"What good is a security package," Smith asked, "if you don't have to account for the ones you do and don't do?"
For security product manufacturers, integrators and distributors, this means that there is no one-size-fits-all approach to federal security. Companies that work with the government to tailor security systems to locations and situations and help them to provide accountability for facility security, such as identifying measures put in place to compensate for unavoidable security discrepancies, will have the most success.
Don Erickson is director of government relations for the Security Industry Association. For more information about SIA's government relations efforts or the June 2010 Government Summit, visit www.siaonline.org/government.
For government sales, say 'FIPS!'
By Jennifer Toscano
Selling to the government? Make sure that the system you propose and provide your customer meets regulations, to save everyone future heartburn.
When it comes to state, county and municipal government sales, there will be state and local codes that apply to all installations, public and private. It won't hurt to ask your non-federal government customers what requirements they must meet; some may want to replicate federal regulations.
Get to know: HSPD-12 and FIPS 201
Homeland Security Presidential Directive 12 (HSPD-12) is fueling smart card use in the government and accelerating adoption by large enterprises. HSPD-12 seeks to establish secure and reliable identification for all federal employees and contractors.
Federal mandates tend to have a cascading effect, so this directive ultimately has significance because state and local governments, as well as first responders, will become major buyers of FIPS 201-compliant smart cards as they follow the federal initiatives. Private contractors must follow and are doing so, including Boeing and others.
To meet the requirements of HSPD-12, the National Institute of Standards and Technology (NIST) published a standard for secure and reliable forms of identification: Federal Information Processing Standard (FIPS) 201. The FIPS 201 Personal Identity Verification (PIV) card standard requires contact and contactless smart card technologies and biometrics and provides specific standards for the issuance and use of the PIV card.
The key thing to remember is that FIPS 201 sets specific technology standards but does not specify the physical access control system. The card and biometric standards in FIPS 201 deal solely with the technologies used in authenticating individuals at the credentialing offices or visitor centers so credentials produced work on a wide variety of readers. The federal requirements do not, at this time, address the physical access control system.
Here is what you need to do: Verify if the reader technology you are proposing meets the PIV card interoperability standards and that the physical access system you are proposing communicates with that reader. Your manufacturer will help you; they will tell you which readers are FIPS 201 compliant and how to order them.
Where you can get into trouble
A mixed population of old proximity credentials and new PIV II credentials often will be unavoidable during the government's upgrade path to FIPS 201 compliance. No customer is thrilled with having to install two different types of readers. Ask if this is the case. If so, select multi-technology readers which are compatible with both FIPS 201 PIV II credentials and popular proximity and smart card technologies. Reading multiple existing card types and PIV II cards simultaneously is a tremendous benefit to those agencies looking to painlessly transition.
You can't afford to sell security solutions in a legislative vacuum. Being aware of federal standards and regulations that affect government and non-government entities alike will help you gain the trust of your customers and guide them toward solutions that will meet their needs today. It will also keep them in compliance with the latest laws and regulations that affect their industry.
Jennifer Toscano is Portfolio Marketing Manager for Ingersoll Rand Security Technologies.