SmartCOP’s Best Practices for Security

  • Posted on
This article outlines SmartCOP best practices for security and protecting Criminal Justice Information (CJI).We’d like to take a moment to share a brief reminder on SmartCOP best practices for security and protecting Criminal Justice Information (CJI). This document outlines SmartCOP’s recommended security best practices applicable to both hosted and on-premises deployments. These practices are designed to support a strong security posture and help protect agency data and systems. SmartCOP solutions may be deployed in SmartCOP-hosted environments or in agency-managed on-premises environments. Regardless of deployment model, security is a shared responsibility. SmartCOP provides guidance, standards, and secure product design, while agencies are responsible for implementation, configuration, and ongoing operational security within their environments.

SmartCOP Hosted Environments 

SmartCOP hosted environments may be deployed in AWS GovCloud (US) or in other SmartCOP managed CJIS-aligned hosting environments. All SmartCOP hosted solutions adhere to SmartCOP’s internal security policies and standards and leverage a consistent set of security tools, processes, and monitoring controls.

AWS GovCloud (US) Security Alignment 

When deployed in AWS GovCloud (US), SmartCOP environments benefit from infrastructure designed to align with government and law enforcement security requirements, including:
  • FedRAMP authorized infrastructure 
  • Support for CJIS-aligned security requirements 
  • Eligibility for ITAR and export-controlled workloads 
  • U.S.-only data residency 
  • Independent third-party audits and continuous compliance monitoring

SmartCOP Defense-in-Depth Controls 

Across all SmartCOP-hosted environments, a layered security model is employed, including: 
  • Role-based access controls with monitored and logged access 
  • Multi-Factor Authentication (MFA) or one-time passcode mechanisms for administrative access 
  • Routine operating system and firmware patching 
  • Host-based firewalls and network security group restrictions 
  • Encryption of all data in transit using TLS 1.2 or higher 
  • Encryption of sensitive data at rest 
  • Regular, scheduled, encrypted backups 
  • Endpoint Detection and Response (EDR/XDR) protections, such as CrowdStrike
  • Continuous vulnerability scanning using Rapid 7 Insight or equivalent
  • Secure source code repositories and access controls
  • Encryption of communications and file transfers containing PII

On-Premises Deployment Guidance 

For agencies operating SmartCOP in on-premises environments, SmartCOP recommends adopting equivalent security controls aligned with these best practices. Day-to-day security operations, monitoring, and incident response remain the responsibility of the operating agency. SmartCOP remains committed to supporting agencies with secure products, guidance, and transparent communication. For additional information or clarification on security best practices, please contact SmartCOP Support or your account representative.

Recommended Posts

Transitioning from paper mobile ticketing involves more than new hardware; it's a re-architecture of a core workflow. This article provides a grounded framework for agency decision-makers to evaluate the operational, technical, and financial implications of adopting an electronic citation system.
Evaluating Mobile Ticketing Systems: A Framework for Agency Decision-Makers
Learn how conservation officers are using SmartCOP's field-ready software to write fishing citations, track violations, and stay connected in remote areas.
Why Your Fishing Citation Process is Slowing You Down (And How to Fix It)
End-of-year thanking valued customers and welcoming new agencies while highlighting SmartCOP’s trusted public safety software suite.
 A Year of Partnership, Progress & Public Safety
Discover how SmartCOP’s CAD Dispatch Software supports public safety professionals with NCIC integration, real-time alerts, and more.
Modern CAD Dispatch Software for Today’s Public Safety Agencies