Standardization in the field of storage: plans and prospects. Regulatory framework for skids
STATE STANDARD OF THE RUSSIAN FEDERATION
GOST R 51241-98
Access control and management tools and systems. Classification. Are common technical requirements. Test methods.
Access control systems and units. Classification. General technical requirements. Methods of tests.
OKS 13.320
OKP 43 7200
INFORMATION DATA
1. DEVELOPED by the Scientific Research Center "Security" (SRC "Security") of the Main Directorate private security(GUVO) Ministry of Internal Affairs of Russia with participation working group specialists from the Research Institute of Special Equipment (NIIST) of the Ministry of Internal Affairs of Russia, the State Unitary Enterprise (GUL) of the Special Research and Production Association (SNPO) "Eleron", military unit 31600, the State Technical Commission of Russia, the All-Russian Research Institute of Standardization and Certification in Mechanical Engineering (VNIINMASH) Gosstandart of Russia.
INTRODUCED by the Technical Committee for Standardization TC 234 "Technical means of security, security and fire alarm"
2. ADOPTED AND ENTERED INTO EFFECT by Resolution of the State Standard of Russia dated December 29, 1998 No. 472
Date of introduction 2000-01-01
CONTENT
1 area of use
2. Normative references
3. Definitions, notations and abbreviations
4. Classification
5. Classification of CUD funds
6. Classification of KUD systems
7. Classification of CUD tools and systems according to their resistance to non-impaired influences
8. Symbols of CUD tools and systems
9. General technical requirements
10. General provisions
11. Appointment requirements
12. Requirements for functional characteristics KUD systems
13. Requirements for the functional characteristics of the UPU
14. Requirements for the functional characteristics of UVIP
15. Requirements for the functional characteristics of the control unit
16. Requirements for electromagnetic compatibility
17. Requirements for the stability of CUD tools and systems to NSD
18. Reliability requirements
19. Requirements for resistance to external influences
20. Power requirements
21. Safety requirements
22. Design requirements
23. Labeling requirements
24. Test methods
25. General provisions
26. Testing of CUD tools and systems for compliance with general technical requirements
27. Appendix A. Automated systems. Classification automated systems and information protection requirements
28. Appendix B. Means computer technology. Security indicators from NSD to information by security classes
29. Appendix B. Bibliography
1 AREA OF USE
This standard applies to technical systems and access control and management tools designed to control and authorize access of people, vehicles and other objects to (from) premises, buildings, zones and territories.
The standard establishes the classification, general technical requirements and test methods for access control and access control systems and systems.
This standard applies to newly developed and modernized access control and management tools and systems.
The requirements set out in 5.3, 5.4, 5.8 are mandatory.
This standard uses references to the following standards:
GOST R 8.568-97 GSI. Certification of testing equipment. Basic provisions
GOST 12.1.004-91 SSBT. Fire safety. General requirements
GOST 12.1.006-84 SSBT. Electromagnetic fields of radio frequencies. Permissible levels at workplaces and control requirements
GOST 12.1.010-76 SSBT. Explosion hazard. General requirements
GOST 12.1.019-79 SSBT. Electrical safety. General requirements and nomenclature of types of protection
GOST 12.2.003-91 SSBT. Production equipment. General safety requirements
GOST 12.2.006-87 (IEC 65-85) Safety of electronic network equipment and similar devices intended for household and similar general use. General requirements and test methods
GOST 12.2.007.0-75 SSBT. Electrical products. General safety requirements
GOST 20.57.406-81 Complete system quality control. Products of electronic technology, quantum electronics and electrical engineering. Test methods
GOST 27.002-89 Reliability in technology. Basic concepts. Terms and Definitions
GOST 27.003-90 Reliability in technology. Composition and rules for specifying reliability requirements
GOST 12997-84 GSP products. General technical conditions
GOST 14254-96 (IEC 529-86) Degrees of protection provided by enclosures
GOST 15150-69 Machines, instruments and other technical products. Versions for various climatic regions. Categories, operating, storage and transportation conditions regarding the impact of climatic factors external environment
GOST 16962-71 Products of electronic equipment and electrical engineering. Mechanical and climatic influences. Requirements and test methods
GOST 16962.1-89 Electrical products. Test methods for resistance to climatic external influences
GOST 16962.2-90 Electrical products. Test methods for resistance to mechanical external influences
GOST 17516-72 Electrical products. Operating conditions regarding exposure to mechanical environmental factors
GOST 17516.1-90 Electrical products. General requirements regarding resistance to mechanical external influences
GOST 21552-84 Computer equipment. General technical requirements, acceptance, test methods, labeling, packaging, transportation and storage
GOST 23511-79 Industrial radio interference from electrical devices operated in residential buildings or connected to their electrical networks. Standards and methods of measurement
GOST 23773-88 Electronic digital computing machines general purpose. Test methods
GOST 24686-81 Equipment for the production of electronic and electrical products. General technical requirements. Labeling, packaging, transportation and storage
GOST 26139-84 Interface for automated control systems for dispersed objects. General requirements
GOST 27570.0-87 (IEC 335-1-76) Safety of household and similar electrical appliances. General requirements and test methods
GOST 28195-89 Assessment of the quality of software. General provisions
GOST 29156-91 (IEC 801-4-88) Compatibility technical means electromagnetic Resistance to nanosecond impulse noise. Technical requirements and test methods
GOST 29191-91 (IEC 801-2-91) Electromagnetic compatibility of technical equipment. Resistance to electrostatic discharges. Technical requirements and test methods
GOST 30109-94 Wooden doors. Burglar resistance test methods
GOST R 50007-92 Electromagnetic compatibility of technical equipment. Resistance to high-energy microsecond impulse noise. Technical requirements and test methods
GOST R 50008-92 Electromagnetic compatibility of technical equipment. Immunity to radio frequency electromagnetic fields in the 26-1000 MHz band. Technical requirements and test methods
GOST R 50009-92 Compatibility of technical means of security, fire and security and fire alarm system electromagnetic Requirements, standards and test methods for noise immunity and industrial radio interference
GOST R 50627-93 Electromagnetic compatibility of technical equipment. Resistance to dynamic changes in power supply voltage. Technical requirements and test methods
GOST R 50739-95 Computer equipment. Protection against unauthorized access to information. General technical requirements
GOST R 50775-95 (IEC 839-1-1-88) Systems alarm system. Part 1. General requirements. Section 1. General provisions
GOST R 50776-95 (IEC 839-1-4-89) Alarm systems. Part 1. General requirements. Section 4 Design, Installation and Maintenance Guidelines
GOST R 50862-96 Safes and storage of valuables. Requirements and test methods for burglar resistance and fire resistance
GOST R 50941-96 Protective cabin. General technical requirements and test methods
GOST R 51072-97 Safety doors. General technical requirements and test methods for burglar resistance and bullet resistance
GOST R 51112-97 Banking protective equipment. Bullet resistance requirements and test method
3. DEFINITIONS, NOTATIONS AND ABBREVIATIONS
In this standard, the following terms with corresponding definitions apply:
Access - movement of people, vehicles and other objects into (from) premises, buildings, zones and territories.
Unauthorized access - access by people or objects that are not authorized to access.
Authorized access is access by people or objects that have access rights.
Access control and management (ACC) is a set of measures aimed at limiting and authorizing access of people, vehicles and other objects to (from) premises, buildings, zones and territories.
Access control and management tools (ACD tools) - mechanical, electromechanical, electrical, electronic devices, structures and software that ensure the implementation of access control and management.
Access control and management system (ACS) is a set of control and management tools. possessing technical, information, software and operational compatibility.
Identification is the process of identifying a subject or object by its inherent or assigned identification feature. Identification also means assigning an identifier to access subjects and objects and (or) comparing the presented identifier with the list of assigned identifiers.
Biometric identification is identification based on the use of individual physical characteristics of a person.
Access identifier, identifier (identification attribute carrier) is a unique attribute of the subject or object of access. A memorized code, a biometric sign or a real code can be used as an identifier. An identifier using a real code is an item into which (on which) an identification sign in the form of code information (cards, electronic keys, key fobs, etc.) is entered using special technology. ).
Real code is a code written on a physical medium (identifier).
Memorized code - a code entered manually using a keyboard, code switches or other similar devices.
Controlled blocking devices (CBDs) are devices that provide a physical barrier to the access of people, vehicles and other objects and are equipped with actuators to control their condition (doors, gates, turnstiles, airlocks, walk-through cabins, etc. structures).
Actuating devices - devices or mechanisms that ensure that the control unit is brought into an open or closed state (electromechanical and electromagnetic locks, latches, drive mechanisms for locks, gates, turnstiles, etc.).
Identification feature input devices (IDIDs) are electronic devices designed to enter a memorized code, enter biometric information, and read code information from identifiers. UVIP includes readers and identifiers.
Reader is a device included in the UVIP designed for reading (entering) identification characteristics.
Control devices (CD) - devices and software that set the access mode and ensure the reception and processing of information from the UVIP, control of the CDU, display and registration of information.
Access point - a place where access control is directly carried out (for example, a door, turnstile, passage booth, equipped with a reader, actuator, electromechanical lock and other necessary means).
Access zone - a collection of access points connected by a common location or other characteristics (for example, access points located on the same floor).
Access time interval (time window) - the time interval during which movement in a given access point is allowed.
Access level is a set of access time intervals (time windows) and access points that are assigned to a specific person or group of people who have access to specified access points in specified time intervals.
Rule of two (or more) persons - an access rule in which access is allowed only if two or more people are present at the same time.
Capacity - the ability of a means or KUD system to pass a certain number of people, vehicles, etc. per unit of time.
Unauthorized actions (UAA) - actions the purpose of which is unauthorized penetration through the UPU.
Hacking - actions aimed at unauthorized destruction of a structure.
