---
title: Access Control Systems
…5 unchanged lines
---
−# Scope
+# Scope {toc}
−This specification covers the design, equipment, installation, programming, and testing of an electronic access control system (ACS) for controlling pedestrian entry into and movement within a building. The system shall identify users by credential, validate their access privileges against a rule set maintained by a head-end software platform, and electrically operate door hardware to permit or deny passage at controlled openings. The system shall additionally monitor door position and request-to-exit conditions, log every access event and exception, and interface with the building fire alarm system to release fail-safe locking devices on alarm.
+## This specification covers the design, equipment, installation, programming, and testing of an electronic access control system (ACS) for controlling pedestrian entry into and movement within a building. {note}
−The access control system is a coordinated assembly of electronic head-end software, networked door controllers, credential readers, request-to-exit devices, door position switches, low-voltage power supplies, and the electrified door hardware that physically secures each opening. This standard governs the electronic head-end, the controllers, the reader-side devices, and the wiring; the electrified locking hardware itself — the electric strike, electromagnetic lock, electrified mortise lock, electrified cylindrical lock, or electric exit device — is procured and installed under [[sync/doors-frames-and-hardware]] and shall be coordinated under this standard.
+## The system shall identify users by credential, validate their access privileges against a rule set maintained by a head-end software platform, and electrically operate door hardware to permit or deny passage at controlled openings.
−Every controlled opening is a system. The Contractor shall coordinate the access control scope with [[sync/doors-frames-and-hardware]] for lock selection, frame and door preparation, and hardware-set finalization; with [[sync/fire-alarm-systems]] for the release of fail-safe locks on fire alarm; with [[sync/conductors-and-cables]] and [[sync/raceways-and-conduit]] for low-voltage pathways; with [[sync/grounding-and-bonding]] and [[sync/telecommunications-bonding]] for the bonding of the head-end and controller equipment; and with [[sync/equipment-labeling]] for device and circuit identification.
+## The system shall additionally monitor door position and request-to-exit conditions, log every access event and exception, and interface with the building fire alarm system to release fail-safe locking devices on alarm.
−This standard addresses electronic access control of swinging pedestrian doors using card, smart card, or mobile credentials. It does not cover video surveillance, intrusion detection alarms, intercom systems, parking and vehicle access control, automatic pedestrian door operators beyond the lock release interface, or biometric-only systems without a supporting card or mobile credential.
+## System Composition {toc}
−# Referenced Standards
+### The access control system is a coordinated assembly of electronic head-end software, networked door controllers, credential readers, request-to-exit devices, door position switches, low-voltage power supplies, and the electrified door hardware that physically secures each opening. {note}
−Equipment, materials, software, and installation shall comply with the latest adopted edition of the following standards. Where the contract documents, the adopted building code, or a referenced standard conflict, the more stringent requirement shall govern unless the Engineer of Record directs otherwise in writing.
+### This standard governs the electronic head-end, the controllers, the reader-side devices, and the wiring; the electrified locking hardware itself — the electric strike, electromagnetic lock, electrified mortise lock, electrified cylindrical lock, or electric exit device — is procured and installed under [[sync/doors-frames-and-hardware]] and shall be coordinated under this standard.
+## Coordination {toc}
+
+### Every controlled opening is a system requiring coordination across multiple trades and standards. {note}
+
+### The Contractor shall coordinate the access control scope with [[sync/doors-frames-and-hardware]] for lock selection, frame and door preparation, and hardware-set finalization.
+
+### The Contractor shall coordinate with [[sync/fire-alarm-systems]] for the release of fail-safe locks on fire alarm.
+
+### The Contractor shall coordinate with [[sync/conductors-and-cables]] and [[sync/raceways-and-conduit]] for low-voltage pathways.
+
+### The Contractor shall coordinate with [[sync/grounding-and-bonding]] and [[sync/telecommunications-bonding]] for the bonding of the head-end and controller equipment.
+
+### The Contractor shall coordinate with [[sync/equipment-labeling]] for device and circuit identification.
+
+## Exclusions {toc}
+
+### This standard addresses electronic access control of swinging pedestrian doors using card, smart card, or mobile credentials. {note}
+
+### This standard does not cover video surveillance, intrusion detection alarms, intercom systems, parking and vehicle access control, automatic pedestrian door operators beyond the lock release interface, or biometric-only systems without a supporting card or mobile credential.
+
+# Referenced Standards {toc}
+
+## Equipment, materials, software, and installation shall comply with the latest adopted edition of the following standards.
+
| Standard | Title |
|----------|-------|
…24 unchanged lines
| ISO/IEC 7816 | Identification cards — Integrated circuit cards |
−# Submittals
+## Where the contract documents, the adopted building code, or a referenced standard conflict, the more stringent requirement shall govern unless the Engineer of Record directs otherwise in writing.
−## Action Submittals
+# Submittals {toc}
−The Contractor shall submit the following to the Engineer of Record for review prior to procurement and prior to beginning installation. The access control submittal is a complete system-level package; partial or piecemeal submittals shall be returned without review.
+## Action Submittals {toc}
+### The Contractor shall submit the following to the Engineer of Record for review prior to procurement and prior to beginning installation:
+
- Manufacturer's product data for the head-end server platform, every door controller and panel, every reader, every credential type, every power supply, every request-to-exit device, every door position switch, every input/output module, and every accessory item
- A system riser diagram showing the head-end server, network switches and segmentation, every controller panel, every reader, every electrified door hardware connection, every REX and DPS input, every power supply with backup battery, and the interface to the fire alarm system
…22 unchanged lines
```
−## Informational Submittals
+### The access control submittal is a complete system-level package; partial or piecemeal submittals shall be returned without review.
+## Informational Submittals {toc}
+
+### The Contractor shall submit the following informational items:
+
- Manufacturer's installation instructions for each component, retained on site during installation
- Installer qualifications documentation, including factory training certificates for the specific controller platform
- Proposed acceptance test plan including test procedures, schedule, personnel, and forms
−## Closeout Submittals
+```datasheet
+label: Informational Submittals Required
+type: checkbox
+options:
+ - "Manufacturer's installation instructions retained on site"
+ - "Installer qualifications and factory training certificates"
+ - "Proposed acceptance test plan with procedures, schedule, personnel, and forms"
+default: "Manufacturer's installation instructions retained on site"
+```
−At substantial completion, prior to system acceptance, the Contractor shall submit:
+## Closeout Submittals {toc}
+### At substantial completion, prior to system acceptance, the Contractor shall submit:
+
- Accepted acceptance test report signed by the Contractor and the testing technician
- As-built system drawings reflecting final device addresses, controller programming, and circuit routing
…18 unchanged lines
```
−# Quality Assurance
+# Quality Assurance {toc}
−## Installer Qualifications
+## Installer Qualifications {toc}
−The access control system shall be installed by a contractor regularly engaged in the design and installation of electronic access control systems with documented experience on at least three projects of comparable size and complexity within the past five years. The installer-in-charge shall hold factory certification on the specific controller platform being installed and shall be present on site during programming, head-end configuration, and acceptance testing.
−
−Personnel making low-voltage terminations at controllers and readers shall be trained in the manufacturer's wiring methods, in OSDP Secure Channel commissioning, and in the project's cybersecurity hardening procedures. Cabling between controllers, readers, and head-end equipment shall be installed by personnel meeting the qualifications of [[sync/conductors-and-cables]] for low-voltage and structured cabling.
