Compliance

Designed to align with the standards you answer to

BlueCore is engineered to support your agency's compliance program. We are deliberately precise: BlueCore is not certified or formally compliant with these frameworks — it is designed to align with them.

Standards

Where BlueCore stands today

Each card states our honest position. A 'Verified' badge appears only after an independent audit or attestation is completed.

CJIS

FBI CJIS Security Policy

Designed to align

Architected to align with the CJIS Security Policy — RBAC, MFA, encryption, and tamper-evident audit. BlueCore is not CJIS-certified; CJIS compliance is an agency program we are built to support.

SOC 2

SOC 2 (Type II)

On roadmap

Controls are being designed to support a future SOC 2 examination. No SOC 2 report has been issued.

ISO 27001

ISO/IEC 27001

On roadmap

Information-security practices are designed to align with ISO 27001 principles. BlueCore is not ISO 27001 certified.

NIBRS

FBI NIBRS 2023

Designed to align

A built-in NIBRS 2023 segment engine with validation at finalize and supervisor review. Submission acceptance is governed by your state UCR/NIBRS program.

NCIC / TCIC

NCIC / TCIC Queries

Hardening in progress

Person/vehicle query workflows run against a simulator in pilot. Live NCIC/TCIC circuits require state ORI provisioning and are on the roadmap.

NIEM

NIEM Data Exchange

On roadmap

Data exchange is being designed to support NIEM-conformant payloads for interagency sharing.

WCAG

WCAG 2.2 AA

Hardening in progress

Interfaces are designed to meet WCAG 2.2 AA. Accessibility conformance work is ongoing across the product.

Encryption

Encryption in Transit & at Rest

Hardening in progress

TLS in transit and field-level encryption for sensitive criminal-justice data. Broader encryption-at-rest hardening is in progress.

Our honesty commitment

We do not claim certifications we don't hold or print availability percentages we can't guarantee. CJIS is an agency compliance program BlueCore is built to support, not a certification we carry. NCIC/TCIC runs against a simulator in pilot; live circuits are on the roadmap. Encryption-at-rest hardening is in progress. As independent attestations complete, this page will reflect them — with a verifiable badge.

Need documentation for your review?

Request our security and compliance overview to support your agency's evaluation and audit.