Identity Management

The Benefits of Trading Keys for Cards

March 1, 2013

How many key cards does it take to open a door in Hennepin County, Minnesota? Thanks to Kirk Simmons, just one.

Hennepin County’s 100-plus buildings used to have multiple access control systems, which led to a single worker needing – depending on job functions – seven or eight access control cards, plus an ID. Simmons, Security Manager for Hennepin, is working to reduce the number of badge designs from 17 to two or three, so that access cards function as ID cards, consolidating the amount of equipment at large.

Like every public administration, managing ID/access badges in municipal security comes with significant challenges. For one overarching security division, badging thousands of employees in several hundred different facilities can prove complex. According to Walter Chan, Supervisor of Corporate Security in the City of Toronto, there is no one-size fits all, cookie-cutter template to government ID/access badges.

“I oversee access control and access/ID management infrastructure in more than 1,000 city-owned and operated facilities – from daycare centers, animal shelters, long-term care homes, court services to critical infrastructures like water and wastewater facilities, a consolidated data center, Toronto’s City Hall and Civic Centres,” Chan says. And those facilities offer different types of City services, so the ID/access badges not only need to be functional, but badges should enhance and integrate the delivery of those services.

“Corporate Security works with the various City divisions to come up with badge designs that work within their operational environment, so it’s more likely that employees will actually want to use their access badge and wear it while they work.

“We work with the divisions to understand the types of people requiring access to their facilities and for how long,” he says. “For example, we have some divisions, like Toronto Water, that operate with a large contingent of contractors, while the Long-Term Care Homes have a large contingent of volunteers – while we try to streamline the access/ID management processes, the actual badge designs may differ.”

However, while Simmons is consolidating the number of card designs, he is trying to diversify the uses of that single badge.

“We’re working with IT to add time reporting, fax and printer access, and possibly even using IDs as pay-cards in the cafeterias,” he says. “We want employees to treat it like a piece of equipment, not just a badge. It might increase card costs, but it will add convenience.” He adds that while he is not 100 percent clear on what those added functions might be in the future, he wants a card that will be scalable and integrated to achieve maximum convenience value.

Convenience isn’t the only use for combined badging and access control systems in Manchester, N.H. Ronald (Red) Robidas, Security Manager for the City of Manchester, weighs the necessity of public access versus secure inner facilities for every government building in his jurisdiction. Schools, especially, can prove to be a challenge as Robidas cracks down on the number of uncontrolled keys.

Prior to installing a functioning electronic access control system with ID card keys, Robidas’ team discovered a group of adults playing basketball in a school gymnasium. A former coach gave them a key to the building five years before, and they had been playing ball there every weekend since.

So now, while most employees still have access through their IDs, badge sharing is not tolerated and not often successful. By assigning access by time schedules, user profiles and job function, it can be fairly obvious when someone is where they aren’t supposed to be, Robidas says.

Depending on the employee’s function, access is also dependent on passing certain background checks, he adds. Employees working with children – including in schools, social work or other activities – and financial information are not issued IDs until they pass background checks, a practice required even of interns and volunteers.

Simmons is also working to reduce the security department’s workload by divvying up some of the card-issuing responsibility to the departments. Each major department has a “card contact” that manages access control input, but the security department still prints the cards. Departments work as individual businesses, Simmons says. If security were to be single-handedly re-badging all of Hennepin County, he adds, the department would need several new staffers. But the decentralized program keeps costs down, increases department ownership and keeps thousands of phone calls out of the security department every year.


Reaching Beyond Federal Government Requirements: HSPD-12 and FIPS 201

By April Dalton-Noblitt, Ingersoll Rand Security Technologies, Director-Vertical Markets


State and local codes apply to all state, county and municipal government security purchases and installations, both public and private. But did you also know that federal regulations and ID standards may also apply?


Two Primary Programs Apply…HSPD-12 and FIPS 201

Homeland Security Presidential Directive 12 (HSPD-12) is fueling smart card use in the government and accelerating adoption by large enterprises. HSPD-12 seeks to establish secure and reliable identification for all federal employees and contractors.

This directive ultimately has huge significance because state and local governments, as well as first responders, will need to convert to federal government-compliant smart cards in order to follow the initiatives. Private contractors must follow.

To meet the HSPD-12 requirements, the National Institute of Standards and Technology (NIST) published a standard for secure and reliable forms of identification: Federal Information Processing Standard (FIPS) 201. Remember that cards that are solely contact or contactless cannot be considered to be compliant with the FIPS 201 Personal Identity Verification (PIV) standard. In fact, there are very specific standards required for the contact and contactless combination smart card. The card reader, though, is a different matter.

At one’s facility, the only card reader requirement is to be capable of reading the FIPS card and communicating with the access control system. Facility managers can install any brand of reader that is FIPS-compliant.


Where You Can Get into Trouble

A mixed population of old proximity credentials and new PIV II credentials often will be unavoidable when pursuing an upgrade path to FIPS 201 compliance. Most organizations want to avoid installing two different types of readers to accommodate a transition. Select multi-technology readers that are compatible with FIPS 201 PIV II credentials and popular proximity, magnetic stripe and smart card technologies. Reading multiple existing card types and PIV II cards simultaneously is a tremendous benefit for painless transitions.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Claire Meyer

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security May 2015 Issue cover

2015 May

In the May 2015 issue of Security, learn how to be the bridge between busieness and security with "customer facing," how to effectively work with your CFO, and covert security.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.