FACILITY ACCESS CONTROL An Interagency Security Committee Best Practice 2020 Edition U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency Interagency Security Committee Message from the Chief One of the priorities of the Department of Homeland Security (DHS) is the protection of federal employees and private citizens who work within and visit federally owned or leased facilities. The Interagency Security Committee (ISC), chaired by DHS, consists of 64 executive-level departments and agencies and has a mission to develop security policies, standards, and recommendations for nonmilitary federal facilities in the United States. As Chief of the ISC, I am pleased to introduce the ISC document titled Facility Access Control: An Interagency Security Committee Best Practice. At a recent ISC Strategic Summit, members identified facility access control as their number-one subject area. Based on their request, the ISC formed a working group on facility access control, resulting in the development of this document. This ISC document provides guidance on addressing facility access control throughout the full access control process, from employee and visitor entry, through security screening, to the first point of authentication into nonpublic space. This guide represents exemplary collaboration within the ISC Facility Access Control Working Group and across the entire ISC. Daryle Hernandez Chief, Interagency Security Committee Facility Access Control: 1 An ISC Best Practice Table of Contents Message from the Chief .................................................................................................................................... 1 Table of Contents ............................................................................................................................................... 2 1.0 Purpose ......................................................................................................................................................... 4 2.0 Background .................................................................................................................................................. 4 3.0 Applicability ................................................................................................................................................. 5 4.0 Access Control .............................................................................................................................................. 5 4.1 Developing Access Control Procedures ......................................................................................................................... 5 4.1.1 Checking Identity Documents .............................................................................................................................. 6 4.1.2 Forms of Identity Documents Accepted .......................................................................................................... 6 4.2 Communicating Access Control Procedures ................................................................................................................ 6 4.2.1 Standardized Language .......................................................................................................................................... 7 4.2.2 Communication Materials ..................................................................................................................................... 7 4.2.3 Web-based Information ......................................................................................................................................... 7 4.3 Entry Eligibility .......................................................................................................................................................................... 7 4.3.1 PIV Cardholders ......................................................................................................................................................... 8 4.3.2 PIV-Interoperable Cardholders ............................................................................................................................ 8 4.3.3 Non-PIV Cardholders .............................................................................................................................................. 9 4.4 REAL ID ........................................................................................................................................................................................9 4.5 Suspension, Removal, and Revocation ........................................................................................................................ 10 4.6 Foreign Access Management .......................................................................................................................................... 10 5.0 Screening ....................................................................................................................................................11 5.1 Security Screening Station ................................................................................................................................................ 11 5.2 Random Security Screening ............................................................................................................................................. 12 5.2.1 Methodology ........................................................................................................................................................... 12 5.2.2 Implementation ...................................................................................................................................................... 14 6.0 Escort Procedures ......................................................................................................................................14 2 Facility Access Control: An ISC Best Practice 7.0 Physical Access Control Systems .............................................................................................................15 7.1 PIV Assurance Level ............................................................................................................................................................. 16 8.0 FSL and PACS Considerations ..................................................................................................................17 8.1 Perimeter Considerations ................................................................................................................................................. 18 8.2 Internal Agency Space Considerations ........................................................................................................................ 19 Appendix A: Foreign Access Management ..................................................................................................21 A.1 Foreign National Vetting ................................................................................................................................................... 23 Appendix B: Flow Chart for Access Control .................................................................................................24 Appendix C: Resources ....................................................................................................................................25 Glossary ........................................................................................................................................................................................... 25 List of Abbreviations, Acronyms, and Initializations....................................................................................................... 27 References: General .................................................................................................................................................................... 28 References: Foreign Access Management ......................................................................................................................... 30 Acknowledgements .........................................................................................................................................32 Facility Access Control: 3 An ISC Best Practice 1.0 Purpose This document provides guidance for federal Executive Branch departments and agencies regarding access control requirements and options for individuals entering federally occupied space. 2.0 Background The Interagency Security Committee (ISC) was formed by Executive Order (EO) 12977 following the Oklahoma City, OK bombing. This devastating event prompted the White House to establish a permanent body to address continuing government-wide physical security needs for federal facilities. Today, the ISC is chaired by the Department of Homeland Security (DHS) and consists of a permanent body with representatives from 64 federal departments and agencies. The ISC is the authority on policies, standards, and recommendations related to the security and protection of federal facilities. After identifying the need for a single source of guidance on facility access control across Photo: Sunset over Oklahoma City Memorial. Executive Branch departments and agencies, the ISC formed the Facility Access Control (FAC) Working Group to develop an authoritative guide to help federal departments and agencies better understand their obligations and requirements relating to common access to facilities. Given the ISC’s diverse membership, the working group