1、Designation: E2842 14Standard Guide forCredentialing for Access to an Incident or Event Site1This standard is issued under the fixed designation E2842; the number immediately following the designation indicates the year oforiginal adoption or, in the case of revision, the year of last revision. A nu
2、mber in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.INTRODUCTIONThe purpose of the Standard Guide for Credentialing for Access to an Incident or Event Site(hereafter the guide) is to assist in the cred
3、entialing of personnel and the associated activities, whichallows for access to an incident2or event site by State, Tribal, local, private sector, andnongovernmental organizations (NGOs). The credentials allowing scene access should be a verifica-tion of identity and (by the authority having jurisdi
4、ction AHJ) that the appropriate training,experience, and qualifications are in place. This guide does not provide any specifications regardingqualifications or training required for said credentials. However, it is recognized that credentialing isa part of resource management and that a credentialed
5、 individual is a specified resource.1. Scope1.1 The focus of this guide is on the development ofguidelines for credentialing for access. The guide addresses thefundamental terms, criteria, references, definitions, and processmodel for implementation of credentialing or a credentialingprogram.1.2 Thi
6、s guide explains and identifies actions and processesthat can provide the foundation for consistent use and interop-erability of credentialing for all entities.1.3 This guide describes the activities involved in creating acredentialing framework, which may include a physical badge;however, it does n
7、ot define the knowledge, skills, or abilitiesrequired to gain access to a site or event. This guide does notaddress a requirement for a physical badge as a prerequisite fora credential. A badge may be an accepted credential acrossjurisdictional lines and other credentials may be issues by theAHJ at
8、the scene.1.4 This guide reinforces the importance of controllingaccess to a site by individuals with the proper identification,qualification, and authorization, which supports effective man-agement of deployed resources.1.5 This guide relies on the existing rules, regulations, laws,and policies of
9、the AHJ. Regulations identifying personal andprivate information as public record may differ from a respond-ers home jurisdiction.1.6 This guide utilizes the principles of the Data Manage-ment Association Guide to the Data Management Body ofKnowledge (DAMA-DMBOK) in order to effectively controldata
10、and information assets and does not prescribe the use oftechnology-based solutions.1.7 This standard does not purport to address all of thesafety concerns, if any, associated with its use. It is theresponsibility of the user of this standard to establish appro-priate safety and health practices and
11、determine the applica-bility of regulatory limitations prior to use.2. Referenced Documents2.1 DAMA International:3The DAMA Guide to the Data Management Body ofKnowledge 20092.2 Federal Emergency Management Agency:Guideline for the Credentialing of Personnel July 2011National Response Framework4Janu
12、ary 2008NIMS Guide 00025National Credentialing Definition andCriteria, March 27, 2007.NIMS Guideline for the Credentialing of Personnel July2011.2.3 Department of Homeland Security:NIMS6December, 2008Homeland Security Presidential Directive (HSPD)1This guide is under the jurisdiction of ASTM Committ
13、ee E54 on HomelandSecurity Applications and is the direct responsibility of Subcommittee E54.02 onEmergency Preparedness, Training, and Procedures.Current edition approved March 1, 2014. Published March 2014. DOI: 10.1520/E2842-14.2As defined in National Incident Management System (NIMS) 2008.3Avail
14、able from DAMA international, http:/www.dama.org/i4a/pages/Index.cfm?pageid=3364.4Available from http:/www.fema.gov/pdf/emergency/nrf/nrf-core.pdf.5Available from http:/www.fema.gov/pdf/emergency/nims/ng_0002.pdf.6Available from http:/www.fema.gov/pdf/emergency/nims/NIMS_core.pdf.Copyright ASTM Inte
15、rnational, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United States1127Policy for a Common Identification Standard forFederal Employees and Contractors, August 27, 2004.2.4 NIST Standard:8FIPS 201 Personal Identification Verification (PIV) of Fed-eral Employees and Contrac
16、tors and Associated SpecialPublications (SPs), March 20112.5 NFPA Standard:9NFPA 1600 Standard on Disaster/Emergency Managementand Business Continuity Programs, NFPA 2007.NOTE 1Further information on these subjects can be found inAppendix X1.3. Terminology3.1 The following definitions are intended f
17、or use in thisguide.3.2 Definitions:3.2.1 affliationthe association of a non-credentialed indi-vidual or group of individuals under the supervision of anAHJ-compliant credentialed responder for the purpose ofgaining access to accomplish a specific incident or eventmission.3.2.2 applicantan individua
