Cards, Cloud, Compliance Lead Access Control Advances
Find out what’s going on in the realm of managed/hosted cloud-based alternatives, HSPD-12/FIPS-201 federal government compliance and near-field communications.
Dramat
ic cost savings proposition for campuses — In addition to eliminating up-front physical equipment costs for organizations, the managed service model also rids the hospital, school or university of recurring costs associated with managing the IT infrastructure. For many organizations the cost of installing, licensing and provisioning a new rack-mounted server can exceed the cost of fully transitioning to a managed service model for Web-based access control. In some cases, this can save the campus upwards of 40% on recurring annual system support and licensing costs, according to Moran.
Access control as a service is by no means strictly an enterprise service. In many ways, the flexibility and affordability of a hosted or managed services model opens up these services to organizations that could not previously afford the up-front expenses and consequently were priced out of the market.
“RedCloud has seen significant traction to date for its broad set of access control solutions within the K-12 and higher education markets, as well as social and health facilities responsible for securing multiple facilities, patients, staffers and visitors,” Moran says.
At the same time, access control as a service can enable campus security staff to tap into their operational and maintenance (O&M) budget, which for many organizations includes more readily accessible and greater amounts of funding, as opposed to straight out purchasing that comes from capital budgets.
High Points of Smart Cards
On the books since 2004, Homeland Security Presidential Directive 12 (HSPD-12) initiated the creation of a standard for a secure and reliable form of identification to be used by all federal employees and contractors. The end result: Federal Information Processing Standard 201 (FIPS 201), which created the infrastructure needed to deploy and support an identity credential for physical and logical access.
This coincided with the creation of the Personal Identity Verification (PIV) card and the PIV-Interoperable (PIV-I), a non-federally issued credential designed to be used by state and regional employees as well as the first responder community. The Commercial Identity Verification (CIV) credential was developed to define a commercial credential that could take advantage of the PIV infrastructure.
Originally, when the FIPS-201 program was launched the government was most concerned with logical control. But those days are over, according to Raj Venkat, business leader for readers and credentials, Ingersoll Rand Security Technologies. About a year ago the government issued a memorandum telling federal agencies to “aggressively step up their efforts” to use the FIPS-201 card as “the common means of authentication for access to that agency’s facilities … ”
In order to be compliant with the FIPS-201 PIV standard, cards that are solely contact or contactless cannot be considered. While there are specific standards required for the contact and contactless combination smart card, the card reader is a different matter.
“In general, at one’s facility, the only requirement of the card reader is that it be capable of reading the FIPS card and communicating with the access control system,” Venkat says. “Facilities can install any brand of reader that is FIPS compliant and will read either the contactless or contact portion of the FIPS card.”
Maintaining access to a facility while operating both proximity and FIPS-201 smart cards can be accomplished by installing multitechnology readers that simultaneously read existing proximity credentials as well as the new FIPS-201 cards.
Initially slow on the uptake, PIV card technology is beginning to take root outside the federal government and its contractors. A variety of companies and entities that do business with the federal government are adopting PIV-I. Transportation Worker Identification Credential (TWIC) in the private sector is also based on PIV.
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!
