WIXLIB

PHYSICAL SECURITY SYSTEMSASSESSMENT GUIDEDecember 2016Table of ContentsAcronyms . PSS-1Section 1: Introduction. PSS-2Section 2: Intrusion Detection and Assessment . PSS-15Section 3: Entry and Search Control . PSS-25Section 4: Badging . PSS-34Section 5: Barriers, Locks, and Keys . PSS-42Section 6: Communications . PSS-56Section 7: Testing and Maintenance . PSS-61Section 8: Support Systems. PSS-67Section 9: Systems Management . PSS-70Section 10: Interfaces . PSS-79Section 11: Analyzing Data and Interpreting Results . PSS-82Appendix A: Intrusion Detection System Performance Tests . PSS-87Appendix B: Access Control System Performance Tests. PSS-189Appendix C: Communications Equipment Performance Tests . PSS-258Appendix D: Support System Performance Tests . PSS-269Appendix E: Personnel and Procedure Performance Tests . AHSPD-12IDSISSMLALLEALSSOMAAMC&AAlternating CurrentAccess Control DeviceAmerican National Standards InstituteBalanced Magnetic SwitchCentral Alarm StationClosed Circuit TelevisionCode of Federal RegulationsU.S. Department of EnergyOffice of Enterprise AssessmentsEntry Control SystemEmergency Operations CenterGeneral Services AdministrationHomeland Security PresidentialDirective 12Intrusion Detection SystemIntegrated Safeguards and SecurityManagementLimited AreaLocal Law Enforcement AgencyLocal Site Specific OnlyMaterial Access AreaMaterial Control and IFSNMSPOSRTSSSPTIDUPSVAVMDPSS-1Officially Designated Security AuthorityProtected AreaPerimeter Intrusion Detection andAssessment SystemPersonal Identification NumberProperty Protection AreaPhysical Security SystemsPan-tilt-zoomQuality AssuranceRadio FrequencySafeguards and Security ProgramSecondary Alarm StationSensitive Compartmented InformationFacilitySpecial Nuclear MaterialSecurity Police OfficerSpecial Response TeamSite Safeguards and Security PlanTamper-Indicating DeviceUninterruptible Power SupplyVulnerability AssessmentVideo Motion Detector

Physical Security Systems Assessment Guide – December 2016Section 1: IntroductionPurposeThe Physical Security Systems (PSS) Assessment Guide provides assessment personnel with a detailed methodologythat can be used to plan, conduct, and closeout an assessment of PSS. This methodology serves to promoteconsistency, ensure thoroughness, and enhance the quality of the assessment process.The guide is intended to be useful for all assessors regardless of their experience. For the experienced assessor,information is organized to allow easy reference and to serve as a reminder when conducting assessmentactivities. For the new assessor, this guide can serve as a valuable training tool. With the assistance of anexperienced assessor, the new assessor should be able to use the guide to collect and interpret data moreefficiently and effectively.OrganizationThis introductory section (Section 1) describes assessment methods and outlines their use. Sections 2 through 9provide detailed guidance for assessing each major PSS subtopic: Section 2 – Intrusion Detection and AssessmentSection 3 – Entry and Search ControlSection 4 – BadgingSection 5 – Barriers, Locks, and KeysSection 6 – CommunicationsSection 7 – Testing and MaintenanceSection 8 – Support SystemsSection 9 – Systems Management.Section 10 (Interfaces) contains guidelines to help assessors coordinate their activities within subtopics and withother topic teams. Information is provided on the integration process, which allows topic teams to align theirefforts and benefit from the knowledge and experience of other topic teams. The section provides some commonareas of interface for the PSS team and explains how the integration effort greatly contributes to the quality andvalidity of assessment results.Section 11 (Analyzing Data and Interpreting Results) contains guidelines on how to organize and analyze datacollected during assessment activities. These guidelines include possible impacts of specific information on othertopics or subtopics, and some experience-based information on the interpretation of potential deficiencies.Appendix A (Intrusion Detection System Performance Tests) provides procedures for testing the various systemsand items of equipment that are commonly used in U.S. Department of Energy (DOE) facilities, with guidelinesfor evaluating test results. This appendix includes performance tests that are useful for evaluating a variety ofintrusion detection systems (IDSs), such as: Exterior Perimeter SensorsInterior SensorsPerimeter Closed Circuit Television (CCTV)Interior CCTVAlarm Processing and Display.PSS-2

