The Wisconsin Department of Justice (DOJ) is the Criminal Justice Information Services (CJIS) Systems Agency for Wisconsin (CSA). DOJ provides updated guidance regarding cloud services at this link: (https://www.doj.state.wi.us/dles/cloud-guidance).
The Wisconsin Department of Justice (DOJ) has entered into a Management Agreement with Microsoft for a subset of Microsoft cloud services that has been reviewed by DOJ. The current subset of cloud services includes: Microsoft Azure Government, Microsoft Office 365 U.S. Government, and Microsoft Dynamics 365 U.S. Government. Through this Management Agreement, DOJ is responsible for vetting the Microsoft personnel that have access to Criminal Justice Information Services (CJIS) data through the identified covered services, as well as ensuring their compliance with Security Awareness Training and the CJIS Security Addendum. Each state or local government entity that chooses to pursue use of one of the identified covered services must contact its Microsoft representative to pursue a Purchase Agreement/Enrollment Amendment for the applicable covered services. Each entity entering into a Purchase Agreement/Enrollment Amendment with the intention to utilize one (or more) of the identified covered services to store CJIS data is responsible for ensuring that their implementation and use of the covered service is compliant with CJIS Security Policy requirements.
DOJ recognizes the benefits of having a single entity perform necessary background checks, security awareness training, and security addendum, rather than requiring each state or local agency to replicate these efforts. As a result, DOJ has agreed to enter into this Management Agreement with Microsoft to perform the limited requirements of the CJIS Security Policy. By entering into this agreement DOJ is in no manner endorsing Microsoft or the use of their covered services and continues to allow each state and local agency the opportunity to use whatever cloud service the agency may choose. In addition, by entering into this agreement DOJ does not certify Microsoft cloud services as CJIS compliant. The determination of CJIS compliance is the responsibility of each state or local government entity, based on their use and implementation. DOJ assumes no role, responsibility, or liability for data loss through the use of Microsoft covered services.