CJIS Security Policy Statement

CJIS Security Policy Statement

Updated 12/15/2023

To address questions surrounding the recent The Florida Department of Law Enforcement announcement of the CJIS Security Policy Changes for License Plate Reader Programs CJIS Memorandum: 2022-11 released in July 2022, Vetted Holdings LLC brands, including FINDER Software Solutions, Vetted Security Solutions, Black Flag Manufacturing, Odin Risk Solutions, and Millenium Products, has been working with our customers, vendors, and internal teams to understand and support our customers in these evolving times. Below we have provided a series of information on how Vetted and our partners contribute to your CJIS compliance.

It should be noted that CJIS compliance is a multi-faceted collaboration between the customer, their employees, selected contractors, and vendors. We encourage customers to assess their implementation strategy. An actual compliance test is whether customers can pass a CJIS Audit based on their policies, user, and vendor management.

The information below addresses specific items Vetted Holding LLC brands and our vendors are doing to address the FDLE newsletter:

• All Vetted Holdings LLC brands, including FINDER Software Solutions, Vetted Security Solutions, SaferSpeeds, Black Flag Manufacturing, Odin Risk Solutions, and Millenium Products technicians and support representatives that may come into contact with a customer’s systems have completed CJIS Security Policy background checks, including the CJIS Security Awareness training and the CJIS Security Addendums. Certifications are available upon request, including the ORI for the agency’s third-party team fingerprints.
• FINDER Software Solutions offers a CJIS-compliant systems with built-in personnel and permission controls and a centralized point to access data, including the ability to integrate LPR data, alerts, and hotlist management.  Media and Physical Protection controls are managed through a distributed network with trusted digital and physical access controls. The system also maintains audit logging on CJI Data transactions.
• Motorola Solutions’ Vigilant LEARN provides CJIS-compliant Access Controls to restrict access of CJI Data to authorized persons in addition to optional Multi-Factor Authentication for end users and other role-based access controls. Multi-Factor Authentication is currently forced on Agency Manager accounts. Other access controls include session lock, unsuccessful login attempts, and system notification banner, to mention a few.
• Vetted Holdings LLC brands have and will cooperate with customer-requested CJIS Security Policy background checks, audits, and other customer requests. We encourage our customers to monitor FDLE and CJIS, execute assessments of your programs, and review compliance. We will continue to study this CJIS policy change and work with our vendors, internal teams, and most importantly, you, our customers so that you can make informed decisions and remain compliant.

Thank you,

Vetted Security Solutions