Automated Access Control Systems (Pedestrian) Evaluation Schemes

NPSA undertake a number of functional evaluation schemes for automated access control products

Last Updated 30 January 2024

Introduction

NPSA runs various functional evaluation schemes for automated access control products. This page describes the schemes and the process that manufacturers should follow for product submission. On successfully passing the evaluation, products will be awarded a specific grade (known as a CLASS rating) and listed in the NPSA Catalogue of Security Equipment (CSE). 

All evaluations are funded by the manufacturer and specific costs will be determined by the test lab performing the evaluation, based on the scope and complexity of the product being evaluated.

In any given evaluation against the standards above, it is unlikely that products can be tested in complete isolation. As such products supplied for an evaluation will fall under two categories, “core” and “peripheral”.

Typically, there will be a choice of peripheral components available (from either the manufacturer submitting or other manufacturers) and one of these choices will be used to demonstrate and test the functionality of the core product during the evaluation. The manufacturer is expected to provide peripheral devices that demonstrate the functionality and security of the core product and that meet any requirements and dependencies identified in the standard.

Evaluation Schemes Status

NPSA currently have functional standards for the following product areas: 

Product

Scheme Status

Current Standard

Automated Access Control Systems (AACS)

 Open to Submission Automated Access Control Systems v1.2 (June 2022)

Tokens

 Open to Submission Tokens v1.0 (March 2021)

Keypads

 Open to Submission Keypads v1.0 (March 2021)

Readers 

 Open to Submission Readers v1.0 (March 2021)

Biometric Authentication for AACS

 Open to Submission Biometric Authentication for Automatic Access Control Systems v3.0 (October 2023)

The above Access Control Standards can be requested by completing the Product Submission process.

Evaluation Schemes Detail

The major components that form an Automated Access Control solution are shown in figure 1. The differing core components assured under each evaluation scheme are also shown within this diagram.

Automated Access Control solution

Downloadable version

Whilst the core AACS, Tokens, Keypads, Readers and Biometrics components shown in Figure 1 will be discussed in more detail in the sections below, some of the peripheral components shown that connect to the core AACS component (e.g., Intrusion detection protective switches and locking hardware, including mechanical and electrical locks) are covered by separate evaluation programmes. NPSA will be publishing more information on these programmes in due course.

AACS

An AACS evaluation is designed to assure the functionality of the “brains” of an Access Control System. 

Typical core components evaluated under this evaluation scheme are:

  1. The main door controller hardware and enclosure 

  2. The server/workstation hardware and software that enable the operation of the AACS. This is typically the data centre based server hardware running the main AACS application and the workstation software used to configure and maintain the AACS application in day-to-day use. 

To achieve a CLASS 2 or 3 grade (see below for further guidance on grades), products must also undertake a CAPSS evaluation.

Tokens, Reader and Keypads

Tokens, Keypads & Readers are separate components that form part of the wider control of access solution to identify the user to the AACS.

A Token is used in a control of access solution to store encrypted “user data”. This data is passed to the Reader which, in turn, passes it onto the automated access control system. A token submitted for NPSA evaluation must use a common criteria certified chip. 

A Reader is a component used in a control of access solution to retrieve a secured secret / encrypted user data from a token.

A Keypad is used as part of physical access control to allow a user to enter a PIN in addition to presenting a Token to a Reader. It is implemented as part of an access control system to provide a second factor for authorising physical access and is not intended to provide access control in isolation.

Separate evaluation standards exist for Tokens, Readers, and Keypads. Products that consist of a combined Keypad and Reader should be evaluated using both Reader and Keypad standards. 

As part of undertaking one, or a combination of these standards, the product manufacturer is also required to undergo an NCSC CPA Build Standard evaluation. This standard describes the engineering principles and practices that are expected from a product developer creating a good quality, life-cycle secure product.

 

Biometrics for Automated Access Control Systems

A Biometrics evaluation is designed to evaluate the performance and accuracy of biometric systems used as the main or secondary factor of authentication used in an AACS. Sensors capable of processing modalities such as (but not limited to) fingerprint, face, iris and palm biometrics, are evaluated under this standard.

For products implementing biometric systems that incorporate an integrated reader or keypad, these will be required to undertake evaluation against both biometric AND reader or keypad standards.

In addition to presentation attack detection evaluation, additional requirements will be assessed in terms of data security.

The main areas that will be considered:

  • Basic tamper resistance

  • Basic cyber security requirements 

  • Build product design and build processes

To achieve a CLASS 3 grade (see below for further guidance on grades), products must also undertake a CAPSS evaluation.

Evaluation Schemes Scope

For NPSA Access control evaluation schemes, examples of core and peripheral equipment are shown in the table below.

Evaluation Scheme

Core

(The assured product)

Peripheral 

(Components that facilitate an evaluation)

AACS

Door controller including enclosure

Server hosting the main AACS application

Workstation hosting the administrative/end user software 

User Enrolment Workstation

Token

Keypad

Reader 

Door Protective Switch

Tokens

 Token

Reader 

Keypad (optional)

AACS (optional)

Keypads

 Keypad

Token

AACS

Reader (optional)

Readers 

 Reader

AACS (optional)

Keypad (optional)

Biometrics

Biometric Sensor

Server hosting the Biometric database

User Enrolment Workstation

 AACS

Only core components that form a product will be classed as assured by NPSA. Peripheral components are not assured for independent use, unless they have been evaluated separately as core components under another relevant scheme (e.g., tokens, reader and keypads).

