Since Bridge4PS is not a system that “queries CJI”, it is not subject to CJIS regulations. While that’s been confirmed with the FBI CJIS office, it’s still subject to each state’s CJIS auditor and/or department policies. Bridge4PS meets the majority of CJIS requirements, but not all are feasible given the nature of Bridge4PS as a real-time collaboration platform versus a criminal justice database.
We are currently operating under a grant from the U.S. Department of Homeland Security pursuing FedRAMP Moderate compliance. The monitoring, logging, incident reporting and auditing requirements for FedRAMP exceed the CJIS requirements in these areas except that we do not have a way of categorizing CJI from other data since the system is not based on a structured data model. The other significant requirement that we do not meet is session timeout as that would render the platform ineffective for real-time collaboration as users would not receive notifications when logged out.
Some states and departments have formally adopted Bridge4PS, while others use it more informally to replace consumer-grade messaging apps. For example, the State of South Dakota put out a procurement for a statewide interoperability app. They selected Bridge4PS and had their cybersecurity office conduct a security assessment prior to purchasing Enterprise Bridge4PS Licenses. There is substantial adoption of Bridge4PS in Minnesota with numerous task forces operating under the Minnesota Bureau of Criminal Apprehension (BCA) in conjunction with numerous local, federal and tribal partners. MNJIS has formally approved the sharing of PII in Bridge4PS channels.
The table on page 2 shows the Bridge4PS status for each CJIS requirement. Please see attached "B4PS CJIS Compliance Statement" for the Bridge4PS status of each CJIS security requirement.