audit trail. Minimum requirements of printed reports are date, time,
activity, location, and action taken. The using activity should consider
the worst case projections of report needs and cost justify those needs
based upon the vulnerability of the activity or sensitivity of the mission.
Maximum flexibility can be attained with a computer storage media historic
system. This system enhances system efficiency by permitting exceptions to
routine and timed reporting controls in contrast to recording real time
occurrences of alarms and other events with no differentiation between them.
5.3 Automated Access Control System Functions. Computer based systems
permit flexibility in controls and remove the mundane, repetitive tasks from
the guard's duties. Previous justifications for access approvals are
consistently checked against the access requests and recorded appropriately.
This automation permits greater efficiency of guard personnel while reducing
the number of personnel required and improving security to the facility.
5.3.1 Access Authorization/Verification and Reporting. Approval for
personnel to enter a specific portal, based upon the system parameters, will
require advance justification to the facility authority and subsequent
approval for system enrollment. Approval or denial of access requires the
electronic check of limitations associated with the encoded credential at
the time of each access request. The machine operates without prejudice on
a repeatable basis. Approval authorization is reduced to a routine task
that requires human intervention only in the event of exceptions. The
system will note and report, of course, exceptions and operator-initiated
actions. Human failures or errors are controlled, while a commercial
industry system standard of 2 seconds maximum for routine access approval is
5.3.2 Area Authorization. The access authorization can be as general as
system wide approval or as specific as individual portal restrictions. The
files associated with authorizations should consider the appropriate
classification of a portal that comprises a perimeter barrier to security or
restricted areas (see OPNAVINST 5530.14). The portal should be assigned the
classification of the restricted area and allow access only to persons
permitted within the area. The activity authority having security
jurisdiction should consider authorizations based upon need-to-know
principles, since such access normally constitutes an uncontrolled
admittance to the area. The guidelines developed by various directives can
be assigned with little modification on most commercial systems.
5.3.3 Time Zoning. Further definition of access authorization can be based
upon a criteria of time. Access may be approved only if the individual is
authorized to enter a portal during an appropriate time period. Time codes
may also be designated in a way which precludes all access during a time
zone assigned to a portal. Thus, either individuals or areas may be
excluded from access based upon the definition of time periods.
Applications of the feature may be beneficial if regular working hours or
closed hours are established at the facility. Nonduty hours security
operations at the facility can then rely upon routine patrols and the
functions of the intrusion detection system