−
```datasheet
label: Installer Factory Certification
…6 unchanged lines
```
−## Single-Source Responsibility
+### The access control system shall be installed by a contractor regularly engaged in the design and installation of electronic access control systems with documented experience on at least three projects of comparable size and complexity within the past five years.
−The head-end software, door controllers, reader-to-controller protocol stack, and panel-level firmware shall be furnished by a single manufacturer or by a tightly integrated ecosystem of manufacturers documented to interoperate. Multi-source assemblies in which the controller, the head-end, and the readers are sourced independently and integrated only at the field level shall not be acceptable unless the Engineer specifically approves the integration after review of interoperability test documentation.
+### The installer-in-charge shall hold factory certification on the specific controller platform being installed and shall be present on site during programming, head-end configuration, and acceptance testing.
−Credentials and readers, where sourced from a different manufacturer than the controller, shall be confirmed compatible through OSDP v2.2 Secure Channel testing prior to procurement of credentials in quantity.
+### Personnel making low-voltage terminations at controllers and readers shall be trained in the manufacturer's wiring methods, in OSDP Secure Channel commissioning, and in the project's cybersecurity hardening procedures.
−## Listing and Labeling
+### Cabling between controllers, readers, and head-end equipment shall be installed by personnel meeting the qualifications of [[sync/conductors-and-cables]] for low-voltage and structured cabling.
−The fire alarm interface point — the relay or supervised input that releases fail-safe locks on fire alarm — shall be UL 864 listed where it forms part of the fire alarm system or shall use a UL 294 listed module driven by a UL 864 listed dry contact from the fire alarm control unit. All access control system units shall be listed and labeled to UL 294 by a Nationally Recognized Testing Laboratory. Power supplies shall be UL 294 listed for access control service.
+## Single-Source Responsibility {toc}
−Electrified locking hardware listed to UL 1034 shall be used where the opening is required to resist burglary; the listing requirements for the hardware itself are addressed in [[sync/doors-frames-and-hardware]] and shall be coordinated.
+### The head-end software, door controllers, reader-to-controller protocol stack, and panel-level firmware shall be furnished by a single manufacturer or by a tightly integrated ecosystem of manufacturers documented to interoperate.
−# Environmental and Service Conditions
+### Multi-source assemblies in which the controller, the head-end, and the readers are sourced independently and integrated only at the field level shall not be acceptable unless the Engineer specifically approves the integration after review of interoperability test documentation.
−Access control equipment installed in indoor, conditioned, occupiable spaces shall be rated for 0 °C to 50 °C ambient operating temperature and 0 to 85 percent non-condensing humidity. Equipment installed in unconditioned spaces, electrical rooms, attics, or telecommunications rooms shall be confirmed against the extreme conditions of the space.
+### Credentials and readers, where sourced from a different manufacturer than the controller, shall be confirmed compatible through OSDP v2.2 Secure Channel testing prior to procurement of credentials in quantity.
−Readers installed at exterior openings shall be rated for the local exterior temperature extremes and shall carry an enclosure rating appropriate to the exposure.
+## Listing and Labeling {toc}
+### The fire alarm interface point — the relay or supervised input that releases fail-safe locks on fire alarm — shall be UL 864 listed where it forms part of the fire alarm system or shall use a UL 294 listed module driven by a UL 864 listed dry contact from the fire alarm control unit.
+
+### All access control system units shall be listed and labeled to UL 294 by a Nationally Recognized Testing Laboratory.
+
+### Power supplies shall be UL 294 listed for access control service.
+
+### Electrified locking hardware listed to UL 1034 shall be used where the opening is required to resist burglary; the listing requirements for the hardware itself are addressed in [[sync/doors-frames-and-hardware]] and shall be coordinated.
+
+# Environmental and Service Conditions {toc}
+
+## Indoor and Exterior Equipment Ratings {toc}
+
```datasheet
label: Exterior Reader Environmental Rating
…6 unchanged lines
```
−Equipment installed in spaces with active sprinkler systems shall be located so that direct sprinkler discharge does not impinge on the equipment, or shall be enclosed against discharge. Equipment installed in plenum spaces shall be plenum-rated or shall be installed in conduit per NEC Article 300.
+### Access control equipment installed in indoor, conditioned, occupiable spaces shall be rated for 0 °C to 50 °C ambient operating temperature and 0 to 85 percent non-condensing humidity.
−# System Architecture
+### Equipment installed in unconditioned spaces, electrical rooms, attics, or telecommunications rooms shall be confirmed against the extreme conditions of the space.
−The access control system shall be configured as a networked architecture with a central head-end software platform, intermediate door controller panels distributed throughout the building, and reader-side devices at each controlled opening. The head-end shall hold the system of record for users, credentials, and access privileges. Controllers shall hold a cached copy of the rule set sufficient to make access decisions autonomously if the head-end network connection is interrupted.
+### Readers installed at exterior openings shall be rated for the local exterior temperature extremes and shall carry an enclosure rating appropriate to the exposure.
+## Sprinkler and Plenum Exposure {toc}
+
+### Equipment installed in spaces with active sprinkler systems shall be located so that direct sprinkler discharge does not impinge on the equipment, or shall be enclosed against discharge.
+
+### Equipment installed in plenum spaces shall be plenum-rated or shall be installed in conduit per NEC Article 300.
+
+# System Architecture {toc}
+
```datasheet
label: System Architecture
…7 unchanged lines
```
−A networked, on-premises head-end is the default for projects of moderate or larger size, for facilities with confidentiality concerns about credential and audit data leaving the premises, and for facilities subject to regulatory or contractual data-residency requirements. Cloud-managed and hybrid architectures are appropriate where the Owner accepts the operational benefits (reduced server administration, automatic updates) in exchange for ongoing subscription cost and external data residency. Standalone, per-door, non-networked systems shall be used only on very small projects with a handful of openings and no requirement for centralized audit.
+## The access control system shall be configured as a networked architecture with a central head-end software platform, intermediate door controller panels distributed throughout the building, and reader-side devices at each controlled opening.
+## The head-end shall hold the system of record for users, credentials, and access privileges.
+
+## Controllers shall hold a cached copy of the rule set sufficient to make access decisions autonomously if the head-end network connection is interrupted.
+
+## Standalone, per-door, non-networked systems shall be used only on very small projects with a handful of openings and no requirement for centralized audit.
+
+## A networked, on-premises head-end is the default for projects of moderate or larger size, for facilities with confidentiality concerns about credential and audit data leaving the premises, and for facilities subject to regulatory or contractual data-residency requirements; cloud-managed and hybrid architectures are appropriate where the Owner accepts the operational benefits of reduced server administration and automatic updates in exchange for ongoing subscription cost and external data residency. {note}
+
+## Controller Topology {toc}
+
```datasheet
label: Controller Topology
…6 unchanged lines
```
−Centralized multi-door panels in a secure equipment closet are the default topology for typical commercial buildings because they consolidate power supplies, simplify battery backup, ease maintenance, and produce a cleaner cabling architecture. Controller-per-door edge devices are appropriate where opening density is low, where the cable run from a central panel is impractical, or where the Owner specifically prefers the topology for redundancy reasons.
−
```datasheet
label: Maximum Doors per Centralized Panel
…7 unchanged lines
```
−Panel sizing should leave spare capacity for at least 20 percent additional doors beyond initial installation, to accommodate future openings without panel replacement.
