Imprivata Research Finds Gap Between CJIS Compliance Priorities and Agency Readiness

New research from Imprivata and Lexipol reveals that although most public safety agencies prioritize CJIS compliance, many continue to face staffing, infrastructure and identity security challenges that delay full compliance.

A new study from Imprivata and Lexipol found that while most public safety agencies consider CJIS compliance a cybersecurity priority, many continue to face operational and technology challenges that hinder full compliance.

Imprivata released new research conducted with Lexipol examining the identity security and access management challenges public safety agencies face as they work to meet the FBI's Criminal Justice Information Services (CJIS) Security Policy requirements. According to the report, CJIS Compliance in Focus: The Identity Security Challenges Facing Public Safety Agencies, 79% of public safety professionals surveyed identified CJIS compliance as a top or high cybersecurity priority, but only 32% said their agencies are fully compliant.

The report is based on responses from more than 300 public safety professionals across the United States. The findings indicate that although agencies recognize the importance of meeting CJIS requirements, many continue to struggle with operational and technology obstacles that make compliance difficult to achieve and maintain. The report points to aging infrastructure, staffing limitations and increasingly complex identity and access management requirements as ongoing challenges as agencies modernize ahead of the FBI's October 1, 2027 CJIS Security Policy deadline.

Among agencies that are not fully compliant, the most commonly cited barriers were competing agency priorities and aging infrastructure and legacy systems, each identified by 47% of respondents. Another 40% cited limited IT or security staff as a significant obstacle to compliance efforts.

Jeff Johnson, data intelligence architect with Denton County, Texas, said public safety organizations require secure access that is both reliable and fast, adding that personnel cannot afford repeated logins, authentication delays or inconsistent access controls during critical situations. He said agencies seeking to strengthen security and support CJIS compliance must ensure personnel remain focused on protecting their communities.

The research also found that identity security is becoming a central component of CJIS compliance as agencies manage access across users, devices, applications and locations. Agencies must be able to verify and report who is accessing critical systems, where access is occurring and under what conditions while maintaining rapid access to information during time-sensitive incidents.

Survey respondents identified cybersecurity risk (67%) and CJIS compliance (64%) as the primary drivers behind identity and access management investments, highlighting the close relationship between security and compliance initiatives.

Nearly all respondents (95%) reported experiencing some form of access or security friction when accessing critical systems. The most common issues included logging into multiple systems repeatedly (36%) and slow authentication processes (35%).

To address these challenges, agencies are increasingly planning investments in identity-focused security strategies. Planned investments include privileged access management, cited by 24% of respondents, and passwordless authentication, cited by 23% of respondents.

Sign up for our eNewsletters
Get the latest news and updates