Best Practices for Securing Criminal Justice Information ... Best Practices for Securing Criminal Justice

  • View
    0

  • Download
    0

Embed Size (px)

Text of Best Practices for Securing Criminal Justice Information ... Best Practices for Securing Criminal...

  • Best Practices for Securing Criminal Justice Information in the Cloud​

    November 20,2019

  • Agenda

    • Introduction • Speaker Bios • AWS CJIS Security Overview • Case Study: Annapolis Police Department • Conclusion • Questions

    CJIS GROUP LLC Copyright 2019

  • Introduction

    • CJIS GROUP – market intelligence for IT vendors and state and local government agencies (www.cjisgroup.com) – Tracking over 250 cloud projects currently in law enforcement agencies (body

    worn camera data, digital evidence management, records management, dispatch among others)

    • AWS – the leading vendor of cloud services in the world • Housekeeping

    – Attendees are muted – Submit questions via the GoToWebinar control panel

    CJIS GROUP LLC Copyright 2019

    http://www.cjisgroup.com/

  • Speakers

    • Gerard Gallant -- Gerard Gallant is the Criminal Justice Information Services (CJIS) Senior Program Manager at Amazon Web Services.

    • Patrick Woods -- Patrick Woods is a Security Assurance Lead for AWS and works with Public Sector customers to realize the potential to move workloads to the AWS cloud.

    • Sgt. Richard Truitt – Sgt. Truitt is a nearly 20 year veteran of the Annapolis Police Department currently serving as the Special Projects Director for the City of Annapolis.

    CJIS GROUP LLC Copyright 2019

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights Reserved.

    Patrick J. Woods Security Assurance Lead – U.S. Public Sector Amazon Web Services

    Criminal Justice Information (CJI) in AWS GovCloud (US)

    Gerard J. Gallant Senior Program Manager, CJIS Amazon Web Services

    Sergeant Richard Truitt Special Projects Director Annapolis, MD Police Department

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    • Cloud computing overview • The AWS Cloud • AWS GovCloud (US) overview • Security – a shared responsibility • CJIS Compliance in AWS GovCloud (US) • Annapolis, MD PD – applications at the edge

    Agenda

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Cloud Computing is the on-demand delivery of IT resources via the Internet with

    a pay-as-you-go pricing. Organizations can acquire

    technology such as compute power, storage, databases and

    other services on an as-needed basis.

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Pay only for what you use

    Go global in minutes

    Increase speed and agility

    Benefit from massive economies of scale

    Cloud

    Stop guessing capacity

    Stop spending money running and maintaining data centers

    Large up-front expense Higher variable costs

    Contracts Running and maintaining

    data centers

    Traditional Infrastructure

    Guessing on capacity New IT resources take weeks or months

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Sydney

    Tokyo Jakarta

    Seoul

    Hong Kong Singapore

    Beijing

    Ningxia

    Mumbai

    Bahrain

    Stockholm

    Cape Town

    Frankfurt

    Milan Paris

    London

    IrelandMontréal

    N. Virginia

    GovCloud (US-East)

    Oregon Sāo Paulo

    GovCloud (US-West)

    Ohio

    N. California

    AWS Global Infrastructure

    3 AWS Regions (coming soon) 69 Availability Zones 187 Points of Presence in 69 Cities

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    AWS Regions are comprised of multiple AZs for high availability, high scalability, and high fault tolerance. Applications and data are replicated in real time and consistent in the different AZs

    AWS Availability Zone (AZ)

    A Region is a physical location in the world where we have multiple Availability Zones.

    Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.

    AZ

    AZ

    AZ AZ

    Transit

    Transit

    AWS Region

    AWS Region Design

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Benefits of the AWS Global Infrastructure

    Security ReliabilityAvailability

    Low Cost

    Scalability Performance

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    AWS GovCloud (US) Isolated AWS infrastructure and services for customers with strict regulatory and compliance requirements and sensitive data

    August 2011 Launch of AWS GovCloud (US-west) region

    November 2018 Launch of AWS GovCloud (US-east) region

    Addresses the most stringent US Government regulations, policies and security requirements

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Separate Identity and Access Management (IAM)

    Credentials

    Data, network, and machine isolation from

    other AWS regions

    separate service endpoints -

    FIPS 140-2

    Dedicated GovCloud Management Console and

    Service Catalog

    “Community Cloud” with vetted account holders

    Managed by US Citizens on US soil

    AWS GovCloud (US) – Isolated regions for customer workloads that must meet specific regulatory requirements

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Defense Federal Acquisition Regulation Supplement (DFARS)

    Criminal Justice Information Services Security Policy (CJIS)

    AWS GovCloud (US) is all about compliance in the Cloud

    International Traffic and Arms Regulation (ITAR)

    DOD Cloud Security Req’s Guide (SRG) IL 4 and 5

    SP 800-53 (rev 4) SP 800-171

    Federal Information Processing Standard Pub (FIPS) 140-2

    IRS – 1075 (Section 6103 (p))

    FedRAMP High

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    AWS GovCloud (US) is a “vetted” community

    Root account holder must be a US Person (defined as a US citizen or a Green Card holder)

    US entity incorporated to do business in the United States and is based on US soil

    Can handle export control data

    Learn more: https://aws.amazon.com/govcloud-us/getting-started/

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Elevate your security with the AWS Cloud

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Shared responsibility model

    AWS

    Security OF the Cloud

    AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud

    Security IN the Cloud

    Customer responsibility will be determined by the AWS Cloud services that a customer selects

    Customer

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Understanding the shared responsibility of compliance

    AWS Foundation Services

    Compute Storage Database Networking

    AWS Global Infrastructure

    Regions

    Availability Zones Edge Locations

    Client-side Data Encryption

    Server-side Data Encryption

    Network Traffic Protection

    Platform, Applications, Identity & Access Management

    Operating System, Network, & Firewall Configuration

    Customer applications & content

    C us

    to m

    er s

    Customers choose the configurations for their security in the cloud

    AWS is responsible for security of the cloud

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Encryption at scale Meet data residency requirements

    build compliant infrastructure

    Comply with local data privacy laws

    Highest standards for privacy

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    Typical customers handling Criminal Justice Information

    End Users Customer Data Needs

    State and Local Public Safety Agencies

    County Sheriff Offices

    Child Protective Agencies

    Jails, Prisons, and Dept. of Corrections

    Courts and Probation Programs

    State Licensing Departments – childcare, rideshare drivers, professional licenses (insurance, medical)

    State Bureaus of Identification

    Records Management Systems (RMS)

    Computer-Aided Dispatch (CAD)

    Body-worn Video and Storage

    Next Gen 911 – Text, Video, Images

    Real-time Crime Centers

    Digital Evidence Management

    Voice/Video/Data Forensics & Analytics

    Criminal Background Checks

  • © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

    FBI data provided by the Criminal Justice Information Services (CJIS) Division

    • Houses the world’s largest repository of criminal history records and fingerprints Systems such as: • National Crime Information Center (NCIC) • National Instant Criminal Background Check System (gun checks) • Next G