Opening - actions aimed at unauthorized penetration through the UPU without its destruction.
Manipulation - actions performed with access control devices without destroying them, the purpose of which is to obtain a valid code or bring the barring device into an open state. Access control devices can continue to function correctly during and after manipulation; traces of such action will not be noticeable. Manipulation also includes actions on software.
Surveillance - actions performed with access control and management devices without direct access to them, the purpose of which is to obtain a valid code.
Copying - actions performed with identifiers, the purpose of which is to obtain a copy of the identifier with a valid code.
Coercion - violent actions against a person who has the right of access for the purpose of unauthorized entry through the UPU. At the same time, access control and management devices can function normally.
Sabotage (state of sabotage - according to GOST R 50776) is a deliberately created state of the system in which damage to part of the system occurs.
Burglary resistance is the ability of a structure to withstand destructive forces without the use of tools, as well as with the help of hand and other types of tools.
Bullet resistance is the ability of an obstacle to resist penetration by bullets and the absence of secondary destructive elements dangerous to humans.
Explosion resistance is the ability of a structure to withstand the destructive effects of explosives.
4. CLASSIFICATION
4.1. Classification of CUD funds4.1.1. KUD funds are classified according to:
- functional purpose of devices;
- resistance to NSD.
- controlled blocking devices (UCD) as part of blocking structures and actuators;
- Identification characteristics input devices (IDI) as part of readers and identifiers;
- control devices (CU) consisting of hardware and software.
According to the type of overlap of the passage opening, the UPU can be:
- with partial overlap (turnstiles, barriers);
- with full overlap (solid doors, gates);
- with blocking of an object in the opening (gateways, walk-through booths).
- with manual control;
- with semi-automatic control,
- with automatic control.
- by type of identification features used;
- according to the method of reading identification features.
- mechanical - identification features are elements of the design of identifiers (perforations, elements of mechanical keys, etc.);
- magnetic - identification features are magnetized areas of the surface or magnetic elements of the identifier (cards with a magnetic stripe, Wiegand cards, etc.);
- optical - identification features are marks applied on the surface or inside the identifier that have different optical characteristics in reflected or transmitted optical radiation (bar code cards, holographic marks, etc.);
- electronic - identification signs are an electronic code written in an electronic identifier microcircuit (remote cards, electronic keys, etc.);
- acoustic - identification signs represent a coded acoustic signal;
- biometric - identification features are individual physical characteristics of a person (fingerprints, palm geometry, retinal pattern, voice, signature dynamics, etc.);
- combined - several identification features are used simultaneously for identification.
- with manual input - input is made by pressing keys, turning switches or other similar elements;
- contact - input occurs with direct, including electrical, contact between the reader and the identifier;
- remote (contactless) - the code is read when the identifier is brought at a certain distance to the reader;
- combined.
4.1.6. KUD tools for information are software, hardware and software-hardware tools designed to prevent or significantly impede unauthorized access to information .
These means also include special protective signs (SPZ). SPZ are products created on the basis of physical and chemical technologies and designed to control access to protected objects, as well as to protect personal identification documents from forgery.
4.2. Classification of KUD systems
4.2.1. KUD systems are classified according to:
- control method;
- number of controlled access points;
- functional characteristics;
- type of control objects;
- level of system security from unauthorized access to information.
- autonomous - for controlling one or more control units without transmitting information to the central console and without operator control;
- centralized (network) - for controlling the control unit with the exchange of information with the central console and control and management of the system by the operator;
- universal - including functions of both autonomous and networked systems, operating in network mode under the control of a central control device and switching to offline mode when failures occur in the network equipment, in the central device, or when communication is interrupted.
- low capacity (less than 16 points);
- medium capacity (no less than 16 and no more than 64 points);
- large capacity(64 points or more).
- systems with limited functions;
- systems with advanced functions;
- multifunctional systems.
4.2.5 Depending on the type of control objects, the CUD system can be:
- to control access to physical objects;
- to control access to information.
4.3.1. KUD products are classified according to their resistance to non-destructive influences, which is determined by resistance to destructive and non-destructive influences according to three levels of resistance:
- normal;
- increased;
- high.
- burglary resistance;
- bullet resistance;
- explosion resistance.
4.3.3. Based on their resistance to non-destructive influences, CUD products and systems, depending on their functional purpose, are classified according to the following indicators:
- resistance to tampering - for control devices and actuators (locks and locking mechanisms);
- resistance to manipulation;
- resistance to surveillance - for UVIP with a memorized code (keyboards, code switches, etc.);
- copy resistance (for identifiers);
- stability of protection of the computer equipment of the control center from unauthorized access to information.
4.3.5. The class of security against unauthorized access to information must be specified in the regulatory documents for ACS tools or systems of a specific type.
4.3.6. The classification of KUD systems according to their security against unauthorized access to information is carried out according to Table A.1 of Appendix A.
4.3.7. Classification of CUD tools according to resistance against unauthorized access to information is carried out according to Table B.1 of Appendix B.
4.4. Symbols of CUD tools and systems
4.4.1. The symbols of ACS facilities and systems are indicated in standards and (or) regulatory documents for ACS facilities and systems of a specific type.
The placement of the designation symbol must be part of the technical information and must not be combined with the trademark symbol.
4.4.2. The symbol for KUD systems in the documentation and when ordering must contain:
a) name "System";
b) the name of the system class by the number of controlled access points and by the control method;
c) designation KUD;
d) three characters (the first and second with a dot), indicating:
system class by functionality;
degree of rigidity in terms of resistance to electromagnetic interference;
class of system security against unauthorized access to information for systems with increased and high resistance to unauthorized access or the letter “N” for systems of normal resistance;
e) symbol By regulatory documentation manufacturer or supplier.
An example of a symbol for a low-capacity network system of the second class in terms of functionality, the first category in terms of resistance to electromagnetic interference and class ZA in terms of system security from unauthorized access to information:
Low-capacity network system KUD-2.1.N GOST R ХХХХХ АВВГ.ХХХХХ TU
5. GENERAL TECHNICAL REQUIREMENTS
5.1. General provisions5.1.1. CUD tools and systems must be manufactured in accordance with the requirements of this standard, GOST R 50775, as well as standards and other regulatory documents for CUD tools and systems of a specific type.
5.1.2. CUD facilities and systems must provide the possibility of both round-the-clock and shift work, taking into account the implementation of routine Maintenance.
5.1.3. CUD tools intended for building systems must have structural, information, reliability and operational compatibility.
The parameters and requirements that determine the compatibility of the means must be established depending on the purpose and conditions of use in the regulatory documents for the means and systems of the CUD of a particular type.
5.1.4. Requirements for access control means of the type - special protective signs (SPZ) are established according to the document.
5.2. Assignment Requirements
5.2.1. Requirements for the functional characteristics of KUD systems
5.2.1.1. Autonomous KUD systems must provide:
- opening the UPU when reading an identification sign registered in the system memory;
- prohibition of opening the UPU when reading an identification sign that is not registered in the system memory;
- recording identification characteristics into the system memory;
- protection from unauthorized access when writing identification codes in the system memory;
- saving identification signs in the system memory in case of failure and power outage;
- manual, semi-automatic or automatic opening of the UPU for passage when emergency situations, fire, technical malfunctions in accordance with the rules of the established regime and the rules against fire safety;
- automatic generation of a reset signal on the control unit in the absence of the fact of passage;
- issuing an alarm when using the emergency opening system of the UPU for unauthorized entry.
5.2.1.2. additional characteristics autonomous systems Depending on the class, the functional characteristics are given in Table 1.
Table 1
Functional characteristics of autonomous systems
| Functional characteristics of an autonomous system | System class | ||
| 1 | 2 | 3 | |
| 1. Setting access levels | - | +/- | + |
| 2. Setting access time intervals | - | +/- | + |
| 3. Possibility of setting the opening time of the control unit | - | +/- | + |
| 4. Protection from reuse identifier for passage in one direction | - | +/- | + |
| 5. Entering a special identification sign for opening under duress | - | +/- | + |
| 6. Connection of UVIP various types | - | +/- | +/- |
| 7. Access according to the “rule of two (or more) persons” | - | +/- | +/- |
| 8. Light indication of access status | +/- | + | + |
| 9. Monitoring the state of the control unit | +/- | + | + |
| 10. Light and (or) sound notification about attempts of non-assistance | +/- | +/- | + |
| 11. Registration and storage of information about events in non-volatile memory | - | + | + |
| 12. Number of events stored in non-volatile memory, not less | - | 16 | 64 |
| 13. Maintaining the date and time of events | - | +/- | + |
| 14. Possibility of connecting a printer to output information | - | +/- | + |
| 15. Possibility of transferring information to information collection devices or computers | - | +/- | + |
| 16. Possibility of networking and exchanging information with information collection and control devices (computers) | - | +/- | + |
| 17. Possibility of integration with a security and (or) fire alarm system at the relay level | - | +/- | + |
| 18. Possibility of integration with a video monitoring system at the relay level | - | +/- | + |
| 19. Possibility of connecting additional means of special control and inspection equipment | - | - | +/- |
| Note. | |||
5.2.1.3. Centralized control and universal control systems must comply with the requirements of 5.2.1 and additionally provide:
- registration and logging of alarming and current events;
- priority display of alarm events;
- control of the operation of the control unit at access points according to operator commands;
- setting temporary modes of operation of identifiers at access points "time windows" and access levels;
- protection of hardware and software from unauthorized access to controls, setting modes and information;
- automatic monitoring of the serviceability of the means included in the system and information transmission lines;
- the possibility of autonomous operation of system controllers with the controllers maintaining basic functions in the event of a failure of communication with the centralized control point;
- setting a free access mode from the control point in case of emergencies and emergencies (fire, earthquake, explosion, etc.);
- blocking passage through access points by a command from the control point in the event of an attack;
- the ability to connect additional special control and inspection equipment.
