Password Policy Enforcement
To provide best-practices and to ensure CJIS compliance, a Password Reset Portal is bundled with the JusticeConnect Server to allow users of any CMI product to easily and securely reset a password from anywhere.
CJIS POLICY SPECIFICS
18.104.22.168 Standard Authenticators
Authenticators are (the something you know, something you are, or something you have) part of
the identification and authentication process. Examples of standard authenticators include
passwords, tokens, biometrics, and personal identification numbers (PIN). Users shall not be
allowed to use the same password or PIN in the same logon sequence.
Agencies shall follow the secure password attributes, below, to authenticate an individual’s
1. Be a minimum length of eight (8) characters on all systems.
2. Not be a dictionary word or proper name.
3. Not be the same as the Userid.
4. Expire within a maximum of 90 calendar days.
5. Not be identical to the previous ten (10) passwords.
6. Not be transmitted in the clear outside the secure location.
7. Not be displayed when entered.
CJIS SECURITY POLICY (ver.5.4)