1 Scope
NOTE This specification covers the design, equipment, installation, programming, and testing of an electronic access control system (ACS) for controlling pedestrian entry into and movement within a building. (1.1)
1.2 The system shall identify users by credential, validate their access privileges against a rule set maintained by a head-end software platform, and electrically operate door hardware to permit or deny passage at controlled openings.
1.3 The system shall additionally monitor door position and request-to-exit conditions, log every access event and exception, and interface with the building fire alarm system to release fail-safe locking devices on alarm.
1.4 System Composition
NOTE The access control system is a coordinated assembly of electronic head-end software, networked door controllers, credential readers, request-to-exit devices, door position switches, low-voltage power supplies, and the electrified door hardware that physically secures each opening. (1.4.1)
1.4.2 This standard governs the electronic head-end, the controllers, the reader-side devices, and the wiring; the electrified locking hardware itself — the electric strike, electromagnetic lock, electrified mortise lock, electrified cylindrical lock, or electric exit device — is procured and installed under Doors Frames And Hardware and shall be coordinated under this standard. 1.5 Coordination
NOTE Every controlled opening is a system requiring coordination across multiple trades and standards. (1.5.1)
1.5.2 The Contractor shall coordinate the access control scope with Doors Frames And Hardware for lock selection, frame and door preparation, and hardware-set finalization. 1.5.3 The Contractor shall coordinate with Fire Alarm Systems for the release of fail-safe locks on fire alarm. 1.5.6 The Contractor shall coordinate with Equipment Labeling for device and circuit identification. 1.6 Exclusions
NOTE This standard addresses electronic access control of swinging pedestrian doors using card, smart card, or mobile credentials. (1.6.1)
1.6.2 This standard does not cover video surveillance, intrusion detection alarms, intercom systems, parking and vehicle access control, automatic pedestrian door operators beyond the lock release interface, or biometric-only systems without a supporting card or mobile credential.
2 Referenced Standards
2.1 Equipment, materials, software, and installation shall comply with the latest adopted edition of the following standards.
| Standard |
Title |
| UL 294 |
Access Control System Units |
| UL 1034 |
Burglary-Resistant Electric Locking Mechanisms |
| UL 1076 |
Proprietary Burglar Alarm Units and Systems |
| UL 1981 |
Central Station Automation Systems |
| UL 10C |
Positive Pressure Fire Tests of Door Assemblies |
| UL 10B |
Fire Tests of Door Assemblies |
| NFPA 101 |
Life Safety Code (egress at access-controlled openings) |
| NFPA 80 |
Standard for Fire Doors and Other Opening Protectives |
| NFPA 72 |
National Fire Alarm and Signaling Code (interface to ACS) |
| NFPA 70 |
National Electrical Code (Articles 725 and 760) |
| IBC Chapter 10 |
International Building Code — Means of Egress |
| IFC Chapter 10 |
International Fire Code — Means of Egress |
| ICC A117.1 |
Accessible and Usable Buildings and Facilities |
| ADA Standards for Accessible Design |
Federal accessibility requirements |
| ANSI/SIA AC-01 |
Access Control General Requirements |
| SIA OSDP v2.2 |
Open Supervised Device Protocol |
| ANSI/BICSI 008 |
Wireless LAN Best Practices for Cabling Installation |
| ANSI/TIA-568 |
Generic Telecommunications Cabling for Customer Premises |
| ANSI/TIA-569 |
Telecommunications Pathways and Spaces |
| ANSI/TIA-606 |
Administration Standard for Telecommunications Infrastructure |
| ANSI/TIA-607 |
Generic Telecommunications Bonding and Grounding |
| FIPS 201 |
Personal Identity Verification (where federal credential interoperability applies) |
| NIST SP 800-116 |
Use of PIV Credentials in Facility Access |
| ISO/IEC 14443 |
Identification cards — Contactless integrated circuit cards (proximity) |
| ISO/IEC 7816 |
Identification cards — Integrated circuit cards |
2.2 Where the contract documents, the adopted building code, or a referenced standard conflict, the more stringent requirement shall govern unless the Engineer of Record directs otherwise in writing.
3 Submittals
3.1 Action Submittals
3.1.1 The Contractor shall submit the following to the Engineer of Record for review prior to procurement and prior to beginning installation:
- Manufacturer's product data for the head-end server platform, every door controller and panel, every reader, every credential type, every power supply, every request-to-exit device, every door position switch, every input/output module, and every accessory item
- A system riser diagram showing the head-end server, network switches and segmentation, every controller panel, every reader, every electrified door hardware connection, every REX and DPS input, every power supply with backup battery, and the interface to the fire alarm system
- A door schedule listing every controlled opening by mark number, cross-referenced to the door schedule in Doors Frames And Hardware, indicating reader type and quantity per opening, electrified hardware type (free-egress vs access-controlled vs delayed egress), fail-safe or fail-secure operation, REX device type, DPS configuration, power supply assignment, and controller and reader address
- A panel schedule for each controller cabinet listing every door served, the assigned reader address, the assigned input/output points, the panel power budget, and the upstream and downstream power supply
- A head-end architecture diagram showing the server, redundancy or high-availability arrangement, database storage, backup strategy, network segmentation, directory and SSO integration, and any cloud or remote connectivity
- A sequence-of-operations matrix listing each input (valid credential, invalid credential, REX, DPS open, DPS forced-open, DPS held-open, fire alarm, tamper) and the resulting outputs (unlock, lock, alarm, audit log, notification) for each door type
- Battery calculations for every UL 294 listed power supply showing standby and alarm current draw, required standby duration, and selected battery amp-hour capacity
- OSDP configuration documentation including baud rate, Secure Channel keys management, polling intervals, and address assignments
- Cybersecurity hardening documentation including the cipher suite, certificate management plan, default-credential change procedure, firmware version baseline, and network segmentation approach
☑ Product data for head-end, controllers, readers, credentials, power supplies, REX, DPS, modules
☐ System riser diagram
☐ Door schedule cross-referenced to door, frame, and hardware schedule
☐ Controller panel schedules with point assignments
☐ Head-end architecture diagram
☐ Sequence-of-operations matrix
☐ Battery calculations for each power supply
☐ OSDP configuration documentation
☐ Cybersecurity hardening plan
3.1.2 The access control submittal is a complete system-level package; partial or piecemeal submittals shall be returned without review.