5.2.1.4. Additional characteristics of systems with centralized control, depending on the class according to functional characteristics, are given in Table 2.
table 2
Functional characteristics of systems with centralized control and universal
| Functional characteristics of systems with centralized control (network) and universal | TO class system | ||
| 1 | 2 | 3 | |
| 1. Number of access levels | 2 | 8 | 16 |
| 2. Number of access time slots | 2 | 8 | 16 |
| 3. Protection against reuse of identifier for one-way passage | +/- | + | + |
| 4. Entering a special identification sign for opening under duress | +/- | + | + |
| 5. Connection of various types of UVIP | +/- | + | + |
| 6. Access according to the “rule of two (or more) persons” | +/- | +/- | + |
| 7. The number of events stored in the non-volatile memory of the controllers is not less than | 50 | 250 | 1000 |
| 8. Possibility of integration with a security and (or) fire alarm system at the relay level | + | +/- | +/- |
| 9. Possibility of integration with a video monitoring system at the relay level | + | +/- | +/- |
| 10. Possibility of integration with security systems, fire alarms and video monitoring systems at the system level | +/- | +/- | + |
| 11. Ability to manage work additional devices at access points (lighting, ventilation, elevators, technological equipment and so on.) | - | +/- | +/- |
| 12. Possibility of connecting intercoms and (or) communication equipment at access points | - | +/- | +/- |
| 13. Providing an image on the computer screen of a plan of the facility and (or) premises of the facility, indicating the locations of access control equipment, security and fire alarms, video monitoring equipment and graphic display of alarm conditions at control points on the plan | +/- | +/- | + |
| 14. Interactive control of means by depicting the site plan on the computer screen | - | - | +/- |
| 15. Maintaining databases for employees (users) | +/- | + | + |
| 16. Maintaining user photographic data in the database | - | +/- | + |
| 17. Control of movement and search for employees | +/- | +/- | + |
| 18. Control of the time visitors spend at the site | +/- | +/- | + |
| Note. The conventional sign "+" means the presence of a function and the obligation to check it when establishing a class, the sign "-" means the absence of a function, and the sign "+/-" means the presence or absence of a function. | |||
5.2.1.5. Universal systems must provide autonomous operation in the event of failures in network equipment, in the central device or communication failure, as well as restoration of operating modes after elimination of failures and restoration of communication.
5.2.1.6. The characteristics values and requirements given in 5.2.1.1-5.2.1.5 must be established in the standards and (or) technical specifications for CUD systems of a particular type.
KUD systems must also have the following characteristics, the values of which must be established in the standards and (or) technical specifications for systems of a particular type:
- maximum amount access points, access zones, users served by the system;
- the maximum number of access points served by one control unit;
- number and type of access time intervals (time windows), access levels;
- number of types of UVIP used in the system;
- system response time to an entry request;
- maximum distance from the most remote access point to the control point;
- maximum reader operating distance (for contactless readers);
- maximum time for storing information about events in the system memory;
- maximum system throughput at access points;
- probability of unauthorized access, probability of false arrest (requirements are mandatory for access control systems with biometric identification, for others they may not be specified);
- indicators on levels of resistance to NSD.
5.2.2. Requirements for the functional characteristics of the UPU
5.2.2.1. The UPU must provide:
- complete or partial blocking of the passage opening;
- manual, semi-automatic or automatic control;
- blocking a person or object for a blocking type UPU.
UPU with partial blocking of the passage opening can, if necessary, be provided with alarm systems that are triggered when an attempt is made to bypass the blocking device.
For UPU used at checkpoints or in other places with large flows of people, throughput indicators must be established in the standards or technical specifications for the UPU of a specific type.
5.2.2.3. The control devices in the closed state must provide a physical barrier to the movement of people, vehicles and other objects into (from) a room, building, zone or territory and the opening of the locking mechanism when a control signal is supplied from the control device.
The parameters of the control signal (voltage, current and duration) must be specified in the standards and (or) regulatory documents for the control unit of a specific type.
Normally closed control units can be equipped with means sound alarm, which is activated after they are opened and if there is no passage for a set time, or may have a means of returning to the closed state.
5.2.2.4. If necessary, UPU can be protected against two or more people passing through them at the same time.
5.2.2.5. The UPU must be capable of mechanical emergency opening in the event of a power failure, fire or other natural disaster. The emergency opening system must be protected from the possibility of it being used for unauthorized entry.
5.2.2.6. Intentional damage to external electrical connecting circuits and locking elements should not lead to the opening of the control unit.
Measures must be provided to protect external electrical connecting circuits from the possibility of supplying voltages through them, leading to disruption of operation or to the opening of the control unit.
5.2.2.7. The UPU may additionally have special control means, built-in or jointly functioning. Requirements for control devices, which include special control means, are established in regulatory documents for devices of a specific type.
5.2.3.
Requirements for the functional characteristics of UVIP
5.2.3.1. UVIP readers must provide:
- the ability to read identification characteristics from identifiers;
- introduction of biometric information (for biometric information readers);
- converting the entered information into an electrical signal;
- transfer of information to the control unit.
5.2.3.2. UVIPs must be protected from manipulation by searching and selecting identification features. Types of protection must be specified in the standards and (or) regulatory documents for a specific type of UVIP.
5.2.3.3. UVIP identifiers must ensure storage of the identification characteristic during its service life and during operation.
5.2.3.4. Design, appearance and the inscriptions on the identifier and reader should not lead to the disclosure of the codes used.
5.2.3.5. The manufacturer of identifiers must guarantee that the code of a given identifier will not be repeated, or specify the conditions for repeating the code and measures to prevent the use of identifiers with the same codes.
5.2.3.6. UVIP readers, when hacked and opened, as well as in the event of a break or short circuit in the circuits suitable to them, should not cause the UPU to open. In this case, autonomous systems can issue an audible alarm, and systems with centralized control can transmit the alarm signal to the control center and, if necessary, issue an audible signal
5.2.3.7. Standards and regulations for specific types of identifiers must define a minimum of code combinations. The meaning of code combinations is given in Table 3.
Table 3
Meaning of code combinations
The user of autonomous systems must be able to change or reinstall the unlock code at least 100 times. The code should only be changed after entering the current code.
5.2.4.
Requirements for the functional characteristics of the control unit
5.2.4.1. The hardware of the control unit must ensure the reception of information from the UVIP, processing of information and the generation of control signals to the executive devices of the control unit.
5.2.4.2. Control hardware in systems with centralized control and universal ones must provide.
- exchange of information via communication lines between controllers and controls;
- safety of data in memory in the event of a break in communication lines with centralized control facilities, a power outage, or when switching to backup power;
- control of communication lines between controllers and centralized management tools. Information exchange protocols must provide the necessary noise immunity, speed of information exchange, and, if necessary, information protection.
5.2.4.3. The control software must provide:
- entering identifier codes into the system memory;
- setting the characteristics of access points;
- setting access time intervals (time windows);
- setting access levels for users;
- logging current events;
- maintaining and maintaining databases;
- registration of passage through access points in the database protocol;
- saving databases and system parameters on backup media;
- saving databases and system parameters in case of accidents and system failures;
- priority output of information about violations;
- the ability to control the UPU in case of emergency situations.
- turning off power to hardware;
- soft hardware reset;
- hardware hard reset;
- accidental pressing of keys on the keyboard;
- random selection of program menu items.
5.2.4.5. General quality indicators software should be installed in accordance with GOST 28195.
5.3. Electromagnetic compatibility requirements
5.3.1.
CUD devices and systems, depending on their resistance to electromagnetic interference, must have the following degrees of rigidity in accordance with GOST R 50009:
- first or second degree - with normal stability;
- third degree - with increased stability;
- fourth or fifth degree - with high stability.
5.3.2. The level of permissible radio interference during the operation of CUD equipment and systems must comply with GOST 23511 and GOST R 50009.
5.4. Requirements for the sustainability of CUD tools and systems in NSD
5.4.1.
Requirements for resistance to NSD are established in this paragraph and in regulatory documents for ACS equipment and systems of a specific type.
5.4.2.
Requirements for resistance to destructive NSD apply to UGP and UVIP readers. Requirements include:
- burglary resistance;
- bullet resistance;
- explosion resistance.
5.4.3.
Resistance to destructive influences is established for products with increased and high levels of resistance.
Normal stability is ensured mechanical strength structures without sustainability assessment.
Increased resistance is determined by indicators of resistance to burglary by single blows and (or) a set of tools.
High resistance is determined by indicators of resistance to burglary, bullet resistance and (or) explosion.
Requirements for bullet resistance apply only to UPU with complete (solid) overlap of the passage opening.
Stability indicators by class are shown in Table 4.
Table 4
UPU classes according to stability indicators
|
Sustainability indicator |
UPU class |
||||
|
1. Security against hacking with single strikes |
|||||
|
2. Security against hacking with a set of tools |
|||||
|
3. Bulletproof |
|||||
|
4. Explosion resistance |
|||||
|
Note. The conventional sign “+” means the presence of a requirement and the obligation to check it, the sign “-” means the absence of a requirement, and the sign “+” means the possibility of implementing the control system both resistant and unstable to this type of impact. |
|||||
5.4.4. Requirements for resistance to non-destructive influences are established for CUD means depending on the functional purpose and include:
- tamper resistance for control devices and actuators (locks and locking mechanisms);
- resistance to manipulation;
- resistance to surveillance for UVIP with a memorized code (keyboards, code switches, etc.);
- resistance to copying of identifiers.
5.4.5. Autonomous access control systems must be protected from manipulation for the purpose of changing or selecting the code. W protection must be specified in the technical specifications for systems of a specific type
5.4.6. ACS systems with increased and high resistance to non-impact activities must have protection from coercion and sabotage. The specific method of protection and protection indicators must be given in the technical specifications for ACS systems of a specific type.
