The Framework For Open Systems
Apr 1, 2008 12:00 PM, By Monica Rigano
How security standards empower the end-user.
Specifiers and contractors rely on standards in much of the work they do. In fact, when evaluating technologies and solutions, how much a solution provider is leveraging industry standards in their product roadmap can be quite telling. Ultimately, specifiers and contractors need to ensure that requirements for their business goals are being met. Standards-based products should be part of the equation when determining the best fit for their security solution.
Why standards-based? In general, standards activities increase competition, reduce costs and lead to rapid product improvements. The Security Industry Association (SIA) is developing a family of standards for security systems that are open; enable easy integration of diverse components; and provide a means to establish predictable levels of performance. This family of standards is commonly referred to as OSIPS (Open Systems Integration and Performance Standards). Simply put; OSIPS fulfills demand for product standards that ease development and integration of security systems and enable interoperability. These standards are more extensible and adaptable to meet changing end-user requirements and establish a basis for predictable performance. In system architecture, “extensibility” means that the system is designed to include hooks and mechanisms for expanding and enhancing the system with new capabilities without having to make major changes to the system infrastructure. You will hear this term used throughout this article, and its definition is key to understanding the power of our OSIPS activities.
SIA represents technology solution providers, and as an ANSI-accredited Standards Developing activity, serves as the forum for standards development directly related to the technology solution. The activities are open to any interested party. Cross-sections of stakeholders gather to define capabilities and performance metrics for a given standard. Participation is driven by a variety of reasons. Notably, product developers want to get ahead of the curve when it's time to deploy next generation security equipment. End-users and integrators get involved to ensure the requirements for their business needs are met. The specification of capabilities and performance metrics facilitate that effort.
Now, we will examine the industry trends driving standards development activities.
Convergence seems to be the phrase of the day and, for our purposes, it is seen in two different ways. First, our standards facilitate the exchange of information among disparate security components within the security enterprise. Leveraging this information (a form of convergence) is of interest to both IT and physical security managers. In addition, security devices are converging on the network and the need for products that are enterprise-centric and interoperable is imperative.
In 2007, SIA's standards committee and ultimately, SIA's Board of Directors, approved a Standards Roadmap, which provides strategic guidance on where the industry is going in standards development activities and relates that to an overall view of what is considered the security enterprise. The “security enterprise” includes field devices, edge devices and core applications that pertain to the function of providing physical security. Whether integrated or interfaced, the different security components exchange information. All our standards are required to define not only the interface but also the conformity assessment (tests) to evaluate compliance to the standard.
To succeed, a foundational effort had to define the set of common design elements utilized by any security component interface standardized in the OSIPS efforts. These common elements are how components connect to one another, how they tell others about the services they provide (capabilities exchange), how they exchange information on who is authorized to use the component, how a component exchanges schedule information and a unified mechanism for reporting events. The effort also defined common message formats, types, data types and definitions. All this together is under the OSIPS Framework.
With these common elements defined, the standardization of component interfaces became a priority. SIA Standards Digital Video Subcommittee undertook an effort to develop common messaging required to interface with digital video components (cameras, recorders, etc.). Numerous stakeholders saw the advantage of having these standard messages for use in access control, intrusion detection, surveillance, command-and-control, etc. Last month, the ANSI/SIA OSIPS-DVI-01 document was approved as an American National Standard. More recently, there is an interest in extending that activity to have the industry come to agreement on standard events messages associated with video analytics.
With the push for interoperable credentials in the federal government being driven by the HSPD-12 mandate, there has been an increased interest in the access control arena. Other implementations are seeing the unification of logical and physical access control. As security components are deployed on the network, end-users requirements are changing. This requires information to be exchanged between the security enterprise and other applications within the network. Clearly defined interfaces enable this information exchange.
SIA's Access Point Controller activity is defining the interface for edge devices that manage access points and the credentials presented at them; such as a reader at a door. Another ongoing activity, SIA's Access Control Role effort, will define the interface for systems that manage access rules and the access process. Finally, SIA's Identity and Carrier Management effort defines interfaces for systems that manage personal identity and credentials. These activities are scoped to not only the federal government's implementation, but are reflective of industry-wide implementation uses.
New proposals for standards activities are feeding what is referred to as the Security Applications Standards (SAS) subcommittee.
The SAS subcommittee is currently defining access control requirements for gate operations. There are a number of implementations associated with gate operations including military bases, ports and industrial facilities. This group will specify expected behavior of the gate operations application and the associated technologies that may be utilized in the security solution.
To learn more about SIA's standards activities visit www.siaonline.org.
Monica Rigano is director of standards for the Security Industry Association.
Want to use this article? Click here for options!
© 2014 Penton Media Inc.
Today's New Product
In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.