Everything you need, in one place. Find the latest CJIS Security Policy, CJIS technical audit, Contractor documents.
MOST REQUEST DOCUMENTS
CJIS Security Policy v5.9.5
(Current policy through 3/31/2027)
Incident Response Form
Report security incidents to ETOC
512-424-2139
CJIS Technical Audit v5.9.5
Self-assess your agency before your CJIS audit
System Access Chart
Who can access what — updated 04/01/2025
CJIS Policy Components
This section brings together the core policy documents every Texas criminal justice agency needs to understand and comply with the FBI CJIS Security Policy. These documents form the foundation of CJIS compliance — everything else (audits, training, sample policies) builds on them.
This section covers both the current audit policy (v5.9.5, effective through 03/31/2027) and the upcoming modernized policy (v6.0), plus the Texas-specific supplement and required contractor addendum.
Who This Section Is For
- Local Agency Security Officers (LASOs)
- Agency leadership preparing for a CJIS audit
- IT staff implementing CJIS technical controls
- Contract managers onboarding vendors with CJI access
Understanding Policy Versions
Two versions of the CJIS Security Policy are currently relevant:
- Version 5.9.5 — The current audit policy. All CJIS audits through 03/31/2027 are conducted against this version.
- Version 6.0 — The modernized policy. Released 01/22/2025. Agencies should begin gap assessments to prepare for future audits.
You need to be familiar with both — v5.9.5 for today's compliance, v6.0 for what's coming.
Current Policy v6.0
CJIS Security Policy v6.0 was released on 01/22/2025 and represents a significant modernization aligned with NIST SP 800-53 Rev. 5. While not currently used for audits, agencies should begin gap assessments now to prepare for future audit cycles.
FBI CJIS Security Policy version 6.0 (PDF) (01/22/2025)
The modernized FBI CJIS Security Policy. Introduces updated controls in areas including access control, identification and authentication, incident response, and cloud computing environments.
When to use: Gap assessments, planning future investments, and preparing your agency for the next generation of CJIS compliance requirements
FBI CJIS Requirements Companion Document version 6.0 (PDF) (01/22/2025)
Quick-reference PDF listing every control and requirement in the modernized v6.0 Security Policy.
When to use: Comparing v6.0 requirements against your current v5.9.5 implementation to identify gaps.
FBI CJIS Requirements Companion Document version 6.0 (Excel) (01/22/2025)
Sortable, filterable spreadsheet version of the v6.0 requirements. Ideal for tracking readiness and planning remediation.
When to use: Building your v6.0 readiness roadmap and tracking progress against each new or changed requirement.
Current Audit Policy (v5.9.5)
All Texas CJIS audits through March 31, 2027 are conducted against FBI CJIS Security Policy version 5.9.5. Agencies should be actively using these documents for day-to-day compliance.
FBI CJIS Security Policy version 5.9.5 (PDF) (07/24/2024)
The complete FBI CJIS Security Policy currently used for all audits in Texas. Establishes the technical, administrative, and physical security controls required for any agency or entity handling Criminal Justice Information.
When to use: Your primary reference for all compliance work today. Every control your agency must implement is defined here.
FBI CJIS Requirements Companion Document version 5.9.5 (PDF) (07/24/2024)
A quick-reference PDF listing every control and requirement from the v5.9.5 Security Policy. Makes it easier to scan, cross-reference, and communicate specific requirements.
When to use: Looking up a specific control requirement without having to search through the full policy document.
FBI CJIS Requirements Companion Document version 5.9.5 (Excel) (07/24/2024)
Spreadsheet version of the v5.9.5 requirements — sortable, filterable, and perfect for tracking compliance status across your agency.
When to use: Building your agency's compliance tracking spreadsheet, assigning control owners, or documenting your current posture against each requirement.
Shaping Future Policy
The CJIS Security Policy isn't static — it evolves through the CJIS Advisory Policy Board (APB) process. The APB is the governance body that recommends changes, additions, and clarifications to the CJIS Security Policy. Texas agencies can participate in shaping future policy by submitting topics for the APB to consider.
If your agency has encountered a gap, ambiguity, or practical challenge in the current policy, the APB Topic Request Form is how you formally propose a change.
APB Topic Request Form (PDF)
Official form used to submit a proposed topic to the CJIS Advisory Policy Board (APB) for consideration. Allows agencies to suggest policy changes, clarifications, or new requirements based on real-world experience and emerging needs.
When to use: Your agency has identified a specific gap, ambiguity, or practical challenge in the current CJIS Security Policy and wants to formally propose it be addressed in a future policy revision.
Texas-Specific Documents
In addition to the FBI CJIS Security Policy, Texas agencies must comply with state-specific additions and use the required CJIS Security Addendum when contracting with vendors.
CJIS Security Addendum (DOC)
The required contractor addendum for any vendor or contractor with access to Criminal Justice Information. Must be signed by every contractor employee before access is granted.
When to use: Whenever your agency engages a contractor or vendor — IT provider, dispatch service, technical consultant — who will have any access to CJI.
Texas Security Policy Supplement (PDF)
Texas-specific additions, clarifications, and enhancements to the FBI CJIS Security Policy. Describes where Texas requirements go beyond or clarify federal baseline standards.
When to use: Understanding the Texas-specific obligations that apply to your agency on top of the federal CJIS Security Policy. Updated 05/15/2025.
Audit & Compliance Tools
CJIS Technical Audit — Full Document
The complete audit framework Texas DPS uses to evaluate agency compliance. Provides a deeper look at what auditors examine, how findings are scored, and what evidence is expected.
When to use: Understanding exactly how your agency will be evaluated, preparing formal audit evidence packages, or training IT staff on the audit process.
Contractor Certification References Documents
This section compiles the key documents Texas criminal justice agencies, and their contractors need when contractor employees will have access to Criminal Justice Information (CJI).
Any contractor whose work involves direct or indirect access to CJI must be fully aware of the federal regulations, operational manuals, and state statutes that govern their conduct. The three reference documents in this guide collectively establish the legal and operational framework for contractor compliance.
Who This Section Is For
- Local Agency Security Officers (LASOs) onboarding contractors
- Contractor employees who will access CJI as part of their work
- IT, technical service, and dispatch service providers supporting criminal justice agencies
- Agency leadership responsible for vendor and contract oversight
Each of the three reference documents below establishes a different layer of the compliance framework contractors must understand. All three should be reviewed as part of contractor onboarding and certification.
Contractor Employee Reference Documentation - CFR (PDF)
Federal regulations governing contractor employee access to Criminal Justice Information. Establishes the baseline federal legal framework that applies to every agency and contractor in the United States handling CJI.
When to use: Onboarding any contractor who will access CJI — this is the foundational federal authority all compliance rests upon.
Contractor Employee Reference Documentation - NCIC2000 Manual (PDF)
Reference material from the National Crime Information Center (NCIC) 2000 Operating Manual that applies to contractor employees. Covers the operational rules, data handling requirements, and authorized uses of NCIC information.
When to use: Training contractor employees who will query, receive, or handle NCIC data as part of their work supporting your agency.
Contractor Employee Reference Documentation - Texas Government Code (PDF)
Texas-specific statutory references that apply to contractor employees with access to Criminal Justice Information. Establishes state-level legal obligations layered on top of the federal CFR and NCIC framework.
When to use: Ensuring contractors operating in Texas understand their legal responsibilities under state law — including confidentiality, penalties, and authorized disclosures.
The three reference documents work together to form a complete compliance framework. Here's how they fit:
Think of it as three layers: federal baseline → operational specifics → state-level obligations. Contractors must understand all three to be fully compliant.