5.4.7. The control software must be protected from unauthorized access. Requirements for protecting control software from unauthorized access are established in accordance with GOST R 50739.
5.4.8. The control software must also be protected from:
- deliberate influences to change options in the system;
- unauthorized copying;
- unauthorized access using passwords.
- the first (“administrator”) - access to all functions;
- the second (“operator on duty”) - access only to the functions of current control;
- the third (“system operator”) - access to software configuration functions without access to functions that provide control of the control unit.
When entering a password into the system, the entered characters should not be displayed on the information display devices.
Once entered into the system, passwords must be protected from viewing by computer operating systems.
5.4.9. Requirements for the protection of centralized control and universal control systems from unauthorized access to information must comply with the requirements of 5.4.8 of this standard for systems with normal resistance to NSD; for systems with increased and high resistance, the requirements are established by class in accordance with the document, and they must comply with the annex A.
In this case, the system’s protection class against unauthorized access to information must correspond to:
- 3A, 3B, 2B - for systems of increased stability;
- 1G and 1B - for high stability systems.
In this case, the class of protection of CUD tools from unauthorized access to information must correspond to:
- increased stability - class 5 or 6;
- high stability - class 4.
5.5. Reliability requirements
5.5.1.
The following reliability indicators must be established in the standards and (or) technical specifications for CUD facilities and systems of a specific type in accordance with GOST 27.002 and GOST 27.003:
- mean time between failures, h;
- average recovery time working condition, h;
- average service life, years.
When establishing reliability indicators, failure criteria must be specified.
Reliability indicators for CUD tools are established based on the need to ensure the reliability of the system as a whole.
At the customer's request, the technical specifications for specific CUD equipment and systems may additionally establish other reliability requirements.
5.5.2.
The average time between failures of KUD systems with one access point (excluding UPU) is at least 10,000 hours.
5.5.3.
The average service life of KUD systems is at least 8 years, taking into account restoration work.
5.6. Requirements for resistance to external influences
5.6.1.
Requirements for stability in terms of exposure to climatic factors are established in standards and regulatory documents for ACS equipment and systems of a specific type in accordance with the climatic design and category of products according to GOST 15150.
5.6.2.
If it is necessary to protect against external influences, the shells of KUD means must have degrees of protection in accordance with GOST 14254.
5.6.3.
Requirements for stability in terms of exposure to mechanical factors must be established in standards and (or) regulatory documents for CUD equipment and systems of a specific type in accordance with the required group of operating conditions in accordance with GOST 17516 and the degree of rigidity of products in accordance with GOST 16962.
5.7. Power Requirements
5.7.1.
The main power supply for CUD equipment and systems must be supplied from the network alternating current with rated voltage 220 V, frequency 50 Hz.
CUD facilities and systems must be operational with permissible network voltage deviations from minus 15 to plus 10% of the nominal value and frequency (50±1) Hz.
The power supply of individual access control and management equipment may be carried out from sources with other output voltage parameters, the requirements for which are established in the regulatory documents for ACS equipment of a specific type.
5.7.2.
KUD facilities and systems must have a backup power supply in the event of a power failure from the main power source. A backup AC power supply or power supply can be used as a backup power source direct current.
The rated voltage of the DC backup power supply is selected from the range: 12, 24 V.
The transition to backup power should occur automatically without disrupting the established operating modes and functional state of the CUD facilities and systems.
CUD facilities and systems must be operational with permissible voltage deviations of the backup source from minus 15 to plus 10% of the nominal value.
5.7.3.
Backup source The power supply must ensure the performance of the basic functions of the KUD system in the event of a power failure in the network for a period of at least 0.5 hours for systems of the first and second classes in terms of functional characteristics and at least 1 hour for systems of the third class.
It is permissible not to use power backup using batteries for UPU, which require significant power of drive mechanisms (gate drives, gateways, etc.) to control. Moreover, such UPU must be equipped with emergency by mechanical means opening.
5.7.4.
When used as a source backup power batteries must be automatically charged.
5.7.5.
When using rechargeable batteries or dry-cell batteries as a backup power source, it is recommended to have an indication of the battery discharge below the permissible limit. For autonomous systems, the discharge indication can be light or sound; for networked systems, the battery discharge signal can be transmitted to the control point.
5.7.6.
Chemical sources The power supplies built into the identifiers or ensuring the safety of data in the controllers must ensure the operability of the ACS equipment for at least 3 years.
5.8. Safety requirements
5.8.1.
KUD tools and systems must comply with the safety requirements of GOST 12.2.007.0, GOST 12.2.006 and GOST 27570.0.
5.8.2.
Materials and components used for the manufacture of CUD products and systems must have a toxic-hygienic passport, a hygienic passport and a hygienic certificate.
5.8.3.
Installation and operation of KUD facilities and systems must comply with the safety requirements of GOST 12.2.003.
5.8.4.
KUD means and systems must comply with the fire safety requirements of GOST 12.1.004.
5.8.5.
The electrical insulation resistance of KUD equipment and systems between the mains power circuits and the housing, as well as between the mains power circuits and input/output circuits, must be no less than the values indicated in Table 5.
Table 5
Required insulation resistance values
5.8.6. The electrical strength of the insulation of KUD means and systems between the mains power circuits and the housing, as well as between the mains power circuits and input/output circuits must comply with the requirements of GOST 12997.
5.8.7. The insulation resistance and electrical strength of KUD devices and systems intended for household and similar general use must comply with the requirements of GOST 12.2.006 and GOST 27570.0.
5.8.8. For CUD devices operating at voltages not higher than 12 V AC and 36 V DC, it is allowed not to provide the value of the electrical insulation strength and its resistance in the regulatory documents for specific devices.
5.8.9. Specific values of insulation resistance and electrical strength of insulation must be specified in the technical specifications for CUD devices and systems of a specific type.
5.8.10. Radiation levels of CUD equipment and systems must comply with the safety requirements established in GOST 12.1.006.
5.8.11. KUD tools and systems intended for operation in areas with explosive atmospheres must comply with the requirements of GOST 12.1.010, other standards and regulatory documents regulating the requirements for products intended for use in explosive environments.
5.9. Design requirements
5.9.1.
The overall dimensions of the KUD means and their individual functionally and structurally designed devices and units must ensure transportation through standard building openings, assembly, installation and installation - at the site of operation.
5.9.2.
The designs of CUD facilities must be built on a modular and block-aggregate principle and provide:
- interchangeability of replaceable same type components;
- ease of maintenance, operation and maintainability;
- eliminating the possibility of unauthorized access to parameter controls;
- access to all elements, assemblies and blocks that require adjustment or replacement during operation.
- mechanical strength;
- required reliability;
- resistance to unauthorized actions by categories and classes of resistance;
- safe work under specified operating conditions.
5.10.1. Marking of KUD means and systems must be carried out in accordance with GOST R 50775 and contain:
- trademark and (or) other details of the manufacturer;
- symbol of CUD tools and systems;
- serial number;
- date of manufacture;
- mark of the certificate of conformity (if available).
5.10.2. The certificate number or details of the conclusion (if any), brand name and (or) other details of the organizations that conducted certification or expert tests must be indicated in the accompanying documentation.
6. TEST METHODS
6.1.
General provisions
6.1.1.
Testing of CUD tools and systems is carried out according to this standard, as well as according to the methods of current regulatory documents for individual species tests and according to technical specifications for means and systems of CUD of a specific type.
The scope and sequence of tests are established in the test program for CUD equipment and systems of a specific type.
6.1.2.
Instruments and equipment used during testing must be verified and certified in accordance with GOST R 8.568 and ensure the required measurement accuracy.
Equipment for monitoring electrical parameters and radio engineering measurements must comply with the requirements of GOST 24686.
6.1.3.
When conducting tests, safety requirements must be observed, as well as the requirements of GOST 12.2.006, GOST 27570.0 and the regulatory documents used.
The safety of work, the use of devices, tools and equipment must comply with the requirements of GOST 12.1.006, GOST 12.1.019, rules,.
Test premises must comply with required level work safety, and devices and equipment must be used in accordance with the instructions for their use.
6.1.4.
Samples intended for testing must have technical documentation to the extent necessary for testing and be fully equipped in accordance with the technical documentation.
6.1.5.
All tests, except climatic ones, are carried out in normal conditions. climatic conditions according to GOST 15150.
6.1.6.
Testing conditions for KUD means in accordance with GOST 12997; for control units and KUD systems, it is additionally necessary to take into account the requirements of GOST 21552.
6.2. Testing of CUD tools and systems for compliance with general technical requirements
6.2.1.
Testing of CUD devices and systems for compliance with functional characteristics (5.2) is carried out according to the methods given in the standards and technical specifications for CUD devices and systems of a specific type.
6.2.2.
Testing of KUD devices and systems for resistance to electromagnetic interference (5.3.1) is carried out in accordance with GOST R 50009, GOST 29156, GOST 29191, GOST R 50007, GOST R 50008, GOST R 50627.
6.2.3.
Testing of CUD equipment and systems for compliance with electromagnetic compatibility and radio interference standards (5.3.2) is carried out in accordance with GOST R 50009 and GOST 23511.
6.2.4.
Tests of UPU and UVIP readers for resistance to NSD destructive effects (5.4.2 and 5.4.3) are carried out according to GOST 30109, GOST R 50862, GOST R 50941, GOST R 51072, GOST R 51112.
6.2.5.
Testing of CUD tools and systems for resistance to non-destructive influences (5.4.4-5.4.6) is carried out in accordance with standards and (or) other regulatory documents for CUD tools and systems of a specific type.
6.2.6.
Tests of the control system to protect software from unauthorized access (5.4.7 and 5.4.8) are carried out in accordance with GOST R 50739.
6.2.7.