3.2.1 The Contractor shall submit the following informational items:
- Manufacturer's installation instructions for each component, retained on site during installation
- Installer qualifications documentation, including factory training certificates for the specific controller platform
- Proposed acceptance test plan including test procedures, schedule, personnel, and forms
☑ Manufacturer's installation instructions retained on site
☐ Installer qualifications and factory training certificates
☐ Proposed acceptance test plan with procedures, schedule, personnel, and forms
3.3 Closeout Submittals
3.3.1 At substantial completion, prior to system acceptance, the Contractor shall submit:
- Accepted acceptance test report signed by the Contractor and the testing technician
- As-built system drawings reflecting final device addresses, controller programming, and circuit routing
- Complete head-end programming record: user roles, access levels, time schedules, door groups, holiday schedules, and event-to-action mappings
- A keyholder turnover package: head-end administrator account credentials, encryption key custody record, recovery procedures, and an inventory of issued credentials at substantial completion
- Operation and maintenance manual including normal operations, lockdown procedures, after-hours access procedures, credential enrollment and revocation, backup and restore, battery replacement schedule, and firmware update procedure
- Warranty documentation
- Manufacturer service contact list and any service-agreement terms
☑ Accepted acceptance test report
☐ As-built system drawings with final addresses
☐ Head-end programming record
☐ Administrator credentials and encryption key turnover package
☐ Operation and maintenance manual
☐ Warranty documentation
☐ Manufacturer service contact list
4 Quality Assurance
4.1 Installer Qualifications
○ Required for the specific controller platform
● Required for controller platform and head-end software
○ Not required (installer qualifications by experience only)
4.1.1 The access control system shall be installed by a contractor regularly engaged in the design and installation of electronic access control systems with documented experience on at least three projects of comparable size and complexity within the past five years.
4.1.2 The installer-in-charge shall hold factory certification on the specific controller platform being installed and shall be present on site during programming, head-end configuration, and acceptance testing.
4.1.3 Personnel making low-voltage terminations at controllers and readers shall be trained in the manufacturer's wiring methods, in OSDP Secure Channel commissioning, and in the project's cybersecurity hardening procedures.
4.1.4 Cabling between controllers, readers, and head-end equipment shall be installed by personnel meeting the qualifications of Conductors And Cables for low-voltage and structured cabling. 4.2 Single-Source Responsibility
4.2.1 The head-end software, door controllers, reader-to-controller protocol stack, and panel-level firmware shall be furnished by a single manufacturer or by a tightly integrated ecosystem of manufacturers documented to interoperate.
4.2.2 Multi-source assemblies in which the controller, the head-end, and the readers are sourced independently and integrated only at the field level shall not be acceptable unless the Engineer specifically approves the integration after review of interoperability test documentation.
4.2.3 Credentials and readers, where sourced from a different manufacturer than the controller, shall be confirmed compatible through OSDP v2.2 Secure Channel testing prior to procurement of credentials in quantity.
4.3 Listing and Labeling
4.3.1 The fire alarm interface point — the relay or supervised input that releases fail-safe locks on fire alarm — shall be UL 864 listed where it forms part of the fire alarm system or shall use a UL 294 listed module driven by a UL 864 listed dry contact from the fire alarm control unit.
4.3.2 All access control system units shall be listed and labeled to UL 294 by a Nationally Recognized Testing Laboratory.
4.3.3 Power supplies shall be UL 294 listed for access control service.
4.3.4 Electrified locking hardware listed to UL 1034 shall be used where the opening is required to resist burglary; the listing requirements for the hardware itself are addressed in Doors Frames And Hardware and shall be coordinated. 5 Environmental and Service Conditions
5.1 Indoor and Exterior Equipment Ratings
IP55 / NEMA 3R
IP65 / NEMA 4
IP66 / NEMA 4X (corrosive or wash-down environments)
5.1.1 Access control equipment installed in indoor, conditioned, occupiable spaces shall be rated for 0 °C to 50 °C ambient operating temperature and 0 to 85 percent non-condensing humidity.
5.1.2 Equipment installed in unconditioned spaces, electrical rooms, attics, or telecommunications rooms shall be confirmed against the extreme conditions of the space.
5.1.3 Readers installed at exterior openings shall be rated for the local exterior temperature extremes and shall carry an enclosure rating appropriate to the exposure.
