Since HSPD-12 was announced back in 2004, state and local government agencies as well major federal contractors have felt pressure to start incorporating FIPS-201 compliant cards and readers into their access control systems. Sometimes, these cards are called something else – for instance, they are referred to as CAC cards by the military. 

The FIPS 201 Personal Identity Verification (PIV) card standard requires contact and contactless smart card technologies and biometrics and provides specific standards for the issuance and use of the PIV card. It’s important for those wanting to be compliant that they do not use cards that are either only contactless or only contact. Both are needed on the cards.

However, there has been a major misunderstanding of what this requirement means. Although the technology standard is very specific about the card, it does not specify the physical access control system used at one’s facility. The strict biometric and card standards cover only the technologies used at credentialing or visitor centers where people get authenticated to become eligible to get the card. For these locales, what equipment to buy is very limited. Not so for everyone else. 

For use in physical access control at one’s facility, the only requirement is that the reader can indeed read the card. What you install for a reader is up to you; it just needs to be able to read either the contactless or contact portion of the card. In today’s world, of course, the very large majority of users select the contactless technology for their readers.

Although almost all federal employees have been issued their FIPS-201 cards, surprisingly, most are not using it for physical access control. That’s because, when the plan was initiated, the government was more concerned about logical access control. But, things are changing. Earlier this year, the director of the program issued a memorandum telling federal agencies to “aggressively step up their efforts” to use the FIPS-201 card as “the common means of authentication for access to that agency’s facilities….”

 

So Where’s the Budget?

Unfortunately, there was no cash sent along with the memorandum. Whether a large organization that does business with the government or a small federal bureau in the middle of Kansas, organizations have been unwilling to cast aside their present proximity card-based access control systems, which work just fine, for the new FIPS 201 smart card. They know that any retrogrades being done in the immediate future need to read their present proximity card, but does it makes sense to install proximity readers when, down the line, readers that read the FIPS 201 smart cards will be needed. As with so many upgrade programs, it’s pretty obvious that both proximity and the imminent FIPS 201 cards will need to overlap for a certain amount of time. What can you do if you are facing this dilemma?

The solution is actually quite simple and lets users have their cake and eat it too while keeping the budget and downtown to a minimum. Select multi-technology readers which are compatible with both FIPS 201 credentials and popular proximity and smart card technologies. They read your existing proximity card types and the new FIPS 201 cards simultaneously.

 

Caveat Emptor

Yes, the solution is easy but buyer, beware. Not all multi-technology readers will help. You need to not only verify that your proposed reader technology meets the FIPS 201 card interoperability standards but that the physical access system you are considering communicates with that reader. In other words, be sure that the multi-technology reader reads both 13.56 MHz smart cards as well as your present 125 KHz proximity cards. Be apprised: not all manufacturers’ readers read all manufacturers’ proximity cards. If you buy proximity cards from several manufacturers, be sure to check them all for readability. Likewise, does the reader cover all the popular smart card technologies? If your organization also uses a PIN, you will need a reader with a keypad as well. 

Installation will be easier if the readers can be installed as a complete system from the factory with specific FIPS 201 compliant components including the lock, panel interface and reader. Speaking of the lock, the government typically insists that it meets ANSI/BHMA Grade 1 requirements. And, can you get Wiegand communication to the access control panel?

With the right multi-credential readers, you can flexibly plan for the future using your present proximity cards today and migrating to the FIPS 201 smart cards when budgets and time allow.