Security & Compliance
eCourtDate processes criminal justice information (CJI), personally identifiable information (PII), and court records on behalf of courts, law enforcement, and public safety agencies. This section describes the security controls, compliance alignment, and operational practices that protect that data.
Platform Security Summary
| Area | Summary |
|---|---|
| Infrastructure | AWS GovCloud (US), physically isolated, US-only data residency |
| Encryption in Transit | HTTPS enforced, TLS 1.2+ with FIPS-validated modules |
| Encryption at Rest | AES 256-bit using AWS KMS with FIPS 140-2/140-3 validated modules |
| Authentication | OAuth 2.0 Client Credentials, SSH key auth, SSO/SAML, MFA mandatory |
| Access Controls | Granular CRUD permissions per record type, agency-scoped API clients, IP allowlisting |
| Compliance Frameworks | CJIS, FedRAMP High, FIPS 140-2/140-3, SOC 2, HIPAA alignment |
| Security Testing | OWASP Top 10 and CWE/SANS Top 25 automated scans, WAF |
| Availability | 99.95% uptime, automated hourly backups, multi-region deployment |
| Audit and Monitoring | Real-time activity logging, automated exports, SIEM integrations |
Compliance Frameworks at a Glance
- CJIS: The FBI's Criminal Justice Information Services Security Policy governs how criminal justice data must be handled. eCourtDate aligns with CJIS requirements for encryption, access controls, audit logging, and multi-factor authentication.
- FedRAMP High: The Federal Risk and Authorization Management Program evaluates cloud security at three impact levels. eCourtDate operates on AWS GovCloud infrastructure authorized at the FedRAMP High baseline.
- FIPS 140-2/140-3: Federal standards for cryptographic modules. eCourtDate uses AWS cryptographic services validated to FIPS 140-2 and 140-3 standards.
- SOC 2: Service Organization Control 2 evaluates security, availability, and confidentiality controls.
- HIPAA: The Health Insurance Portability and Accountability Act governs protected health information where applicable.
info
For detailed compliance documentation, audit reports, or security questionnaires, contact the eCourtDate security team through the Help Center.
Subsections
- Compliance Framework: Detailed coverage of CJIS, FedRAMP, FIPS, SOC 2, and HIPAA alignment.
- Infrastructure: AWS GovCloud hosting, regions, network security, and physical security.
- Data Handling: Data classification, platform controls, residency, and retention.
- Encryption: TLS in transit, AES at rest, FIPS modules, and certificate management.
- Key Management: Secret types, lifecycle management, and rotation practices.
- Access Control: Authentication methods, MFA, RBAC, and session management.
- Audit Logging: Log types, retention, SIEM integrations, and compliance use cases.
- IP Allowlisting: Network configuration for webhooks, SFTP, and API access.
- Incident Response: Reporting, monitoring, notification, and coordinated response.
- Vulnerability Management: Scanning, penetration testing, patch management, and responsible disclosure.
- Business Continuity: Availability, backup, disaster recovery, and maintenance.
- Security Contacts: How to reach the eCourtDate security team.
Related Documentation
- Webhook Security: HMAC verification and webhook-specific security controls.
- OAuth Security: SSO security requirements, FIPS compliance, and MFA enforcement.
- SSL Certificates: Automatic certificate provisioning for custom domains.
- API Authentication: OAuth 2.0 Client Credentials flow for API access.
- AI Policies: Data ownership, privacy, and AI governance.