5.2 Sprinkler and Plenum Exposure
5.2.1 Equipment installed in spaces with active sprinkler systems shall be located so that direct sprinkler discharge does not impinge on the equipment, or shall be enclosed against discharge.
5.2.2 Equipment installed in plenum spaces shall be plenum-rated or shall be installed in conduit per NEC Article 300.
6 System Architecture
● Networked, on-premises head-end (default)
○ Networked, cloud-managed head-end
○ Hybrid (on-premises controllers, cloud-hosted management)
○ Standalone per door (small projects only)
6.1 The access control system shall be configured as a networked architecture with a central head-end software platform, intermediate door controller panels distributed throughout the building, and reader-side devices at each controlled opening.
6.2 The head-end shall hold the system of record for users, credentials, and access privileges.
6.3 Controllers shall hold a cached copy of the rule set sufficient to make access decisions autonomously if the head-end network connection is interrupted.
6.4 Standalone, per-door, non-networked systems shall be used only on very small projects with a handful of openings and no requirement for centralized audit.
NOTE A networked, on-premises head-end is the default for projects of moderate or larger size, for facilities with confidentiality concerns about credential and audit data leaving the premises, and for facilities subject to regulatory or contractual data-residency requirements; cloud-managed and hybrid architectures are appropriate where the Owner accepts the operational benefits of reduced server administration and automatic updates in exchange for ongoing subscription cost and external data residency. (6.5)
6.6 Controller Topology
● Multi-door panel (4-, 8-, or 16-reader panels in centralized cabinets)
○ Controller-per-door (edge controller adjacent to each opening)
○ Hybrid (centralized panels for grouped doors, edge controllers where pathway is impractical)
2-reader panel
4-reader panel
8-reader panel
16-reader panel
NOTE Centralized multi-door panels in a secure equipment closet are the default topology for typical commercial buildings because they consolidate power supplies, simplify battery backup, ease maintenance, and produce a cleaner cabling architecture; controller-per-door edge devices are appropriate where opening density is low, where the cable run from a central panel is impractical, or where the Owner specifically prefers the topology for redundancy reasons. (6.6.1)
6.6.2 Panel sizing should leave spare capacity for at least 20 percent additional doors beyond initial installation, to accommodate future openings without panel replacement.
6.7 Equipment Location
7 Door Controllers
● TCP/IP over Ethernet with TLS 1.2 or higher (default)
○ TCP/IP over Ethernet with TLS 1.3
○ Wireless (802.11) — only where wired pathway is impractical
7.1 Door controllers (panels) shall be UL 294 listed devices providing autonomous access decision capability, supervised reader and input/output circuits, encrypted communication to the head-end, and a local cache of the rule set sufficient to operate during head-end outage.
7.2 Controllers shall communicate to the head-end over TCP/IP using TLS 1.2 or higher.
7.3 Wireless controller-to-head-end communication shall not be used except where a wired pathway is genuinely impractical.
NOTE Wireless controllers introduce reliability and security complications that outweigh the installation savings in nearly all projects. (7.4)
7.5 Reader-to-Controller Protocol
● OSDP v2.2 with Secure Channel (default)
○ OSDP v2.1 with Secure Channel (where v2.2 not available)
○ Wiegand (legacy only — not for new installations)
7.5.1 OSDP v2.2 with Secure Channel shall be the default reader-to-controller protocol.
7.5.2 New installations shall not use Wiegand except where the Owner has a legacy reader infrastructure that cannot be replaced in the project scope.
NOTE OSDP supersedes Wiegand by providing bidirectional, supervised, encrypted communication; reader status, tamper indication, and firmware updates over the reader cable; and resistance to the credential-replay and signal-injection attacks that have been demonstrated against Wiegand. (7.5.3)
● Required on all controller inputs and outputs (default)
○ Required on inputs only
○ Not required (only for non-critical, low-security openings)
7.6.1 Each controller shall provide supervised inputs for door position switch, request-to-exit, and tamper, and supervised outputs for lock control.
7.6.2 End-of-line resistors shall be installed per the manufacturer's instructions to enable line supervision; cut, shorted, or grounded reader and input wiring shall be detected and reported.
7.6.3 Controllers shall provide a tamper switch on the enclosure and shall report tamper conditions to the head-end.
7.6.4 Tamper events shall be logged and shall generate an operator notification.
8 Credential Readers
● Surface mount on door frame mullion or adjacent wall
○ Flush / mullion mount within frame profile
○ Surface mount on pedestal (parking and exterior gate applications)
Mullion (narrow profile for door frame mounting)
Wall switch (single-gang) — interior typical
Wall switch (mullion-width) — exterior typical
Wall switch (keypad-equipped) — high-security or two-factor
8.1 Readers shall be UL 294 listed and shall communicate to the controller using OSDP v2.2 with Secure Channel as specified above.
8.2 Readers shall be selected for the credential technology specified below.
8.3 Reader Mounting Height
3448
40424448
Default: 42 in
8.3.1 Reader height above finished floor shall comply with ADA and ICC A117.1 reach-range requirements.
8.3.2 The reader's active read zone shall be located between 34 inches and 48 inches above finished floor for unobstructed forward reach, and the reader shall be positioned within the accessible side reach range where applicable.
8.4 Exterior and Exposed Readers
8.4.1 Readers at exterior openings shall be rated for direct exposure to weather, ultraviolet light, and condensation.
8.4.2 Readers at openings subject to vehicle traffic, vandalism, or impact shall be protected by a guard, recessed in a wall, or selected with a vandal-resistant rating.
