For 35 years, Gallagher Security has been setting higher standards for enterprise security systems around the world and continues to set higher standards. Our commitment to providing Federal Government solutions began in the United States when Command Centre v7.20 achieved PIV support with FIPS 140 compliance. Since then, we’ve earned a wide range of global high security standards and accreditations, demonstrating our continual dedication to protecting federal sites from curb to core.
Gallagher’s strong security focus is possible thanks to our dedicated cybersecurity research, development, and testing teams who maintain an extensive review program that includes internal and external penetration testing to ensure our solutions are hardened and secure.
In this blog, we discuss Personal Identity Verification (PIV) solutions and how Gallagher’s PIV solution delivers exceptional security and the fastest form of authentication for U.S. Federal Government sites.
What does PIV stand for?
PIV stands for Personal Identity Verification and is defined by FIPS PUB 201.
What is PIV (Personal Identity Verification)?
PIV refers to a physical card issued to U.S Federal Government employees and is used to verify an individual’s identity through their stored credentials. PIV credentials stored on the card can be verified manually or by a computer or card reader and ensures only authorized individuals can access assets and locations.
What is a PIV credential?
A PIV credential is a U.S. Federal Government-wide ID used by authorized personal to access federal facilities and systems securely.
PIV credentials consist of certificates, key pairs, pin numbers, biometrics such as fingerprints, facial recognition, and other unique identifiers. These components, when combined in a PIV credential, provide the capability to enable multifactor authentication for federally controlled networks, applications, and buildings.
Setting higher standards for Federal Government
As an authorized CVE (Common Vulnerabilities and Exposures) Numbering Authority, Gallagher Security is committed to ensuring customers have the information needed to protect against cyber threats. And because our security solutions are designed and manufactured entirely on site at our headquarters in New Zealand, we’re Section 889 compliant and don't use any parts or components in violation of this mandate.
In fact, Gallagher takes things one step further with a public commitment to conducting business with the utmost integrity and to high standards of business ethics. We expect our employees, distributors, and suppliers to conduct business to the same high standards, and in 2023 published a detailed report identifying our supply chain to shed visibility on where we source materials.
We take pride in producing high-quality products that comply with strict government standards throughout the Five Eyes Alliance , including the Global ISO9001 accreditation, the Centre for Protection of National Infrastructure’s CAPSS certification, Type 1A 2008 alarms standard, EN50131, and the AS/NZ 2201 Class 5 intruder alarm compliance.
Gallagher’s products are BAA compliant and listed on the General Services Administration (GSA) Approved Products List (APL), certifying compliance to the U.S. Federal FICAM standards and FIPS 201-2. Gallagher has been compliant with FIPS 201-2 since 2016 and was one of the first 13.02 solutions available.
Our enterprise Personal Identity Verification (PIV) solution is a turnkey COTS Command & Control platform consisting of physical access control (PACS), intrusion detection (IDS), perimeter intrusion detection systems (PIDS, and integrated video management (VMS). The Gallagher Command Centre PIV solution is compliant with PIV requirements conforming to the FIPS 201-2 standard, offering enhanced identity verification, security, and life safety features to federal agencies and their contractors. Our solution architecture simplifies how sites transition to smart card-based access control platforms utilizing PIV and PIV-conformant Common Access Card (CAC) credentials based on NIST SP 800-73. Our systems meet current federal interoperability standards, cybersecurity, information assurance requirements, and compliance mandates including FIPS 201-2, FIPS-140, GSA APL, FICAM, FISMA, NIST SP 800-116, and ePACS.
Reliable and secure
In mission-critical environments, system reliability is paramount. Gallagher’s Meantime Between Failure (MTBF) is measured in decades and our products have proven extreme reliability. Gallagher stands behind our products with a standard five-year warranty at no additional charge to our customers – the longest warranty duration of any manufacturer listed on the GSA-Approved Product List.
Enterprise features
Gallagher's Command Centre Enterprise Server software is scalable to meet the needs of sites of all sizes, from single sites to those spanning across multiple locations, and regardless of whether they have 10, or more than 100,000 cardholders.
Our 6000HS PIV controllers are IP-based, with dual IP connections for redundancy, and can communicate with each other peer-to-peer over Ethernet, independent of a server. All logic and access decisions are made using fully distributed processing, providing true global I/O over Ethernet from controller to controller, building to building, state to state, or across continents.