Evaluation Schemes Grading

Based on the results of an evaluation the product will be awarded a CLASS level. 

CLASS levels are not publicly advertised, but are available to Government and CNI sites.

There are three NPSA-defined classes: CLASS 1, 2 and 3. In its simplest form, the CLASS grading is awarded based on its resistance to attackers of different abilities as below.

For each of the evaluation schemes the following gradings apply.

Standard/Grading Class 1 Class 2 Class 3

AACS Standard Only

Successful completion of the AACS Standard

Not available

Not available 

AACS Standards + CAPSS 

 All classes available – result dependent on evaluation performance

Tokens

 All classes available – result dependent on evaluation performance

Readers

 All classes available – result dependent on evaluation performance

Keypads

 All classes available – result dependent on evaluation performance

Biometrics

Successful completion of BAACS Standard

Successful completion of BAACS Standard

Not available

Biometrics + CAPSS

 All classes available – result dependent on evaluation performance

 

Evaluation Schemes Process

If a manufacturer wishes to submit a product for an assurance evaluation the following steps should be followed

Number 1 The manufacturer reads the requirements of the appropriate standard (using relevant technical personnel) to ensure its relevance to the product. Standards can be requested using the CSE submission process form using the relevant category. 
number 2 The manufacturer contacts an authorised NPSA test lab (listed below). The test lab and manufacturer discuss the evaluation process and the standard's requirement.
number 3 The manufacturer completes an NPSA Self-Funded Manufacturer Agreement. This can be requested from NPSA via the test lab. This form needs to be completed and signed by the manufacturer and returned to the test lab who will forward to NPSA.
number 4 Once necessary financial and legal agreements are in place between the manufacturer and the test lab, the formal evaluation will proceed. 
number 5 The manufacturer installs and configures the core product and any associated peripheral components at the test lab's location of choice where it is commissioned appropriately. Training of test lab staff to a suitable level is required. 
number 6 The product is evaluated by the test lab. The test lab may ask specific questions to the manufacturer about the product during the evaluation period. The test lab issues a detailed report to NPSA for review and a panel comprising of test lab and NPSA personnel is convened to discuss the findings and issue the evaluation result. 
number 7 Should a product pass the evaluation, the manufacturer will be notified of the result by letter and advised on future use of the NPSA trademark. The product will then be published in the CSE
number 8 Should a product fail to achieve a CLASS rating, the manufacturer will be notified of the result by letter and a summary report will be issued by the test lab containing findings and recommendations on required areas of improvement. 
number 9 NPSA's decision is final and non-contestable. Manufacturers will be encouraged to fix any necessary adverse findings and to resubmit the product for partial or full evaluation.

Downloadable version

Post Evaluation Requirements

Following a successful evaluation, the product will be assured for an initial period of two years, after which the manufacturer will be expected to undergo a lightweight renewal process performed by a Test Lab of the manufacturer's choice. This will be repeated after a further two years (i.e. four years after initial evaluation). A full evaluation will be required six years after the initial evaluation. 

The following steps are required at two and four years from the initial pass being awarded.

Number 1 Approximately four to six months prior to expiry, the manufacturer will engage with any of the NPSA approved test labs. This process will be funded by the manufacturer. 
number 2 The manufacturer provides a change log of the product since the initial evaluation to the test lab.
number 3 A two day (indicative) impact assessment is carried out by the test lab comparing changes submitted by the manufacturer to the current published standard.
number 4 A gap analysis to identify any fundamental changes to the product and/or development processes compared to the initial evaluation is performed by the test lab. 
number 5 A recommendation of what type of intervention (e.g. minor document review, partial re-evaluation or full  re-evaluation) is provided by the test lab to NPSA. 
number 6 NPSA panel will review the test lab report and findings and will be reported back to the manufacturer by the test lab. 
number 7 If no significant issues are reported, NPSA will write to the manufacturer confirming the trademark will be awarded for a further two years. If significant issues of concern are reported, a partial (or full) re-assessment may be required. At six years from the initial pass the product is required to undergo full reassessment.

Downloadable version

NPSA Authorised Test Labs

Evaluation Scheme

Test Lab

Test Lab Contact
AACS

BRE

BSI

CyTAL

NCC

[email protected]

[email protected]

[email protected]

[email protected]
Tokens

BSI

CyTAL

NCC

[email protected]

[email protected]

[email protected]
Readers

BSI

CyTAL

NCC

[email protected]

[email protected]

[email protected]
Keypads

BSI

CyTAL

NCC

[email protected]

[email protected]

[email protected]
Readers

BSI

CyTAL

NCC

[email protected]

[email protected]

[email protected]
Biometrics Ingenium Biometrics [email protected]
Did you find this page useful? Yes No