SmartCOP Security and Compliance
SmartCOP provides the secure foundation Command Staff and IT Directors need to keep your community safe and your data locked down.
Security Should Never Compromise Accessibility
At SmartCOP, we operate under a ‘security first’ approach, meaning data access is only granted when all proper protections are in place. This philosophy is built into our platform, giving your agency direct control over its data while rigorously adhering to the FBI/CJIS Security Policy. With over 25 years of dedicated experience in public safety, we deliver a flexible and secure system designed to meet the specific needs and policies of your agency.
Deploy the Way That Works for Your Agency
You choose where your data lives. We do not lock you into a single architecture.
AWS GovCloud (US) Hosted
FedRAMP High authorized, CJIS-aligned infrastructure with U.S.-only data residency.
On-Premises
Full control behind your firewall with all data residing on your hardware.
Hybrid
Combine cloud scalability with on-premises control for specific workloads.
Defense-in-Depth Security Architecture
SmartCOP employs layered security controls across all deployment models
Access Control & Authentication
- Role-Based Access Control (RBAC): Least-privileged access at the application and data level. Users only see data required for their role.
- Windows Active Directory Integration: Centralized user management with domain authentication.
- Multi-Factor Authentication (MFA): Time-based one-time passwords (TOTP) via Microsoft Authenticator or equivalent.
- SmartAuth for Mobile: MFA for mobile devices that works without VPN or direct agency network connection. Uses SSL-encrypted protocols for faster, more secure field access.
Encryption Standards
- Data in Transit: All information traveling between systems uses military-grade encryption, FIPS 140-2, and TLS 1.2 encryption for all communications between user devices and SmartCOP servers.
- Data at Rest: Applying cryptographic algorithms, such as AES-256, to render backups unreadable without the proper keys, ensuring security while stored (at-rest).
- End-to-End Encryption: Industry-standard methodologies including Triple DES and AES for data traversing public networks.
Session & Account Security
- Idle timeout enforcement
- Account lockout after failed login attempts
- Password complexity requirements (minimum 8 characters, alphanumeric, 90-day rotation)
- Prevention of the last 10 password reuse
Monitoring & Logging
- Audit Logs: Password resets, account creation, successful/failed login attempts, file access, modification, deletion, and transfer.
- Firewall Logs: VPN connections, session length, intrusion detection, configuration changes.
- Log Retention: 1 year minimum.
- Critical Event Alerts: Automated email notifications for security events requiring immediate attention.
Vulnerability Management
- Continuous vulnerability scanning using Rapid7 InsightVM or equivalent agent-based tools.
- Regular risk assessments documented and maintained by SmartCOP Security Officer.
- Routine OS and firmware patching for all servers, firewalls, and appliances.
Endpoint Protection
- Endpoint Detection and Response (EDR/XDR) via CrowdStrike, Symantec, or equivalent technologies.
- Host-based firewalling and security group restrictions by IP, DNS, protocol, and application.
Backed by AWS GovCloud's Federal-Grade Infrastructure
For agencies choosing hosted or hybrid deployment, SmartCOP partners with AWS GovCloud (US), an isolated region designed for U.S. government workloads requiring strict compliance.
