Compliance Framework
eCourtDate serves courts, law enforcement, and public safety agencies that operate under strict regulatory requirements. This page describes how the platform aligns with major compliance frameworks relevant to the justice sector.
CJIS Security Policy
The FBI's Criminal Justice Information Services (CJIS) Security Policy defines security requirements for any organization that accesses, transmits, or stores criminal justice information (CJI). Compliance is mandatory for systems that handle law enforcement data.
eCourtDate aligns with CJIS requirements across the following areas:
| CJIS Requirement | eCourtDate Control |
|---|---|
| Encryption in transit | HTTPS with TLS 1.2+, FIPS-validated modules |
| Encryption at rest | AES 256-bit via AWS KMS, FIPS 140-2/140-3 validated |
| Access control | Granular CRUD permissions, agency-scoped API clients |
| Multi-factor authentication | MFA mandatory for Console access, IDP-enforced for SSO |
| Audit logging | Real-time activity logs, never deleted, exportable |
| Personnel security | AWS GovCloud restricted to US persons on US soil |
| Media protection | Encrypted storage, encrypted backups |
For CJIS audit documentation or a completed CJIS Security Addendum, contact the eCourtDate security team through the Help Center.
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment for cloud services used by federal agencies. FedRAMP defines three impact levels: Low, Moderate, and High.
eCourtDate operates on AWS GovCloud infrastructure that holds a FedRAMP High Authorization to Operate (ATO). This means the underlying cloud infrastructure has been assessed and authorized at the highest impact level, covering the most sensitive unclassified government data.
Key points:
- Infrastructure authorization: AWS GovCloud (US) is FedRAMP High authorized.
- Application-level controls: eCourtDate implements application-level security controls consistent with FedRAMP High requirements, including encryption, access controls, audit logging, and incident response.
- Continuous monitoring: Security controls are monitored and maintained on an ongoing basis.
For details on eCourtDate's FedRAMP authorization status at the application level, contact the security team through the Help Center.
FIPS 140-2 / 140-3
Federal Information Processing Standards (FIPS) 140-2 and 140-3 define requirements for cryptographic modules used in government systems. These standards ensure that encryption implementations have been tested and validated by accredited laboratories.
eCourtDate uses AWS cryptographic services that are FIPS 140-2 and 140-3 validated:
- TLS termination: FIPS-validated modules for HTTPS connections
- Storage encryption: AES 256-bit encryption through AWS KMS with FIPS-validated hardware security modules
- Key management: Keys managed within FIPS-validated boundaries
See Encryption for technical details.
SOC 2
Service Organization Control 2 (SOC 2) is an auditing framework developed by the AICPA that evaluates an organization's controls related to security, availability, processing integrity, confidentiality, and privacy.
For SOC 2 report availability and details, contact the eCourtDate security team through the Help Center.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) governs the protection of health information. Some justice-sector use cases, such as treatment courts or supervision programs, may involve protected health information (PHI).
For HIPAA Business Associate Agreement (BAA) availability and details, contact the eCourtDate security team through the Help Center.
State and Local Requirements
In addition to federal frameworks, state and local agencies may be subject to jurisdiction-specific security requirements. Examples include:
- TXRAMP: Texas Risk and Authorization Management Program for state agencies
- StateRAMP: A standardized security verification program for state and local government cloud services
- State-specific data residency: Some states require data to remain within specific geographic boundaries
eCourtDate's multi-region deployment across US-based AWS GovCloud regions supports compliance with geographic data residency requirements. See Infrastructure for region details.
Compliance Resources
To request compliance documentation, contact the eCourtDate security team through the Help Center:
- Security questionnaire responses (SIG, CAIQ, custom)
- Compliance addendums (CJIS Security Addendum)
- Audit reports
- Architecture and data flow diagrams
- Business Associate Agreements (HIPAA)
Related Pages
- Infrastructure: AWS GovCloud hosting and regional deployment
- Encryption: Encryption standards and FIPS validation
- Access Control: Authentication and authorization controls
- Audit Logging: Logging and monitoring capabilities