+### Centralized multi-door panels in a secure equipment closet are the default topology for typical commercial buildings because they consolidate power supplies, simplify battery backup, ease maintenance, and produce a cleaner cabling architecture; controller-per-door edge devices are appropriate where opening density is low, where the cable run from a central panel is impractical, or where the Owner specifically prefers the topology for redundancy reasons. {note}
−The head-end server shall be located in [[drawing: as indicated on the head-end architecture drawing]]. Controllers shall be located in [[drawing: as indicated on the panel location plan]] in secure equipment closets or IT rooms with physical access restricted to authorized personnel.
+### Panel sizing should leave spare capacity for at least 20 percent additional doors beyond initial installation, to accommodate future openings without panel replacement.
−# Door Controllers
+## Equipment Location {toc}
−Door controllers (panels) shall be UL 294 listed devices providing autonomous access decision capability, supervised reader and input/output circuits, encrypted communication to the head-end, and a local cache of the rule set sufficient to operate during head-end outage. Controllers shall communicate to the head-end over TCP/IP using TLS 1.2 or higher.
+### The head-end server shall be located in [[drawing: as indicated on the head-end architecture drawing]].
+### Controllers shall be located in [[drawing: as indicated on the panel location plan]] in secure equipment closets or IT rooms with physical access restricted to authorized personnel.
+
+# Door Controllers {toc}
+
```datasheet
label: Controller-to-Head-End Communication
…6 unchanged lines
```
−Wireless controller-to-head-end communication shall not be used except where a wired pathway is genuinely impractical; wireless controllers introduce reliability and security complications that outweigh the installation savings in nearly all projects.
+## Door controllers (panels) shall be UL 294 listed devices providing autonomous access decision capability, supervised reader and input/output circuits, encrypted communication to the head-end, and a local cache of the rule set sufficient to operate during head-end outage.
+## Controllers shall communicate to the head-end over TCP/IP using TLS 1.2 or higher.
+
+## Wireless controller-to-head-end communication shall not be used except where a wired pathway is genuinely impractical.
+
+## Wireless controllers introduce reliability and security complications that outweigh the installation savings in nearly all projects. {note}
+
+## Reader-to-Controller Protocol {toc}
+
```datasheet
label: Reader-to-Controller Protocol
…6 unchanged lines
```
−OSDP v2.2 with Secure Channel shall be the default reader-to-controller protocol. OSDP supersedes Wiegand by providing bidirectional, supervised, encrypted communication; reader status, tamper indication, and firmware updates over the reader cable; and resistance to the credential-replay and signal-injection attacks that have been demonstrated against Wiegand. New installations shall not use Wiegand except where the Owner has a legacy reader infrastructure that cannot be replaced in the project scope.
+### OSDP v2.2 with Secure Channel shall be the default reader-to-controller protocol.
−Each controller shall provide supervised inputs for door position switch, request-to-exit, and tamper, and supervised outputs for lock control. End-of-line resistors shall be installed per the manufacturer's instructions to enable line supervision; cut, shorted, or grounded reader and input wiring shall be detected and reported.
+### New installations shall not use Wiegand except where the Owner has a legacy reader infrastructure that cannot be replaced in the project scope.
+### OSDP supersedes Wiegand by providing bidirectional, supervised, encrypted communication; reader status, tamper indication, and firmware updates over the reader cable; and resistance to the credential-replay and signal-injection attacks that have been demonstrated against Wiegand. {note}
+
+## Controller Inputs, Outputs, and Supervision {toc}
+
```datasheet
label: Input and Output Supervision
…6 unchanged lines
```
−Controllers shall provide a tamper switch on the enclosure and shall report tamper conditions to the head-end. Tamper events shall be logged and shall generate an operator notification.
+### Each controller shall provide supervised inputs for door position switch, request-to-exit, and tamper, and supervised outputs for lock control.
−# Credential Readers
+### End-of-line resistors shall be installed per the manufacturer's instructions to enable line supervision; cut, shorted, or grounded reader and input wiring shall be detected and reported.
−Readers shall be UL 294 listed and shall communicate to the controller using OSDP v2.2 with Secure Channel as specified above. Readers shall be selected for the credential technology specified below.
+### Controllers shall provide a tamper switch on the enclosure and shall report tamper conditions to the head-end.
+### Tamper events shall be logged and shall generate an operator notification.
+
+# Credential Readers {toc}
+
```datasheet
label: Reader Mounting
…17 unchanged lines
```
−Reader height above finished floor shall comply with ADA and ICC A117.1 reach-range requirements. The reader's active read zone shall be located between 34 inches and 48 inches above finished floor for unobstructed forward reach, and the reader shall be positioned within the accessible side reach range where applicable.
+## Readers shall be UL 294 listed and shall communicate to the controller using OSDP v2.2 with Secure Channel as specified above.
+## Readers shall be selected for the credential technology specified below.
+
+## Reader Mounting Height {toc}
+
```datasheet
label: Reader Height (Centerline Above Finished Floor)
…7 unchanged lines
```
−Readers at exterior openings shall be rated for direct exposure to weather, ultraviolet light, and condensation. Readers at openings subject to vehicle traffic, vandalism, or impact shall be protected by a guard, recessed in a wall, or selected with a vandal-resistant rating.
+### Reader height above finished floor shall comply with ADA and ICC A117.1 reach-range requirements.
+### The reader's active read zone shall be located between 34 inches and 48 inches above finished floor for unobstructed forward reach, and the reader shall be positioned within the accessible side reach range where applicable.
+
+## Exterior and Exposed Readers {toc}
+
+### Readers at exterior openings shall be rated for direct exposure to weather, ultraviolet light, and condensation.
+
+### Readers at openings subject to vehicle traffic, vandalism, or impact shall be protected by a guard, recessed in a wall, or selected with a vandal-resistant rating.
+
+## Two-Factor Authentication {toc}
+
```datasheet
label: Two-Factor Authentication at High-Security Openings
…6 unchanged lines
```
−Two-factor authentication adds a PIN to the credential read for openings serving high-value or sensitive areas (data centers, pharmaceutical storage, executive areas, weapons storage). Two-factor authentication shall not be specified for general circulation openings because it impairs throughput and frustrates users without providing meaningful security benefit at low-risk openings.
+### Two-factor authentication shall not be specified for general circulation openings because it impairs throughput and frustrates users without providing meaningful security benefit at low-risk openings.
−# Credentials
+### Two-factor authentication adds a PIN to the credential read for openings serving high-value or sensitive areas such as data centers, pharmaceutical storage, executive areas, and weapons storage. {note}
+# Credentials {toc}
+
```datasheet
label: Primary Credential Technology
…8 unchanged lines
```
−The default credential shall be a 13.56 MHz smart card based on MIFARE DESFire EV2 or EV3 technology, with mutual authentication and AES-128 encryption between card and reader. 125 kHz proximity credentials (HID Prox and equivalents) shall not be used for new installations: the technology is trivially clonable, has no cryptographic protection, and is being phased out across the industry. Where the Owner has an existing 125 kHz population, the migration plan to a contemporary credential shall be documented in the closeout package.
+## The default credential shall be a 13.56 MHz smart card based on MIFARE DESFire EV2 or EV3 technology, with mutual authentication and AES-128 encryption between card and reader.
−Mobile credentials over Bluetooth Low Energy and NFC shall be supported where the Owner intends to issue credentials to smartphones in addition to or in place of physical cards. Mobile credentials reduce credential reissue cost and accelerate enrollment and revocation, but require the Owner to operate a credential management process compatible with the user population's device ecosystem.
+## 125 kHz proximity credentials (HID Prox and equivalents) shall not be used for new installations.
