Access Control Security Systems Nationwide

Compare Access Control Systems
Answer a few questions to get started

An access control system (ACS) is a measure of security that controls what or who is granted permission to enter a facility, computing environment or a system. In general, an access control security system falls into two distinct categories: logical or physical. Logical access control systems restrict connections to data, files within a system, and computer networks. A physical access control system limits entrance to physical IT assets, buildings, rooms and areas marked as "for authorized persons only."

Basic Concepts of Access Control Security Systems

There are a variety of terms and concepts associated with access control. Below are a few of the most common:

  • Object: Something that holds or receives information. The following are examples of protected objects:
    • Records
    • Printers
    • Directories
    • Files
    • Programs
    • Disc drives
  • Domain and Type Enforcement: As a way of implementing a process of security on a system, protected objects of a system are assigned to a domain. Those objects are categorized as a type. The domain has rights to its allocated objects under their specified types.
  • Subject: An active entity, such as a person, process or device, responsible for the flow of information between objects or changes the state of an access control system.
  • Operation: An active process put into action by a subject. As an example, an ATM user inserts a card, enters a PIN and makes a balance inquiry or makes a deposit.
  • Separation of Duty (SOD): This is a security principle that doesn't allow any authorized subject enough access permissions to misuse a system.
  • Access Control List (ACL): A list that shows the set of rights a subject has to access an object.
  • Permission (privilege): Authorization to act within a system.

Who Uses Access Control Systems?

One of the main reasons for installing an ACS is to help businesses and organizations maintain their compliance with local or federal regulations. For example, doctors' offices, hospitals and medical insurance companies require the security of an access control system to make sure they comply with HIPAA regulations. IP data is a sensitive intellectual property that requires pharmaceutical companies, software developers, startups and entrepreneurs to have an ACS to control who enters specific buildings. Because of the growing reliance on cloud-based services and data retention, any business that wants to keep up with SOC or SOC2 cybersecurity standards will have an ACS. SOC and SOC2 are a set of standards created by the American Institute of Certified Public Accountants (AICPA) that provide an assessment of a company’s cybersecurity controls.

Components of Physical Access Control Systems

Access control systems can effectively integrate with a variety of equipment. Still, a physical ACS has four fundamental elements:

  • Access control barrier
  • An electronic device for identification and verification
  • A panel that manages the access control barrier
  • A structure that connects and communicates with these components and links the ACS with reaction elements

Access control barriers are physical devices that could be drop or wedge arm barriers, turnstiles, portals or facilities for guards. Verification equipment might be a card reader or biometric scanner, which could examine an individual's retina or fingerprints. Reaction elements are alarms that notify through audible or visual means when an unauthorized entry has occurred.

Types of Logical Access Control

Logical access control systems can be categorized as one of the four models below:

  • Mandatory access control (MAC): In MAC systems, each object is assigned a specific classification and clearance level—allowing for an ACS to have varying degrees of permission. Government and military facilities often use MAC because, in the current market, it is considered the most secure.
  • Attribute-based access control (ABAC): With this type of ACS, different systems, various users, and certain environmental conditions combine to create a multifunctional grouping of policies and rules which determine if access is granted.
  • Discretionary access control (DAC): It is the responsibility of the DAC system administrators and owners to develop a decentralized plan that defines the rights of a subject for each object. Because permission rules are at the owner's discretion, many believe it makes the DAC system less effective.
  • Role-based access control (RBAC): This ACS only gives employees access based on their assigned roles and limits them to the materials needed for completing their tasks; everything else is restricted. RBAC systems help companies restrict privileges of third parties or other contractors they may work with throughout the year.
  • Equipment Categories

    Controlled access systems use the following four technologies and equipment as physical security measures:

    1. Physical control: Physical access control can occur within a building, but also can start a distance away outside of a facility’s perimeter to control vehicular traffic or attempts to enter using barriers or guard stations, for example.
    2. Cipher and tokens systems: Cipher lock systems require that a person enter a multi-digit code to proceed through the door of a protected area. Tokens are electronic or mechanical portable devices, ID cards or key fobs that a token reader examines electronically, or a security guard authenticates.
    3. Biometric systems: This type of access control system uses biometrics for access authorization. Examples of this access control technology include signature dynamics, facial recognition, vein geometry or fingerprint recognition, among others.
    4. Assistive technologies: An ACS using this alternative technology gives persons with disabilities or any special needs the ability to engage in the access control process.

    Identification and Authentication

    The identity of a user determines what permissions the subject has been given. Users requesting physical or logical access to protected resources or areas need to first be identified as having the proper clearance to do so. Factors for authentication can include something a person is (characteristics), such as biometrics, something a person has (ownership), such as a key or access card, and something a person knows (knowledge), like a PIN or password. Having a PIN-based authentication is the least expensive but also the least secure. An access card is secure but can be quite costly. Using biometrics is expensive too, but it is the safest of all the options.

    What Our Customers Say

    One phone call takes care of any issue we have. We had a difficult time figuring out the best way to secure everything in-house. Outsourcing has been much simpler and more secure. Love the service

    We wanted to have a simple 4 digit key code for our office and found a great deal! Highly recommend

    Save up to 25% on access control systems!

    Compare Access Control Systems
    Answer a few questions to get started