Testing of KUD tools and systems for resistance against unauthorized access to information (5.4.9, 5.4.10) is carried out according to current test methods by organizations licensed to carry out work in the field of information security.
6.2.8.
Testing of KUD means and systems for compliance with reliability requirements (5.5) is carried out according to methods developed taking into account the requirements of GOST 27.003, GOST 23773.
6.2.9.
Testing of KUD means and systems for resistance to external influencing factors (5.6) is carried out in accordance with GOST 12997 and/or GOST 21552, GOST 23773 using the appropriate test methods in accordance with GOST 20.57.406, GOST 16962, GOST 16962.1, GOST 16962.2, GOST 17516, GOST 17516.1.
6.2.10.
Testing of KUD equipment and systems for compliance with power supply requirements (5.7) is carried out in accordance with GOST 12.2.006, GOST 12997, GOST 21552 and GOST 27570.0.
6.2.11.
Testing of ACS equipment and systems for compliance with safety requirements (5.8) is carried out in accordance with GOST 12.1.004, GOST 12.2.006, GOST 12997, GOST 27570.0 and technical specifications for ACS equipment and systems of a specific type.
6.2.12.
The design (5.9) and markings (5.10) are checked in accordance with GOST 23773, as well as in accordance with the standards and (or) technical specifications for KUD means and systems of a specific type.
APPENDIX A(required)
AUTOMATED SYSTEMS. CLASSIFICATION OF AUTOMATED SYSTEMS AND INFORMATION PROTECTION REQUIREMENTS
Table A.1
Requirements for automated systems by group
| Subsystems and requirements | Groups and classes | ||||
| 3 | 2 | 1 | |||
| ZB | BEHIND | 2B | 1G | 1B | |
| 1. Access control subsystem | |||||
| 1.1. Identification, authentication and access control of subjects. - into the system |
+ | + | + | + | + |
| - to terminals, computers, computer network nodes, communication channels, external devices computer | - | - | - | + | + |
| - to programs | - | - | - | + | + |
| - to volumes, directories, files, records, record fields | - | - | - | + | + |
| 1.2. Information flow management | - | - | - | - | + |
| 2. Registration and accounting subsystem | |||||
| 2.1. Registration and accounting: - entry/exit of access subjects into/out of the system (network node) |
+ | + | + | + | + |
| - issuing printed (graphic) output documents | - | + | - | + | + |
| - starting/ending programs and processes (tasks, tasks) | - | - | - | + | + |
| - access of programs of access subjects to protected files, including their creation and deletion, transmission over communication lines and channels | - | - | - | + | + |
| - access of programs of access subjects to terminals, computers, computer network nodes, communication channels, external computer devices, programs, volumes, directories, files, records, record fields | - | - | - | + | + |
| - changes in the powers of access subjects | - | - | - | - | + |
| - created protected access objects | - | - | - | - | + |
| 2.2. Storage media accounting | + | + | + | + | + |
| 2.3. Clearing (zeroing, depersonalizing) freed areas of computer RAM and external storage devices | - | + | - | + | + |
| 2.4. Alarm of security violation attempts | - | - | - | - | + |
| 3. Integrity subsystem | |||||
| 3.1. Ensuring the integrity of software and processed information | + | + | + | + | + |
| 3.2. Physical security of computer equipment and storage media | + | + | + | + | + |
| 3.3. Availability of an information protection administrator (service) in the AS | - | - | - | - | + |
| 3.4. Periodic testing of the information and information protection system of the NSD | + | + | + | + | + |
| 3.5. Availability of means for restoring information and data protection equipment | + | + | + | + | + |
| 3.6. Use of certified protective equipment | - | + | - | - | + |
| Note. The "+" sign means the presence of a requirement for this class, the "-" sign means the absence of a requirement for this class. | |||||
Explanation of requirements
Access to the information- familiarization with information, its processing, in particular, copying, modification or destruction of information.
Access control rules- a set of rules governing the access rights of access subjects to access objects.
Authorized access to information- access to information that does not violate the rules of access control.
Unauthorized access to NSD information- access to information that violates the rules of access control using standard means provided by computer technology or automated systems.
Note. Standard means mean a set of software, firmware and hardware for computers or automated systems.Protection against unauthorized access. Protection against unauthorized access - preventing or significantly complicating unauthorized access.
Access Subject- a person or process whose actions are regulated by access control rules.
Access object- a unit of information resource of an automated system, access to which is regulated by access control rules.
Access subject authority level- a set of access rights of access subjects.
Authentication- verification of ownership of the identifier presented by the access subject, confirmation of authenticity.
Password- identifier of the access subject, which is his (the subject’s) secret.
A means of protecting against unauthorized access. A means of protection against unauthorized access is a software, hardware or software-hardware tool aimed at preventing or significantly complicating unauthorized access.
Information Security- the state of security of information processed by computer technology or an automated system from internal or external threats.
Information integrity- the ability of computer technology or an automated system to ensure the immutability of information in conditions of accidental and/or intentional distortion (destruction).
Discretionary access control- differentiation of access between named subjects and objects; a subject with a certain access right can transfer this right to any other subject.
Security class of VT and AC equipment- a certain set of requirements for protecting VT and AS equipment from unauthorized access to information.
Security Level Certification- the process of establishing compliance of VT or AS equipment with a set of specific protection requirements.
A.1. Access control subsystem
A.1.1 Identification, authentication and access control of subjects must be carried out:
- when logging into the system using an identifier (code) and a conditionally permanent password of at least six alphanumeric characters; if the number of characters is less than six, the system cannot be classified according to these requirements and its class can only be seventh;
- when accessing terminals, computers, computer network nodes, communication channels, external computer devices using logical names and/or addresses;
- when accessing programs, volumes, directories, files, records, record fields by name;
- to protected resources in accordance with the access matrix.
A.2. Registration and accounting subsystem
A.2.1. The subsystem must register:
- entry/exit of access subjects into/out of the system or boot registration and initialization operating system and its software stop;
- issuing printed (graphic) documents on a “hard” copy with automatic marking each sheet (page);
- starting/terminating programs and processes (tasks, tasks) designed to process protected files;
- attempts by software (programs, processes, tasks, tasks) to access protected files;
- attempts by software to access additional protected access objects in the form of terminals, network nodes and external computer devices, communication lines, programs, files, etc.;
- changes in the powers of access subjects and the status of access objects.
- created protected files with the help of their additional marking used in the access control subsystem;
- all protected media with the help of any markings and with registration of protected media in a file cabinet with duplication of accounting.
When registering and recording, the time and date, characteristics and results of the operation performed are indicated.
A.2.4. The subsystem must signal attempts to violate security.
A.3. Integrity Subsystem
A.3.1. The subsystem must ensure the integrity of the software of the information security system of the data protection system by establishing the information security system components by checksums when loading the system and ensuring the use of translators with high-level languages and the absence of means for modifying the object code of programs when processing and/or storing protected information.
A.3.2. Physical security of computer equipment must provide for the constant presence of security with the help of technical means and special personnel using a certain access control.
A.3.3. The administrator must have his own terminal and the necessary means of operational control and influence on the safety of the plant.
A.3.4. Testing of all functions of the NSD information security system using special software should be carried out at least once a year.
A.3.5. Recovery tools for the NSD information protection system must provide for maintaining two copies of the NSD information protection system software, their periodic updating and performance monitoring.
Explanations of requirements for security indicators
B.1. Discretionary access control principle
B.1.1. For all security classes
The security system (SPS) must control access of named subjects (users) to named objects (files, programs, volumes, etc.).
For each pair (subject - object) in the SVT there must be an explicit and unambiguous listing of acceptable types of access (read, write, etc.), i.e. those types of access that are authorized for a given subject (individual or group of individuals ) to a given SVT resource (object).
The CPS must contain a mechanism that implements discretionary access control rules (APR).
Access control must be applied to every object and every subject (individual or group of equal individuals).
A mechanism that implements the discretionary principle of access control must provide for the possibility of an authorized change in the access control rules, including the possibility of an authorized change in the list of SVT users and the list of protected objects.
The right to change the rules of thumb must be granted to designated entities (administration, security service, etc.).
B.1.2. Additionally, for security class 5, controls must be provided to limit the distribution of access rights.
B.1.3. Additionally, according to security class 4, the KSZ must contain a mechanism that implements discretionary rules of action, both for explicit user actions and for hidden ones, thereby ensuring protection of objects from unauthorized access (i.e., from access that is not permissible from the point of view of a given rule) . By “explicit” we mean actions carried out using system tools - system macros, high-level language instructions, etc., and by “hidden” - other actions, including using your own programs for working with devices.
Discretionary traffic rules for systems of this class are a supplement to mandatory traffic rules.
B.2. Mandatory principle of access control
To implement this principle, each subject and each object must be associated with classification labels that reflect the place of the given subject (object) in the corresponding hierarchy. Through these labels, subjects and objects must be assigned classification levels (vulnerability levels, privacy categories, etc.), which are combinations of hierarchical and non-hierarchical categories. These labels should serve as the basis for the mandatory principle of access control.
When entering new data into the system, the CPS must request and receive classification labels for this data from the authorized user. When a new subject is authorized to be added to the user list, classification labels must be compared to it. External classification labels (subjects, objects) must exactly correspond to internal labels (within the KSZ).
The CPS must implement the mandatory principle of access control in relation to all objects with explicit and hidden access from any of the subjects:
- a subject can read an object only if the hierarchical classification in the subject's classification level is not less than the hierarchical classification in the object's classification level, and the non-hierarchical categories in the subject's classification level include all the hierarchical categories in the object's classification level;
- a subject writes to an object only if the subject's classification level in the hierarchical classification is no greater than the object's classification level in the hierarchical classification, and all hierarchical categories in the subject's classification level are included in non-hierarchical categories in the object's classification level.
