UFC 4-021-02NF
27 September 2006
change 1, 23 October 2006
of software drivers. While slightly more complicated than the hardwired approach, this
method has the advantage of reduced wiring costs.
8-3.4
Networked Connections. Current COTS security systems are moving in the
direction of networked inter-system design. If this method is selected, a separate
security network should be installed. In this approach, Ethernet cable is routed to the
headend equipment and a static internet protocol (IP) address for the CCTV and IDS or
combined IDS/ACS subsystems. The network connection allows communication
between the remote equipment and a server or desktop personal computer (PC),
usually located in the Dispatch Center. The desktop PC will have a security program
that accesses remote equipment through IP addresses provided during setup. The
security program allows the user to access CCTV and IDS/ACS information. When
using this approach, having adequate bandwidth is important due to the large amount
required for video information. As mentioned, network security is also of paramount
importance and for DoD projects a dedicated security network is recommended. Cost
savings of reduced point-to-point wiring have to be compared to possible new costs of
installing a dedicated network. A drawback to this approach is that typically the
manufacturer of both the CCTV and IDS/ACS have to be the same vendor unless
compatible software drivers for allowing both systems to talk to each other are available
or created.
8-3.4.1 Networked security systems are typically a Proprietary Security Network. A
Proprietary Security network is a completely self contained dedicated local area network
(LAN) with security system software installed and run on a host server (computer).
Proprietary Security Networks are dedicated to the ESS with no outside (Internet, LAN,
or WAN) connections. All networks must meet the applicable DoD and service
component certification policies and procedures. A unique user ID and password is
required for each individual granted access to the IDS host computer. Public Key
Infrastructure (PKI) certificates may be used in lieu of User ID and password for positive
authentication. Positive authentication methods must be in accordance with published
DoD policy and procedures. System must monitor and log all network and ESS
component access attempts and all changes to ESS application using auditing and
network intrusion detection software or similar enhancements. If connection to an
outside LAN/WAN is a system requirement, the system would not be considered a
Proprietary Security Network and the following additional requirements would apply:
Encrypt all host server communications to the LAN/WAN using a NIST-approved
algorithm with a minimum of 128-bit encryption.
Protect the system from compromise with firewalls, or similar enhancements that
are configured to only allow data transfers between ESS components and
authorized monitoring components.
8-4
COMMUNICATION FROM THE CCTV SYSTEM TO THE ACS
8-4.1
For those limited applications where the CCTV system is being used as an
intrusion detection methodology (primarily interior camera locations), the CCTV system
can be configured to provide an alarm input to the ACS system.
114
Previous Page