8.5 Two-Factor Authentication
● Not required (single-factor card or mobile credential)
○ Required at designated high-security openings (card + PIN)
○ Required at all openings
8.5.1 Two-factor authentication shall not be specified for general circulation openings because it impairs throughput and frustrates users without providing meaningful security benefit at low-risk openings.
NOTE Two-factor authentication adds a PIN to the credential read for openings serving high-value or sensitive areas such as data centers, pharmaceutical storage, executive areas, and weapons storage. (8.5.2)
9 Credentials
● 13.56 MHz smart card — MIFARE DESFire EV2/EV3 (default)
○ 13.56 MHz smart card — iCLASS SEOS
○ Mobile credential — BLE and NFC
○ Combined smart card and mobile credential
○ 125 kHz proximity (legacy — not for new installations)
9.1 The default credential shall be a 13.56 MHz smart card based on MIFARE DESFire EV2 or EV3 technology, with mutual authentication and AES-128 encryption between card and reader.
9.2 125 kHz proximity credentials (HID Prox and equivalents) shall not be used for new installations.
9.3 Where the Owner has an existing 125 kHz population, the migration plan to a contemporary credential shall be documented in the closeout package.
NOTE The 125 kHz proximity technology is trivially clonable, has no cryptographic protection, and is being phased out across the industry. (9.4)
9.5 Mobile credentials over Bluetooth Low Energy and NFC shall be supported where the Owner intends to issue credentials to smartphones in addition to or in place of physical cards.
NOTE Mobile credentials reduce credential reissue cost and accelerate enrollment and revocation, but require the Owner to operate a credential management process compatible with the user population's device ecosystem. (9.6)
9.7 Federal Credential Interoperability
● Not required
○ Required — PIV credentials honored at designated openings
○ Required — PIV is the primary credential
9.7.1 Federal facilities and contractors handling federal information shall require FIPS 201 (PIV) credential interoperability per the applicable HSPD-12 mandate.
9.7.2 Where PIV is required, readers and head-end shall support the PIV authentication mechanisms specified in NIST SP 800-116.
9.8 Credential Quantity
505000
10025050010002500
Default: 250 each
9.8.1 Credential quantity at substantial completion shall be sufficient to enroll the initial occupant population plus a 25 percent overage for new hires, visitors, and replacements during the first year of operation.
9.8.2 The Owner shall provide the initial occupant population to the Contractor at submittal review.
10 Electrified Door Hardware
NOTE This section governs the access control system's interface to that hardware: the power supply, the lock control output from the controller, the supervision of the lock state, and the policy governing lock-type selection at each opening. (10.1)
10.2 The electrified locking device at each opening — electric strike, electromagnetic lock, electrified mortise lock, electrified cylindrical lock, or electric exit device — is procured and installed under Doors Frames And Hardware. 10.3 Default Lock Type
Electric strike (fail-secure) on standard mechanical lock
Electrified cylindrical or mortise lock (free-egress)
Electric exit device (free-egress, exit-only or full-feature)
Electromagnetic lock (avoid where possible — see policy below)
10.3.1 The default lock type shall be an electrified cylindrical or mortise lock that preserves free mechanical egress at all times by operating the lever from the egress side without electrical action.
10.3.2 The lock shall secure the latch on the access side and release the access-side lever or trim on a valid credential or REX signal; the egress-side lever shall always operate the latch mechanically.
10.4 Electromagnetic Locks
10.4.1 Electromagnetic locks (mag locks) shall be avoided where any other lock type is feasible.
10.4.2 Where the door, frame, or operational use case truly requires a mag lock — most commonly on glass-and-aluminum entrance doors with no available latch reinforcement, or on cross-corridor smoke doors — the installation shall comply with NFPA 101 7.2.1.6.2 (Access-Controlled Egress Doors), the AHJ shall accept the arrangement in advance, and the release scheme shall be documented in the sequence of operations.
NOTE Mag locks are inherently fail-safe and require ancillary release devices (REX motion sensor, push-to-exit button, fire alarm release) to comply with NFPA 101 egress requirements at all times; each ancillary device is a failure point and an enforcement point with the AHJ. (10.4.3)
10.5 Fail-Safe vs. Fail-Secure
○ Fail-secure default (locked on power loss) for offices, suites, and tenant openings
○ Fail-safe default (unlocked on power loss) for stairwell discharge and life-safety egress
● Per-door determination by code analysis
10.5.1 Fail-safe vs. fail-secure shall be determined per opening by the means-of-egress analysis.
10.5.2 A stairwell discharge door that must release on a building power failure to permit exit shall be fail-safe; an office suite door that must remain secured on a power failure to protect the contents shall be fail-secure.
10.5.3 The Engineer shall determine the policy for each opening; this standard does not establish a single default that overrides the code analysis.
10.6 Lock State Monitoring
● Lock state monitored at controller via supervised contact (default)
○ Door position only (lock state not directly monitored)
10.6.1 Lock state monitoring — a supervised contact on the lock confirming the lock is mechanically secured — shall be the default where the hardware supports it.
