Using Alternative Credentials for TWIC compliance with FIPSlink
No rip and replace!
The TWIC Final Rule specifically describes the requirements of a compliant solution as being able to perform “electronic TWIC inspection requirements of biometric identification, the card validity check, and card authentication” (https://www.federalregister.gov/d/2016-19383/p-345) So what does this mean for your existing PACS?
Three tenets of TWIC compliance
Being able to check the biometric identity of a TWIC cardholder basically means that the PACS needs to be able to verify the physical person’s fingerprint against the template that has been stored on their TWIC card.
Card Validity Check
Card authentication ensures that the TWIC card is not counterfeit. In the case of a visual inspection, this can be done by a guard, looking for the general features of the card as well as the reflective holographic designs on the cards surface. However, a PACS needs to be able to verify the card electronically and needs to do so by performing a challenge/response test with the digital certificates stored on the card. If the certificates are invalid or out of date, then a card cannot be authenticated.
What this means for Commercial Cards
The main tenets above are written to allow flexible compliance with the TWIC Final Rule, while not impeding or creating unnecessary costs to the end user. With the correct solution, a facility can continue using their commercial access cards as alternative credentials if their PACS solution can meet the criteria above.
How do commercial cards work with FIPSlink?
FIPSlink enables compliance with the TWIC final rule in existing PACS by performing the necessary electronic TWIC Card checks on its own, then updating information within your PACS. Not only does this make the process of enrollment simple and fast, but it also allows your cardholders to continue using their commercial access cards as alternative credentials. This means that there’s no need to manually reissue, alter, or otherwise interfere with the badges that are already working on site.