The essential premise of the CJIS Security Policy is to provide appropriate controls to protect the full lifecycle of Criminal Justice Information (CJI), whether at rest or in transit.  The CJIS Security Policy provides the guidance for the creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI.  This policy applies to every individual - contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity - with access to, or who operates in support of, criminal justice services and information.

The CJIS Security Policy provides a secure framework of laws, standards, and elements of published and vetted policies for accomplishing the mission across the broad spectrum of the criminal justice and noncriminal justice communities. 

See the FBI's CJIS Security Policy Resource Center for additional information, including the latest version of the CJIS Security Policy and the security addendum appendix.