Password Policy Enforcement
To provide best-practices and to ensure CJIS compliance, a Password Reset Portal is bundled with the JusticeConnect Server to allow users of any CMI product to easily and securely reset a password from anywhere.
CJIS POLICY SPECIFICS
5.6.2.1 Standard Authenticators
Authenticators are (the something you know, something you are, or something you have) part of
the identification and authentication process. Examples of standard authenticators include
passwords, tokens, biometrics, and personal identification numbers (PIN). Users shall not be
allowed to use the same password or PIN in the same logon sequence.
5.6.2.1.1 Passwords
Agencies shall follow the secure password attributes, below, to authenticate an individual’s
unique ID.
Passwords shall:
1. Be a minimum length of eight (8) characters on all systems.
2. Not be a dictionary word or proper name.
3. Not be the same as the Userid.
4. Expire within a maximum of 90 calendar days.
5. Not be identical to the previous ten (10) passwords.
6. Not be transmitted in the clear outside the secure location.
7. Not be displayed when entered.
CJIS SECURITY POLICY (ver.5.4)