Skip to main content
Blog

What is Access Control?

Sick of being let down by access control that can’t keep up with your growing enterprise? Us too. That’s why we made ReconaSense, to bring facilities out of a reactive state regarding threat response and mitigation. Physical security management empowers businesses with the tools to identify and manage potential risks effectively, making mitigating risks easy once identified.

Security professionals today face more responsibility with fewer resources than ever. At the same time, expectations continue to rise to secure perimeters, people, property, and digital spaces. Simply, there are not enough trained personnel to keep up. And unfortunately, budget decisions are often reactive in nature, with funding awarded in the wake of troubling security incidents. One of the critical roles of your physical access control system is to make life as a security practitioner easier, giving you peace of mind when keeping people, assets, and facilities safe. To do so, one of the most crucial features a modern, intelligent PACS should have is the ability to integrate siloed security data into not just a standard view – but one common language.

Access control is defined by the National Institute of Standards and Technology (NIST) as “The process of granting or denying specific requests to 1) obtain and use information and related information processing services and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances)”. As far as building security and access control go, several officially recognized types of access control exist.

Types of Access Control

Discretionary Access Control (DAC) – DAC is a type of access control system that assigns access rights based on rules specified by users. The principle behind DAC is that subjects can determine who has access to their objects. The DAC model takes advantage of using access control lists (ACLs) and capability tables.

Role-Based Access Control (RBAC) – RBAC, also known as non-discretionary access control, is used when system administrators need to assign rights based on organizational roles instead of individual user accounts within an organization. It presents an opportunity for the organization to address the principle of ‘least privilege.’ This gives an individual only the access needed to do their job since access connects to their job.

Mandatory Access Control (MAC) – Considered the strictest of all levels of access control systems. The government commonly uses the design and implementation of MAC. MAC uses a hierarchical approach to control access to files/resources. Under a MAC environment, access to resource objects is governed by the settings defined by a system administrator. This means access to resource objects is controlled by the operating system based on what the system administrator configured in the settings. Users can’t change access control of a resource. MAC uses “security labels” to assign resource objects to a system. There are two pieces of information connected to these security labels: classification (high, medium, low) and category (specific department or project – provides “need to know”).

Which Type is ReconaSense?

As a fully customizable tile-based system that works at a layered permissions level, the answer is all three. ReconaSense can function as a DAC through a security team using the platform to track, monitor, and act by measuring risk and deciding on access granted or denied. ReconaSense can also be structured as an RBAC through directly assigned rights on role, title, and level versus the previous individual basis. Or through defined rule sets regulating rights and access to controlled environments, ReconaSense is designed to function as a MAC at an enterprise level to secure differing areas based on classification, activity, permissions, suspicion, and threat scoring- all in real-time. When setting up your customized access control, you can do any combination of these types of access control to fit your unique building management needs to mitigate risk, detect threats, and keep occupants safe.

What Makes ReconaSense Unique

ReconaSense is the first risk-adaptive security framework to receive FICAM certification (APL #10131) using commercial off-the-shelf (COTS) components. We protect federal, military, critical infrastructure, and other sensitive facilities requiring the highest levels of security. ReconaSense meets and exceeds Government regulations for: HSPD-12, FIPS 201, ICD705, UL1076, UL294, and FIPS 140-2.

The ReconaSense platform integrates with all federal security systems and other applications at the database layer by translating data into one common language. It automatically adjusts permissions to deliver security intelligence through a single interface providing a more intelligent view of security across your entire operation.

ReconaSense runs on Mercury hardware and integrates data from third-party systems, authentication solutions, IoT sensor technology, building automation systems, and more. ReconaSense enables modern enterprises to manage risk across numerous dynamic and interacting variables proactively. With ReconaSense, you will gain a unified view of potential threats across your entire security environment.

Upcoming Events to Consider

GSX: Visit ReconaSense at booth 4143 in Atlanta, GA, September 12-14, 2022, for GSX at the Georgia World Congress Center.  Click here for our complimentary registration!

ISC East: See us at the Javits Center in NYC on November 16-17, 2022, for ISC East. See the latest innovations in Fastlane turnstiles and discuss a more intelligent security strategy. For more information, click here.

About ReconaSense

Harnessing the power of real-time data processing and military-grade physical access control, ReconaSense provides the only risk-adaptive protection for enterprise security management. These tools provide the industry with the building blocks and automation services to enable ‘Smart Building’ functionality with existing resources. We are an American company based in Austin, TX, supported by Veterans with various installations in numerous government facilities and retail locations. Want to schedule a private demo or have questions? Want to schedule a personal demo or have questions? Contact us, and we will reach out shortly.

Townsend, R. (n.d.). UHWO Cyber Security. University of Hawaii – West Oahu. Retrieved from https://westoahu.hawaii.edu/cyber/best-practices/best-practices-weekly-summaries/access-control/