Recent FBI guidance highlights attacker use of remote access paths, valid accounts, and anonymized infrastructure. CJIS compliance requires agencies to control and validate access to criminal justice information. In public safety, those controls only work if they are trusted and usable.