NOTE Monitoring only door position (closed vs. open) does not detect a latch that has failed to engage or has been propped; lock state monitoring is the means by which the system detects a door that is closed but unlocked. (10.6.2)
11 Request to Exit
● Passive infrared (PIR) motion sensor over the door (default)
○ Integrated REX switch in the lock or exit device
○ Wall-mounted push-to-exit button (mag lock applications only)
○ Combination PIR + integrated lock REX (high-traffic openings)
11.1 A request-to-exit (REX) device shall be provided at every controlled opening to indicate that an authorized egress is occurring and to suppress the door-forced-open alarm during egress.
11.2 REX devices shall be supervised by the controller.
11.3 A PIR motion sensor mounted directly above the door on the egress side, aimed at the floor immediately inside the opening, shall be the default REX device.
11.4 Integrated lock REX (a switch in the exit device or lever) shall be used as a supplement where the hardware supports it.
NOTE A PIR sensor is the default because it triggers on actual egress traffic without requiring the user to take any action, and an integrated REX is a more deterministic indicator that the door is being operated for egress and complements the PIR. (11.5)
11.6.1 Push-to-exit buttons shall not be used as the primary REX on access-controlled egress doors with free-egress hardware because they require a deliberate user action that adds nothing to a door that is already mechanically free to open.
11.6.2 Push-to-exit buttons shall be provided as the legally compliant egress release for mag-lock openings per NFPA 101 7.2.1.6.2, where they shall be wall-mounted, clearly identified, located within 40 to 48 inches above finished floor, and wired so that operation releases the mag lock for a minimum of 30 seconds independent of the access control system.
11.7 REX Behavior at Door Position
● REX suppresses forced-open alarm; lock remains under access control (free-egress hardware, default)
○ REX releases lock; door physically unlocks on REX trigger (mag lock openings)
11.7.1 For free-egress hardware (electrified mortise, cylindrical, or exit device), REX shall suppress the forced-open alarm but shall not unlock the door.
11.7.2 For mag lock openings, REX or the push-to-exit button shall actually unlock the door because the mag lock has no mechanical bypass.
12 Door Position Switches
● Concealed magnetic reed switch in door frame (default)
○ Surface-mounted magnetic switch
○ Door-mounted high-security balanced magnetic switch
12.1 A door position switch (DPS) shall be provided at every controlled opening to monitor whether the door is closed.
12.2 DPS contacts shall be supervised by the controller, and the controller shall report and log forced-open, held-open, and propped-open conditions.
12.2.1 A concealed magnetic reed switch installed in the head of the door frame with a matching magnet in the top edge of the door shall be the default for new construction.
12.2.2 Surface-mounted switches shall be used only on retrofit projects where concealed installation is not practical.
12.2.3 Balanced magnetic switches shall be specified at high-security openings where defeat by an external magnet must be prevented.
12.3 Door Held-Open Time
15120
30456090
Default: 45 seconds
12.3.1 The door held-open timer shall determine how long the door may remain open after a valid access before a held-open alarm is generated.
12.3.2 High-traffic openings or openings used for material movement may extend the timer with the Engineer's approval.
12.3.3 The held-open alarm shall be local at the door (annunciator at the door if specified) and remote at the head-end.
NOTE The default of 45 seconds accommodates normal cart and accessibility usage. (12.3.4)
12.4 Forced-Open Alarm Routing
● Head-end notification only
○ Head-end notification plus local annunciator at the door
○ Head-end notification plus security monitoring service
13 Power Supplies and Battery Backup
13.1 Power supplies serving access control equipment shall be UL 294 listed for access control service and shall be sized for the connected load with at least 25 percent spare capacity for future additions.
13.2 Power supplies shall provide regulated DC output, output supervision, AC fail and low-battery monitoring, and integral battery charging.
13.3 Lock Voltage
● 24 VDC (default for runs exceeding 50 ft and for higher-current locks)
○ 12 VDC (short runs and low-current locks only)
● 12 VDC from controller-integrated supply (default)
○ Power over Ethernet (PoE/PoE+) where reader and controller support it
○ Separate 24 VDC supply for readers
13.3.1 24 VDC shall be the default lock voltage.
13.3.2 12 VDC may be used only for short runs and low-current devices where the voltage drop calculation confirms adequate voltage at the lock under worst-case current.
NOTE 24 VDC is the default because the higher voltage reduces conductor sizing and tolerates longer runs without unacceptable voltage drop. (13.3.3)
13.4 Battery Backup
424
481224
Default: 4 hours
13.4.1 Battery backup shall be provided at every power supply serving access control loads.
13.4.2 Battery capacity shall be sized to provide a minimum of 4 hours of standby operation at the system's quiescent load.
13.4.3 Where the access control system serves life-safety egress functions or is part of a security plan with regulatory standby requirements, the battery shall be sized for a longer duration as required by the applicable standard.
13.4.4 Battery calculations shall be performed for each power supply, documented in the submittals, and the calculations shall account for both quiescent and alarm-condition current draw, the temperature derate factor specified by the battery manufacturer, and a margin above the calculated requirement of at least 25 percent.
13.5 Power Supply Location
13.5.1 Power supply locations shall be coordinated to keep the lock-cable run between supply and lock within the voltage-drop calculation tolerance.
13.5.2 Power supplies shall be installed in lockable enclosures and shall be co-located with the door controller cabinet where practical.
