Fischer noted as much today. "Admittedly, these requirements may be difficult for some cloud-computing vendors due to the sheer numbers and the geographic disbursement of their personnel," he said.
"However," he added, "these requirements aren't new to vendors serving the criminal justice community and many vendors have successfully met these requirements for years."
Jeff Gould, CEO of IT consulting firm Peerstone Research, said that the requirements are likely most challenging to large cloud providers with roots in the business of providing hosted services to consumers.
Several small, specialty providers, today offer cloud services that are compliant with CJIS requirements, said Gould, a co-founder of Safegov.org , which promotes best practices for deploying cloud-based systems in government entities.
Gould cited InterAct Public Safety, Datamaxx, and Vertical Computer Services as cloud companies that use secure data centers staffed by people who have undergone the requisite FBI background checks.
Services from such firms may be more expensive than the offerings from large vendors like Google, but these firms have invested the needed funds to meet the FBI's security requirements, he said.
He added that the FBI has tweaked CJIS requirements to make it easier for cloud vendors to comply.
"The old requirements were written before cloud computing took off," Gould said. "CJIS 5.0 goes out of its way to make room for cloud vendors."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about cloud computing in Computerworld's Cloud Computing Topic Center.