+## Where the Owner has an existing 125 kHz population, the migration plan to a contemporary credential shall be documented in the closeout package.
+
+## The 125 kHz proximity technology is trivially clonable, has no cryptographic protection, and is being phased out across the industry. {note}
+
+## Mobile credentials over Bluetooth Low Energy and NFC shall be supported where the Owner intends to issue credentials to smartphones in addition to or in place of physical cards.
+
+## Mobile credentials reduce credential reissue cost and accelerate enrollment and revocation, but require the Owner to operate a credential management process compatible with the user population's device ecosystem. {note}
+
+## Federal Credential Interoperability {toc}
+
```datasheet
label: Federal Credential Interoperability (FIPS 201 / PIV)
…6 unchanged lines
```
−Federal facilities and contractors handling federal information shall require FIPS 201 (PIV) credential interoperability per the applicable HSPD-12 mandate. Where PIV is required, readers and head-end shall support the PIV authentication mechanisms specified in NIST SP 800-116.
+### Federal facilities and contractors handling federal information shall require FIPS 201 (PIV) credential interoperability per the applicable HSPD-12 mandate.
+### Where PIV is required, readers and head-end shall support the PIV authentication mechanisms specified in NIST SP 800-116.
+
+## Credential Quantity {toc}
+
```datasheet
label: Initial Credential Quantity
…7 unchanged lines
```
−Credential quantity at substantial completion shall be sufficient to enroll the initial occupant population plus a 25 percent overage for new hires, visitors, and replacements during the first year of operation. The Owner shall provide the initial occupant population to the Contractor at submittal review.
+### Credential quantity at substantial completion shall be sufficient to enroll the initial occupant population plus a 25 percent overage for new hires, visitors, and replacements during the first year of operation.
−# Electrified Door Hardware
+### The Owner shall provide the initial occupant population to the Contractor at submittal review.
−The electrified locking device at each opening — electric strike, electromagnetic lock, electrified mortise lock, electrified cylindrical lock, or electric exit device — is procured and installed under [[sync/doors-frames-and-hardware]]. This section governs the access control system's interface to that hardware: the power supply, the lock control output from the controller, the supervision of the lock state, and the policy governing lock-type selection at each opening.
+# Electrified Door Hardware {toc}
+## This section governs the access control system's interface to that hardware: the power supply, the lock control output from the controller, the supervision of the lock state, and the policy governing lock-type selection at each opening. {note}
+
+## The electrified locking device at each opening — electric strike, electromagnetic lock, electrified mortise lock, electrified cylindrical lock, or electric exit device — is procured and installed under [[sync/doors-frames-and-hardware]].
+
+## Default Lock Type {toc}
+
```datasheet
label: Default Electrified Locking Device Type
…7 unchanged lines
```
−The default lock type shall be an electrified cylindrical or mortise lock that preserves free mechanical egress at all times by operating the lever from the egress side without electrical action. The lock secures the latch on the access side and releases the access-side lever or trim on a valid credential or REX signal; the egress-side lever always operates the latch mechanically.
+### The default lock type shall be an electrified cylindrical or mortise lock that preserves free mechanical egress at all times by operating the lever from the egress side without electrical action.
−Electromagnetic locks (mag locks) shall be avoided where any other lock type is feasible. Mag locks are inherently fail-safe and require ancillary release devices (REX motion sensor, push-to-exit button, fire alarm release) to comply with NFPA 101 egress requirements at all times. Each ancillary device is a failure point and an enforcement point with the AHJ. Where the door, frame, or operational use case truly requires a mag lock — most commonly on glass-and-aluminum entrance doors with no available latch reinforcement, or on cross-corridor smoke doors — the installation shall comply with NFPA 101 7.2.1.6.2 (Access-Controlled Egress Doors), the AHJ shall accept the arrangement in advance, and the release scheme shall be documented in the sequence of operations.
+### The lock shall secure the latch on the access side and release the access-side lever or trim on a valid credential or REX signal; the egress-side lever shall always operate the latch mechanically.
+## Electromagnetic Locks {toc}
+
+### Electromagnetic locks (mag locks) shall be avoided where any other lock type is feasible.
+
+### Where the door, frame, or operational use case truly requires a mag lock — most commonly on glass-and-aluminum entrance doors with no available latch reinforcement, or on cross-corridor smoke doors — the installation shall comply with NFPA 101 7.2.1.6.2 (Access-Controlled Egress Doors), the AHJ shall accept the arrangement in advance, and the release scheme shall be documented in the sequence of operations.
+
+### Mag locks are inherently fail-safe and require ancillary release devices (REX motion sensor, push-to-exit button, fire alarm release) to comply with NFPA 101 egress requirements at all times; each ancillary device is a failure point and an enforcement point with the AHJ. {note}
+
+## Fail-Safe vs. Fail-Secure {toc}
+
```datasheet
label: Default Fail-Safe vs. Fail-Secure Policy
…6 unchanged lines
```
−Fail-safe vs. fail-secure is determined per opening by the means-of-egress analysis. A stairwell discharge door that must release on a building power failure to permit exit shall be fail-safe; an office suite door that must remain secured on a power failure to protect the contents shall be fail-secure. The Engineer shall determine the policy for each opening; this standard does not establish a single default that overrides the code analysis.
+### Fail-safe vs. fail-secure shall be determined per opening by the means-of-egress analysis.
+### A stairwell discharge door that must release on a building power failure to permit exit shall be fail-safe; an office suite door that must remain secured on a power failure to protect the contents shall be fail-secure.
+
+### The Engineer shall determine the policy for each opening; this standard does not establish a single default that overrides the code analysis.
+
+## Lock State Monitoring {toc}
+
```datasheet
label: Lock State Monitoring
…5 unchanged lines
```
−Lock state monitoring — a supervised contact on the lock confirming the lock is mechanically secured — shall be the default where the hardware supports it. Monitoring only door position (closed vs. open) does not detect a latch that has failed to engage or has been propped; lock state monitoring is the means by which the system detects a door that is closed but unlocked.
+### Lock state monitoring — a supervised contact on the lock confirming the lock is mechanically secured — shall be the default where the hardware supports it.
−# Request to Exit
+### Monitoring only door position (closed vs. open) does not detect a latch that has failed to engage or has been propped; lock state monitoring is the means by which the system detects a door that is closed but unlocked. {note}
−A request-to-exit (REX) device shall be provided at every controlled opening to indicate that an authorized egress is occurring and to suppress the door-forced-open alarm during egress. REX devices shall be supervised by the controller.
+# Request to Exit {toc}
```datasheet
…8 unchanged lines
```
−A PIR motion sensor mounted directly above the door on the egress side, aimed at the floor immediately inside the opening, is the default REX device because it triggers on actual egress traffic without requiring the user to take any action. Integrated lock REX (a switch in the exit device or lever) shall be used as a supplement where the hardware supports it; an integrated REX is a more deterministic indicator that the door is being operated for egress and complements the PIR.
+## A request-to-exit (REX) device shall be provided at every controlled opening to indicate that an authorized egress is occurring and to suppress the door-forced-open alarm during egress.
−Push-to-exit buttons shall not be used as the primary REX on access-controlled egress doors with free-egress hardware because they require a deliberate user action that adds nothing to a door that is already mechanically free to open. Push-to-exit buttons are required as the legally compliant egress release for mag-lock openings per NFPA 101 7.2.1.6.2, where they shall be wall-mounted, clearly identified, located within 40 to 48 inches above finished floor, and wired so that operation releases the mag lock for a minimum of 30 seconds independent of the access control system.
