Compliance
CJIS compliance is not a feature.
It is the foundation.
EasyWarrant is designed from the ground up to meet every requirement of CJIS Security Policy v6.0 — the non-negotiable federal standard governing any system that handles Criminal Justice Information.
Classification
Brigade Management as Private Contractor
Because Brigade Management owns the infrastructure and handles Criminal Justice Information on behalf of law enforcement agencies, it is classified as a Private Contractor under CJIS Security Policy v6.0. This classification carries mandatory, non-negotiable obligations that are fully satisfied before any agency goes live on the platform.
No agency may go live until all pre-launch compliance requirements are complete. These are federal requirements — not suggestions.
| Requirement | Detail | Phase |
|---|---|---|
| CJIS Security Addendum | Executed with every agency before go-live | Pre-launch |
| State CSA Approval | Per-state approval from CJIS Systems Agency | Pre-launch |
| Background Checks | Fingerprint-based for all staff with CJI access | Pre-launch |
| Compliance Officer | Designated CJIS CO on staff or retainer | Pre-launch |
| Cyber Liability Insurance | CJIS-specific underwriting required | Pre-launch |
| FIPS 140-3 Infrastructure | Azure Government; FIPS 140-2 sunset Sep 21, 2026 | Phase 1 |
| Encryption in Transit | TLS 1.2+, AES-128 min, FIPS 140-3 module | Phase 1 |
| Encryption at Rest | AES-256, US jurisdiction only, no foreign DCs | Phase 1 |
| MFA (AAL2) | All officers and judges; 1hr timeout; 12hr reauth | Phase 2 |
| Audit Logging | Tamper-evident, agency-owned, exportable on demand | Phase 2 |
Encryption
Encryption in transit and at rest
In Transit (SC-8, SC-13)
- FIPS 140-3 certified cryptographic module
- AES (FIPS 197) — minimum 128-bit symmetric key
- TLS 1.2 or higher for all signaling
- DTLS-SRTP for media streams
- No plaintext CJI on any external network
- FIPS 140-2 NOT acceptable after Sep 21, 2026
At Rest (SC-28)
- FIPS 140-3 module + AES-256 (FIPS 197)
- Storage in US / US territories only
- No foreign datacenters — enforced at infrastructure level
- CJI metadata protected identically to CJI
- Agency-controlled keys via Azure Key Vault (HSM)
- No use of CJI metadata for commercial purposes
Infrastructure
Azure Government — dedicated subscription
EasyWarrant runs on a dedicated Microsoft Azure Government subscription — isolated from all other Brigade Management systems. Azure Government is FIPS 140-3 validated and FedRAMP High authorized.
Azure Government
USGov Virginia / USGov Arizona
Azure Blob Storage Gov
Document storage, AES-256
Azure Key Vault (HSM)
Agency-controlled CMK, FIPS 140-3
Azure PostgreSQL Gov
Managed database, FIPS-compliant
Auth0 Government / Okta FedRAMP
AAL2 MFA, FIPS-validated IdP
DocuSign eNotary
CJIS compliance docs available
Questions about compliance for your agency?
We provide a full compliance documentation package with every agency onboarding.