A Practical Guide to Local LLM Deployment for Law Enforcement Agencies, Fusion Centers, Real-Time Crime Centers, and Government Agencies
Companion resource for the "Secure and Affordable In-House AI: The Strategic Imperative for Local LLMs" presentation delivered to the National Fusion Center Association (NFCA) and law enforcement intelligence professionals.
This repository is written for law enforcement agencies, fusion centers, real-time crime centers, and other government agencies evaluating open-source AI or looking for practical guidance on using AI responsibly. It provides the depth that a time-limited presentation cannot — particularly CJIS Security Policy compliance mapping, AI governance law (federal and Texas), honest limitations, and practical next steps for agencies evaluating local AI deployment. Reading level is aimed at high school graduate.
Contact Information
Sergeant Johann Ortega Dallas Fusion Center / Real-Time Crime Center
📧 johann.ortega@dallaspolice.gov
📞 214-671-3482 (main) 📱 214-406-8248 (cell)
| Date | Change |
|---|---|
| May 12, 2026 | Security advisory — CVE-2026-7482 ("Bleeding Llama") added to Ollama Quickstart and Security Considerations. Heap out-of-bounds read in Ollama's GGUF model loader (/api/create) allows an unauthenticated remote attacker to leak server process memory — environment variables, API keys, system prompts, and concurrent users' conversation data — exfiltrable via /api/push. CVSS 9.1. Affects Ollama before 0.17.1; fixed in 0.17.1. Action: upgrade immediately, keep OLLAMA_HOST bound to 127.0.0.1 (default), and do not expose port 11434 to untrusted networks. (advisory · Cyera writeup) |
| April 2026 | AI Governance Laws chapter added — new Chapter 13 mapping the federal and Texas AI governance landscape as of April 2026. Covers EO 14179 (replacing rescinded EO 14110), EO 14319, the December 11, 2025 federal preemption EO, OMB M-25-21, M-25-22, and M-26-04, NIST AI RMF 1.0 and the Generative AI Profile, Texas TRAIGA (Business & Commerce Code Ch. 552), Texas companion statutes (SB 1964, HB 2818, HB 3512), DIR 1 TAC Chapter 219, and how TRAIGA layers on existing Texas LE statutes (TCOLE, CCP Art. 2.132-2.134 and 39.14, Public Information Act, CUBI, TLETS). Includes a consult-counsel checklist. |
| April 2026 | Stale Executive Order 14110 references replaced across docs 01, 11, 12, and OUTLINE.md. EO 14110 was rescinded by EO 14179 on January 23, 2025. |
| April 2026 | Model Selection updated — Quick Reference Table and Model Profiles now reflect the models actively deployed in production. |
Choose your path based on your role or the question you are trying to answer:
| Your Role | Start With | Then Read |
|---|---|---|
| Analyst | Prompting Guide | Use Cases, Prompt Templates |
| Fusion Center / RTCC | Use Cases | Knowledge Management, AI Governance Laws |
| IT / Security | CJIS Compliance | Hardware Guide, Security Considerations |
| Leadership / Command Staff | Why Local LLMs | Limitations & Tradeoffs, Next Steps |
| Legal / Policy / Counsel | AI Governance Laws | CJIS Compliance, Security Considerations |
| Ready to try it | Ollama Quickstart | Hardware Guide, Model Selection |
| # | Document | Description |
|---|---|---|
| 01 | Why Local LLMs | The case for local AI in law enforcement and government — capability gap, value drivers, and honest caveats |
| 02 | Understanding LLMs | How LLMs actually work — correcting common misconceptions about hallucination and determinism |
| 03 | Ollama Quickstart | Getting started with Ollama in your first 30 minutes |
| 04 | Hardware Guide | Hardware requirements, model-capability mapping, and honest cost analysis |
| 05 | Model Selection | Which models for which tasks — with exact versions and pull commands |
| 06 | Prompting Guide | Prompt engineering for law enforcement and analytical workflows |
| 07 | Use Cases | Real-world use cases with example prompts and honest assessments |
| 08 | Knowledge Management | Personal knowledge management, RAG architecture, and connecting your data to LLMs |
| 09 | CJIS Compliance | Security rules for CJI. FBI CJIS Security Policy v6.0 compliance framework — 13-area mapping and 8 application-layer gaps |
| 10 | Limitations & Tradeoffs | Honest limitations and when NOT to use local LLMs |
| 11 | Security Considerations | Legal, policy, and evidentiary considerations for AI-generated output — review standards, Brady/Giglio, Daubert, FOIA |
| 12 | Next Steps | Implementation roadmap, budget guidance, and additional resources |
| 13 | AI Governance Laws | What you can lawfully do with AI. Federal and Texas AI governance landscape — EO 14179, OMB memoranda, NIST AI RMF, TRAIGA (Business & Commerce Code Ch. 552), TX companion statutes and DIR rules, and a consult-counsel checklist |
How the three governance-adjacent chapters relate: Chapter 9 answers "how do I protect criminal justice information?" Chapter 11 answers "what are the review, disclosure, and evidentiary standards for AI output?" Chapter 13 answers "what does the law say I can and cannot do with AI?" All three complement each other; a compliant deployment satisfies all three.