+## REX devices shall be supervised by the controller.
+## A PIR motion sensor mounted directly above the door on the egress side, aimed at the floor immediately inside the opening, shall be the default REX device.
+
+## Integrated lock REX (a switch in the exit device or lever) shall be used as a supplement where the hardware supports it.
+
+## A PIR sensor is the default because it triggers on actual egress traffic without requiring the user to take any action, and an integrated REX is a more deterministic indicator that the door is being operated for egress and complements the PIR. {note}
+
+## Push-to-Exit Buttons {toc}
+
+### Push-to-exit buttons shall not be used as the primary REX on access-controlled egress doors with free-egress hardware because they require a deliberate user action that adds nothing to a door that is already mechanically free to open.
+
+### Push-to-exit buttons shall be provided as the legally compliant egress release for mag-lock openings per NFPA 101 7.2.1.6.2, where they shall be wall-mounted, clearly identified, located within 40 to 48 inches above finished floor, and wired so that operation releases the mag lock for a minimum of 30 seconds independent of the access control system.
+
+## REX Behavior at Door Position {toc}
+
```datasheet
label: REX Behavior at Door Position
…5 unchanged lines
```
−For free-egress hardware (electrified mortise, cylindrical, or exit device), REX shall suppress the forced-open alarm but shall not unlock the door; the door is already mechanically free to open from the egress side and unlocking it electrically serves no purpose. For mag lock openings, REX or the push-to-exit button shall actually unlock the door because the mag lock has no mechanical bypass.
+### For free-egress hardware (electrified mortise, cylindrical, or exit device), REX shall suppress the forced-open alarm but shall not unlock the door.
−# Door Position Switches
+### For mag lock openings, REX or the push-to-exit button shall actually unlock the door because the mag lock has no mechanical bypass.
−A door position switch (DPS) shall be provided at every controlled opening to monitor whether the door is closed. DPS contacts shall be supervised by the controller, and the controller shall report and log forced-open, held-open, and propped-open conditions.
+# Door Position Switches {toc}
```datasheet
…7 unchanged lines
```
−A concealed magnetic reed switch installed in the head of the door frame with a matching magnet in the top edge of the door is the default for new construction. Surface-mounted switches shall be used only on retrofit projects where concealed installation is not practical. Balanced magnetic switches shall be specified at high-security openings where defeat by an external magnet must be prevented.
+## A door position switch (DPS) shall be provided at every controlled opening to monitor whether the door is closed.
+## DPS contacts shall be supervised by the controller, and the controller shall report and log forced-open, held-open, and propped-open conditions.
+
+### A concealed magnetic reed switch installed in the head of the door frame with a matching magnet in the top edge of the door shall be the default for new construction.
+
+### Surface-mounted switches shall be used only on retrofit projects where concealed installation is not practical.
+
+### Balanced magnetic switches shall be specified at high-security openings where defeat by an external magnet must be prevented.
+
+## Door Held-Open Time {toc}
+
```datasheet
label: Door Held-Open Time
…7 unchanged lines
```
−The door held-open timer determines how long the door may remain open after a valid access before a held-open alarm is generated. The default of 45 seconds accommodates normal cart and accessibility usage; high-traffic openings or openings used for material movement may extend the timer with the Engineer's approval. The held-open alarm shall be local at the door (annunciator at the door if specified) and remote at the head-end.
+### The door held-open timer shall determine how long the door may remain open after a valid access before a held-open alarm is generated.
+### High-traffic openings or openings used for material movement may extend the timer with the Engineer's approval.
+
+### The held-open alarm shall be local at the door (annunciator at the door if specified) and remote at the head-end.
+
+### The default of 45 seconds accommodates normal cart and accessibility usage. {note}
+
+## Forced-Open Alarm Routing {toc}
+
```datasheet
label: Forced-Open Alarm Routing
…6 unchanged lines
```
−# Power Supplies and Battery Backup
+# Power Supplies and Battery Backup {toc}
−Power supplies serving access control equipment shall be UL 294 listed for access control service and shall be sized for the connected load with at least 25 percent spare capacity for future additions. Power supplies shall provide regulated DC output, output supervision, AC fail and low-battery monitoring, and integral battery charging.
+## Power supplies serving access control equipment shall be UL 294 listed for access control service and shall be sized for the connected load with at least 25 percent spare capacity for future additions.
+## Power supplies shall provide regulated DC output, output supervision, AC fail and low-battery monitoring, and integral battery charging.
+
+## Lock Voltage {toc}
+
```datasheet
label: Lock Voltage
…5 unchanged lines
```
−24 VDC is the default lock voltage because the higher voltage reduces conductor sizing and tolerates longer runs without unacceptable voltage drop. 12 VDC may be used only for short runs and low-current devices where the voltage drop calculation confirms adequate voltage at the lock under worst-case current.
−
```datasheet
label: Reader and Controller Logic Voltage
…6 unchanged lines
```
−Battery backup shall be provided at every power supply serving access control loads. Battery capacity shall be sized to provide a minimum of 4 hours of standby operation at the system's quiescent load. Where the access control system serves life-safety egress functions or is part of a security plan with regulatory standby requirements, the battery shall be sized for a longer duration as required by the applicable standard.
+### 24 VDC shall be the default lock voltage.
+### 12 VDC may be used only for short runs and low-current devices where the voltage drop calculation confirms adequate voltage at the lock under worst-case current.
+
+### 24 VDC is the default because the higher voltage reduces conductor sizing and tolerates longer runs without unacceptable voltage drop. {note}
+
+## Battery Backup {toc}
+
```datasheet
label: Battery Standby Duration
…7 unchanged lines
```
−Battery calculations shall be performed for each power supply, documented in the submittals, and the calculations shall account for both quiescent and alarm-condition current draw, the temperature derate factor specified by the battery manufacturer, and a margin above the calculated requirement of at least 25 percent.
+### Battery backup shall be provided at every power supply serving access control loads.
−Power supply locations shall be coordinated to keep the lock-cable run between supply and lock within the voltage-drop calculation tolerance. Power supplies shall be installed in lockable enclosures and shall be co-located with the door controller cabinet where practical.
+### Battery capacity shall be sized to provide a minimum of 4 hours of standby operation at the system's quiescent load.
−# Cabling
+### Where the access control system serves life-safety egress functions or is part of a security plan with regulatory standby requirements, the battery shall be sized for a longer duration as required by the applicable standard.
−All access control system cabling shall comply with NEC Article 725 (Class 2 circuits) for low-voltage portions and with NEC Article 800 and ANSI/TIA-568 for structured cabling portions. Plenum-rated cable shall be used in plenum spaces. Cable in concealed spaces, cable trays, and accessible ceilings shall be supported per NEC and per the cable manufacturer's instructions; cable shall not be supported by ceiling tile grid or other building systems not intended for cable support.
+### Battery calculations shall be performed for each power supply, documented in the submittals, and the calculations shall account for both quiescent and alarm-condition current draw, the temperature derate factor specified by the battery manufacturer, and a margin above the calculated requirement of at least 25 percent.
+## Power Supply Location {toc}
+
+### Power supply locations shall be coordinated to keep the lock-cable run between supply and lock within the voltage-drop calculation tolerance.
+
+### Power supplies shall be installed in lockable enclosures and shall be co-located with the door controller cabinet where practical.