14 Cabling
Category 6 UTP, plenum-rated where applicable (default)
Category 6A UTP, plenum-rated where applicable
Multimode optical fiber for long runs or electrically noisy paths
Composite 22 AWG/6-conductor shielded with 18 AWG/4-conductor (default for reader + lock + REX)
22 AWG/6-conductor overall-shielded twisted pair (reader only; separate lock cable)
Category 6 UTP for OSDP (where manufacturer supports it)
18 AWG/2-conductor (locks within voltage-drop tolerance at 24 VDC)
16 AWG/2-conductor (longer runs or higher-current locks)
14 AWG/2-conductor (long runs or magnetic locks)
● 22 AWG/2-conductor shielded per device (default within composite)
○ 18 AWG/2-conductor shielded (long runs only)
☑ Conduit (EMT) in unfinished spaces and where required by code
☐ Cable tray in accessible ceilings
☐ Bridle rings or J-hooks in accessible ceilings (per TIA-569)
☐ Plenum-rated cable in plenums per NEC Article 300
14.1 All access control system cabling shall comply with NEC Article 725 (Class 2 circuits) for low-voltage portions and with NEC Article 800 and ANSI/TIA-568 for structured cabling portions.
14.2 Plenum-rated cable shall be used in plenum spaces.
14.3 Cable in concealed spaces, cable trays, and accessible ceilings shall be supported per NEC and per the cable manufacturer's instructions; cable shall not be supported by ceiling tile grid or other building systems not intended for cable support.
14.4 Composite access control cables that bundle reader, lock, REX, and DPS conductors in a single jacket shall be the default for door cabling because they install in one pull, reduce conduit fill, and simplify cabling.
14.5 Where the lock current exceeds the rating of the composite cable's lock conductors, a separate lock cable shall be pulled and the reader cable shall carry only reader, REX, and DPS conductors.
14.6 Voltage Drop and Separation
14.6.1 Voltage drop on lock cables shall be calculated for the worst-case (longest, highest-current) opening on each power supply and the cable size shall be selected so that the lock voltage at the lock under fault-clearing or maximum-inrush current remains within the manufacturer's operating range.
14.6.2 The voltage drop calculation shall be documented in the submittals.
14.6.3 Cable separation from higher-voltage power circuits shall be maintained per NEC Article 725 and per the cable manufacturer's instructions.
14.6.4 Where parallel routing is unavoidable, perpendicular crossings shall be used and the minimum separation shall be maintained per code.
15 Cybersecurity
15.1 Access control systems shall be hardened against the categories of attack that have repeatedly compromised installed systems: default credentials, unencrypted reader-to-controller protocols, unpatched firmware, flat-network exposure, and weak credential technologies.
15.2 Network Segmentation
● Dedicated VLAN, isolated from general user and IT networks (default)
○ Dedicated physical network
○ Shared network segment (not acceptable)
15.2.1 Access control controllers, the head-end server, and any management workstations shall reside on a dedicated VLAN isolated from general user, guest, and untrusted networks.
15.2.2 Firewall rules shall restrict the access control VLAN to the specific protocols and destinations required for operation and management.
15.2.3 Remote access to the head-end, where permitted, shall be through an authenticated VPN or a managed gateway provided by the head-end manufacturer.
15.3 Default Credentials and Initial Hardening
☑ All factory default passwords on controllers, readers, and head-end changed before commissioning
☐ Administrator accounts use unique passwords meeting Owner's password policy
☐ Service and maintenance accounts use distinct credentials from administrators
☐ Unused services and ports on controllers disabled
☐ Firmware updated to current vendor-supported version at substantial completion
15.4 Reader-to-Controller Encryption
● OSDP Secure Channel enabled with site-specific keys (default)
○ OSDP installation mode keys (not acceptable for production)
○ Unencrypted Wiegand (not acceptable for new installations)
15.4.1 OSDP Secure Channel shall be enabled at commissioning using site-specific keys, not installation-mode default keys.
15.4.2 The key management procedure shall be documented and the key custody record turned over to the Owner at substantial completion.
15.5 Audit Log Retention
902555
9036573018252555
Default: 365 days
15.5.1 The head-end shall retain access and exception event logs for a minimum of 365 days; the Owner may extend retention per their security policy or regulatory obligation.
15.5.2 Logs shall be exportable in a documented format for review and for archiving to long-term storage.
16 Fire Alarm Interface and Egress Release
● Hardwired dry contact from FACU to dedicated release relay at each lock requiring release (default)
○ Dry contact from FACU to power supply for all locks on that supply
○ Software interface from FACU to access control head-end (not acceptable as sole release path)
16.1 The access control system shall interface to the fire alarm system as required by NFPA 101 and the AHJ.
16.2 The interface shall release locks that must be released on fire alarm and shall do so independently of the head-end and independently of the network.
16.3 Locks requiring release on fire alarm — most commonly electromagnetic locks and any electrified hardware on an opening covered by NFPA 101 7.2.1.6.1 (Access-Controlled Egress Doors) or 7.2.1.6.2 (Delayed Egress) — shall release via a hardwired dry contact from the fire alarm control unit (FACU).
16.4 The dry contact shall interrupt the lock power circuit through a UL 294 listed release relay or directly at the power supply.
16.5 The release shall not depend on the access control head-end, the network, or any software function.
16.6 Where a code analysis determines that a specific opening's electric strike or electrified lever lock must release on fire alarm, the release shall be implemented in the same hardwired manner as for mag locks.