18、l applying for a credential.3.2.3 attributea qualification, certification, authorization,or privilege of the credential holder.3.2.4 Authority Having Jurisdiction (AHJ)theorganization, office, or individual responsible for enforcing therequirements of a code or standard or approving equipment,materi
19、als, an installation, or a procedure. (NFPA 1600)3.2.5 credentiala credential is an attestation of theidentity, qualification, and authorization of an individual toallow access to an incident or event site.3.2.6 credentialingthe administrative process for validat-ing the qualifications of personnel
20、and assessing theirbackground, for authorization and permitting/granting accessto an incident (site or event). (NIMS Guide 0002)3.2.7 eventa planned occurrence or large-scale gatheringthat requires planning, coordination, and support from theemergency management community, such as a National Spe-cia
21、l Security Event (NSSE) or the Superbowl.3.2.8 entitya governmental agency or jurisdiction, privateor public company, partnership, nonprofit organization, orother organization that has disaster/emergency managementand continuity of operations responsibilities. (NFPA 1600)3.2.9 incidentan occurrence,
22、 natural or man-made, thatrequires a response to protect life or property. (NIMS 2008)3.2.10 issuerthe organization that is issuing a credential toan applicant. Typically, this is an organization for which theapplicant is working. (FIPS 201)3.2.11 National Incident Management System (NIMS)aset of pr
23、inciples that provides a systematic, proactive approachguiding government agencies at all levels, the private sector,and NGOs to work seamlessly to prepare for, prevent, respondto, recover from, and mitigate the effects of incidents, regard-less of cause, size, location, or complexity, in order to r
24、educethe loss of life or property and harm to the environment.(NIMS 2008)3.2.12 Non-Governmental Organization (NGO)an entitywith an association that is based on the interests of itsmembers, individuals, or institutions. It is not created bygovernment, but it may work cooperatively with government.Su
25、ch organizations serve a public purpose, not a privatebenefit. Examples of NGOs include faith-based charity orga-nizations or organizations such as the American Red Cross.(NIMS 2008, NFR)3.2.13 scenethe geographical area(s) of an incident withboundaries and access points. There may be multiple level
26、s ofa scene that may require multiple access points based uponsecurity, risk, or other factors as defined by the AHJ wheredifferent levels of credentialing may be assigned.3.2.14 sponsorindividual or entity endorsing the applicantto receive the credentials.4. Significance and Use4.1 There is current
27、ly no way to ensure consistency amongall entities across the nation for access to an incident or eventscene. This guide is intended to enable consistency in creden-tials with respect to verification of identity, qualifications, anddeployment authorization (NIMS 0002).4.2 This guide is intended to be
28、 used by any entity thatmanages and controls access to an incident scene to facilitateinteroperability and ensure consistency.5. A Framework for the Credentialing of Personnel5.1 The framework is built upon credentialing principlesand elements with an approach that should be established as theinitia
29、l steps of credentialing activities. The following principlesare recommended for consideration:5.1.1 Standards BasedConsistent with applicable nationalstandards or industry-accepted best practices.5.1.2 InteroperabilityAbility of systems, personnel, (stan-dards) and equipment to provide and receive
30、functionality,data, information, or services, or combinations thereof, to andfrom other systems, personnel, and equipment among bothpublic and private agencies, departments, and other organiza-tions in a manner enabling them to operate effectively together.(NIMS 2008)5.1.3 TrustConfidence in the ide
31、ntity and qualifications ofthe individual, and confidence in the manner in which thecredentials are validated at the scene.5.1.4 Physical and Cyber SecurityUse of best practices toprotect the physical credential and associated data. Refer to theData Security Management section of Appendix X3 for mor
32、einformation.7Available from U.S. Government Printing Office Superintendent of Documents,732 N. Capitol St., NW, Mail Stop: SDE, Washington, DC 20401, http:/www.access.gpo.gov.8Available from National Institute of Standards and Technology (NIST), 100Bureau Dr., Stop 1070, Gaithersburg, MD 20899-1070
33、, http:/www.nist.gov.9Available from National Fire Protection Association (NFPA), 1 BatterymarchPark, Quincy, MA 02169-7471, http:/www.nfpa.org/assets/files/dpf/nfpa1600.pdfE2842 1425.1.5 PrivacyTo protect an individuals private informa-tion in accordance with applicable laws; for example, name,soci
