What is the certification process for vendors?

In short, there isn’t one. I wrote a whitepaper recently covering this topic, among other items. There is no central FBI-CJIS authorization body, no accredited pool of independent assessors, nor a standardized assessment approach to determining whether a particular solution is “FBI-CJIS compliant” nationally. To be FBI-CJIS compliant requires an individual evaluation and assessment by the government agency that contracts for that specific technology or cloud service. It is impo