Physical access control now a FICAM must

June 10, 2019
Recent updates to FICAM standards require government agency CIOs to integrate PACS with PIV cards

Physical access control has joined cybersecurity as a required part of Federal Identity, Credential and Access Management (FICAM) standards aimed at protecting government agency facilities and information systems from terrorists, insider threats and hackers.

Recent FICAM updates require agency chief information officers (CIOs) to integrate physical access control systems (PACS) with personal identity verification (PIV) cards to authenticate employees and contractors needing to enter federal facilities. That’s a game changer for end users and security manufacturers.

Everything from PACS software, control boards, and readers will have to conform to these new standards and we’re anticipating an influx of agency demands to upgrade legacy systems. Fortunately, the security industry is ready with systems that include embedded FICAM standards.

FICAM standards were launched with President George W. Bush’s 2004 Homeland Security Presidential Directive (HSPD-12) setting protocol objectives to meet the federal government’s physical and logical security requirements. HSPD-12 policy goals were incorporated in the first FICAM regulations issued five years later. But agency leaders have struggled to comply with the largely unfunded mandates.

Cybersecurity efforts were invigorated in 2014 following a report that federal government networks had suffered nearly 61,000 attacks during the previous year. That prompted funding and deployment of PIV cards for accessing computers. Physical access control has always been a part of FICAM standards, but PACS were long defined as low-voltage systems. Only over the past several years have they been redefined as true IT systems. This shift and other technology advances have made them more available for sources of government funding.

In December 2018, the U.S. General Accountability Office (GAO) issued a review outlining agency challenges to implementing secure, interoperable PACS systems. Challenges included cost, lack of clarity on how to procure equipment and the difficulty in adding new equipment to legacy systems. The report recommended the Office of Management and Budget (OMB) determine and regularly monitor a baseline level of implementation progress with a goal of developing strategies to address any challenges. Leading security industry PACS providers added significant input into the report.

Simply put, FICAM’s goal has always been to provide the proper individuals access to the right resources at the right time. The new regulations are a big gain for the security industry. Manufacturers and others have worked diligently in the background to help the federal government get the final piece – physical security – into the FICAM ecosystem.

What’s next for this technology? The financial sector is already beginning to deploy PIV-like credentials. Other highly regulated sectors, such as state and local governments, healthcare, higher education, utilities and critical infrastructure are likely to follow. What’s been developed for the federal government fits well into the current and future security needs of a broad range of industries and operations. This is a natural evolution of enterprise technology that will lead to continued advances in physical access control.

About the Author:

Ryan Kaltenbaugh is vice president, federal government solutions, for Pittsford, N.Y.-based LenelS2, a leading provider of advanced security systems and part of Carrier.

About the Author

Ryan Kaltenbaugh | VP, Federal Government Solutions, LenelS2

Ryan Kaltenbaugh is the federal government vertical market leader for LenelS2, directing the company’s federal government vertical segment, which provides customers and value added resellers (VARs) with the latest security solutions in a fully compliant ecosystem. LenelS2 is a part of Carrier, a leading global provider of heating, ventilating and air conditioning (HVAC), refrigeration, fire, security and building automation technologies.