Achieving a New Standard in Access Control Profitability

August 31, 2008 SSI Staff

Regulations Drive Product Demand

Let’s consider the federal government mandate on the Federal Information Processing Standard (FIPS) 201, “Personal Identity Verification (PIV) of Federal Employees and Contractors.” Does this mandate have repercussions in other areas? What about panels? Why are they needed?

They sometimes are required to keep varying technologies (for instance, wired and wireless access control) under one database. Other times, they aren’t needed at all (as in embedded access control systems). But, there is one item in which they make a big difference: the selection of any government contractors’ readers. Increased security demands continue to speed the adoption of smart card technology. To date, the U.S. government has led the charge as the largest adopter of smart card systems.

Homeland Security Presidential Directive-12 (HSPD-12), which was passed in 2004, is driving smart card use in the government and speeding adoption by large enterprises. HSPD-12 seeks to establish secure and reliable identification for all federal employees and contractors. The U.S. Departments of Defense, Interior, State and Treasury already have smart card initiatives in place.

As always, these federal directives have a long reach. State and local governments as well as first responders will become major buyers of smart cards as they follow the federal initiatives. Private contractors must follow and are doing so, including aircraft makers and those who sell to them.

Smart cards provide a basis for ensuring privacy as spelled out in various federal acts, including the Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPPA), and Sarbanes-Oxley. Whether smart cards are used now or will be implemented in the future, it’s important that your customers are not tied into only one format. You want to provide a solution that maintains their current user bases and credentials, yet upgrades their access control systems to meet these new security requirements as time and budgets allow. Make no mistake about it; the pressure is growing to migrate to smart cards.

New applications demand them. Using smart cards, physical and logical security budgets can be combined to cover a single access control solution. Organizations can consolidate multiple cards and systems into a single smart card credential for use across an entire enterprise.

Importantly, the maintenance costs for smart cards, especially the contactless variety, are much lower than for proximity and other cards that rely on older technologies. Specify a reader that bridges the gap between the old and the wanted. The most crucial innovation of these readers is the ability to read existing proximity cards as well as smart cards. Most leading security manufacturers produce such “multitechnology” readers.

Just make sure the reader has passed FIPS 201 compliance testing. That means the readers ha
ve passed compliance testing for compatibility with the new PIV credentials mandated for issuance to all federal employees over the next two years.

Two programs have controlled FIPS 201 implementation: Personal Identification Verification I and Personal Identification Verification II or PIV I and PIV II. PIV I focused on infrastructure, enrollment, and identity proofing. PIV II deals with personal authentication, access control and technical interoperability of PIV cards across the federal government. Several card manufacturers have been approved as suppliers of FIPS 201-compliant PIV credentials.

In addition to reading approved FIPS 201 PIV II credentials, multitechnology readers are also compatible with many standard proximity and leading smart card technology. Reading multiple existing card types and PIV II cards simultaneously is a tremendous benefit to those agencies looking to painlessly transition from older proximity technologies to new, mandated PIV II credentials.

A mixed population of old proximity credentials and PIV II will be unavoidable during the government’s multiyear upgrade path to FIPS 201 compliance. As a result, these multitechnology readers will be a unique and critical component of successful security upgrades in all sectors of the government and their contractors.

Leverage What You Can

When adding access control to additional doors within a facility, consider open architecture products that can tie into any system. Be more competitive by using time-saving installation products such as wireless locks or wired locks that integrate the lock and reader into a single unit.

Wireless solutions are ideal when cabling is a challenge. Wireless access control products eliminate the wiring from the access control panel to the door or gate. If running cable is easy but the installation of locking hardware or readers is a challenge, consider locks that integrate the reader directly into the door’s electrified lockset. These open architecture products provide cost-effective solutions for even the most challenging of installations, while still tying into any access control panel and software, and maintaining a single database.

If the customer has a limited budget and the additional doors do not need to be tied into the existing access control system, consider offline solutions. They are available as battery-operated locksets or exit device trim as well wired controllers to manage electrified locking devices such as magnetic locks, exit devices or strikes. In their simplest deployment, offline solutions can be manually programmed at each door to accept codes or even a client’s existing card. More robust offline systems also provide access control software to program the offline products.

The software is used to assign timed access rights and define any automatic unlock schedules. A handheld programmer is used to update the locks and also to retrieve event history as required.

Lastly, to obtain a Certificate of Occupancy (CO), the new building must comply with local and national building codes. Inspectors visit during and after construction to ensure these codes are met. Regardless of the access control solutions selected, you must be aware of life building and safety codes.

While there is a multitude of associations and seminars that can help you build your knowledge in these areas, be sure to also take advantage of the services provided by manufacturers and suppliers. As new standards and regulations come out, be prepared to start leveraging them to your customers.

Andy Geremia is project manager for Ingersoll Rand Security Technologies, Schlage Electronics. He can be contacted at (860) 314-5237 or via E-mail at [email protected].

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Previous Pages 2 of 2