Home' RTCA Documents for Review : DO-230H FRAC Contents 81
©2017 RTCA, Inc.
Note: Airport, municipal and state regulations often require PACS panels to be UL 294- and UL
1076-listed. Some control panels are powered over Ethernet (PoE). For UL 294 applications, UL
294-listed PoE injectors or switches are recommended. Uninterruptable Power Supply (UPS)
sizing must be considered when utilizing PoE, Single Port or Multi-Port Injectors and Switches.
Mutual Authentication for PACS
Mutual authentication is when two entities, human or non-human both require proofs of identity before
conducting business. In PACS, both the field control panel (FCP) and the reader would prove identity to
the other when connected. FCP to FCP connectivity and FCP to host could be authenticated by proofs of
identity, thus establishing a trusted path for identity credential verification to occur and preventing
substitution and man-in-the- middle attacks (also see NIST SP800-63-1). Mutual Authentication is required
for Federal deployments and a benefit for other market segments.
PACS Server & Application Software: Main Functions Overview
The PACS server, application software and database comprise administrative tools used by system
engineering and maintenance staff, as well as functions to enable system administrators and operators to
perform normal functions as required to achieving the objectives and enforcing the policies established in
the Airport Security Plan (ASP). This requires that the PACS is designed and components are configured
with these objectives as a guide and may include integration and communication to outside infrastructure
as required, e.g. IDMS [Refer: Credentials Section 2.]
A PACS server supports user defined logical access roles as necessary to perform system level
configuration, maintenance and operational tasks as well as definitions for physical access privileges. These
functions may include, but are not limited to the below examples.
Support user configurable role definitions for system administrators, card holder registration
operators, guard force operators etc. as required
Connection parameters and configuration of clients
Design, issue and register ID/access badges as required by policy in the ASP
Establish door groups, or access lists, as required to suit the organizations whose employees have
access privileges at the airport
Register, store and maintain user data. Normally, the minimum required for PACS is full name,
credential identifier and access privileges. Most systems allow on-site addition of data objects e.g.
expiration date, photo image, employer organizations as may be required, or desired. Some systems
use clients connected to the server to perform user registration and user management functions
Configure system policies to accommodate access provisioning to other cardholders and visitors
Download credential information and access privileges to relevant field controllers
Receive and store access transactions from the local panels. This information is often referred to as
“History Log Files” and used by system operators to generate transaction reports
Configure size, storage and backup frequency and location of access transaction events, operator
Links Archive Navigation Previous Page Next Page