+
+# Cabling {toc}
+
```datasheet
label: Controller-to-Head-End Cable
…16 unchanged lines
```
−Composite access control cables that bundle reader, lock, REX, and DPS conductors in a single jacket are the default for door cabling because they install in one pull, reduce conduit fill, and simplify cabling. Where the lock current exceeds the rating of the composite cable's lock conductors, a separate lock cable shall be pulled and the reader cable shall carry only reader, REX, and DPS conductors.
−
```datasheet
label: Lock Cable (Power Supply to Lock)
…26 unchanged lines
```
−Voltage drop on lock cables shall be calculated for the worst-case (longest, highest-current) opening on each power supply and the cable size shall be selected so that the lock voltage at the lock under fault-clearing or maximum-inrush current remains within the manufacturer's operating range. The voltage drop calculation shall be documented in the submittals.
+## All access control system cabling shall comply with NEC Article 725 (Class 2 circuits) for low-voltage portions and with NEC Article 800 and ANSI/TIA-568 for structured cabling portions.
−Cable separation from higher-voltage power circuits shall be maintained per NEC Article 725 and per the cable manufacturer's instructions. Where parallel routing is unavoidable, perpendicular crossings shall be used and the minimum separation shall be maintained per code.
+## Plenum-rated cable shall be used in plenum spaces.
−# Cybersecurity
+## Cable in concealed spaces, cable trays, and accessible ceilings shall be supported per NEC and per the cable manufacturer's instructions; cable shall not be supported by ceiling tile grid or other building systems not intended for cable support.
−Access control systems are network-connected security systems that protect physical assets, and they shall be hardened against the categories of attack that have repeatedly compromised installed systems: default credentials, unencrypted reader-to-controller protocols, unpatched firmware, flat-network exposure, and weak credential technologies.
+## Composite access control cables that bundle reader, lock, REX, and DPS conductors in a single jacket shall be the default for door cabling because they install in one pull, reduce conduit fill, and simplify cabling.
+## Where the lock current exceeds the rating of the composite cable's lock conductors, a separate lock cable shall be pulled and the reader cable shall carry only reader, REX, and DPS conductors.
+
+## Voltage Drop and Separation {toc}
+
+### Voltage drop on lock cables shall be calculated for the worst-case (longest, highest-current) opening on each power supply and the cable size shall be selected so that the lock voltage at the lock under fault-clearing or maximum-inrush current remains within the manufacturer's operating range.
+
+### The voltage drop calculation shall be documented in the submittals.
+
+### Cable separation from higher-voltage power circuits shall be maintained per NEC Article 725 and per the cable manufacturer's instructions.
+
+### Where parallel routing is unavoidable, perpendicular crossings shall be used and the minimum separation shall be maintained per code.
+
+# Cybersecurity {toc}
+
+## Access control systems shall be hardened against the categories of attack that have repeatedly compromised installed systems: default credentials, unencrypted reader-to-controller protocols, unpatched firmware, flat-network exposure, and weak credential technologies.
+
+## Network Segmentation {toc}
+
```datasheet
label: Network Segmentation
…6 unchanged lines
```
−Access control controllers, the head-end server, and any management workstations shall reside on a dedicated VLAN isolated from general user, guest, and untrusted networks. Firewall rules shall restrict the access control VLAN to the specific protocols and destinations required for operation and management. Remote access to the head-end, where permitted, shall be through an authenticated VPN or a managed gateway provided by the head-end manufacturer.
+### Access control controllers, the head-end server, and any management workstations shall reside on a dedicated VLAN isolated from general user, guest, and untrusted networks.
+### Firewall rules shall restrict the access control VLAN to the specific protocols and destinations required for operation and management.
+
+### Remote access to the head-end, where permitted, shall be through an authenticated VPN or a managed gateway provided by the head-end manufacturer.
+
+## Default Credentials and Initial Hardening {toc}
+
```datasheet
label: Default Credentials and Initial Hardening
…8 unchanged lines
```
+## Reader-to-Controller Encryption {toc}
+
```datasheet
label: Reader-to-Controller Encryption
…6 unchanged lines
```
−OSDP Secure Channel shall be enabled at commissioning using site-specific keys, not installation-mode default keys. The key management procedure shall be documented and the key custody record turned over to the Owner at substantial completion.
+### OSDP Secure Channel shall be enabled at commissioning using site-specific keys, not installation-mode default keys.
+### The key management procedure shall be documented and the key custody record turned over to the Owner at substantial completion.
+
+## Audit Log Retention {toc}
+
```datasheet
label: Audit Log Retention
…7 unchanged lines
```
−The head-end shall retain access and exception event logs for a minimum of 365 days; the Owner may extend retention per their security policy or regulatory obligation. Logs shall be exportable in a documented format for review and for archiving to long-term storage.
+### The head-end shall retain access and exception event logs for a minimum of 365 days; the Owner may extend retention per their security policy or regulatory obligation.
−# Fire Alarm Interface and Egress Release
+### Logs shall be exportable in a documented format for review and for archiving to long-term storage.
−The access control system shall interface to the fire alarm system as required by NFPA 101 and the AHJ. The interface shall release locks that must be released on fire alarm and shall do so independently of the head-end and independently of the network.
+# Fire Alarm Interface and Egress Release {toc}
```datasheet
…7 unchanged lines
```
−Locks requiring release on fire alarm — most commonly electromagnetic locks and any electrified hardware on an opening covered by NFPA 101 7.2.1.6.1 (Access-Controlled Egress Doors) or 7.2.1.6.2 (Delayed Egress) — shall release via a hardwired dry contact from the fire alarm control unit (FACU). The dry contact shall interrupt the lock power circuit through a UL 294 listed release relay or directly at the power supply. The release shall not depend on the access control head-end, the network, or any software function.
+## The access control system shall interface to the fire alarm system as required by NFPA 101 and the AHJ.
−Electric strikes and free-egress electrified lever locks generally do not require release on fire alarm because they preserve mechanical egress at all times. Where a code analysis determines that a specific opening's electric strike or electrified lever lock must release on fire alarm, the release shall be implemented in the same hardwired manner as for mag locks.
+## The interface shall release locks that must be released on fire alarm and shall do so independently of the head-end and independently of the network.
+## Locks requiring release on fire alarm — most commonly electromagnetic locks and any electrified hardware on an opening covered by NFPA 101 7.2.1.6.1 (Access-Controlled Egress Doors) or 7.2.1.6.2 (Delayed Egress) — shall release via a hardwired dry contact from the fire alarm control unit (FACU).
+
+## The dry contact shall interrupt the lock power circuit through a UL 294 listed release relay or directly at the power supply.
+
+## The release shall not depend on the access control head-end, the network, or any software function.
+
+## Where a code analysis determines that a specific opening's electric strike or electrified lever lock must release on fire alarm, the release shall be implemented in the same hardwired manner as for mag locks.
+
+## Electric strikes and free-egress electrified lever locks generally do not require release on fire alarm because they preserve mechanical egress at all times. {note}
+
+## Delayed-Egress Openings {toc}
+
```datasheet
label: Delayed-Egress Opening Configuration
…5 unchanged lines
```
−Delayed-egress hardware (NFPA 101 7.2.1.6.1) shall not be used unless the building occupancy specifically permits it (typically prohibited in Assembly and Educational occupancies), the AHJ has approved the arrangement, and the required signage, audible alarm, and 15-second (or 30-second where authorized) release time are configured per code. Where delayed egress is used, the release on fire alarm shall be immediate and shall be hardwired from the FACU.
