Scribbles Software Retains Lazarus Alliance for FBI CJIS Security Audits

Scribbles Software has partnered with Lazarus Alliance to ensure that its software solutions for Government services are in compliance with FBI CJIS Security Policy.

Lazarus Alliance, a leading provider of cybersecurity, governance, risk, and compliance (GRC) services, announces its partnership with Scribbles Software, developers of ScribOrder, a cloud-based records management solution for K-12 schools.

The CJIS is the FBI’s largest division and encompasses several departments, including the National Crime Information Center (NCIC), the Integrated Automated Fingerprint Identification System (IAFIS), and the National Instant Criminal Background Check System (NICS). The CJIS databases are used by law enforcement agencies, other government organizations, and some corporate networks. Any service that accesses these databases must comply with the FBI CJIS Security Policy, which encompasses a common set of user security standards to protect the integrity of these highly sensitive databases.

“We’re excited that Scribbles Software has entrusted us with ensuring that their solutions are CJIS-compliant, and we look forward to working with them,” said Michael Peters, CEO of Lazarus Alliance.

Because the FBI CJIS Security Policy is so voluminous, organizations usually achieve compliance by “mapping” the requirements with NIST Special Publication 800-53, which uses a risk management framework to outline and document security controls for federal information systems and organizations. However, mapping CJIS standards to NIST 800-53 is a complex and time-consuming process, even for an auditor that is highly experienced with NIST.

To perform the CJIS audits for Scribbles Software, Lazarus Alliance will utilize the IT Audit Manager software solution from Continuum GRC. The IT Audit Manager is a cloud-based GRC automation solution that integrates IT governance, policy management, risk management, compliance management, audit management, and incident management.

“The IT Audit Manager includes self-help modules for the full spectrum of regulatory and industry data security requirements, including NIST SP 800-53,” Peters explained. “All of our clients love the IT Audit Manager because it speeds up the audit process and saves them a lot of money and headaches, without sacrificing accuracy. It also makes it easier for them to maintain compliance moving forward.”

Source: Lazarus Alliance