| Resource | Description |
|---|---|
| Prompt Templates | Ready-to-use prompt templates for common law enforcement and analytical tasks — situational awareness briefs, incident summaries, BOLO drafts, evidence review, pattern analysis |
| Checklists | Pre-deployment, CJIS compliance, and hardware procurement checklists |
| Consult-Counsel Checklist | Questions for your agency's legal counsel, CJIS Systems Officer, and records-management professional before deploying AI |
| Glossary | Terms and acronyms used throughout this guide |
| External Links | Curated links to all referenced tools and documentation |
| FAQ | Frequently asked questions with honest answers |
-
Local LLMs solve a real problem. AI tools are banned for CJI workloads, but the analytical need persists. Local deployment keeps data within your infrastructure.
-
Air-gap alone is not compliance. CJIS has 13 policy areas. Default Ollama satisfies approximately 5. The gap is "hardening required," not "fundamentally incompatible." See CJIS Compliance.
-
Set realistic expectations. Local models at the 7B-13B parameter range are useful tools, not magic. They hallucinate, they have limits, and every output requires human review. See Understanding LLMs.
-
Start with non-CJI workloads. A non-CJI pilot carries zero compliance risk and lets you prove value before committing to security hardening. See Next Steps.
-
CJIS and AI governance law are different questions. CJIS tells you how to protect criminal justice information. AI governance law tells you what you can lawfully do with an AI system — regardless of what data it touches. Both apply at the same time to deployments touching both. See AI Governance Laws.
-
Federal AI policy has shifted — verify before relying on 2024 guidance. EO 14110 was rescinded by EO 14179 (January 23, 2025). Current in-force OMB memoranda are M-25-21, M-25-22, and M-26-04. NIST AI RMF 1.0 remains canonical and is the single framework most likely to align with every regulatory regime. See AI Governance Laws — Federal Layer.
-
Texas agencies face a six-axis compliance surface. TRAIGA (Business & Commerce Code Ch. 552, effective January 1, 2026) binds Texas law enforcement agencies as governmental entities. SB 1964, HB 2818, HB 3512, DIR's 1 TAC Chapter 219, CUBI, and attorney-general enforcement under multiple statutes all apply in parallel. Agencies in other states face a structurally similar compliance surface. See AI Governance Laws — Texas Layers.
-
Get legal counsel involved early. AI governance law is a moving target. The cheapest compliance error to fix is the one your legal counsel, CJIS Systems Officer, and records-management professional catch before procurement. See the Consult-Counsel Checklist.
- This repository is an educational resource, not official guidance from any agency or organization.
- This repository is not legal advice. The AI governance law chapter describes the legal landscape for awareness. Agencies should consult their own legal counsel, CJIS Systems Officer, and records-management professionals for advice specific to their jurisdiction and operational context.
- Consult your agency's CJIS Systems Officer (CSO) for all CJIS compliance decisions.
- Verify currency before relying on any cited source. Federal AI executive actions and regulatory guidance shifted multiple times in 2025. State AI laws and administrative rules continue to evolve. Every citation in this repository has a date — check whether it is still current before acting on it.
- No classified or CJI data should ever be committed to or referenced in this repository.
- The CJIS compliance analysis is based on publicly available policy documents and should be independently validated by your security team.
- The Texas AI governance analysis is based on publicly available statutes, administrative rules, and practitioner commentary as of April 2026. Attorney General opinions interpreting TRAIGA and DIR's rulemaking status should be verified directly.
- The author is a law enforcement professional sharing practical experience, not a vendor, consultant, or attorney.
| Resource | URL |
|---|---|
| Ollama | https://ollama.com |
| Ollama GitHub | https://github.com/ollama/ollama |
| Open WebUI | https://github.com/open-webui/open-webui |
| LiteLLM Proxy | https://docs.litellm.ai |
| Microsoft Presidio (DLP) | https://github.com/microsoft/presidio |
| Resource | URL |
|---|---|
| TRAIGA — Texas Business & Commerce Code Chapter 552 | https://statutes.capitol.texas.gov/Docs/BC/htm/BC.552.htm |
| HB 149 (TRAIGA) Bill History | https://capitol.texas.gov/BillLookup/History.aspx?LegSess=89R&Bill=HB149 |
| HB 149 Enrolled Text (PDF) | https://capitol.texas.gov/tlodocs/89R/billtext/pdf/HB00149F.pdf |
| Texas Business & Commerce Code § 503.001 (CUBI) | https://statutes.capitol.texas.gov/Docs/BC/htm/BC.503.htm |
| Texas DIR — Technology Legislation & AI Rules | https://dir.texas.gov/technology-legislation |
| Texas DIR — Statewide AI Awareness Training (HB 3512) | https://dir.texas.gov/statewide-artificial-intelligence-ai-awareness-training |
| Texas Attorney General — Biometric Identifier Act | https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint/consumer-privacy-rights/biometric-identifier-act |
| Texas Government Code Chapter 552 — Public Information Act | https://statutes.capitol.texas.gov/docs/GV/htm/GV.552.htm |
This work is shared for educational purposes within the law enforcement community. See LICENSE for details.