Gallagher supports virtualization and split server scenarios for high availability, fault tolerance, and disaster recovery using industry standard tools like VM Ware, vSphere, and MS Clustering. Additionally, Gallagher’s multi-server feature natively supports a multi-server/regional server architecture.
Using this topology allows:
- Provisioning of users across geographically separated and independent sites
- Global auditing
- Automatic takeover and manual transfer of alarm management
- System monitoring
- Activity reporting
- Peer-to-peer communications between multiple servers in a distributed environment
- Running of evacuation/mustering reports from a remote site to identify last known location of cardholders in the event of an emergency
Our robust Software Development Kit (SDK) and RESTful Application Program Interface (API) interoperability toolkits allow us, our partners, and our clients to embrace standards-based methods of weaving Gallagher Security products into their evolving ecosystems – securing your investment now and into the foreseeable future.
Intrusion Detection System
Gallagher’s native Intrusion Detection System (IDS) features are suitable for certified Sensitive Compartmented Information Facilities (SCIFs) and meet the world’s most stringent alarm system standards and requirements, such as those outlined in ICD-705, NISPOM, DSCD 6.9, JFAN, and UL 681, 1076, and 2050.
All devices connected to the Gallagher HBUS can be enabled with PKI-based FIPS 140-2 Level 3 encryption, including all standard third-party sensors such as Biased Magnetic Switch (BMS) contacts, Tamper Switches, Passive Infrared Sensors (PIR’s), Vibration Detection Systems, and Glass Break Detectors. We support all standard alarm system functions and all points or zones can be armed or disarmed through the integrated Gallagher IDS LCD alarm terminal.
Every Gallagher IDS alarm terminal contains the same Gallagher PKI certificate-based security used in our controllers and readers and utilizes the same FIPS 140-2 Level 3 cryptography, mitigating voltage, injection, cloning, and counterfeiting attacks.
Perimeter Intrusion Detection Systems (PIDS)
Perimeter fences must be highly reliable, difficult to bypass, and not generate false alarms even in adverse conditions. Gallagher extends strong cryptographic protection to the perimeter using our industry-proven monitored pulse perimeter detection and protection systems.
Gallagher’s robust perimeter intrusion detection systems are suited to the rigorous requirements of high-risk security installations and are proven in many of the world’s harshest climates and environmental conditions.
Device Identity, CDM, PKI and encryption
Gallagher’s FIPS-140-2 level 3 Public Key Infrastructure (PKI)-based identity bus provides the world’s most secure end-to-end, out-of-the-box PACS architecture, utilizing a simplified ecosystem and delivering optimal read range and performance over a one megabit per second bus, even over existing cabling infrastructure. Re-utilizing existing copper and Ethernet cabling plants represents significant cost savings when retrofitting your access control system to a compliant state.
In many cases, Gallagher’s PIV solution does not require new structured cabling plants, allowing you to salvage your investment in installation labor, time, and materials and resulting in less disruption to your business environment. With authentication and validation functions baked-in to Gallagher’s security solutions, there is no need for third party devices to perform this functionality, reducing complexity, additional points of failure, and initial and ongoing sustainment cost.
The TCP/IP communication from the server to the Controller 6000 and peer-to-peer global communication between various Controller 6000s over Ethernet is authenticated and encrypted using TLS security. The Gallagher Controller 6000 PIV includes a FIPS140-2 Level 3 certified key store and cryptographic module to securely store keys for both upstream and downstream device communication.
Gallagher ensures that only essential IP ports on the 6000 are accessible to the network, minimizing the attack surface of the device. The Controller 6000 includes native denial of service monitoring and port isolation by measuring the rate of network packets being addressed. The controller generates warning alarms if the rate is sufficient enough to be interpreted as a denial of service (DOS) attack, and can temporarily shut down and isolate one or many ports when being attacked to prevent system degradation and mitigate security vulnerabilities.
Each Gallagher manufactured controller, reader, and sensor contains a FIPS 140-2 Level 3 Certified key store and cryptographic module for secure key storage and all HBUS encryption. Device level authentication, encryption, and communication is based on a bi-directional, high speed (1Mb/s) RS485 PKI enabled bus (HBUS) to provide the highest level of performance and security. All devices connected over HBUS are authenticated at installation time as genuine Gallagher devices using a device certificate and digital signature (Device PKI).
Contact our team today to learn how we can help deliver you an enterprise Physical Access Control System offering strong, real-time authentication of all Federally-issued and high-assurance credentials.