The Maritime Transportation Security Act (MTSA) of 2002 created new regulations for certain facilities located in ports and along waterways. These facilities were working toward compliance with the TWIC Final Reader Rule (FRR) that was issued on August 23, 2016. The anticipated deadline for installation and validation by the US Coast Guard (USCG), with a two-year window for inspections, was August 23, 2018 for all impacted sites.
There has been much controversy since the FRR was issued in 2016. With industry pushback plus the threat of lawsuits, Congress and the President have placed a hold on further enforcement activities of the FRR:
The Senate committee approved a bill in late June 2018 stating that the program will be reassessed. Per this Senate committee report, on Wednesday, June 27, the Senate committee approved SB3094, a bipartisan bill sponsored by Sens. Dan Sullivan, R-Alaska, and Gary Peters, D-Mich. The bill restricts the Coast Guard from implementing any rule requiring the use of biometric transportation security cards until an assessment of the program is submitted to Congress. Titled the “Transportation Worker Identification Credential Accountability Act of 2018,” the bill will delay a final rule published in the Federal Register by the Coast Guard in August 2016. In that final rule, the Coast Guard would require biometrics such as a fingerprint be included in confirming a TWIC cardholder’s identity.
On August 2, 2018, the President signed HR 5729 prohibiting the U.S. Coast Guard from (1) implementing the rule titled “Transportation Worker Identification Credential (TWIC)-Reader Requirements,” and (2) proposing or issuing a notice of proposed rulemaking for a rule that would require the use of biometric readers for biometric transportation security cards.
Below is a design example within a typical facility environment:
a. The enrollment reader and registration engine is used to enroll a TWIC card, authenticate the card, and the verify card is not on CCL.
b. The registration engine sends the enrolled record: FASC-N, Last Name, First Name, photo, and TWIC expiration date to PACS system, thus registering TWIC card in PACS.
c. The administrator assigns the registered TWIC card access rights in the PACS.
d. The certificate manager compares FASC-Ns contained in registration engine with CCL every 24 hours (or as required per current MARSEC level).
e. The access rights of FASC-Ns listed on CCL are revoked in PACS.
f. The TWIC cardholder presents TWIC card (or typical company-issued proximity card) to the TWIC reader.
g. The TWIC reader sends the FASC-N from card to certification service via the fixed or portable reader service.
h. The PACS service sends down TWIC Privacy Key via the reader service to unlock the biometric in the TWIC.
i. The TWIC biometric sensor activates, and the TWIC cardholder presents their finger.
j. The TWIC reader performs biometric match. If a match is successful, the FASC-N is sent to PACS panel for access decision.
k. The PACS panel unlocks gate or door if access is granted; if access rights are revoked, the gate stays locked.
Convergint Business Development Manager and TWIC expert Darin Dillon has compiled a guide to the challenging Transportation Worker Identification Credential (TWIC) legislation. Download it below.
Convergint Can Help
Convergint provides strategic planning, consulting, assessment, design, integration, and services to ensure ongoing TWIC regulatory compliance for its customers. These solutions include:
- Physical Access Control System (PACS)
- TWIC registration engine
- TWIC certificate manager for authenticating and integrating to the canceled card list
- Enrollment readers
- Fixed readers
- Portable readers
We suggest you engage a Convergint security professional who is highly involved in the industry and engaged with the regulators.