Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 07/23/07 issue

The logic behind physical-access controls

RFP Checklist: | Physical-access systems

By David Essex, Special to GCN

Story Tools:

  • Purchase a Reprint
  • Link to this page
Experts in government and the information technology industry all sounded the same theme when asked what to put in a request for proposals for a physical-access system that can live in the brave new world of convergence with logical security: Plan well. That oft-repeated advice can sound trite and obvious with other IT projects, but it might be the most important step. Upgrading or replacing older physical systems risks wasting resources if you don’t have a specific vision of the smart cards, readers, biometrics, back-end infrastructure and network security scheme — including digital certificates — that will be in place five years from now.

Any plan will be heavily location-conscious. Some buildings may take highest priority for the newest, two-factor access systems; others might safely continue with transitional legacy and converged bridge technology such as new card readers and control panels; and still others can stick with older proximity cards. Some wings within buildings may need no door devices at all.

But don’t get too comfortable. Agencies must have all employees using Federal Information Processing Standard 201 PIV cards by October 2008.

Accordingly, consider the following approaches:
  • If using a systems integrator — almost a necessity, given the complexity of the architecture — make sure it is on the FIPS-201 approved list.

  • Don’t be mesmerized by technology and think it alone will solve most problems. FIPS-201 is really about process. You’ll do better asking a vendor or integrator how they envision the connection to the issuing authority and whether the lag time for getting status data will meet your security needs. High-value sites might require daily — rather than weekly — updates if card volume is high, and you can’t risk a single loophole.

  • Don’t take card reader quality for granted. Look for International Organization for Standards 9001 quality control and adequate mean time between failures, and make sure the ones planned for outdoor locations are sufficiently waterproof and ruggedized, especially those with biometric features.

  • Examine maintenance guarantees and prices to ensure turnaround times meet your security requirements.

  • If considering a card management system, make sure it interfaces with the card-provisioning system you plan to buy.


Previous << 1 2

More news on related topics: IT Security, Authentication / Identity Management, Homeland Security