CJIS Security Policy Compliance

When investigative agencies partner with CaseSense, they leverage a platform engineered to aggressively defend sensitive intelligence against unauthorized access and emerging cyber threats, meeting and exceeding local, state, and federal mandates.

Architectural Security & Data Protection

We reject the approach of bolting security onto an application as an afterthought. Our software architecture proactively secures case data at every layer:

• Cryptographic Authentication & Authorization: All access is tightly controlled via secure, cryptographically signed tokens. A user's specific agency affiliation and permission roles are embedded directly into these claims. Our backend continuously verifies these claims on every single request.
• Dynamic Access Revocation: In the event a user's role changes or their agency access is revoked, our platform guarantees immediate token invalidation. The system triggers mandatory forced refreshes on all endpoints, ensuring unauthorized personnel are instantly locked out.
• Strict Resource Routing (URL Security): Sensitive identifiers, such as case IDs or suspect references, are never exposed in browser URLs. By maintaining complex routing contexts globally within the application state, we eliminate the risk of URL enumeration attacks and prevent sensitive data from leaking into local browser histories or proxy logs.
• Secure Real-Time Operations: To support seamless multi-detective collaboration, live activity feeds and data refreshes are transmitted via secure, encrypted continuous communication channels. Every real-time message is passed through identical stringent gateway authorization layers.

Advanced Infrastructure & Sovereignty

Our cloud infrastructure is purpose-built to meet rigorous government security standards.

• Encryption In Transit and At Rest: All data transmitted between the client and server is secured using robust Transport Layer Security (TLS 1.3), while all CJI stored within our databases and file systems is encrypted at rest using AES-256 encryption protocols.
• FedRAMP-Certified Environment: The underlying cloud infrastructure powering CaseSense maintains strict adherence to FedRAMP certifications, alongside compliance with ISO 27001, SOC 2 Type II, and other critical security frameworks.
• Absolute Data Sovereignty: We guarantee that 100% of your agency data—including primary databases, media storage, replication sites, and disaster recovery backups—remains physically located within the continental United States.

Personnel Security & Accountability

Technology is only as secure as the people managing it. Act Two Solutions LLC enforces strict personnel security policies to safeguard your intelligence.

• Stringent Background Checks: Every authorized CaseSense systems engineer or support technician with potential access to the environment must successfully pass comprehensive state and national fingerprint-based background checks.
• CJIS Security Addendums: All applicable personnel formally acknowledge and execute the uniform CJIS Security Addendum, legally binding them to the strict confidentiality and penalty provisions required by the FBI.
• Continuous Training: Security is an ongoing process. Our team is enrolled in dedicated CJIS Security Awareness programs, requiring rigorous Level 4 training upon hire and biennially thereafter to ensure our personnel are equipped to defend against modern social engineering and cyber threats.

Audit Assistance & Compliance Documentation

Act Two Solutions LLC stands ready to support your agency during any state or federal CJIS audits. We can provide detailed architectural documentation, compliance mappings, and personnel training verification upon request to assist your Terminal Agency Coordinator (TAC) in validating the security of the CaseSense platform.

For specific inquiries, security documentation requests, or to schedule a compliance review, please contact your CaseSense Account Manager or email our security team directly.