NOTE Electric strikes and free-egress electrified lever locks generally do not require release on fire alarm because they preserve mechanical egress at all times. (16.7)
16.8 Delayed-Egress Openings
● Not used
○ Used at designated openings per NFPA 101 7.2.1.6.1 with AHJ approval
16.8.1 Delayed-egress hardware (NFPA 101 7.2.1.6.1) shall not be used unless the building occupancy specifically permits it (typically prohibited in Assembly and Educational occupancies), the AHJ has approved the arrangement, and the required signage, audible alarm, and 15-second (or 30-second where authorized) release time are configured per code.
16.8.2 Where delayed egress is used, the release on fire alarm shall be immediate and shall be hardwired from the FACU.
16.9 Fire Alarm Interface Coordination
16.9.1 The Contractor shall coordinate the fire alarm interface design with Fire Alarm Systems and shall confirm the release scheme with the AHJ before installation. 16.9.2 Final acceptance of any opening with electrified locking hardware shall include a witnessed test of the fire alarm release.
17 Software (Head-End)
17.1 The head-end software shall be a manufacturer-supported product currently sold and maintained, with documented update and patch cycles.
17.2 The software shall provide user, credential, access privilege, time schedule, holiday schedule, door, area, and reader management; event logging and audit trail; reporting; system health monitoring and alarms; and an administrator interface with role-based access control over the administrator population.
17.3 Directory and SSO Integration
● LDAP/Active Directory integration for administrator authentication (default for on-prem)
○ SAML 2.0 or OIDC for administrator authentication (default for cloud)
○ Local administrator accounts only (small projects)
17.3.1 Administrator and operator accounts shall be authenticated through the Owner's directory or identity provider where one exists, so that administrator account lifecycle — provisioning, password rotation, and deprovisioning on departure — is managed centrally.
17.3.2 Local-only administrator accounts shall be limited to a break-glass account for recovery from directory outage.
17.4 Software Deployment
● On-premises server (Windows or Linux per manufacturer support)
○ Vendor-hosted cloud (SaaS)
○ Owner-hosted cloud (private cloud or Owner's IaaS)
17.5 Backup and Recovery
☑ Daily automated database backup
☐ Weekly off-site backup copy
☐ Documented recovery procedure tested at acceptance
☐ High-availability configuration with secondary head-end
17.5.1 A documented backup procedure shall be in place before substantial completion.
17.5.2 The recovery procedure shall be tested as part of acceptance: a restore from the latest backup to a separate environment shall be demonstrated to recover the full configuration, credential set, and audit log.
18 User Management and Audit
1 year
2 years
3 years
5 years
Indefinite (set per credential at issue)
18.1 The system shall maintain a credential record for every user that includes at minimum the user's identifier, the credential type and serial, the issue and expiration date, the access privilege set assigned, and the status (active, suspended, revoked).
18.2 Credentials shall expire by default at a date set per the Owner's policy and shall require an affirmative renewal action.
18.3 Access Privilege Assignment
18.3.1 Access privilege assignment shall be by role (door group + time schedule) rather than by direct enumeration of doors.
18.3.2 A user assigned a role shall inherit the role's privileges, and a privilege change at the role shall propagate to every user with that role.
18.3.3 Direct per-user, per-door privilege assignment shall be permitted only where the user's required access does not match any defined role and the exception is documented.
18.4 Time and Holiday Schedules
☑ Business hours (default)
☐ Extended hours (weekdays, longer)
☐ 24/7
☐ Weekend / off-hours only
☐ Custom per role or per door
18.4.1 Holiday schedules shall be configured to override regular time schedules on dates designated by the Owner.
18.4.2 The holiday list shall be reviewed and updated annually by the Owner; the Contractor shall provide the procedure at substantial completion.
18.5 Audit Log
18.5.1 The audit log shall record every access attempt (granted and denied), every door state event (forced open, held open, restored), every administrator action (user added, privilege changed, credential issued or revoked, lockdown initiated), and every system event (controller online/offline, AC fail, low battery, tamper).
18.5.2 Each log entry shall include the timestamp, the originating device or operator, and the affected user or door where applicable.
19 Testing and Commissioning
☑ Every controlled opening tested individually (default)
☐ Sampling acceptable (large projects, per Engineer)
19.1 Acceptance testing shall be performed by the Contractor, witnessed by the Engineer or the Owner's designated representative, and documented on the project test forms.
19.2 Testing shall not begin until installation is complete and the system has operated under normal conditions for a burn-in period of not less than seven calendar days.
19.3 Per-Opening Acceptance Test
19.3.1 For each controlled opening, the acceptance test shall verify the following:
- Valid credential read results in lock release, door opens freely, DPS reports open, REX (if motion-based) suppresses forced-open during egress, lock re-secures on door close
- Invalid credential is denied and logged with the reason
- Forced-open condition (door opened without valid credential or REX) generates an alarm at the head-end and logs the event
- Held-open condition generates an alarm at the configured timer and logs the event
- Tamper at the controller or reader is detected and logged
- Loss of head-end connectivity at the controller does not interrupt access decisions for credentials in the controller cache
- Fire alarm dry contact, when actuated, releases every lock required to release per the sequence of operations, within the time required by the AHJ
- Battery backup at each power supply maintains the system for the specified standby duration during a simulated AC failure
- OSDP Secure Channel is confirmed enabled on every reader and the installation-mode keys have been replaced
19.4 Correction and Report
19.4.1 Test failures shall be corrected and the affected items re-tested.
19.4.2 The acceptance test report shall record the test method, the result, and the corrective action for any failed item.
