
Logging in with a Web Browser
Logging in with an FTP/FTPS/SFTP Client
Logging in by FTP URL with Username and Password
Reset and change your password
Administrator Initial Setup
Audit logs for logins and file transfers
Enable audit logs for login and file transfers
Accessing and viewing your audit logs
Branding
Adding branding to your account
Branding Contact Logins
DNS Configuration for faster transfer speeds
Web Interface
Home Tab
Files Tab
Contacts Tab
Users Tab
Plugin Tab
Setup Tab
Adding a User or Contact
Adding a Contact by Email Address
Add a User by Email Address
Add a User by Username
Using Groups
Administrator Access to User Accounts
Mail
Creating A Public Link
Sending and receiving files by secure email link
Creating contact lists for bulk emailing
HostedFTP email notification IP addresses
Account setup PDF Guides (*.pdf)
Shared Folders
Restricted Shared Folders
Configuring for Restricted Shared Folders (FUSN)
Creating Restricted Shared Folders
Creating Folder Structures for Sharing
Detailed Steps to Sharing Files/Folders
Managing Shared Folder Privileges
Add real-time notifications to uploads/downloads
Anonymous Access
Creating A Public Link
Anonymously Sharing Files by URL
Sharing folders and files anonymously
Transferring Files
Uploading Files by Web Browser (Max 2GB)
Uploading Files by FTP Client (Up to Max File Size)
Download your FTP/SFTP server files from any browser
Download files with an FTP client
Website Plugin
Web Plugin Overview and Guide
Plugin Brand Customization
Embed the Plugin into Your Website
Adding Additional Security (CAPTCHA, Password)
Security and Compliance Info
Security Model Overview
Security Model Details
MFA (Multi-Factor Authentication)
Add IP whitelisting
Enabling a Password Policy
Certificate & Host Key Info
SSL Certificate Info
SSL Server Test
FTPS Host Keys
SFTP (RSA/DSA) Host Keys
Configuring PKI Support
Compliance Info
GDPR
WCAG 2.0
SOC2
CJIS
PCI
HIPAA
Bundle Features
Group, Enterprise, T2, T5 bundle features
Different user types and function comparisons
Difference between users and contacts
Drag & Drop
Using drag and drop to send multiple files and folders
Drag and drop to upload multiple files and folders
Account Management
Purchasing your account
Payments & Billing
Choosing a payment plan
Renewing an expired account
Changing a Payment Plan
Changing credit card information
Reviewing billing statements
Trial Account Limits
Activated Account Limits
How is Storage Calculated?
Reviewing Account Storage Usage
Switching Account Bundles
Changing the Account Administrator
Cancelling an Account
FTP/FTPS/SFTP Connections
Hosted~FTP~ IP Addresses
Connect with Open FTP
Connect with Secure FTPS/SFTP
Connecting with an FTP Client
FTP vs FTPS vs SFTP
Command Line (CLI)
How to connect to your remote site using the command line
Understanding FTP commands in the command line
Connecting through SFTP by Command Line (CMD)
Using PKI keys to connect to Hosted~FTP~ on linux
Importing PuttyGen PKI Keys to Linux
FTP/FTPeS command line error codes and their meaning
Windows Explorer
How to setup an FTP server with Windows Explorer
Setting up Windows Explorer FTP on Windows 8
MAC
Connecting from a Mac Computer Terminal
FileZilla
Using Filezilla with FTP/FTPS
Using FileZilla with SFTP
WebDrive
Connecting to WebDrive
Using WebDrive
WinSCP
Installing WinSCP
Backup Scripts with WinSCP
Uploading & Downloading with WinSCP
AndFTP
Uploading & Downloading with AndFTP
Searching, Resume Support & Third-party Sharing with AndFTP
Industry Use cases
Accounting
Architecture
Call Center
Construction
Education
Engineering
Finance
Healthcare
Insurance
Legal
Real Estate
Manufacturing
Best Practices
Use Cases
Exporting EDI files to FTP for download
User Optimization
Create a Managed User
Giving a User Read-only Access
Giving a User Full Access
Default FTP Folder Destination
Set a 0GB Storage Quota
Importing Multiple Users & Shared Folders
Importing user and shared folders
Import templates for users and shared folders
Force Secure FTPS/SFTP Connection on Users
Combine multiple audit logs
Managing FTP Files and Storage in your Account
Moving Files from a User to an Administrator
Video Tutorials
QuickStart
FUSN
Branding
Web Interface
Home Tab
Files Tab
Web Plugin
AndFTP
AndFTP – Connecting, uploading and downloading
AndFTP – Searching, resume support and third-party sharing
WinSCP
WinSCP – Downloading, Installing and Understanding
WinSCP – Connecting with FTP, FTPS, SFTP, uploading and downloading
WinSCP Backup Script
CyberDuck
Cyberduck– Connecting with FTP,FTPS, SFTP, Uploading and Downloading
Cyberduck– Quick Look, Transfer Queue and Synchronizing
Cyberduck – Bookmarks, Editing and using Multiple Connections
FileZilla
FileZilla -Downloading, Installing and Understanding FileZilla
FileZilla – Connecting with FTP, FTPS, SFTP and uploading and downloading
FileZilla – Importing/Exporting Site Connections, Editing and Logs
FileZilla Tools – Bookmarking, Searching, using Multiple Connections
Our FTP Client Reviews
Desktop FTP Client Summary
Mobile FTP Client Summary
PSFTP Review : Our Rating 7.5/10
NetDrive Review: Our Rating 8.5/10
FireFTP Review : Our Rating 7/10
Filezilla Review: Our Rating 9/10
AndFTP Review:Our Rating 7.8/10
ES File Manager Review: Our Rating 5/10
FTP Ready Review:Our Rating 5/10
FTP On The Go Review:Our Rating 8/10
CyberDuck Review: Our Rating 9/10
Classic FTP Review: Our Rating 8/10
WebDrive Review: Our Rating 9.5/10
Fling FTP Review: Our Rating 9/10
SmartFTP Review: Our Rating 7/10
MultCloud Review: Our Rating 10/10
Troubleshooting
Error: QUOTA_USER_STORAGE or QUOTA_USER_BANDWIDTH
FTP/FTPeS command line error codes and their meaning
Troubleshooting FTP in the command line and common errors.
No matching host key found
Storage Quota Notification: Remedial action
Troubleshooting FTP in the command line and common errors.
Troubleshooting "Can't verify publisher"
Troubleshooting Drag and Drop
Drag and Drop Troubleshooting for Mac
Troubleshooting FTP/SFTP client connection problems
Troubleshooting slow upload speeds on Windows
No matching host key found
File not visible to admin
File uploaded successfully but not visible in account
Usernames – Guidelines and Restrictions
Release Notes
New Release Communique
Schedule Maintenance Overview
Contact Sales & Support
Bitnami