Notifications
Clear all
Topic starter
25/06/2026 3:05 pm
TL;DR: Marietta, Georgia’s CJIS compliance example shows that agencies can pair strong authentication with single sign-on, badge and fingerprint access, and central policy control to reduce friction for officers and staff, according to Imprivata. The real lesson is that compliance programmes only become durable when daily access is easy enough for people to actually use.
NHIMG editorial — based on content published by Imprivata: CJIS 6.0 compliance made practical, featuring the City of Marietta, Georgia
Questions worth separating out
Q: How should agencies make CJIS access both secure and usable?
A: Agencies should pair strong authentication with simplified session access, then test the result in real operational workflows.
Q: Why does usability matter in CJIS compliance programmes?
A: Usability matters because controls only protect information when people can use them reliably under pressure.
Q: What breaks when access management is too fragmented across departments?
A: Fragmentation creates inconsistent policies, more help desk demand, and uneven user experiences that undermine confidence in the system.
Practitioner guidance
- Validate CJIS flows in operational conditions Test login, application switching, and session continuity in patrol, dispatch, and back-office scenarios before expanding the model to new departments.
- Review where users still re-enter credentials Identify applications or workflows that force repeated authentication and decide whether they need SSO integration, policy redesign, or tighter session handling.
- Centralise authentication policy changes Use one governance point for MFA, SSO, and access rules so departments do not drift into inconsistent local exceptions over time.
What's in the full article
Imprivata's full white paper covers the operational detail this post intentionally leaves for the source:
- Implementation specifics for CJIS 6.0 compliant access workflows across patrol and office environments
- Practical guidance on combining multifactor authentication with SSO for front-line staff
- Examples of how city departments can expand a successful access model beyond the police department
- More detail on reducing password-related support demand while maintaining central policy control
👉 Read Imprivata's white paper on CJIS 6.0 compliance made practical →
CJIS access management in practice: can compliance also improve usability?
Explore further
25/06/2026 4:24 pm
CJIS compliance fails as a programme outcome when it is treated as the end state. Marietta’s example shows that meeting the mandate is only the starting point because access still has to work in daily operations. When usability is ignored, users spend more time navigating controls than using the systems those controls are meant to protect. The implication is that compliance metrics alone do not prove governance maturity.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows why access governance has to be sustained rather than episodic.
A question worth separating out:
Q: How can teams tell whether an access model is actually working?
A: Look for reduced password-related help desk calls, fewer repeated logins, and user demand to add more applications into the approved access environment. Those signals show that the control model is both secure and practical. If none of those improve, the programme may be compliant on paper but brittle in use.
👉 Read our full editorial: CJIS compliance and usability: what Marietta’s access model shows