19.4.3 The Owner's representative shall sign the report at acceptance.
20 Installation
20.1 Coordination and Sequencing
20.1.1 Access control rough-in shall be coordinated with Doors Frames And Hardware so that frame preparations, hardware mortise cutouts, electric power transfer hinges or door loops, and lock body conduits are correctly sized and located before frames and doors are delivered to the site. 20.1.2 Cable rough-in shall be completed before finished ceilings are installed and before walls are closed.
20.1.3 Controller cabinet and power supply locations shall be confirmed against the head-end architecture drawing before equipment is mounted.
NOTE Late discovery of a missed frame preparation typically requires field cutting that compromises the fire rating, the finish, or the structural integrity of the frame. (20.1.4)
20.2 Mounting
20.2.1 Readers shall be mounted plumb and square, at the height specified above, and secured to a backbox or to the frame with the manufacturer's hardware.
20.2.2 Surface-mounted readers shall be installed with weatherstripping or a gasket at exterior openings to prevent water and pest intrusion.
20.2.3 Controllers and power supplies shall be wall-mounted in lockable enclosures in secure equipment closets.
20.2.4 Enclosure penetrations shall be made with listed cable connectors or grommets; conduit stubs into controller enclosures shall be sealed.
20.2.5 DPS magnets and contacts shall be aligned within the manufacturer's tolerance and shall be tested for actuation at the maximum gap before the frame is finished.
20.3 Terminations
20.3.1 Terminations at controllers, readers, and power supplies shall be made by personnel trained in the manufacturer's wiring methods.
20.3.2 Conductor jackets shall be stripped to the minimum length required and stranded conductors shall be terminated in approved ferrules or directly under screw terminals per the manufacturer's instructions; bare twisted strands shall not be terminated under screw terminals.
20.3.3 Shields on reader cables shall be terminated at the controller end only, with the shield grounded at a single point per the manufacturer's instructions.
NOTE Floating both ends or grounding both ends creates ground loops that introduce noise on the OSDP line. (20.3.4)
20.4 Protection During Construction
20.4.1 Equipment installed before the building is secure shall be protected against dust, water, and physical damage by other trades.
20.4.2 Readers installed at exterior openings before the building envelope is closed shall be temporarily covered.
20.4.3 Energization of locks and other electrified hardware shall not occur until acceptance testing is scheduled and the system is ready for commissioning.
21 Training
21.1 The Contractor shall provide training to the Owner's designated administrators and operators before substantial completion. Training shall include the following:
- Head-end operation: log in, navigate the user interface, monitor real-time events, respond to alarms
- User and credential management: enroll a user, issue a credential, assign roles, modify access privileges, suspend and revoke a credential, issue and recover a lost credential
- Reporting: generate and export audit reports, query events by user, door, time range, and event type
- Time schedule and holiday management
- Lockdown and emergency procedures: initiate a building lockdown, release a lockdown, override an individual door
- Routine system health checks: review system status, check controller and reader online state, review power supply and battery status, review pending firmware updates
- Backup and recovery: confirm a backup ran, perform a restore drill
440
48162440
Default: 8 hours
21.1.1 Training shall be delivered on the installed system, not on a generic demonstration platform, so that the Owner's personnel are trained on the actual configuration, naming conventions, and door schedule of the project.
21.1.2 Training materials shall be left with the Owner.
22 Delivery, Storage, and Handling
22.1 Access control equipment shall be delivered in the manufacturer's original packaging with listing marks and serial numbers intact.
22.2 Equipment shall be stored indoors in a clean, dry, conditioned space until installation.
22.3 Credentials shall be stored in a locked container with controlled access; the credential inventory log shall be maintained from receipt through issuance.
22.4 Batteries shall be stored at the manufacturer's recommended temperature and shall not be installed in equipment until commissioning is imminent.
22.5 Batteries shall not be allowed to discharge below the manufacturer's storage voltage during construction.
23 Warranty
1 year from substantial completion
2 years from substantial completion
3 years from substantial completion
● Manufacturer software maintenance for 1 year (default; includes firmware updates and security patches)
○ Manufacturer software maintenance for 3 years
○ Owner self-maintains after substantial completion (perpetual license only)
23.1 The Contractor shall warrant the system installation, including all wiring, terminations, programming, and integration, for a minimum of 1 year from substantial completion.
23.2 Manufacturer warranties on individual products (controllers, readers, power supplies, batteries) shall be passed through to the Owner.
23.3 The software maintenance term shall include firmware updates for controllers and readers, security patches for the head-end, and access to technical support.
NOTE Lapsed maintenance has been the cause of unresolved vulnerabilities on installed systems; the Owner shall be advised at turnover of the renewal schedule. (23.4)
24 Spare Parts
24.1 The Contractor shall deliver to the Owner at substantial completion the spare parts inventory below. Spare parts shall be of the same manufacturer and model as the installed equipment and shall be packaged and labeled for storage.
☑ One reader per installed reader model (minimum one)
☐ One door position switch (concealed and surface, as installed)
☐ One REX device per installed type
☐ One power supply per installed model
☐ One battery per installed power supply
☐ 10 percent overage on credentials (minimum 25)
☐ One controller per installed model (large projects)
24.2 Spare parts shall be stored by the Owner in the equipment room or designated storage area with the system documentation.
24.3 The spare parts list shall be included in the closeout package.