+### Delayed-egress hardware (NFPA 101 7.2.1.6.1) shall not be used unless the building occupancy specifically permits it (typically prohibited in Assembly and Educational occupancies), the AHJ has approved the arrangement, and the required signage, audible alarm, and 15-second (or 30-second where authorized) release time are configured per code.
−The Contractor shall coordinate the fire alarm interface design with [[sync/fire-alarm-systems]] and shall confirm the release scheme with the AHJ before installation. Final acceptance of any opening with electrified locking hardware shall include a witnessed test of the fire alarm release.
+### Where delayed egress is used, the release on fire alarm shall be immediate and shall be hardwired from the FACU.
−# Software (Head-End)
+## Fire Alarm Interface Coordination {toc}
−The head-end software shall be a manufacturer-supported product currently sold and maintained, with documented update and patch cycles. The software shall provide user, credential, access privilege, time schedule, holiday schedule, door, area, and reader management; event logging and audit trail; reporting; system health monitoring and alarms; and an administrator interface with role-based access control over the administrator population.
+### The Contractor shall coordinate the fire alarm interface design with [[sync/fire-alarm-systems]] and shall confirm the release scheme with the AHJ before installation.
+### Final acceptance of any opening with electrified locking hardware shall include a witnessed test of the fire alarm release.
+
+# Software (Head-End) {toc}
+
+## The head-end software shall be a manufacturer-supported product currently sold and maintained, with documented update and patch cycles.
+
+## The software shall provide user, credential, access privilege, time schedule, holiday schedule, door, area, and reader management; event logging and audit trail; reporting; system health monitoring and alarms; and an administrator interface with role-based access control over the administrator population.
+
+## Directory and SSO Integration {toc}
+
```datasheet
label: Directory and SSO Integration
…6 unchanged lines
```
−Administrator and operator accounts shall be authenticated through the Owner's directory or identity provider where one exists, so that administrator account lifecycle (provisioning, password rotation, deprovisioning on departure) is managed centrally. Local-only administrator accounts shall be limited to a break-glass account for recovery from directory outage.
+### Administrator and operator accounts shall be authenticated through the Owner's directory or identity provider where one exists, so that administrator account lifecycle — provisioning, password rotation, and deprovisioning on departure — is managed centrally.
+### Local-only administrator accounts shall be limited to a break-glass account for recovery from directory outage.
+
+## Software Deployment {toc}
+
```datasheet
label: Software Deployment
…6 unchanged lines
```
+## Backup and Recovery {toc}
+
```datasheet
label: Backup and Recovery
…7 unchanged lines
```
−A documented backup procedure shall be in place before substantial completion. The recovery procedure shall be tested as part of acceptance: a restore from the latest backup to a separate environment shall be demonstrated to recover the full configuration, credential set, and audit log.
+### A documented backup procedure shall be in place before substantial completion.
−# User Management and Audit
+### The recovery procedure shall be tested as part of acceptance: a restore from the latest backup to a separate environment shall be demonstrated to recover the full configuration, credential set, and audit log.
−The system shall maintain a credential record for every user that includes at minimum the user's identifier, the credential type and serial, the issue and expiration date, the access privilege set assigned, and the status (active, suspended, revoked). Credentials shall expire by default at a date set per the Owner's policy and shall require an affirmative renewal action.
+# User Management and Audit {toc}
```datasheet
…9 unchanged lines
```
−Access privilege assignment shall be by role (door group + time schedule) rather than by direct enumeration of doors. A user assigned a role inherits the role's privileges, and a privilege change at the role propagates to every user with that role. Direct per-user, per-door privilege assignment shall be permitted only where the user's required access does not match any defined role and the exception is documented.
+## The system shall maintain a credential record for every user that includes at minimum the user's identifier, the credential type and serial, the issue and expiration date, the access privilege set assigned, and the status (active, suspended, revoked).
+## Credentials shall expire by default at a date set per the Owner's policy and shall require an affirmative renewal action.
+
+## Access Privilege Assignment {toc}
+
+### Access privilege assignment shall be by role (door group + time schedule) rather than by direct enumeration of doors.
+
+### A user assigned a role shall inherit the role's privileges, and a privilege change at the role shall propagate to every user with that role.
+
+### Direct per-user, per-door privilege assignment shall be permitted only where the user's required access does not match any defined role and the exception is documented.
+
+## Time and Holiday Schedules {toc}
+
```datasheet
label: Time Schedules
…8 unchanged lines
```
−Holiday schedules shall be configured to override regular time schedules on dates designated by the Owner. The holiday list shall be reviewed and updated annually by the Owner; the Contractor shall provide the procedure at substantial completion.
+### Holiday schedules shall be configured to override regular time schedules on dates designated by the Owner.
−The audit log shall record every access attempt (granted and denied), every door state event (forced open, held open, restored), every administrator action (user added, privilege changed, credential issued or revoked, lockdown initiated), and every system event (controller online/offline, AC fail, low battery, tamper). Each log entry shall include the timestamp, the originating device or operator, and the affected user or door where applicable.
+### The holiday list shall be reviewed and updated annually by the Owner; the Contractor shall provide the procedure at substantial completion.
−# Testing and Commissioning
+## Audit Log {toc}
−Acceptance testing shall be performed by the Contractor, witnessed by the Engineer or the Owner's designated representative, and documented on the project test forms. Testing shall not begin until installation is complete and the system has operated under normal conditions for a burn-in period of not less than seven calendar days.
+### The audit log shall record every access attempt (granted and denied), every door state event (forced open, held open, restored), every administrator action (user added, privilege changed, credential issued or revoked, lockdown initiated), and every system event (controller online/offline, AC fail, low battery, tamper).
+### Each log entry shall include the timestamp, the originating device or operator, and the affected user or door where applicable.
+
+# Testing and Commissioning {toc}
+
```datasheet
label: Acceptance Test Scope
…5 unchanged lines
```
−For each controlled opening, the acceptance test shall verify:
+## Acceptance testing shall be performed by the Contractor, witnessed by the Engineer or the Owner's designated representative, and documented on the project test forms.
+## Testing shall not begin until installation is complete and the system has operated under normal conditions for a burn-in period of not less than seven calendar days.
+
+## Per-Opening Acceptance Test {toc}
+
+### For each controlled opening, the acceptance test shall verify the following:
+
- Valid credential read results in lock release, door opens freely, DPS reports open, REX (if motion-based) suppresses forced-open during egress, lock re-secures on door close
- Invalid credential is denied and logged with the reason
…17 unchanged lines
```
−Test failures shall be corrected and the affected items re-tested. The acceptance test report shall record the test method, the result, and the corrective action for any failed item. The Owner's representative shall sign the report at acceptance.
+## Correction and Report {toc}
−# Installation
+### Test failures shall be corrected and the affected items re-tested.
−## Coordination and Sequencing
+### The acceptance test report shall record the test method, the result, and the corrective action for any failed item.
−Access control rough-in shall be coordinated with [[sync/doors-frames-and-hardware]] so that frame preparations, hardware mortise cutouts, electric power transfer hinges or door loops, and lock body conduits are correctly sized and located before frames and doors are delivered to the site. Late discovery of a missed frame preparation typically requires field cutting that compromises the fire rating, the finish, or the structural integrity of the frame.
+### The Owner's representative shall sign the report at acceptance.
−Cable rough-in shall be completed before finished ceilings are installed and before walls are closed. Controller cabinet and power supply locations shall be confirmed against the head-end architecture drawing before equipment is mounted.
