This blog focuses on the technical controls required to use Azure Commercial for CJIS workloads. With the release of CJIS Security Policy 6.0 in late 2024, agencies now have a clear pathway to leverage Azure Commercial through Customer Managed Keys (CMK) and other advanced security measures, rather than relying solely on vendor personnel screening. However, it's critical to understand: Microsoft provides the tools; your agency and your state CJIS Systems Agency (CSA) determine compliance.
Since 2014, United States criminal justice agencies have trusted Microsoft Azure Government to manage Criminal Justice Information (CJI). Built exclusively for regulated government data, it provides ...
Updated Feb 12, 2026
Version 2.0
Mike Smucny
Microsoft
Microsoft