1. Home
  2. Advanced Authentication

Advanced Authentication

What is Advanced Authentication?

Advanced or Multi-Factor Authentication (MFA) is required for all remote access to Criminal Justice Information (CJI) systems.

Advanced Authentication

(5.6.2.2) – Required for authentication Outside “Physically Secure Area”

“…The intent of Advanced Authentication is to meet the standards of two-factor authentication. Two-factor authentication employs the use of two of the following three factors of authentication: something you know (e.g. password), something you have (e.g. hard token), something you are (e.g. biometric). The two authentication factors shall be unique (i.e. password/token or biometric/password but not password/password or token/token)…” – CJIS Security Policy 5.6.2.2.1

In prior years, agencies relied on paper-based inert tokens (e.g., printed BINGO CARD/ PAPER TOKEN). These are no longer considered sufficient under modern security standards due to risks of loss, duplication, and lack of phishing resistance.  This new TOTP authentication feature is being rolled out in JusticeConnect Version 3 with the Windows version now generally available and the iOS version* being released in 4th quarter 2025.

Consistent with CJIS Security Policy v6.0 and NIST IR 8523, our solution now provides Time-based One-Time Passwords (TOTP) as the recommended token method:

  • TOTP codes are generated dynamically every 30–60 seconds. 
  • Tokens are delivered via mobile authenticator apps (e.g., agency-approved authenticator). 
  • Each code is unique, expiring, and cannot be reused, significantly reducing exposure compared to static/paper tokens. 
  • When combined with a strong password (knowledge factor), TOTP fully satisfies the two-factor requirement of CJIS 5.6.2.2.  

Agencies will need to start migrating to the use of TOTP or the integrated use of Biometric authentication.

*To comply with updated CJIS policy, the use of Biometric authentication using Windows Hello, TouchID, and FaceID should be immediately enabled to support current users with BINGO CARDS. This feature can be enabled within the app within the My Settings screen.

JusticeConnect also performs CJIS Password Policy Enforcement

JusticeConnect Authentication Process:

User must click though notification screen...

User then must login...

Then provide an identity token...

Or with TOTP.

Like what you see?

Get in touch with us today to learn more about CMI and learn more about how the CMI SAAS products can help you better manage your CAD/RMS users and public services.

Get in Touch