WEB EXCLUSIVE: Requirements For Visitor Management In Federal Agencies
This Web exclusive was contributed by Howard Marson, vice president and general manager with EasyLobby, an HID Global business.
Federal agencies typically have hectic lobbies to manage. Attendants in these spaces must quickly process visitor access while ensuring that all security procedures and policies are followed in accordance with Homeland Security Protection Directive-12 (HSPD-12). Issued, in 2004, HSPD-12 mandated a government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and to the employees of federal contractors. In addition to verifying employee Personal Identity Verification (PIV) cards, agencies also must electronically verify the PIV cards of visitors from other agencies.
Key requirements must be met. First, visitor management systems must be able to read and process PIV cards in support of HSPD-12. They also must be able to scan and process Transportation Worker Identification Credential (TWIC) cards using OCR scanning, as well as Common Access Cards (CACs) using 2D bar code scanning.
Next, visitor management systems must be able to perform real-time, online screening of 50 Government Denied Party databases, including:
- FBI Most Wanted Terrorists, Wanted Fugitives, and Hijack Suspects.
- Department of Treasury Designated Terrorist Individuals
- Department of Commerce Denied Persons
- Department of Homeland Security Most Wanted Fugitive Criminal Aliens
- U.S. Marshals Service major fugitive cases
- U.S. Postal Inspection Service most wanted
- U.S. Secret Service most wanted
The system should be able to screen against some or all of these denied party lists, and display results within seconds of visitor check-in. Equally important is the system’s ability to alert lobby attendants to the presence of visitors on the denied party lists, so that appropriate action can be taken.
Integration Of Systems Is Key
The most effective systems are those that feature simple-to-deploy middleware software that seamlessly integrates with the Physical Access Control System (PACS) and validates PIV credentials. Benefits of visitor management integration with a PACS are well known in commercial facilities, where it enables lobby attendants to easily and safely provide temporary proximity credentials to guests through the visitor management system, rather than the access control system, and to maintain a detailed audit record of all visitors who have been provided an access card.
Benefits of visitor management and PACS integration in the federal space include using PIV card data to better manage cross-over visits from other agency employees. All PIV registration data in the PACS can be used in the visitor management systems to validate visitor’ PIV cards electronically and maintain an electronic visitor audit trail. The middleware software, implemented on several dedicated workstations, streamlines and accelerates the process of reading, validating, authenticating, and automatically registering PIV cards into the existing PACS, eliminating error prone manual data entry. It should take 30 seconds, or less, to register a fully vetted PIV card into the PACS.
Finally, the system should also support Web based visitor pre-authorization so that agency employees can alert lobby security officers to an impending guest visit. The visitor check-in process should be extremely quick and simple, even with multi-factor authentication. In a typical scenario, a guest arrives and presents a PIV card to the security officer, who places it in a smart card reader. The visitor is prompted to enter the card’s PIN on a pin pad. If biometric authentication is required, the visitor is prompted for next steps. After a biometric match is determined, the system checks the PIV card’s digital certificates against the certificate revocation list (CRL). At this point the visitor is verified against the Pre-Registered list. The visitor’s PIV card could then be registered into the agency’s PACS, if necessary, to grant temporary access. Lastly, the system notifies the agency employee who is hosting the visitor, announcing his or her arrival.
The majority of federal workers now possess PIV credentials. Managing and tracking visitors with PIV cards can be significantly enhanced using visitor management systems that are integrated with an agency’s PACS and validate PIV credentials.