Temporary Identity Credentials for Federal Agency Physical Access Control Systems (PACS)
Publication Date: March 2020
As identity vetting evolves in the federal space, industry stakeholders have managed to keep pace with changing requirements around HSPD-12. What has not been addressed (nor universally standardized and implemented) are consistent government-wide policies and models for issuing and managing short-term, temporary credentials that may be used for access to federal agency facilities, and, potentially, access to federal agency information technology resources.
The Secure Technology Alliance developed this white paper to recommend an approach for implementing temporary identity credentials for physical access control systems (PACS) in federal agencies. The white paper outlines a model for temporary access cards that is vendor-agnostic and compatible with federal card authentication technologies used in the agency’s GSA FIPS 201 Evaluation Program Approved Product List access control systems.
This white paper is intended for PACS manufacturers, PACS administrators, credential issuers, on-site personnel, agency PACS business/system owners and agency HSPD-12 Program Management Office (PMO) personnel, and provides:
- An introduction to the need for consistent government-wide policies and models for issuing and managing short-term, temporary credentials
- Guidance on authorization requirements for temporary identity credentials including use cases for visitors and employees
- Approaches to use for temporary identity credentials including non-personalized re-usable cards and a person-centric approach
- A recommendation for an authenticatable PKI credential solution for federal PACS, with a focus on locally issued Commercial Identity Verification (CIV) cards
This white paper was developed by the Secure Technology Alliance Access Control Council – which includes both industry and federal government members. The Council focuses on accelerating the widespread acceptance, use and application of secure technologies in various physical and digital form factors for physical and logical access control as applicable to both persons and non-person entities.