10 Sep 2010

Brivo’s access control system gains mention in FIPS 201 Approved Product List
Brivo's OnSite Aparato™ Physical Access Control System
Brivo Systems LLC, the leader in Software-as-a-Service applications for security management, announced that its ACS OnSite Aparato™ Physical Access Control System (PACS) has gained coveted placement on the General Services Administration's (GSA) FIPS 201 Approved Product List (APL) in the Caching Status Proxy category.

Caching status proxies periodically update certificate revocation status, allowing for rapid access control decisions when online certificate validation may not be possible or may create unacceptable delays.

Security experts that have reviewed Brivo's OnSite Aparato solution have stressed the value of such Caching Status Proxy capability. "The need for a continuously updated certificate status is critical across both logical and physical access control systems," noted Don Fergus, VP of IT Risk at Intekras, Inc., a government and commercial Professional Services firm. "Without the implementation of such a capability, timely and streamlined verification and updating of cardholder status cannot be assured."

OnSite Aparato was launched in May 2010. Integrated with Codebench's PIVCheck Plus and Certificate Manager products and used with PIV-compliant card readers, OnSite Aparato supports compliance with Homeland Security Presidential Directive 12 (HSPD-12) and the Federal Information Processing Standards Publication 201-1 (FIPS 201), which addresses the critical issue of Personal Identity Verification (PIV) for Federal employees and contractors.

Brivo's Aparato is listed in the Caching Status Proxy category as item number 497



With Aparato's inclusion on the FIPS Approved Product List, federal agencies and departments can choose an approved, trusted PACS solution that conforms to mandated standards. "Being granted GSA FIPS 201 compliance demonstrates Brivo's commitment to serving our GSA and other federal customers, as well as ensuring our products meet stringent government standards," said Brivo President and CEO Steve Van Till. "The Brivo-Codebench integration makes Aparato a perfect choice for federal customers looking for a compliant PACS that meets their high standards." Geri Castaldo, Codebench CEO, added: "Codebench is pleased to partner with Brivo Systems in providing a complete PACS solution federal agencies can rely on to help them maintain compliance with FIPS 201 and HSPD-12."

The HSPD-12 and FIPS 201 mandates establish requirements for a common identification standard that pertains to credentials issued by federal departments and agencies to their employees and contractors for gaining physical access to federally-controlled facilities and logical access to federally controlled information systems.

To comply with the complete spectrum of standards required by HSPD-12 and FIPS 201, numerous components are necessary, from identity registration to card issuance to access control and ongoing validation. Brivo's role in this range of services is as a manufacturer of PACS solutions that meet strict compliance standards with HSPD-12 and FIP 201, which include:

  • The ability to register and use compliant PIV cards for physical access control
  • Integration of the Aparato's card database with a designated certificate authority
  • Ability of the Aparato system to suspend/revoke privileges based upon updates from that authority
  • Ability of Aparato to communicate messages to an Identity Management System, indicating when a card has been revoked from the PACS database
  • Security standards for system communications.

The FIPS 201 Evaluation Programme Site can be found at this URL. Brivo is listed in the Caching Status Proxy category as item number 497.