Which Standards Have Had The Greatest Positive Impact On Physical Security?

The Software Bill of Materials (SBOM) standards mandated over the past year have enhanced visibility into software vulnerabilities and made physical security devices better defended than ever before. This visibility is critical – after all, you can’t fix something you don’t know is broken, and cybersecurity threats are more prevalent than ever. SBOM refers to a repository that helps identify in which network devices vulnerabilities exist, and also shows all the software components a vendor’s device relies on. The SBOM also provides the ability to review these software components before even purchasing a network device. Whether you’re setting up a device management system, hardening new devices, or looking into how the existing ones operate, it’s crucial to have actionable, real-time insights into vulnerabilities to proactively defend your network attack surface.

For video security systems, the adoption of H.264 led to significant improvements in the development and interoperability of IP-based security solutions. This video compression standard has ensured that different devices and software from various manufacturers work together seamlessly. This enabled compatibility was crucial to creating comprehensive security systems using components from different sources. Efficient video compression from both H.264 and H.265 continues to be vital for reducing the storage footprint and bandwidth requirements of high-resolution video. For systems with remote access or cloud storage infrastructure, it is essential. Specialized communication standards such as ONVIF have also been important when facilitating basic interoperability between network video devices. While image processing and API/SDKs developed by manufacturers can further improve image quality, reduce bandwidth, and enhance communication between components, industry standards guarantee a minimum level of interoperability. With today’s evolving cyber threats, it’s also important that more organizations adopt cybersecurity standards such as NIST’s FIPS 140-2 Level 3.

California recently passed its Senate Bill 553, requiring companies to establish their own workplace violence prevention standards. Companies in California must now keep records of all threats and incidents of workplace violence, as well as their responses to those threats and incidents. The passing of this Bill is a step in the right direction for corporate security and preventing workplace violence as it compels companies to keep track of their threat landscape and better protect their employees. The passing of this bill may also result in other states following suit. To help comply with the law, organizations will need to think about how to keep track of these incidents, which will be required by law in California starting in July 2024. Organizations that invest now in a centralized system of record will be well prepared to comply with the law by capturing all workplace threats and violent incidents and showing the work they have done to address each, including conducting investigations where required.

Where physical security systems implement measures and protocols to protect people, assets, and information, standards play a critical role in ensuring their effectiveness, reliability, and consistency – promoting best practices and benchmarking performance in the process. ISO 27001, for example, is recognized as the international standard that focuses on information security management systems, but its principles and framework can be applied to physical security also, and as such, it has helped to deliver a holistic approach to security management. For access control specifically, it’s crucial to identify the specific frameworks relevant to your region, systems and regulatory requirements, with regional or industry-specific standards, such as the British Standards Institution and its BS EN 60839 and BS EN 1209 classifications - to name a few - having driven continuous improvement across the industry. Similarly, the American National Standards Institute (ANSI) and the Builders Hardware Manufacturers Association (BHMA) have established several key standards such as the ANSI/BHMA A156 series, which addresses various types of hardware in the US. Finally, one of the most widely recognized and respected standards is the Physical Security Interoperability Alliance (PSIA) which provides comprehensive requirements for access control systems by focusing on interoperability, scalability, and functionality.