The SVT must implement an access manager, i.e. a tool that intercepts all requests from subjects to objects, as well as access control in accordance with the specified access control principle. In this case, the decision to authorize an access request should be made only if it is simultaneously authorized by both discretionary and mandatory DRPs. In this way, not only a single act of access must be controlled, but also information flows.
B.3. Clearing memory
B.3.1. According to protection class 5
When initially assigned or when reassigning external memory, the SSC must prevent the subject from accessing residual information.
B.3.2. According to protection class 4
When initially assigned or when redistributing external memory, the KSZ should make it difficult for the subject to access residual information. When redistributing RAM, the KSZ must clean it.
B.4. Module isolation
If there is multiprogramming in the SVT, the KSZ must have a software and hardware mechanism that isolates the program modules of one process (one subject) from the program modules of other processes (other subjects), i.e., in the computer's RAM, programs of different users must be protected from each other .
B.5. Document marking
When displaying protected information on a document, stamp No. 1 is affixed at the beginning and end and its details are filled in in accordance with the departmental document of the State Technical Commission of Russia.
B.6. Protection of input and output to alienated physical storage media
The CPS must distinguish each input/output device and each communication channel as being randomly used or identified (“tagged”). When inputting from a “tagged” device (output to a “tagged” device), the CPS must ensure correspondence between the label of the input (output) object (classification level) and the label of the device. The same compliance must be ensured when working with a “tagged” communication channel.
Changes in the purpose and layout of devices and channels should be carried out only under the control of the CPS.
B.7. Mapping User to Devices
The KSZ must provide information output to the device requested by the user, both for randomly used devices and for identified ones (if the markings match).
The identified CPS must include a mechanism by which an authorized user is reliably associated with a designated device.
B.8. Identification and Authentication
B.8.1. According to security classes 6 and 5
The CPS should require users to identify themselves when requesting access. The CPS must verify the authenticity of the identification, i.e., carry out authentication. The CPS must have the necessary data for identification and authentication. The security protection system must prevent access to protected resources by unidentified users and users whose authenticity of identification has not been confirmed during authentication.
B.8.2. Additionally for security class 4
The CPS must be able to reliably associate the received identification with all actions of a given user.
B.9. Design Guarantees
B.9.1. According to security class 5
At the initial stage of designing the SVT, a protection model must be built. The model must include the rules of thumb for objects and consistent rules for changing the rules of thumb.
B.9.2. Additionally for security class 4
Design guarantees must include rules for working with input and output devices and communication channels.
B.10. Registration
B.10.1. According to security class 5
The CPS must register the following events:
- use of identification and authentication mechanism;
- request for access to a protected resource (opening a file, launching a program, etc.);
- creation and destruction of an object;
- actions to change the rules of thumb.
- date and time;
- the subject performing the registered action;
- event type (if an access request is logged, the object and access type should be noted);
- whether the event was successful (the access request was served or not).
B.10.2. Additionally, under class 4, registration must also record all access attempts, all actions of the operator and designated users (security administrators, etc.).
B.11. Integrity of the KSZ
B.11.1. According to security class 5
The SVT of this security class must provide means for periodic monitoring of the integrity of the software and information parts of the CSZ.
B.11.2. According to security class 4
In the SVT of this security class, periodic monitoring of the integrity of the CPS must be carried out.
KSZ programs must be executed in a separate part of RAM.
B.12. Testing
B.12.1. According to security class 6 the following must be tested:
- implementation of discretionary rules (interception of explicit and hidden requests, correct recognition of authorized and unauthorized access requests, means of protecting the access control mechanism, authorized changes to rules);
- successful implementation of identification and authentication, as well as their protections.
- clearing memory in accordance with B. 3.1;
- registration of events in accordance with B.10.1, means of protecting registration information and the possibility of authorized review of it;
- operation of the mechanism that monitors the integrity of the CVD.
- implementation of the DRP (interception of access requests, correct recognition of authorized and unauthorized requests in accordance with discretionary and mandatory rules, correct matching of labels to subjects and objects, request for labels of newly entered information, means of protecting the access control mechanism, authorized change of the DRP);
- the impossibility of assigning new rights to the subject;
- cleaning RAM and external memory;
- operation of the process isolation mechanism in RAM;
- marking of documents;
- protection of information input and output on alienated physical media;
- user-device mapping;
- identification and authentication, as well as their means of protection;
- prohibiting unauthorized user access;
- operation of the mechanism that monitors the integrity of the equipment;
- registration of events described in B. 10.2, means of protecting registration information and the possibility of authorized review of this information.
The documentation user guide for all classes must include a description of how to use the CPS and its interface to the user.
B.14. Guide to CVS
The document is addressed to the defense administration.
B.14.1. For security class 6, the KSZ manual must contain:
- description of controlled functions;
- guidance on generating CVS;
- description of the launch of the SVT and procedures for checking the correctness of the launch.
B.15. Test documentation
Test documentation must provide a description of the tests applied (B.12), tests and test results.
B.16. Design (project) documentation
B.16.1. For security class 6, design (project) documentation must contain general description principles of operation of the SVT, the general diagram of the KSZ, a description of the interfaces of the KSZ with the user and the interfaces of the KSZ parts with each other, a description of identification and authentication mechanisms.
B.16.2. For security class 5, the documentation must contain a description of the operating principles of the SVT, the general diagram of the KSZ, a description of the KSZ interfaces with the user and the interfaces of the KSZ modules, a protection model, a description of the mechanisms for monitoring the integrity of the KSZ, memory clearing, identification and authentication.
B.16.3. For security class 4, documentation must contain:
- general description of the principles of operation of the SVT;
- general scheme of the KSZ;
- description of external interfaces of the KSZ and interfaces of KSZ modules;
- description of the protection model;
- description of the access manager;
- description of the mechanism for monitoring the integrity of the CVS;
- description of the memory cleaning mechanism;
- description of the mechanism for isolating programs in RAM;
- description of means of protecting input and output to the alienated physical storage medium and matching the user with the device;
- description of the identification and authentication mechanism;
- description of registration means.
APPENDIX B (for reference)
BIBLIOGRAPHY
Guiding document. Data protection. Special protective signs. Classification and general requirements. State Technical Commission of Russia. M.: 1997
Guiding document. Automated systems. Protection from unauthorized access to information. Classification of automated systems and requirements for information protection. State Technical Commission of Russia. M.: 1992
PUE-76 "Rules for the installation of electrical installations", approved by the Chief technical management for the operation of energy systems and the State Inspectorate for Energy Supervision of the Ministry of Energy and Electrification of the USSR
Safety rules for the operation of consumer electrical installations
Safety rules for blasting
Guiding document. Protection against unauthorized access to information. Terms and Definitions. State Technical Commission of Russia. M.: 1992
A. Krakhmalev
Ph.D., Head of Department of the Federal State Institution “National Research Center “Security” of the Ministry of Internal Affairs of Russia
Federal State Institution "National Research Center "Security" of the Ministry of Internal Affairs of Russia throughout recent years puts into practice integrated (complex) security systems (ISS/CSB), which are a combination of security and fire alarms (OSS), access control and management (ACS) and closed circuit television (SOT) on a single hardware and software platform.
The principle of integration and an integrated approach to building security systems is recognized as promising and is being widely implemented both in Russia and abroad. Moreover, the integration process extends not only to security systems, but also more widely, including building automation systems (“smart” buildings), monitoring systems for monitoring the condition of distributed stationary and moving objects, as well as many similar tasks.
The principles of integration and an integrated approach, advantages and disadvantages, features of the construction of ISS/CSB have been repeatedly and widely outlined and discussed on the pages of various publications, so there is no need to consider these issues in this article.
Currently, there are quite a lot of regulatory documents, standards, recommendations, departmental norms and rules that, to one degree or another, address issues of an integrated approach to security.
Many organizations offer their own methods in building comprehensive security systems. All these methods have much in common, however, they also have many differences and features, and often contradictions, which makes their application in practice difficult.
In addition, it should be noted that security systems are a special class of products associated with ensuring the protection of life, health, property of citizens and surrounding nature from various threats. And these tasks are the responsibility of the state. Accordingly, technical regulation in this area (standardization, certification, licensing, accreditation, assessment and confirmation of conformity, etc.) must be under strict state control and based on laws, regulations and normative documents.
In addition to regulating technical issues related to the development and design of ISS/CSB, the relevance of the regulatory framework in modern conditions is due to the saturation of the market with technical means, projects and proposals. Normative base can help the designer and customer choose the optimal technical and economic solution.
Therefore, work on updating and improving the regulatory framework remains very relevant and is actively being carried out both in Russia and abroad.
Work in terms of creating a regulatory framework and standards in the field of integrated security systems is being carried out by the Federal State Institution "National Research Center Okhrana" of the Ministry of Internal Affairs of Russia together with many organizations included in the technical committee TC 234 "Technical means of anti-criminal security" (the leading organization is the Federal State Institution "National Research Center "Okhrana" of the Ministry of Internal Affairs Russia) and to the technical committee TC 439 “Automation tools and control systems” (the leading organization is the International Association of MA “Systemservice”).
IN modern conditions ACS and SOT are playing an increasingly important role as part of the ISF. Russian standards for these systems were developed in 1998 and 2000, respectively. (GOST R 51241-98 “Means and systems for access control and management. Classification. General technical requirements. Test methods” and GOST R 51558-2000 “Television security systems. General technical requirements and test methods.”)
These were the first Russian standards that considered the technical means of access control systems and fire alarm systems from the point of view of ensuring security against unauthorized penetration (criminal security). Since 2007, the Federal State Institution Research Center Okhrana of the Ministry of Internal Affairs of Russia has been working to update the GOST R 51241-98 standard, and further work is planned to update GOST R 51558-2000.
During this work on the ACS standard, the following factors were taken into account.
