UFC 4-021-02NF
27 September 2006
change 1, 23 October 2006
3-3.2
Life Safety Code Compliance. Anti-tailgating and anti-passback features
must be consistent with the philosophy of the Life Safety Code and the Means of Egress
for Buildings and Structures, unless specifically over-ruled by Government Authority.
3-3.3
Anti-passback. Anti-passback is a strategy where a person must present a
credential to enter an area or facility, and then again use the credential to "badge out."
This makes it possible to know how long a person is in an area, and to know who is in
the area at any given time. This requirement also has the advantage of instant
personnel accountability during an emergency or hazardous event. Anti-passback
programming prevents users from giving their cards or PINs to someone else to gain
access to the restricted area. In a rigid anti-passback configuration, a credential is used
to enter an area and that same credential must be used to exit. If a credential holder
fails to properly "badge-out", entrance into the secured area can be denied. Anti-
passback is a standard feature for Commercial-Off-The-Shelf (COTS) access control
systems and is typically disabled but can be enabled through software programming.
3-3.3.1 An alternative approach to "badging out," which is not as rigid as the process
described above, is use of a time delay on entrance readers. In this design, the
credential (Card or PIN) can not be reused within a prescribed minimum time period.
This time delay feature can be programmed and set for a time period such as a half-
hour. During the half-hour time period, the same card or PIN can not be used for a
second entry. While affording some increased security, this process is not as rigid or
secure as a `badge-out" process.
3-3.4
Anti-tailgating. While not commonly required, a project security requirement
may be to deter tailgating. Tailgating is the act of a person following another authorized
person closely in order to gain ingress through the same portal when the authorized
person's credential grants access. An example of a simple anti-tailgating requirement
would be a pedestrian turnstile for access control. Since turnstiles are easily defeated,
when significant, anti-tailgating measures are required, high-security vestibules or
guard-controlled entrances can be a solution. Such application may slow down access.
3-3.5
Two-man Rule. The two-man rule is a strategy where two people must be in
an area together, making it impossible for a person to be in the area alone. Two-man
rule programming is optional with many identification systems. It prevents an individual
cardholder from entering a selected empty security area unless accompanied by at least
one other person. Once two token holders are logged into the area, other token holders
can come and go individually as long as at least two people are in the area. Conversely,
when exiting, the last two occupants of the security area must leave together using their
tokens. Use of the two-man rule can help eliminate insider threats to critical areas by
requiring at least two individuals to be present at any time. Most ACS software will
enable the assignment of a specific second person that can be established (such as
clearance escort requirement).
3-3.6
Exit Technologies. While access control is principally concerned with entry
requirements, some consideration must be given to exit technologies and methods.
Door hardware or locking mechanisms specified to enter access portals influence exit
29