The Defense Department late last year established minimum security standards for physical access control into its facilities and installations, a key step toward improving the ability to authenticate and authorize personnel accessing U.S. military bases.
The new standards provide common “guidance to installation commanders on how they can handle physical access control,” Capt. John Boyd, director, Department of Navy, Identity Management Capability, tells TR2. Currently access to a base or facility typically involves a gate guard reviewing an individual’s DoD issued Combined Access Card (CAC) or some other credential but Directive Type Memorandum (DTM) 09-012 allows for “automated systems” to gain access, he says. The DTM was signed in Dec. 2009 by the Under Secretary of Defense for Intelligence James Clapper.
This could entail an electronic swipe of a CAC card or combining a swipe with a PIN, Boyd says. “It also opens the possibility of employing biometrics, part of who you are for authentication.”
The minimum standard for physical access control systems (PACS) will continue to be a visual match of the photograph on a card to the person presenting the card as well as visually checking for anti-counterfeit or fraud protection measures embedded in the card, the DTM says.
But, “When funding becomes available, installations will procure an electronic PACS that provides the capability to rapidly and electronically authenticate credentials and individuals authorization to enter an installation,” the DTM says. “The PACS must support a DoD-wide and federally interoperable access control capability that can authenticate USG (U.S. Government) physical access credentials and support access enrollment, authorization processes, and securely share information.”
The new policy guidance feeds into a larger effort being led by the Navy and Marine Corps called the Joint Identity Enabled Physical Access Control Capability (JIPAC), which is in the concept development phase. The effort is basically in line with the goals of the DTM policy guidance, which is improving the ability of the armed forces to authenticate and authorize personnel coming onto bases and installations.
There is additional work to be done on the JIPAC such as continuing to flush out concepts, work on requirements and do more analysis, Boyd says. These include things such as a Joint Capabilities Integration Development System, gap analyses “that clearly identify the need for a more accurate means to authenticate and authorize people entering our installations” and a “more detailed Analysis of Alternatives as a prerequisite to moving toward a program of record,” he says.
Work also continues moving forward on the Identity Dominance System (IDS), a biometric-enabled handheld device that could be used by sailors and Marines at sea and on land to deny anonymity to adversaries (TR2, Oct. 14, 2009), Boyd says.
The Navy is currently in the source selection phase between small businesses for IDS.
Work around that effort includes establishing a system engineering plan, an acquisition strategy, and a test and evaluation master plan, Boyd says. “All of those things to support a full program of record are being routed and reviewed right now,” he says.
The IDS builds off of several earlier engineering prototypes such as the System for Intelligence and Identity Dominance and the Expanded Maritime Interception Operations Identity Dominance Toolset. Another related pilot project is gearing up for digital media exploitation, Boyd says.
For example, when sailors board a vessel as part of a maritime interception operation, they may come across digital media such as cell phones and computers that they may want to examine for information “so that we can better characterize persons of interest,” Boyd says.
Boyd emphasizes that the approach to the digital media exploitation piece is modular. Whether it would be built in or peripheral to the IDS is yet to be determined, he says.
“But what we’re shooting for, and no final decision has been made, is to make the modules fit into as small and compact a form fit factor as possible so that we’re minimizing the weight and the loading on the sailor that’s going over,” Boyd says. The IDS will feature open architectures, built to standards, interoperable with other system and reach back into the U.S. and elsewhere, he says.