Stay Current on CJIS Security. This page keeps Texas law enforcement and criminal justice agencies informed on the latest policy changes, security advisories, training opportunities, and Monthly Security Office Chat recaps. Check back often — or subscribe to the CJIS Listserv to get updates delivered straight to your inbox.
CJIS Security Policy v6.0 — What Texas Agencies Need to Know
The FBI CJIS Division has released the modernized CJIS Security Policy (CJISSECPOL) v6.0, introducing updated controls aligned with NIST SP 800-53 Rev. 5.
Texas agencies should review the following key changes:
- Access Control: Strengthened requirements for privileged account management and session locking
- Identification & Authentication: Advanced multi-factor authentication requirements across all CJI access points
- Incident Response: Updated timelines and escalation procedures for reporting security incidents
- Cloud Computing: Expanded guidance for FedRAMP-authorized cloud environments
All agencies should begin gap assessments immediately to identify areas requiring remediation.
Ransomware Targeting Law Enforcement — Updated Prevention Guidance
Ransomware groups continue to target public sector organizations, with law enforcement agencies increasingly in the crosshairs. Modern variants use double- extortion tactics, exfiltrating data before encryption and threatening public release.
Immediate steps every agency should take:
- Verify offline, air-gapped backups are tested regularly and cannot be reached from production networks
- Enforce multi-factor authentication (MFA) on all remote access, email, and admin accounts
- Apply endpoint detection and response (EDR) across all workstations and servers handling CJI
- Conduct quarterly phishing simulations for all personnel with CJI access
- Maintain a tested incident response plan with defined roles and contacts
If your agency suspects a ransomware incident, contact DPS ETOC (Enterprise Technology Operation Center) at 512-424-2139 immediately once confirmed — do not pay any ransom without coordinating with law enforcement and DPS.
AI-Powered Phishing & Deepfakes — A Growing Threat to Law Enforcement
Threat actors are increasingly using artificial intelligence to craft highly convincing phishing emails, voice calls (vishing), and video deepfakes that impersonate trusted officials — including chiefs, sheriffs, and IT administrators.
What your agency can do:
- Establish verification protocols for sensitive requests received via phone, email, or video — always confirm through a second trusted channel
- Train staff to recognize social engineering red flags in urgent or unusual requests, even when they appear to come from leadership
- Implement email authentication standards (DMARC, DKIM, SPF) to reduce spoofed messages
- Update your annual security awareness training to cover AI-generated threats
CJIS Security Office Monthly Chat — Key Takeaways (April 2026)
Thank you to everyone who joined our April Monthly Chat! William Frame, Compliance Analyst, walked through the Incident Response procedures and Sonya Stell, the CJIS Security Office manager answered agency questions.
Key topics covered:
- 2026 audit priorities and Incident Response
- Visitor Logs requirements
- Q&A on the Satellite-to-SD-WAN transition project
Our next Monthly Chat is the first Tuesday of next month, 3:00 – 5:00 PM via Microsoft Teams.