Physical Security Systems Assessment Guide, Dec 2016
Total Page:16
File Type:pdf, Size:1020Kb
PHYSICAL SECURITY SYSTEMS ASSESSMENT GUIDE December 2016 Table of Contents Acronyms .................................................................................................................................................. PSS-1 Section 1: Introduction............................................................................................................................. PSS-2 Section 2: Intrusion Detection and Assessment ..................................................................................... PSS-15 Section 3: Entry and Search Control ...................................................................................................... PSS-25 Section 4: Badging .................................................................................................................................... PSS-34 Section 5: Barriers, Locks, and Keys ...................................................................................................... PSS-42 Section 6: Communications ..................................................................................................................... PSS-56 Section 7: Testing and Maintenance ....................................................................................................... PSS-61 Section 8: Support Systems ...................................................................................................................... PSS-67 Section 9: Systems Management ............................................................................................................. PSS-70 Section 10: Interfaces ............................................................................................................................... PSS-79 Section 11: Analyzing Data and Interpreting Results ........................................................................... PSS-82 Appendix A: Intrusion Detection System Performance Tests .............................................................. PSS-87 Appendix B: Access Control System Performance Tests ...................................................................... PSS-189 Appendix C: Communications Equipment Performance Tests ........................................................... PSS-258 Appendix D: Support System Performance Tests ................................................................................. PSS-269 Appendix E: Personnel and Procedure Performance Tests ................................................................. PSS-289 Acronyms AC Alternating Current ODSA Officially Designated Security Authority ACD Access Control Device PA Protected Area ANSI American National Standards Institute PIDAS Perimeter Intrusion Detection and BMS Balanced Magnetic Switch Assessment System CAS Central Alarm Station PIN Personal Identification Number CCTV Closed Circuit Television PPA Property Protection Area CFR Code of Federal Regulations PSS Physical Security Systems DOE U.S. Department of Energy PTZ Pan-tilt-zoom EA Office of Enterprise Assessments QA Quality Assurance ECS Entry Control System RF Radio Frequency EOC Emergency Operations Center S&SP Safeguards and Security Program GSA General Services Administration SAS Secondary Alarm Station HSPD-12 Homeland Security Presidential SCIF Sensitive Compartmented Information Directive 12 Facility IDS Intrusion Detection System SNM Special Nuclear Material ISSM Integrated Safeguards and Security SPO Security Police Officer Management SRT Special Response Team LA Limited Area SSSP Site Safeguards and Security Plan LLEA Local Law Enforcement Agency TID Tamper-Indicating Device LSSO Local Site Specific Only UPS Uninterruptible Power Supply MAA Material Access Area VA Vulnerability Assessment MC&A Material Control and Accountability VMD Video Motion Detector PSS-1 Physical Security Systems Assessment Guide – December 2016 Section 1: Introduction Purpose The Physical Security Systems (PSS) Assessment Guide provides assessment personnel with a detailed methodology that can be used to plan, conduct, and closeout an assessment of PSS. This methodology serves to promote consistency, ensure thoroughness, and enhance the quality of the assessment process. The guide is intended to be useful for all assessors regardless of their experience. For the experienced assessor, information is organized to allow easy reference and to serve as a reminder when conducting assessment activities. For the new assessor, this guide can serve as a valuable training tool. With the assistance of an experienced assessor, the new assessor should be able to use the guide to collect and interpret data more efficiently and effectively. Organization This introductory section (Section 1) describes assessment methods and outlines their use. Sections 2 through 9 provide detailed guidance for assessing each major PSS subtopic: Section 2 – Intrusion Detection and Assessment Section 3 – Entry and Search Control Section 4 – Badging Section 5 – Barriers, Locks, and Keys Section 6 – Communications Section 7 – Testing and Maintenance Section 8 – Support Systems Section 9 – Systems Management. Section 10 (Interfaces) contains guidelines to help assessors coordinate their activities within subtopics and with other topic teams. Information is provided on the integration process, which allows topic teams to align their efforts and benefit from the knowledge and experience of other topic teams. The section provides some common areas of interface for the PSS team and explains how the integration effort greatly contributes to the quality and validity of assessment results. Section 11 (Analyzing Data and Interpreting Results) contains guidelines on how to organize and analyze data collected during assessment activities. These guidelines include possible impacts of specific information on other topics or subtopics, and some experience-based information on the interpretation of potential deficiencies. Appendix A (Intrusion Detection System Performance Tests) provides procedures for testing the various systems and items of equipment that are commonly used in U.S. Department of Energy (DOE) facilities, with guidelines for evaluating test results. This appendix includes performance tests that are useful for evaluating a variety of intrusion detection systems (IDSs), such as: Exterior Perimeter Sensors Interior Sensors Perimeter Closed Circuit Television (CCTV) Interior CCTV Alarm Processing and Display. PSS-2 Physical Security Systems Assessment Guide – December 2016 Appendix B (Access Control System Performance Tests) contains effectiveness tests on entry control and detection equipment. Appendix C (Communications Equipment Performance Tests) contains performance tests on radio equipment and duress alarms. Appendix D (Support System Performance Tests) addresses the testing of equipment associated with power sources and tamper protection. Appendix E (Personnel and Procedure Performance Tests) provides guidelines for designing and conducting site-specific tests of personnel and procedures. Candidate procedures and sample test scenarios are included. General Considerations While this guide covers a broad spectrum of assessment activities, it cannot address all security systems and variations used at DOE facilities. The methods that are described may have to be modified or adapted to meet assessment-specific needs, and assessors may have to design new methods to collect information not specifically addressed in this guide. Information in this guide is intended to complement DOE orders by providing practical guidance for planning, collecting, and analyzing assessment data. Assessors should refer to this guide, as well as DOE orders and other guidance, during all stages of the assessment process. Using the Topic-Specific Methods Sections 2 through 9 provide topic-specific information intended to help assessors collect and analyze assessment data. Each subtopic section is further divided into the following standard format: General Information Common Deficiencies/Potential Concerns Planning Activities Performance Tests (if applicable) Data Collection Activities. Note that DOE Order 473.3A, Protection Program Operations, applies to the subtopics, in addition to other documents that may be relevant, such as: Executive Orders Site Safeguards and Security Plans (SSSPs) Implementation memoranda Memoranda of agreement Procedural guides. These references are used as the basis for evaluating the assessed program and for assigning findings. It is useful to refer to the applicable references, particularly DOE guidance, during interviews and tours to ensure that all relevant information is covered. General Information The General Information section defines the scope of the subtopic. It includes background information, guidelines, and commonly used terms to help assessors focus on the unique features and problems associated PSS-3 Physical Security Systems Assessment Guide – December 2016 with the subtopic. It identifies the different approaches that a facility might use to accomplish an objective and provides typical examples. Common Deficiencies/Potential Concerns This section addresses common deficiencies and concerns associated with the subtopical area, along with a short discussion that provides additional detail. Information in this section is intended to help the assessor further refine assessment activities. Where appropriate, general guidelines are provided to indicate where a particular deficiency is likely to occur. Planning Activities This section identifies activities normally conducted