LeoPen
Security & Compliance

Security built for CJIS environments

Deployed in your environment with CJIS-aligned controls, SSO/RBAC, and audit logging. We don't train on your data without a separate, written agreement.

Deployed in your boundary • GovCloud / on-prem / air-gapped • SSO & RBAC • Audit logs • Customer-managed retention
Contact Security

CJIS-Aligned Controls

Access Control, Identification & Authentication, Auditing & Accountability, Incident Response, Configuration & Media Protection, Physical & Network Security.

Deployment Options

GovCloud, on-prem, or air-gapped. Customer-controlled boundary, private networking, and fixed egress policies.

Data Handling & Retention

No training on customer data by default; retention, redaction, and deletion are agency-controlled. Versioned exports and audit-ready logs.

Identity & Access

SSO (SAML/OIDC), role-based access (RBAC), least privilege, session controls, reviewer acknowledgements, and export permissions.

Controls at a glance

Auditing & Accountability

  • Immutable event logs
  • Reviewer notes & approvals
  • Exported report history

Access Control (RBAC)

  • Least-privilege roles
  • Approver/Reviewer flows
  • Scoped API tokens

Data Protection

  • TLS in transit
  • Encrypted at rest
  • PII redaction helpers

Monitoring & Alerting

  • Health and error telemetry
  • Access anomaly flags
  • Operational runbooks

Boundary Options

  • GovCloud regions
  • Private VPC / on-prem
  • Air-gapped packaging

Operational Security

  • Background-checked team
  • Change management
  • Least-access support

Data-Use Commitment

No Training by Default

We don't use your data for model training without a separate, written agreement that defines scope, retention, and destruction.

Your Boundary, Your Keys

Processing occurs inside your environment. You control data residency, backups, key management, and network egress.

Audit-Ready Outputs

Version history, reviewer acknowledgements, and export artifacts for CJIS audits and internal QA.

Deployed in your environment (GovCloud/on-prem/air-gapped). Outputs require officer review; not legal advice.

CJIS Alignment

LeoPen is designed to be deployed and operated within CJIS-controlled environments. We map technical and operational controls to CJIS Policy Areas, including:

  • • Access Control, Identification & Authentication
  • • Auditing & Accountability (immutable logs, reviewer acknowledgements)
  • • Incident Response (24/7 monitoring, escalation, notification)
  • • Configuration & Media Protection (change mgmt, data redaction helpers)
  • • Personnel & Physical Security (background-checked team, least-access support)
  • • Network/Boundary Protection (private networking, fixed egress, allow-lists)

Note: CJIS compliance is a shared responsibility between the agency, hosting environment, and vendor. LeoPen provides CJIS-aligned controls and documentation to support your program.

Deployment Options

  • GovCloud: Private VPC, customer-managed keys, private endpoints.
  • On-Prem: Containerized services, private networking, agency IAM.
  • Air-Gapped: Offline packaging with customer-controlled updates.

Data Handling & Retention

  • TLS 1.2+/1.3 in transit; AES-256 at rest; FIPS 140-2/3–validated modules when available in your environment (e.g., cloud KMS/HSM).
  • Customer-controlled retention & deletion; versioned exports; immutable audit logs.
  • No training on customer data by default; any fine-tuning requires a separate, written agreement.

SSO & Access Control

  • SSO via SAML or OIDC (IdP-enforced MFA, conditional access).
  • Role-based access (RBAC), least privilege, scoped API tokens.
  • Reviewer/approver workflows with acknowledgements captured in the audit log.
  • Optional SCIM provisioning for automated joiner/mover/leaver.

Security Reporting & Documentation

Vulnerability Disclosure

Found a security issue? Please email security@leopen.com. Provide a description and reproduction steps. We acknowledge within 24 hours and coordinate a fix in line with severity.

Incident Response

24/7 monitoring, defined escalation paths, customer notification, preservation of logs/artifacts, post-incident review, and corrective actions tracked to closure.
Get the RFP Security ChecklistRequest CJIS Mapping Overview

Last updated: 11/7/2025