recommended reading

FBI Explores Commercial Cloud Capabilities

The FBI is headquartered in the J. Edgar Hoover Building in Washington, DC.

The FBI is headquartered in the J. Edgar Hoover Building in Washington, DC. // Richard Cavalleri/

The story has been updated to remove a reference to a separate FBI cloud request for proposals, also issued July 11. 

The FBI is pondering a move to online storage of criminal records, fingerprints and other biometric data, partly to expedite rap sheet searches, according to bureau contracting officers and consultants. 

The relocation of criminal justice data would not be without challenges, but could ultimately lower costs and leave crooks with less room to hide.  

A July 11 solicitation states the FBI seeks industry feedback on deploying commercial cloud services within its facilities. 

Specifically, the bureau wants to rent hardware -- servers, storage, networks, and other basic computing resources -- from a remote data center provider, such as, for example, Amazon -- but in a way that would allow FBI personnel to control the services.  The agency would have to be able to run its own operating systems and applications, the notice states.

The system requirements for each computer center include 1 petabyte of data, which according to Adfonic, is enough to store the DNA of the U.S. population and then clone the population -- twice. 

The Criminal Justice Information Services arm of the bureau "seeks information regarding commercially available solutions to provide on-premise, locally managed (within CJIS) Infrastructure as a Service (IaaS), 'cloud in a box'" that would support "two physical data center locations," contracting officers stated.

It "would be reasonable" to expect the FBI to store biographic background histories, fingerprints and other biometrics used in identifying suspects if the bureau buys a cloud service, said Paul Wormeli, a former Justice Department official who now advises the department on technology.

To lower the costs of future expansion, the FBI also is interested in connecting its own existing servers and storage hardware to the cloud, the notice states.

FBI regulations for cloud companies that want to provide remote access to criminal records are strict. The contractors themselves must undergo criminal history checks and agree to special information-sharing arrangements.

Audits of cloud setups at state police departments have turned up compliance problems, CJIS officials recently told Nextgov. However, major providers, including Microsoft, say they are adapting to meet law enforcement demands. In Indiana, Web services company InterAct has made it possible for police to retrieve records on their laptops, iPhones, tablets and Samsung Android-based devices.

FBI officials were not immediately able to comment.

(Image via Richard Cavalleri/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.