Thursday, April 28, 2016

Automated Access Control Systems

Get your's here
In this article continuing the coverage of the Defense Security Service (DSS) Self Inspection Handbook for NISP Contractors, we'll review the National Industrial Security Program Operating Manual (NISPOM), Paragraph 5-313a. This is another installation from the handbook under the topic of M. Classified Storage
                                   
Do ID cards or badges used in conjunction with Automated Access Control Systems meet NISPOM standards?

The NISPOM states:

Automated Access Control Systems. The automated access control system must be capable of identifying the individual entering the area and authenticating that person’s authority to enter the area.
a. Manufacturers of automated access control equipment or devices must assure in writing that their system will meet the following standards before FSOs may favorably consider such systems for protection of classified information:
(1) Chances of an unauthorized individual gaining access through normal operation of the equipment are no more than one in ten thousand.
(2) Chances of an authorized individual being rejected for access through normal operation of the equipment are no more than one in one thousand.

Facility security officers have some options in providing access control. One option with varying means of execution is to provide a person to guard an entrance. That guard can refer to or access a catalog of those employees authorized to enter the area. This catalog can be a printed sheet of paper, spreadsheet, electronic, computer accessed, or other approved collection of authorized persons. The guard then permits access once the person desiring access provides the proper credentials. The credentials are usually a government identification card such as a driver’s license or military ID card or enterprise access badge for presentation. The guard compares the identification with the approved list and authorizes or denies access.

Another more technical option is to install automated access control systems that performs the same services as a guard. However, the system provides a less personal touch and does not require having to appoint an employee or hire an additional person to the role. The FSO is approved to choose the option as long as the manufacturer of the automated access control system provides documentation that their products meet the requirements as specified NISPOM paragraphs 5-313a (1)-(2).

The approved automated access control system works the same way as the human guard. The system houses the catalog of authorized persons. The person desiring entry provides the proper credentials. However this time the credentials might be a swipe badge, pin number, finger print, eye scan, or other proof of identification and access. The system receives the identification and authorizes or denies access.

VALIDATION:         
1. Manufacturer’s documentation validating meets the required NISPOM standards.

2. Documented process governing access control within the enterprise.                                                                                                                                                    

No comments: