Government Business Is in the Cards

Providing access control systems to government facilities may initially appear intimidating. However, closer inspection reveals the market is not that different from commercial clients. The trick is grasphing standards such as HSPD 12 and FIPS 201, and offering solutions compatible with both legacy and future systems.

When it comes to creating security systems for government entities, it’s basically no different than designing a solution for a commercial account. A VA hospital is very similar to a private hospital in its security needs. Think of a military base as a small town. It has security issues for its schools, homes and office facilities. Of course, some of the projects include deploying the latest in security technologies, especially those in which the government is the administrator, such as at airports. Nonetheless, the security would be quite similar to that of a private energy plant.

However, one major difference has to do with the Personal Identity Verification (PIV) cards they will use. You will not be having a discussion with your customer in the government sector about whether or not they should consider PIN versus magnetic stripe versus proximity versus smart card-based access control. There is a long history why.

We’ll take a look at that back story, as well as detail where government access control is today. Finally, and most importantly, we’ll highlight where the opportunities await tomorrow and how to take the greatest advantage of them to the betterment of both your government customer and your own business.

The Quest for a Common Card Type

Back in August 2004, the Homeland Security Presidential Directive 12 (HSPD 12) was issued to standardize federal security measures. In 2006, the Federal Information Processing Standards Publication 201 (FIPS 201) was issued, defining the PIV of federal employees and contractors. FIPS 201 mandates the type of smart card and card reader that must be used per application. Sounds simple, right?

Not really. Sometimes the cards are called different things. For instance, the military calls its FIPS 201 card the CAC card. It’s the same card, just a different nomenclature.

Then, take the case of the VA hospitals. They had a huge card population using a variety of different card types, mostly proximity from a variety of manufacturers. Therefore, a card used in a VA hospital in California might not work in a VA hospital in Virginia. For that matter, the card used at one VA hospital in California might not work in another VA hospital a couple miles down the freeway.

Nonetheless, to assign employees access consistent with the designations and to get away from legacy technologies, the VA issued a new PIV smart card that complies with HSPD 12 and FIPS 201 to its employees. HP (formally EDS) currently has the contract with the VA to provide all the infrastructure hardware/software to produce the new VA PIV cards for all the VA facilities nationwide. Thus, all VA locations will need FIPS-compliant readers/systems.

Yet, here is the point where it starts to get very interesting.

The FIPS 201 smart card combines both contact and contactless technologies, which means that not all smart cards qualify to be used in the VA or other government facilities. Only those certified as FIPS 201 can be used. That seems simple enough.

However, facilities, even if they have issued PIV FIPS 201-certified cards to their employees, may NOT be using the card for physical access control. Why? At the time of defining the card, the government was actually more worried about logical access control rather than physical access control. Thus, many doors throughout the government are still using proximity.

Now, everyone and their brother knows the government will, at some point, switch all those doors over to using the FIPS 201 smart card for access. But, in the meantime, you encounter an opportunity to replace a slew of locks at a government facility. What do you do?

The Solution Is Simple

Why haven’t these government facilities decided to switch out all their present card-based systems for physical access control to the new mandated FIPS 201 card? The answer is broadcast on your nightly news daily. The cost-prohibitive nature of upgrading to FIPS 201 cards has presented the biggest roadblock to large-scale implementation of the standard.

In these tight budget times, it’s difficult for government facilities to throw out a present system that works. It is pretty obvious that any retrogrades being done in the immediate future need to read the cards presently being used. But does it make sense to install proximity readers when, down the line, different readers will be needed; those that read the FIPS 201 smart cards?

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters