Ready for what’s next. www.boozallen.com

Access Control

Agencies must maintain constant vigilance against threats from foreign and domestic hack-ers and terrorists. These threats span both logical and physical assets, driving the need for a comprehensive access control strategy. Securely providing authorized users access to resources through Physical Access Control Systems (PACS) and Logical Access Control Systems (LACS) is critical and increasingly difficult to implement.

Booz Allen can help you be ready for what’s next

Booz Allen Hamilton, a leading strategy and technology consulting firm, views access control from a holistic framework and ensures that a client’s specific requirements and goals are viewed within the context of a larger system. We recognize that a comprehensive security strategy consists of multiple layers and involves implementing security mechanisms for information and physical assets. A properly implemented access control system including both PACS and LACS assures organizations that they are protected, enabling an environment of trust, security, integrity, privacy, and availability.

PACS and LACS are two of the few systems that affect virtually every employee and visitor. Migration of legacy PACS to achieve HSPD-12 compliance represents a paradigm shift for creating a secure, trusted, process-driven credential system for highly secure physical and logical access. It requires an agency-wide understanding of processes and what is most important: its people.

Properly implemented, a PACS and LACS system will reduce administrative costs; eliminate complex, often manual processes; and enforce a higher level of security.

Our approach and capabilities

Physical access:• Booz Allen has extensive experience in managing the often complex challenge of upgrading a PACS to support Personal Identity Verification (PIV) cards. Many agencies have multiple PACS suppliers, along with systems purchased over many years in different locations and often by different organizations within the agency. The complex challenge with physical access control is to find an affordable, pragmatic approach to upgrading a system while improving speed and security. Booz Allen’s experienced PACS professionals can provide a vendor-independent analysis, system design, and overall management for a PACS transformation.

About Booz Allen

Booz Allen Hamilton has been

at the forefront of strategy

and technology consulting for

95 years. Providing a broad

range of services in strategy,

operations, organization

and change, information

technology, systems

engineering, and program

management, Booz Allen is

committed to delivering results

that endure.

For more information contact

Gerald Thames

Executive Advisor

703/377-2041

thames_gerald@bah.com

Andrew Tarbox

Senior Associate

Service Solution Lead

703/377-4355

tarbox_andrew@bah.com

Rick O’Donnell

Associate

703/984-0347

odonnell_richard@bah.com

www.boozallen.com

S T R A T E G y | O P E R A T i O n S | O R G A n i z A T i O n & C H A n G E | i n f O R m A T i O n T E C H n O L O G y

04.148.09 G

Logical access:• Improving logical access control systems is another daunting challenge facing agency senior management as PIV cards are implemented. PIV cards provide agencies with a tool to provide two- or even three-factor authentication to information. However, alone they are not a system, and much more is required to provide the level of protection needed in these risky times.

PIV cards provide full multifactor authentication in an agency. Authentication is based on at least one of three factors: something you have (PIV card or token), something you know (password or PIN), and something you are (fingerprint, voice, or retina). The more factors used, the higher the assurance that the correct, authorized user is actually accessing a facility or information. Strong authentication provides clients with a high level of assurance and reduces risk.

Implementation: • Implementing this complex transformation requires a trusted partner that is independent and knowledgeable and has the broad range of skills and experience required. Booz Allen excels at accomplishing challenging transformations while remaining vendor neutral. Effective HSPD-12 PACS implementation involves much more than technology solutions, because the real challenges and opportunities involve effectively bringing together cross-functional groups to effect organizational change.

Booz Allen has the resources to assemble teams of HSPD-12 and access control subject matter experts focused on addressing client needs. These teams meet regularly to review current status, challenges, solutions, best practices, and lessons learned. This shared experience is applied to our clients’ programs, yielding high-quality deliverables, better support, and improved effectiveness. Some of the capabilities that Booz Allen can support include:

– Developing a consolidated identity management framework that accounts for physical and logical security threats while protecting individuals’ privacy rights

– Augmenting existing or defining new identity management policies

– Conducting risk assessments to determine the appropriate authentication assurance levels applicable to each logical and physical asset

– Providing an identity management services layer that facilitates rapid compliance with evolving authentication requirements for known and future applications

– Defining change management plans that apply an organization’s priorities for establish-ing an HSPD-12 compliance program that makes sense

– Developing a training and awareness program to smooth the transition to a new iden-tity management infrastructure

Representative clients

Booz Allen has played a major role in solving access control challenges across the US government. Our representative client engagements include:

More than 9 years of identity and access management experience across many agencies • in the federal governmentPMO services to the DoD Common Access Card (CAC) program• PMO support to Treasury, NASA, HHS, OPM, USPS, and IRS for HSPD-12 projects• PACS support to USDA, USAF, Commerce, and the USPS•

Whether you’re managing today’s issues or looking beyond the horizon, count on us to help you be ready for what’s next.