CJIS 6.0 Is Here—Is Your Public Safety IT Environment Ready?

By Jason Hennessey, Security Architect – SLED

The Criminal Justice Information Services (CJIS) Security Policy version 6.0, published in December of 2024, brings modernization of controls, categorization, prioritization, and new compliance requirements for agencies accessing or managing Criminal Justice Information (CJI). Now totaling more than 180 primary controls and 1,300 subcontrols, these updates are not simply an updated policy—they are a call to action for public safety agencies to revisit their IT environments, security controls, and abilities to meet changing demands.  

At SDI, we work with public safety agencies each day to help them navigate their complex IT and security requirements, including CJIS Security Policy. Here are some important things to understand about version 6.0 and how we can help you stay proactive with compliance and improve operational performance. 

What’s New in CJIS 6.0? 

CJIS Security Policy 6.0 reinforces a handful of significant areas, with new guidance and clarification on: 

• Cloud services and remote access: Expanded defining cloud providers and stronger controls for CJIS compliant cloud use. 

• Multifactor authentication (MFA): Stricter verification enforcement requirements, especially for remote or mobile users. 

• Audit logging and event monitoring: Increased expectations on tracking and alerting for unauthorized access or anomalies. 

• Personnel and third-party risk: Increased expectations on background checks, supply chains, vendor vetting, and continuing role-based access. 

These updates demonstrate a larger evolution in the public safety IT space—where cloud, mobile and hybrid infrastructures are increasingly being utilized, and security is everyone’s responsibility. 

Why CJIS 6.0 matters for Public Safety Agencies?

For 911 centers, law enforcement, and justice systems, noncompliance can be much more than a risk – it can result in sanctions, termination of services, adversely impact mission critical operations, undermine funding, and damage community trust.   

Many agencies operate with legacy systems or siloed infrastructure that weren’t built for today’s distributed and dynamic technology environments. CJIS 6.0 puts a spotlight on those gaps—and raises the bar for what secure, modern public safety IT should look like. 

How We Can Help 

SDI is actively supporting agencies across the country with CJIS Security Policy 6.0 readiness assessments and remediation planning. Our public safety technology experts bring deep experience in: 

• Secure cloud and hybrid infrastructure deployments 

• CAD, RMS, and video system modernization 

• 24×7 cybersecurity monitoring and threat response 

• CJIS-compliant identity, access, and audit frameworks 

• Policy development, governance, and user training 

Our approach is lifecycle-based: we help agencies plan, implement, manage, and innovate—so they can move forward confidently with both compliance and performance. 

Let’s Talk 

CJIS Security Policy 6.0 is a strategic opportunity to modernize your systems, tighten security, and ensure your technology keeps pace with your mission. 

Connect with our public safety team to schedule your CJIS workshop to assess your posture and outline a practical action plan.