CJIS Media Protection & Sanitization 3

Question 1

A CJIS-compliant agency is replacing its entire fleet of networked printers that stored print jobs containing CJI in internal memory. What is the required action under the CJIS Security Policy?

Accepted Answer

Sanitize or destroy the internal storage of the printers before disposal or transfer

Answer

Printers, copiers, and multifunction devices with internal storage that holds CJI must have that storage sanitized or physically destroyed before the equipment leaves agency control.

Question 2

Which statement best reflects the CJIS requirement for media access control?

Accepted Answer

Access to media containing CJI must be restricted to authorized individuals based on official need

Answer

CJIS applies the least-privilege principle to media access, requiring that only individuals with a documented official need be authorized to access media containing CJI.

Question 3

What is 'cryptographic erasure' in the context of media sanitization, and when is it applicable under CJIS guidelines?

Accepted Answer

Destroying the encryption keys used to protect CJI on encrypted media, rendering the data unreadable—applicable when the media was encrypted from inception

Answer

Cryptographic erasure destroys the encryption keys protecting media that was encrypted throughout its lifecycle, making the encrypted CJI irretrievably unreadable without additional physical sanitization.

Question 4

An officer's agency-issued laptop is stolen while containing CJI on its encrypted hard drive. Under the CJIS Security Policy, what is the PRIMARY reason encryption is critical in this scenario?

Accepted Answer

Encryption protects the CJI from unauthorized access even if the physical media falls into the wrong hands

Answer

FIPS 140-2/140-3 validated encryption protects the confidentiality of CJI on stolen or lost media because the data remains unreadable without the correct decryption keys, even with physical possession of the device.

Question 5

Under CJIS media protection requirements, which of the following must be included in a media protection policy?

Accepted Answer

Procedures for marking, handling, storing, transporting, and sanitizing/disposing of media containing CJI

Answer

CJIS requires agencies to establish media protection policies that cover the full lifecycle of CJI media—how it is labeled, stored, handled, transported, and ultimately sanitized or destroyed.

(CJIS) Criminal Justice Information Services Certified Practice Test

(CJIS) Criminal Justice Information Services Certified Practice Test

CJIS Media Protection & Sanitization 3