SIDA badging requirements and audits, and the 5% rule
Airports face a far higher level of oversight than many other organizations when it comes to security. With vendors, contractors, airline personnel and airport personnel, along with passengers and the general public circulating in a large facility with multiple levels of security, there is potential for every type of risk.
Airport security is particularly crucial in Security Identification Display Areas (SIDAs), the most sensitive parts of the facilities and premises. SIDAs include three segments of the airport:
- Secure Area is any part of the airport where all persons are required to possess a current, valid, airport-approved identification badge, and to display it at all times
- Sterile Area is the entire segment of the airport beyond the security checkpoint
- AOA (Airport Operations Area) is the airfield itself; any area used for landing, take-off, and surface maneuvering of aircraft
In 2015, it was discovered that 73 airport employees with potential ties to terrorism were issued credentials which allowed them to get access to secure areas of airports. This and other troubling findings ultimately led to changes driven by the Department of Homeland Security to improve the vetting of all aviation employees.
The 5% Rule for Airport Credentials
Today, TSA regulations require airports to perform regular audits of identification badges in circulation. Should the percentage of unaccounted-for credentials for SIDAs exceed 5%, the entire airport must be rebadged. Taking it a step further, the Security Act of 2016 requires TSA to notify congressional committees of any Category X airport (the largest and busiest airports in the country) missing 3% of their SIDA badges.
This can be a heavy burden for airport security personnel. According to a TSA estimate, there are approximately 1.4 million aviation workers with access to Security Identification Display Areas (SIDAs) at airports across the United States. Even for small airports, there can be a great deal of employee turnover, schedule changes, information updates and other factors that necessitate access permission changes. When these changes are provisioned manually, it can be extremely difficult to keep up.
The Challenge of Airport Access Chaos
The term “Access Chaos” was coined to describe a system in which identities and the permissions assigned to them are missing, incorrect or out of date – a condition that leads to a variety of risks. An estimated 90% of companies with access control systems experience this threat in some form. In the case of airports, these risks are compounded by the severe penalties imposed by the TSA when more than 5% of badges are unaccounted for.
There is technology which can solve this problem by mapping, measuring and monitoring. Here is how it works:
– Map people from multiple sources and Physical Access Control Systems
– Automatically upload HR, Active Directory, Learning Management systems data daily
– Map the unescorted access worker credentials from PACS(s) with information from payroll extracts (including access from tenants, concessionaires, vendors and contractors)
– Visualize who has what levels of access internally and for your tenants
– Automate daily worker (employees & tenants) policy checks
– Daily insights into inactive people/accounts with active access
– Identify people with active badges that have not recently or have never accessed site
– Identity people with active badges with non-compliant approval status, requiring training, certifications, etc.
– Demonstrate due diligence and compliance with airport standards
– Show current employment status and PACS status in a single view
– Automate and streamline access review preparation
– Monitor access review completion and capture findings
The Security Mandate for Airports
Even with improvements in vetting aviation workers, along with efforts like the FBI’s Rap Back service, there are thousands of valid credentials that should not be in circulation at airports across the country. Now, with the 5% rule, airports face strict consequences should they be audited and found to have exceeded this percentage (or, in some cases, only 3%).
While credentialing in an airport environment is a complex and fast-changing challenge, there is easy-to-adopt technology. RightCrowd Access Analytics provides a lightweight, easy-to-adopt solution with extremely fast time-to-value. Using the solution you can map, measure and monitor access permissions on a continual basis, helping ensure you maintain compliance with the TSA’s 5% rule.