CJIS Cheat Sheet 2026

The 30 highest-yield CJIS facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

50 questions
60 min time limit
80% to pass
  1. A fingerprint-based background check using CHRI is considered more reliable than a name-based check because: It uniquely identifies an individual regardless of name variations
  2. Which of the following best describes a key competency required for disaster recovery & business continuity in CJIS practice? Strong analytical skills combined with effective communication and ethical judgment
  3. What is a key component of incident documentation? Detailed records
  4. What is the role of audit trails in data management? Track changes and access
  5. What is system auditing used for? Review activity
  6. How often must CJIS security training be completed? Annually
  7. What is the first step in incident response? Identify and report
  8. What is the purpose of data management? Organize and maintain data
  9. Under CJIS Security Policy, what is the significance of maintaining an up-to-date system inventory for configuration management purposes? It enables accurate identification of all components subject to CJIS security controls
  10. According to the CJIS Security Policy, what must occur before disposing of physical media that contains Criminal Justice Information (CJI)? The media must be sanitized using an approved method to render CJI unrecoverable
  11. What encryption standard must removable media meet when used to transport CJI outside of a physically secure location, per the CJIS Security Policy? FIPS 140-2 or FIPS 140-3 validated encryption using AES-256
  12. How frequently does the CJIS Security Policy require agencies to perform vulnerability scans on systems processing CJIS data? Periodically as defined by the agency's risk assessment
  13. When a CJIS-connected device is decommissioned, what configuration management step is required regarding stored data? Sanitize or destroy the device media to prevent unauthorized data recovery
  14. An agency wants to donate old computers previously used to access CJI to a local school. What must occur FIRST before the computers leave agency control? All storage media in the computers must be sanitized or physically destroyed to remove CJI
  15. Why are accurate records important in CJIS? Ensure integrity and compliance
  16. How does multi-factor authentication enhance CJIS security? Requires multiple verifications
  17. Why monitor access logs? Detect unauthorized access
  18. What consequences may result from violating CJIS policies? Loss of access and penalties
  19. Which of the following best describes a key competency required for background investigation standards in CJIS practice? Strong analytical skills combined with effective communication and ethical judgment
  20. Why limit access to sensitive records? Prevent unauthorized access
  21. Under CJIS media protection requirements, which of the following accurately describes an 'overwriting' sanitization technique? Writing new data patterns over existing data to make the original data unrecoverable
  22. Why is root cause analysis important? Find root cause
  23. Who should be notified in a major security incident? Notify authorities
  24. What is a 'security impact analysis' in the context of CJIS configuration management? An assessment of the security effects of proposed changes before they are implemented
  25. What is the purpose of degaussing as a media sanitization method under CJIS guidelines? It exposes magnetic media to a strong magnetic field to erase recorded data
  26. What is the main goal of information security? Protect data confidentiality
  27. Under CJIS policy, who is the designated owner of CHRI data stored within the Interstate Identification Index (III)? The originating agency that submitted the record
  28. How long must a noncriminal justice agency retain documentation of CHRI transactions under CJIS audit requirements? Three years
  29. What is a retention policy? Define data retention period
  30. How does encryption protect data? Makes data unreadable
Turn these facts into recall: