Request for Information (RFI) Enterprise Physical Access Control System (PACS)

The United States Coast Guard (USCG) has issued a Request for Information (RFI) to identify potential sources for an enterprise-level Physical Access Control System (PACS). This RFI is a market research tool to gather information for future acquisition planning, not a solicitation for a contract. The USCG requires a robust, integrated, and scalable PACS to enhance physical security across its diverse installations, including shore facilities, ports, air stations, and cutter homeports. The desired system will replace fragmented legacy systems with centralized management, advanced authentication, real-time monitoring, and robust reporting. It must comply with federal mandates, integrate with Department of War (DoW) and Department of Homeland Security (DHS) systems, and operate on unclassified networks. The USCG is requesting detailed information from vendors on organizational experience, architectural approach, integration capabilities, compliance with federal standards (FIPS 201-3, FIPS 140-2, HSPD-12, FISMA), cybersecurity features, cost estimates, reporting and auditing, multi-factor authentication, remote management, potential challenges and risks, credential management, access control policies, system scalability, and lifecycle planning and sustainment.

The U.S. Coast Guard (USCG) requires an enterprise-wide Physical Access Control Systems (PACS) solution to mitigate security vulnerabilities at its installations. The current system, relying on visual and physical inspection, is inadequate for verifying identity, fitness, and purpose, leading to potential unauthorized access and non-compliance with federal mandates. The proposed PACS will electronically interrogate credentials, identify debarments, and manage visitor access, integrating with various databases for comprehensive vetting. Implementation will prioritize installations with existing infrastructure and sufficient staffing, facing constraints such as limited infrastructure and manpower. The project, estimated at $16M for acquisition and $116M for operations over 10 years, will span five years. This initiative is crucial due to increasing operational risks, aiming to enhance security and meet federal standards through a robust, integrated access control system.

The U.S. Coast Guard (USCG) requires a modern enterprise Physical Access Control System (PACS) to address critical operational gaps and enhance security across its eleven statutory missions. This Operational Requirements Document (ORD) outlines the need for a robust system to rapidly identify individuals, assess their fitness for access, and integrate with interagency databases for comprehensive vetting. PACS must operate persistently worldwide, enduring extreme environmental conditions and maintaining functionality during limited connectivity. Key requirements include accurate identity verification, multi-factor authentication, efficient visitor management, and seamless interoperability with external databases like DEERS and IMESA. The system must achieve a false acceptance rate of less than 0.1% and a system-wide outage recovery time of no more than two hours. The implementation will occur in phases, prioritizing units with CG Police Departments/Security Forces.

The document outlines a multi-phase implementation plan across various units, primarily within the Coast Guard, categorizing them into six phases (I-VI) with additional notes for immediate actions and future requirements. It lists numerous AIRSTAs, Bases, SECTORs, and other specialized units such as C5ISC, TRACENs, and AUX districts. Each unit is assigned a specific phase, indicating a staged rollout or upgrade. Phase I includes units like USCGA and AIRSTA Barber Point, with some showing a "# OF UNITS" count, culminating in a "Total Result" of 120. Later phases introduce more diverse units, including those related to aviation, logistics, and maritime safety. The "NOTES" section highlights critical directives like "IMMEDIATE IMPLEMENTATION," "AUXILIARY (NEED CARD PRINTERS ONLY)," "UPON COMPLETION OF PAHSE I AND II," and mentions "ADDITIONAL STAFFING REQUIRED" and "TENTATIVE - NEED FULL ASSESSMENT," indicating ongoing needs and evaluations for the overall project.