The most important task in the National Security Concept of the Russian Federation is the creation favorable conditions for the international integration of the domestic economy based on the rapid development of competitive industries and production, expanding the market for high-tech products. The key tool and basis for solving this problem is technical regulation. Government Russian Federation measures are being taken to implement the Federal Law “On Technical Regulation”, which, in particular, should resolve a number of issues related to Russia’s accession to the World Trade Organization (WTO).
In order to ensure the safety of facilities and property, we are currently developing technical regulations“On technical means of ensuring anti-criminal protection of objects and property.”
Access control and management tools and systems can be considered as technical means of protecting objects and property from unauthorized entry and can play a significant role in protecting against terrorist and criminal threats.
The existing GOST for ACS generally determines the factors that need to be paid attention to when assessing and choosing a system.
The development of this standard has been ongoing since 1996. The standard was developed by specialists from the Research Center "Security" of the Main Military Directorate of the Ministry of Internal Affairs of Russia with the participation of NIIST of the Ministry of Internal Affairs of Russia, State Unitary Enterprise SNPO "Eleron", specialists from the Ministry of Defense, the State Technical Commission of Russia and VNIINMASH of the State Standard of Russia, with the involvement of specialists from the Central Bank of the Russian Federation, Sberbank of the Russian Federation and a number of Russian companies operating in the access control market.
Over the past time, most specialists have been able to become familiar with this standard. The classification of ACS tools and systems introduced in the standard, the terminology adopted therein, the list of parameters and requirements for tools and systems ensured the development of mutual understanding between developers, manufacturers and customers of this equipment.
However, more than 10 years have passed since the adoption of GOST; it is largely outdated and needs to be improved, during which changes in the field of development of access control systems that have occurred during this period should be taken into account.
When preparing a new standard, it is necessary to take into account the presence of certain regulations in force in foreign analogues of the Russian state standard, the content of which must correspond to the documents adopted within the framework of the International Electrotechnical Commission (IEC), of which our country is a permanent member. In particular, the requirements imposed by GOST for domestic products and services, at a minimum, should not contradict the relevant international requirements, rules and regulations, and, if possible, not be inferior to them or even exceed them.
When developing a new standard for access control systems, cooperation with the IEC (International Electrotechnical Commission), IEC is an international organization for standardization in the field of electrical, electronic and related technologies. Some of the IEC standards are developed jointly with the International Organization for Standardization (ISO).
The IEC was founded in 1906 and currently includes more than 60 countries. The commission was initially located in London and has had its headquarters in Geneva since 1948.
Membership of the International Electrotechnical Commission is open only to recognized national standards organizations. Countries are represented by the following organizations:
- Russia - Federal agency on technical regulation and metrology;
- Canada - Standards Council of Canada;
- France - Union technique de l'e'lectricite' et de la communication (UTE);
- Germany - Deutsche Kommission Elektrotechnik Elektronik Informationstechnik im DIN & VDE;
- Japan - Japanese Industrial Standards Committee;
- UK - British Standards Institute;
- USA - American National Standards Institute (ANSI).
Many large companies take part in the work of the IEC, who believe that in this way they can protect their interests in the global market. By investing in international standardization, they try to insure themselves against future losses.
The issues of standardization of technical means of protection against unauthorized entry are dealt with by the technical committee IEC/TC 79 Alarm systems, which was created in 1979. The list of current IEC/TC 79 Alarm systems standards is given in Table 1.
| Designation | Title in Russian |
| IEC 60839-1-1(1988) | Alarm systems. Part 1: General requirements. Section 1: General Provisions |
| IEC 60839-1-2(1987) |
Alarm systems. Part 1: General requirements. Section 2: Power Sources, Test Methods and Performance Criteria |
| IEC 60839-1-3(1988) | Alarm systems. Part 1: General requirements. Section 3: Environmental Tests |
| IEC 60839-1-4(1989) | Alarm systems. Part 1: General requirements. Section 4: Rules of Practice |
| IEC 60839-2-2(1987) | Alarm systems. Part 2: Requirements for security alarm systems. Section 2: General requirements for security detectors |
| IEC 60839-2-3(1987) | Alarm systems. Section 3: Requirements for infrared beam detectors installed in buildings. |
| IEC 60839-2-4(1990) | Alarm systems. Part 2: Requirements for security alarm systems. Section 4: Doppler Ultrasonic Detectors Installed in Buildings |
| IEC 60839-2-5(1990) | Alarm systems. Part 2: Requirements for security alarm systems. Section 5: Microwave Doppler Detectors Installed in Buildings |
| IEC 60839-2-6(1990) | Alarm systems. Part 2: Requirements for security alarm systems. Section 6: Passive infrared detectors, used in buildings |
| IEC 60839-2-7(1994) | Alarm systems. Part 2: Requirements for security alarm systems. Section 7: Passive detectors, activated when glass breaks, installed in buildings |
| IEC 60839-5-1(1991) | Alarm systems. Part 5: Requirements for alarm transmission systems. Section 1: General system requirements |
| IEC 60839-5-2(1991) | Alarm systems. Section 2: General Hardware Requirements |
| IEC 60839-5-4(1991) | Alarm systems. Section 4: Alarm Transmission Systems Using Dedicated Transmission Channels |
| IEC 60839-5-5(1991) | Alarm systems. Section 5: Requirements for digital communications systems using the telephone network common use |
| IEC 60839-5-6(1991) |
Alarm systems. Section 6: Requirements for voice communications systems using the public switched telephone network |
| IEC 60839-7-1(2001) | Alarm systems. Part 7-1. Message formats and protocols for serial data interfaces in transmission systems. General provisions |
| IEC 60839-7-2(2001) | Alarm systems. Part 7-2. Message formats and protocols for serial data interfaces in transmission systems. Common Application Layer Protocol |
| IEC 60839-7-3(2001) | Alarm systems. Part 7-3. Message formats and protocols for serial data interfaces in transmission systems. Common Data Link Layer Protocol |
| IEC 60839-7-4(2001) | Alarm systems. Part 7-4. Message formats and protocols for serial data interfaces in transmission systems. Common Transport Layer Protocol |
| IEC 60839-7-5(2001) | Alarm systems. Part 7-5. Message formats and protocols for serial data interfaces in transmission systems. System interfaces with two-wire configuration in accordance with ISO/IEC 8482 |
| IEC 60839-7-6(2001) | Alarm systems. Part 7-6. Message formats and protocols for serial data interfaces in transmission systems. System interfaces using ITU-T V.24/V.28 recommendations for signal transmission |
| IEC 60839-7-7(2001) | Alarm systems. Part 7-7. Message formats and protocols for serial data interfaces in transmission systems. System interfaces for replacement emergency sensors |
| IEC 60839-7-11(2001) | Alarm systems. Part 7-11. Message formats and protocols for serial data interfaces in transmission systems. Serial protocol used in digital systems communication, using ITU-T V.23 recommendations for transmitting signals at the interface level with telephone network public service network (PSTN) |
| IEC 60839-7-12(2001) | Alarm systems. Part 7-12. Message formats and protocols for serial data interfaces in transmission systems. Interfaces of postal, telegraph and telephone enterprises for specialized communication channels using ITU-T V.23 recommendations for signal transmission |
| IEC 60839-7-20(2001) | Alarm systems. Part 7-20. Message formats and protocols for serial data interfaces in emergency transmission systems. Terminal interfaces using ITU-T V.24/V.28 recommendation for signaling |
| IEC 60839-10-1(1995) | Alarm systems. Part 10: Security alarm systems for road transport. Section 1: Passenger cars |
The above system of IEC/TC 79 standards has been adopted in many European countries as national standards. As can be seen from the name of this system of standards, Alarm systems (“Alarm systems”) and the content of the first standard, “Alarm systems. Part 1: General requirements. Section 1: General provisions", it can apply not only to security alarm systems, but also more broadly to systems of other types of alarm conditions, which is understandable, since according to the principle of construction, these systems have much in common. However, further, in subsequent documents, the scope of application is clarified - “Security alarm systems”.
The table also shows that the system does not have standards for ACS and SOT. However, the need for their inclusion is recognized, and this is confirmed by plans to include in the TK 79 program for 2007 the development of a number of documents on alarm systems, including the document “PNW 79 - 220 Electronic Access Control Systems / Electronic systems access control and management."
As noted above, access control and management tools are an integral part of anti-terrorist and anti-criminal protection and are integrally linked with security alarm systems.
Until 1999, the functions of the secretariat of TC 79 were performed by the Scientific Research Center "Security" of the All-Russian Research Institute of Poultry of the Ministry of Internal Affairs of Russia through the State Standard of Russia, and almost all standards adopted from 1988 to 2001 and in force to the present day were developed, agreed upon and approved with the direct participation of specialists from Russia. Currently, membership in TC 79 of the Federal State Institution “National Research Center “Security” of the Ministry of Internal Affairs of Russia has been restored.
IN work program TC 79 for 2007 includes the development of a number of documents on alarm systems, including the document “PNW 79-220 Electronic Access Control Systems / Electronic access control and management systems.”
The abbreviation PNW means a new topic adopted for development, but as the basis of the document PNW 79-220, which was submitted for discussion to the member countries of TC 79, the Canadian national standard CAN / ULC - S 319 - 05 “Electronic Access Control Systems / Electronic Systems” was proposed access control."
This document is available at the Okhrana Research Center, and work is currently underway to translate it into Russian.