34、al security number, biometric records, medical records, ortribal enrollment.5.1.6 TransparencyPolicies are implemented in an openand understandable manner.5.1.7 Sustainability and PortabilityCapacity to maintaincredentialing activities and to remain effective when the AHJor the overall authority, or
35、 both, changes.5.2 Credentialing Program ElementsThe following cre-dentialing program elements are recommended building blocksfor a credentialing framework: planning, funding,implementation, agreements, information management, train-ing and exercises, and audit process. For more information,refer to
36、 Appendix X4 Sample Credentialing Plan Template.5.2.1 PlanningPlanning should consider the jurisdictionsstrategy for credentialing as well as development of plans toaddress goals, objectives, and business rules. Planning shouldalso establish roles and responsibilities and address the imple-mentation
37、 process and supporting procedures.5.2.2 Business RulesThe AHJ should detail how creden-tials will be granted, including to whom and through whatauthorization process. Rules must include a provision and planto ensure private information is protected through the adher-ence to privacy laws and policie
38、s, information management,and protection processes. Business rules should include aprocess for verification of a persons identification, verificationof attributes, and deployment authorization. Business rulesshould also be in place for access permissions (from leastsecure to most secure) at incident
39、 scenes requiring varyingsecurity perimeters. Additionally, rules should include a pro-cess for appeal and reciprocity across jurisdictional boundaries.5.2.3 Credential ElementsCredentials can be anythingused to identify that a persons identity, qualifications, andauthorization have been validated,
40、for example badges, armbands, vest, clothing, index cards, or any combination ofmechanisms. The following is a list of elements that may beconsidered to develop to verify identification, qualification, andauthorization information:(1) Photograph(2) Name (Last, First, Middle Initial)(3) Organization
41、Represented(4) Employee Affiliation(5) Organizational Affiliation(6) Expiration Date(7) Area for Circuit Chip/Contact Chip/Smart Chip(8) Date Issued(9) Header (such as State, local, Tribal, private sector, orNGO)(10) Footer (such as Federal Emergency Response Official(FERO) Designation)(11) Agency S
42、eal Watermark(12) Agency Card Serial Number(13) Issuer Identification(14) Qualification Information(15) Authorization Information (to deploy)(16) Signature(17) Agency-specific Text Area(18) Rank(19) PDF Bar Code(20) Color Coding for Employee Affiliation(21) Photo Border for Employee Affiliation(22)
43、Agency-specific Data(23) Magnetic Strip(24) Return to “If Lost” Language(25) Physical Characteristics of Cardholder(26) Additional Language for Emergency Responder Offi-cials(27) Standard Section 499, Title 18 Language(28) Linear 3 of 9 Bar Code(29) Agency-specific TextDepending upon the credentiali
44、ng solution based on theentitys credentialing plan, there may be specific requirementsfor data or placement. Refer to Appendix X2 for examplecredentials.5.2.4 DistributionThis should include ways of maintain-ing control of credentials while distributing to the appropriateparties or responders. This
45、process shall also account for lost,stolen, or revoked credentials, or combinations thereof.5.2.5 Timelines/SchedulesThese elements should detailany phased approach for implementation or maintenance of thecredentialing program.5.2.6 Needs AssessmentThe needs assessment identifiesand validates the ta
46、rget audience and requirements for thecredentialing plan and process, including identification of thosewith a potential need for access, numbers and types ofindividuals in a given skill area, and the status of extantcredentials in that area.5.2.7 Plans and ProceduresThe credentialing plan shouldincl
47、ude:5.2.7.1 PurposeDescribe the reasoning for the develop-ment of a credentialing plan.5.2.7.2 ScopeApplicability of the plan, the items forinclusion, and the intended audience.5.2.7.3 DefinitionsSpecific definitions for key words usedin the plan.5.2.7.4 AuthoritiesApplicable legislation, regulation
48、s,directives, or policies, or combinations thereof, to create andimplement the credentialing plan. For more detailed informa-tion about data protection, see Appendix X3.5.2.7.5 GovernancePlanning, supervision, and control ofthe credentialing process.5.2.7.6 Credentialing PrinciplesState the over-arc
49、hingguidance for the approach of the AHJ (see above).5.2.7.7 ApproachA high-level description of how theentity structures its plan to credential different types andnumbers of individuals, for example, emergency responders,other government agencies, elected officials, tribal leaders,media, and volunteers. This approach should be scalable torapidly expand or contract to meet incident or event require-ments.5.2.7.8 Implementation ProcessThe activities included inthe credentialing implementation process.5.2.7.9 DocumentationRecords ke