+# Installation {toc}
−## Mounting
+## Coordination and Sequencing {toc}
−Readers shall be mounted plumb and square, at the height specified above, and secured to a backbox or to the frame with the manufacturer's hardware. Surface-mounted readers shall be installed with weatherstripping or a gasket at exterior openings to prevent water and pest intrusion.
+### Access control rough-in shall be coordinated with [[sync/doors-frames-and-hardware]] so that frame preparations, hardware mortise cutouts, electric power transfer hinges or door loops, and lock body conduits are correctly sized and located before frames and doors are delivered to the site.
−Controllers and power supplies shall be wall-mounted in lockable enclosures in secure equipment closets. Enclosure penetrations shall be made with listed cable connectors or grommets. Conduit stubs into controller enclosures shall be sealed.
+### Cable rough-in shall be completed before finished ceilings are installed and before walls are closed.
−DPS magnets and contacts shall be aligned within the manufacturer's tolerance and shall be tested for actuation at the maximum gap before the frame is finished.
+### Controller cabinet and power supply locations shall be confirmed against the head-end architecture drawing before equipment is mounted.
−## Terminations
+### Late discovery of a missed frame preparation typically requires field cutting that compromises the fire rating, the finish, or the structural integrity of the frame. {note}
−Terminations at controllers, readers, and power supplies shall be made by personnel trained in the manufacturer's wiring methods. Conductor jackets shall be stripped to the minimum length required and stranded conductors shall be terminated in approved ferrules or directly under screw terminals per the manufacturer's instructions; bare twisted strands shall not be terminated under screw terminals.
+## Mounting {toc}
−Shields on reader cables shall be terminated at the controller end only, with the shield grounded at a single point per the manufacturer's instructions. Floating both ends or grounding both ends creates ground loops that introduce noise on the OSDP line.
+### Readers shall be mounted plumb and square, at the height specified above, and secured to a backbox or to the frame with the manufacturer's hardware.
−## Protection During Construction
+### Surface-mounted readers shall be installed with weatherstripping or a gasket at exterior openings to prevent water and pest intrusion.
−Equipment installed before the building is secure shall be protected against dust, water, and physical damage by other trades. Readers installed at exterior openings before the building envelope is closed shall be temporarily covered. Energization of locks and other electrified hardware shall not occur until acceptance testing is scheduled and the system is ready for commissioning.
+### Controllers and power supplies shall be wall-mounted in lockable enclosures in secure equipment closets.
−# Training
+### Enclosure penetrations shall be made with listed cable connectors or grommets; conduit stubs into controller enclosures shall be sealed.
−The Contractor shall provide training to the Owner's designated administrators and operators before substantial completion. Training shall include:
+### DPS magnets and contacts shall be aligned within the manufacturer's tolerance and shall be tested for actuation at the maximum gap before the frame is finished.
+## Terminations {toc}
+
+### Terminations at controllers, readers, and power supplies shall be made by personnel trained in the manufacturer's wiring methods.
+
+### Conductor jackets shall be stripped to the minimum length required and stranded conductors shall be terminated in approved ferrules or directly under screw terminals per the manufacturer's instructions; bare twisted strands shall not be terminated under screw terminals.
+
+### Shields on reader cables shall be terminated at the controller end only, with the shield grounded at a single point per the manufacturer's instructions.
+
+### Floating both ends or grounding both ends creates ground loops that introduce noise on the OSDP line. {note}
+
+## Protection During Construction {toc}
+
+### Equipment installed before the building is secure shall be protected against dust, water, and physical damage by other trades.
+
+### Readers installed at exterior openings before the building envelope is closed shall be temporarily covered.
+
+### Energization of locks and other electrified hardware shall not occur until acceptance testing is scheduled and the system is ready for commissioning.
+
+# Training {toc}
+
+## The Contractor shall provide training to the Owner's designated administrators and operators before substantial completion. Training shall include the following:
+
- Head-end operation: log in, navigate the user interface, monitor real-time events, respond to alarms
- User and credential management: enroll a user, issue a credential, assign roles, modify access privileges, suspend and revoke a credential, issue and recover a lost credential
…15 unchanged lines
```
−Training shall be delivered on the installed system, not on a generic demonstration platform, so that the Owner's personnel are trained on the actual configuration, naming conventions, and door schedule of the project. Training materials shall be left with the Owner.
+### Training shall be delivered on the installed system, not on a generic demonstration platform, so that the Owner's personnel are trained on the actual configuration, naming conventions, and door schedule of the project.
−# Delivery, Storage, and Handling
+### Training materials shall be left with the Owner.
−Access control equipment shall be delivered in the manufacturer's original packaging with listing marks and serial numbers intact. Equipment shall be stored indoors in a clean, dry, conditioned space until installation. Credentials shall be stored in a locked container with controlled access; the credential inventory log shall be maintained from receipt through issuance.
+# Delivery, Storage, and Handling {toc}
−Batteries shall be stored at the manufacturer's recommended temperature and shall not be installed in equipment until commissioning is imminent. Batteries shall not be allowed to discharge below the manufacturer's storage voltage during construction.
+## Access control equipment shall be delivered in the manufacturer's original packaging with listing marks and serial numbers intact.
−# Warranty
+## Equipment shall be stored indoors in a clean, dry, conditioned space until installation.
−The Contractor shall warrant the system installation, including all wiring, terminations, programming, and integration, for a minimum of 1 year from substantial completion. Manufacturer warranties on individual products (controllers, readers, power supplies, batteries) shall be passed through to the Owner.
+## Credentials shall be stored in a locked container with controlled access; the credential inventory log shall be maintained from receipt through issuance.
+## Batteries shall be stored at the manufacturer's recommended temperature and shall not be installed in equipment until commissioning is imminent.
+
+## Batteries shall not be allowed to discharge below the manufacturer's storage voltage during construction.
+
+# Warranty {toc}
+
```datasheet
label: Installation Warranty Period
…16 unchanged lines
```
−The software maintenance term shall include firmware updates for controllers and readers, security patches for the head-end, and access to technical support. Lapsed maintenance has been the cause of unresolved vulnerabilities on installed systems; the Owner shall be advised at turnover of the renewal schedule.
+## The Contractor shall warrant the system installation, including all wiring, terminations, programming, and integration, for a minimum of 1 year from substantial completion.
−# Spare Parts
+## Manufacturer warranties on individual products (controllers, readers, power supplies, batteries) shall be passed through to the Owner.
−The Contractor shall deliver to the Owner at substantial completion the spare parts inventory below. Spare parts shall be of the same manufacturer and model as the installed equipment and shall be packaged and labeled for storage.
+## The software maintenance term shall include firmware updates for controllers and readers, security patches for the head-end, and access to technical support.
+## Lapsed maintenance has been the cause of unresolved vulnerabilities on installed systems; the Owner shall be advised at turnover of the renewal schedule. {note}
+
+# Spare Parts {toc}
+
+## The Contractor shall deliver to the Owner at substantial completion the spare parts inventory below. Spare parts shall be of the same manufacturer and model as the installed equipment and shall be packaged and labeled for storage.
+
```datasheet
label: Spare Parts Inventory
…10 unchanged lines
```
−Spare parts shall be stored by the Owner in the equipment room or designated storage area with the system documentation. The spare parts list shall be included in the closeout package.
+## Spare parts shall be stored by the Owner in the equipment room or designated storage area with the system documentation.
+
+## The spare parts list shall be included in the closeout package.