As another confirmation of the relevance of inclusion in the system of IEC/TC 79 Alarm systems standards, we can cite the UK national standards for a similar purpose BS EN 50131-1:2006 “Alarm systems. Security alarm systems. Part 1. System requirements,” which are supplemented by standards for ACS and SOT. It also more clearly defines the scope of application as “Systems ... used for safety purposes,” which allows for a more precise determination of the necessary application requirements (Table 2).
| Designation | Title in Russian |
| BS EN 50133-1:1997 | Alarm systems. Access control systems used for security purposes. Part 1. System requirements |
| BS EN 50133-2-1:2000 | Alarm systems. Access control systems used for security purposes. Part 2-1. General requirements for components |
| BS EN 50133-7:1999 | Alarm systems. Access control systems used for security purposes. Part 7. Operation manual |
| BS EN 50132-5:2001 | Alarm systems. CCTV closed circuit television systems used for security purposes. Part 5. Video transmission systems |
| BS EN 50132-7:1996 | Alarm systems. CCTV closed circuit television systems used for security purposes. Part 7: Application guidelines |
Among the latest trends in the development of access control systems in Lately Since more and more attention is being paid to biometric identification and radio frequency identification solutions, when considering the existing regulatory framework for access control systems, I would like to especially note a series of newly introduced Russian standards adopted on the basis of international IEC/ISO standards relating to biometric identification, as well as radio frequency identification standards. It is expected that when working on a new standard for access control systems, the provisions of these international standards will be used. Below is a list of the main documents that you need to pay attention to (Table 3).
| Designation | NAME |
| GOST R ISO/IEC 14443-1-2004 | Identification cards. Integrated circuit cards are contactless. Close action cards. Part 1. Physical characteristics |
| GOST R ISO/IEC 15693-1-2004 | Identification cards. Integrated circuit cards are contactless. Remote action cards. Part 1. Physical characteristics |
| GOST R ISO/IEC 15693-2-2004 | Identification cards. Integrated circuit cards are contactless. Remote action cards. Part 2. Air interface and initialization |
| GOST R ISO/IEC 15963-2005 | Automatic identification. Radio frequency identification for item management. Unique identification of RFID tags |
| GOST R ISO/IEC 19794-2-2005 | Automatic identification. Biometric identification. Biometric data exchange formats. Part 2: Fingerprint Image Data - Checkpoints |
| GOST R ISO/IEC 19794-4-2006 | Automatic identification. Biometric identification. Biometric data exchange formats. Part 4: Fingerprint Image Data |
| GOST R ISO/IEC 19794-5-2006 | Automatic identification. Biometric identification. Biometric data exchange formats. Part 5: Facial Image Data |
| GOST R ISO/IEC 19794-6-2006 | Automatic identification. Biometric identification. Biometric data exchange formats. Part 6: Iris image data. |
In addition, there are many both domestic and foreign documents related to issues related to access control systems - both directly (for example, a number of standards for locks and locking devices with electrically controlled, as well as standards for identification methods), and defining additional issues regarding the use of access control systems (standards for automated control systems, Information Systems etc.).
Thus, in conclusion, the following can be noted:
The “date of birth” of the current regulatory framework regulating the production and sale of access control systems is 1998; of course, it needs to be revised. Over the past time, the industry has come far ahead both in terms of the capabilities of individual devices and in terms of the technologies themselves. New realities have emerged that were not reflected in the old regulatory documentation.
The relevance of work on the regulatory framework increases in modern conditions of market saturation with equipment. For Russia, this is especially important due to the lag in the development of national standards and the prospects for joining the WTO, taking into account the need to protect domestic markets and producers.
To create new national standards, it is necessary to use the domestic standards base, as well as foreign regulatory documents.
When analyzing foreign standards, it is necessary to have an adequate qualified translation, edited by specialists in the subject area of the standard. This is necessary due to the fact that in domestic practice there may be fundamentally different approaches and scientific schools in determining the meaning of the problem and solving similar problems, often more effective.
"Security Algorithm" No. 4, 2008
The first edition of the standard for access control systems was adopted in 1998. The initiator of its development was in the mid-90s. Research Center "Security" of the Ministry of Internal Affairs of the Russian Federation, and the development was carried out by the Russian technical committee for standardization TC 234 "Alarm systems and anti-criminal protection."
The version of the national standard for access control systems (GOST R 51241–2008 “Means and systems for access control and management. Classification. General technical requirements. Test methods”), which has been in force since 2009, is already the second edition, and in six years new components and technologies have appeared, experience in the practical use of access control systems has been accumulated. In his modern development A special role belongs to the introduction of IP technologies and the development of integration of security systems (especially access control systems) and video surveillance systems based on it.
Integrated security systems: concept and regulatory framework
The formulation of the concept of “integrated security systems” (ISS) was first given in the “List of technical means of private security authorized for use in 1999.” P 78.36.001–99. – departmental regulatory document Ministry of Internal Affairs of the Russian Federation: “These systems include jointly functioning television surveillance systems, access control and management systems, security and fire alarms, as well as a number of additional subsystems that provide protection from various types threats arising at facilities. The scope of ICS application is to ensure comprehensive security of large, medium-sized and especially important facilities.”
Of course, in order to use ISB, a regulatory and technical base was necessary. At that time, the provision of security and fire alarm systems with departmental scientific and technical documentation and standards was quite sufficient. It was necessary to develop standards for television surveillance systems, later called “security television systems” (SOT), as well as for access control systems.
Modern approach to standardization in access control systems
The modern approach is based on the introduction of IP technologies into SOT and ACS. In addition, it is actively influenced by the international industrial associations ONVIF (Open Network Video Interoperability Forum) and PSIA (Physical Security Interoperability Alliance) - they created their own corporate standards in the field of IP video surveillance and have recently proposed ACS standards.
On the need to change the national standardization system
Since 2002, the regulatory framework for certification and standardization has been determined by Federal Law No. 184-FZ “On Technical Regulation”. He repealed the then-current Federal Laws “On Certification of Products and Services” and “On Standardization” - and therefore many problems arose in the area of the national standardization system. There are a considerable number of publications criticizing the shortcomings of this law and discussing problems associated with the practice of its application. Finally, the need to adopt a new law became inevitable, and in October 2014, the Russian State Duma, by a unanimous decision of all deputies, adopted in the first reading the draft Federal Law “On Standardization in the Russian Federation,” which was developed by the Ministry of Industry and Trade of the Russian Federation.
The explanatory note to the new project noted the inconsistency of the existing national standardization system with modern economic conditions, the inability to solve a wide range of problems - both state and socio-economic, in particular to modernize the domestic economy in order to increase the competitiveness of our products, to overcome the technological gap, needs defense It is also indicated that the gap is growing Russian system standardization with modern international standardization practices. In general, the new federal law preserves the principles that are stated in the Federal Law “On Technical Regulation” and adopted in international agreements and international practice
Features of the new law
The influence of the new Federal Law on the practice of developing domestic standards is noted in the following points:
Judging by the provisions of the new documents relating to standardization, the following conclusion can be drawn: a key role in the development of access control standards is played by technical committees for standardization, which, on the basis of voluntariness and equal representation, unite representatives of both government and non-government organizations (primarily meaning industrial enterprises and consumers of products). The same trend is present in the international standardization of the IEC - the TC 79 committee includes representatives of ONVIF and PSIA.
National and international standards for access control systems
National standards: 1. GOST R 51241–2008: “Means and systems for access control and management. Classification. General technical requirements. Test methods". 2. GOST R 54831–2011. “Access control and management systems. Controlled blocking devices. General technical requirements. Test methods". Standards for individual ACS components: 1. GOST R 53705–2009. “The security systems are comprehensive. Metal detectors stationary for premises. General technical requirements. Test methods". 2. A series of standards for identification cards – 34 standards for identification cards various technologies. Series of standards GOST R ISO/IEC 10373, GOST R ISO/IEC 11694, GOST R ISO/IEC 15457, etc. 3. Series of standards for biometric identification - 10 standards GOST R ISO/IEC 19794 “Automatic identification. Biometric identification."
International standards (including those in draft stage): 1. l IEC 60839-11-1 Ed.1: Alarm and Electronic Security Systems – Part 11-1: Electronic Access Control Systems – System and Components Requirements access. Requirements for systems and components"). 2. IEC 60839-11-2 Ed. 1.0 Alarm and Electronic Security Systems – Part 11-2: Electronic Access Control Systems – Application guidelines. 3. IEC 60839-11-31 SOAP Base Protocol (ONVIF Core Specs) (IEC 60839-11-31 SOAP Basic Protocol (based on technical specifications ONVIF). 4. IEC 60839-11-32 SOAP EACS Commands - IP (IEC 60839-11-32 SOAP EACS Commands - IP). 5. IEC 60839-11-41 REST Base Protocol (PSIA Core Specs) 6. IEC 60839-11-42 REST EACS Commands (IEC 60839-11 -42 REST EACS commands).
International standards for individual components of access control systems: 1. IEC 62820 Ed.1. General Requirement for Building Intercom Systems. In four parts:
2. IEC 62692 Ed.1: Alarm and Electronic Security Systems – Digital Door Lock Systems – Requirements and Test Methods door locks. Requirements and test methods").
Actions to improve standards in the field of access control systems
The scope of application of access control systems is constantly expanding, new technologies are actively developing, the number of equipment manufacturers is growing - all this makes the development of appropriate standards extremely relevant. National standards need to be harmonized with international standards, taking into account the interests Russian market. In addition, it is required to skillfully translate IEC TC 79 documents into Russian in order to in the prescribed manner apply international access control standards on our territory.
Prospects and plans for the development of access control systems and access control systems are within the competence of the technical committee TC 234, but its main area of activity is security systems, while the access control and management system is used much more widely. Consequently, other technical committees (in particular, technical committees on automatic identification, on biometrics and biomonitoring, on automation tools and control systems, on information technology) and organizations for which access control is one of the priorities. Standardization work requires significant funding. Article 32 of the new Federal Law “On Standardization” on the sources and procedure for financing provides for only two sources - funds from the federal budget and funds from state public associations, organizations and corporations. The insufficiency of these sources is obvious. In world practice, a significant share of financing the development of standards is taken by business - for example, in Germany it is up to 80%. Thus, government agencies must develop special measures to attract private business to finance.