The most critical factor in successfully upgrading a PACS to use HSPD-12 credentials is selecting the proper PIV, PIV-I, TWIC or CAC Reader. The first step is determining whether your building needs low assurance or high assurance. According to the latest federal guidelines,* agencies should select a PACS that does not employ PKI mechanisms only in areas with "extremely low risk".
Yes. The contact interface enables compliant 2-Factor authentication as specified in FIPS-201 (PIN submitted to credential) while the contactless interface does not. The contact interface also provides redundancy for failed antennas on a credential.
Yes. Remember that HSPD-12 specifies that credentials from one agency interoperate in another agency's facility. This interoperation eliminates the need for multiple badges.
Yes. NIST standards specify that for 2-Factor authentication to be compliant, the PIN must be submitted to the Credential and not the PACS.
Yes. If there is a possibility you will need HIGH assurance now or in the future you will need PKI challenge-response capability.
Keep in mind that Government standards could change in the future. Be sure to future-proof your system with Readers from a provider that is fully committed to support HSPD-12.
If so, you should consider the added value provided by a Reader that is securely designed and built in the USA as opposed to an off-shore Reader.
The following table provides a guide for how BridgePoint Readers fill the four levels of security authentication per Federal Government guidance. Click here to order BridgePoint's White Paper on Securing Federal Facilities Utilizing the Federal Government Issued CAC and PIV Credentials
* As cited in "Modernizing Federal Physical Access Control Systems" published by the Federal CIO Council's Identity, Credential and Access Management Committee.
NOTE: The warranty on any Reader is null and void if used on a legacy access system that does not perform a complete 64 bit match on a CAC1 credential or a 56 bit match on a PIV compliant credential.