Physical Security Systems Assessment Guide – December 2016Appendix B (Access Control System Performance Tests) contains effectiveness tests on entry control anddetection equipment.Appendix C (Communications Equipment Performance Tests) contains performance tests on radio equipment andduress alarms.Appendix D (Support System Performance Tests) addresses the testing of equipment associated with powersources and tamper protection.Appendix E (Personnel and Procedure Performance Tests) provides guidelines for designing and conductingsite-specific tests of personnel and procedures. Candidate procedures and sample test scenarios are included.General ConsiderationsWhile this guide covers a broad spectrum of assessment activities, it cannot address all security systems andvariations used at DOE facilities. The methods that are described may have to be modified or adapted to meetassessment-specific needs, and assessors may have to design new methods to collect information not specificallyaddressed in this guide. Information in this guide is intended to complement DOE orders by providing practicalguidance for planning, collecting, and analyzing assessment data. Assessors should refer to this guide, as well asDOE orders and other guidance, during all stages of the assessment process.Using the Topic-Specific MethodsSections 2 through 9 provide topic-specific information intended to help assessors collect and analyze assessmentdata. Each subtopic section is further divided into the following standard format: General InformationCommon Deficiencies/Potential ConcernsPlanning ActivitiesPerformance Tests (if applicable)Data Collection Activities.Note that DOE Order 473.3A, Protection Program Operations, applies to the subtopics, in addition to otherdocuments that may be relevant, such as: Executive OrdersSite Safeguards and Security Plans (SSSPs)Implementation memorandaMemoranda of agreementProcedural guides.These references are used as the basis for evaluating the assessed program and for assigning findings. It is usefulto refer to the applicable references, particularly DOE guidance, during interviews and tours to ensure that allrelevant information is covered.General InformationThe General Information section defines the scope of the subtopic. It includes background information,guidelines, and commonly used terms to help assessors focus on the unique features and problems associatedPSS-3

Physical Security Systems Assessment Guide – December 2016with the subtopic. It identifies the different approaches that a facility might use to accomplish an objectiveand provides typical examples.Common Deficiencies/Potential ConcernsThis section addresses common deficiencies and concerns associated with the subtopical area, along with ashort discussion that provides additional detail. Information in this section is intended to help the assessorfurther refine assessment activities. Where appropriate, general guidelines are provided to indicate where aparticular deficiency is likely to occur.Planning ActivitiesThis section identifies activities normally conducted during assessment planning. If applicable, specificactivities or information available to assessors is identified for all planning phases. These planning activitiesinclude document reviews and interviews with the facility PSS managers. The detailed information in thePlanning Activities section is intended to help ensure systematic data collection and to ensure that criticalelements are not overlooked. Typically, the thoroughness of the planning effort directly affects the success ofthe assessment.Performance TestsGeneral guidelines are provided to help the assessor identify site-specific factors that may indicate whichspecific performance tests may be particularly important. The details of PSS performance tests are providedin Appendices A through E.Data Collection ActivitiesThis section identifies activities that may be conducted to collect data. The information is intended to bereasonably comprehensive, although it cannot address every conceivable situation. Typically, these activitiesare organized by functional element or by the type of system used to provide protection. Activities includetours, interviews, observations, and performance tests. All activities are not usually performed for everyassessment. The activities and performance tests to be accomplished are normally selected during theplanning effort. The listed activities are those most often conducted.Using the Tools in Each Assessment PhaseThe assessment tools are intended to be useful during all phases of the assessment, including planning, conduct,and closure. The following summarizes the use of the assessment tools in each phase.In the planning phase, assessors: Use the General Information section under each subtopic to characterize the program and focus the review. Perform the activities identified under Planning Activities to gather the information necessary to furthercharacterize the program and focus the review. Review Common Deficiencies/Potential Concerns to determine whether any deficiencies are apparent, and toidentify site-specific features that may indicate that more emphasis should be placed on selected activities.PSS-4