Standard Guide for Credentialing for Access to an Incident or Event Site

SIGNIFICANCE AND USE
4.1 There is currently no way to ensure consistency among all entities across the nation for access to an incident or event scene. This guide is intended to enable consistency in credentials with respect to verification of identity, qualifications, and deployment authorization (NIMS 0002).  
4.2 This guide is intended to be used by any entity that manages and controls access to an incident scene to facilitate interoperability and ensure consistency.
SCOPE
1.1 The focus of this guide is on the development of guidelines for credentialing for access. The guide addresses the fundamental terms, criteria, references, definitions, and process model for implementation of credentialing or a credentialing program.  
1.2 This guide explains and identifies actions and processes that can provide the foundation for consistent use and interoperability of credentialing for all entities.  
1.3 This guide describes the activities involved in creating a credentialing framework, which may include a physical badge; however, it does not define the knowledge, skills, or abilities required to gain access to a site or event. This guide does not address a requirement for a physical badge as a prerequisite for a credential. A badge may be an accepted credential across jurisdictional lines and other credentials may be issues by the AHJ at the scene.  
1.4 This guide reinforces the importance of controlling access to a site by individuals with the proper identification, qualification, and authorization, which supports effective management of deployed resources.  
1.5 This guide relies on the existing rules, regulations, laws, and policies of the AHJ. Regulations identifying personal and private information as public record may differ from a responder’s home jurisdiction.  
1.6 This guide utilizes the principles of the Data Management Association Guide to the Data Management Body of Knowledge (DAMA-DMBOK) in order to effectively control data and information assets and does not prescribe the use of technology-based solutions.  
1.7 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.8 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

General Information

Status
Published
Publication Date
14-Jun-2021
Current Stage
Ref Project

Buy Standard

Guide
ASTM E2842-14(2021) - Standard Guide for Credentialing for Access to an Incident or Event Site
English language
17 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the
Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.
Designation: E2842 − 14 (Reapproved 2021)
Standard Guide for
Credentialing for Access to an Incident or Event Site
This standard is issued under the fixed designation E2842; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (´) indicates an editorial change since the last revision or reapproval.
INTRODUCTION
The purpose of the Standard Guide for Credentialing for Access to an Incident or Event Site
(hereafter the guide) is to assist in the credentialing of personnel and the associated activities, which
allows for access to an incident or event site by State, Tribal, local, private sector, and
nongovernmental organizations (NGOs). The credentials allowing scene access should be a verifica-
tion of identity and (by the authority having jurisdiction [AHJ]) that the appropriate training,
experience, and qualifications are in place. This guide does not provide any specifications regarding
qualifications or training required for said credentials. However, it is recognized that credentialing is
a part of resource management and that a credentialed individual is a specified resource.
1. Scope privateinformationaspublicrecordmaydifferfromarespond-
er’s home jurisdiction.
1.1 The focus of this guide is on the development of
1.6 This guide utilizes the principles of the Data Manage-
guidelines for credentialing for access.The guide addresses the
ment Association Guide to the Data Management Body of
fundamentalterms,criteria,references,definitions,andprocess
Knowledge (DAMA-DMBOK) in order to effectively control
model for implementation of credentialing or a credentialing
data and information assets and does not prescribe the use of
program.
technology-based solutions.
1.2 This guide explains and identifies actions and processes
1.7 This standard does not purport to address all of the
that can provide the foundation for consistent use and interop-
safety concerns, if any, associated with its use. It is the
erability of credentialing for all entities.
responsibility of the user of this standard to establish appro-
1.3 This guide describes the activities involved in creating a
priate safety, health, and environmental practices and deter-
credentialing framework, which may include a physical badge;
mine the applicability of regulatory limitations prior to use.
however, it does not define the knowledge, skills, or abilities
1.8 This international standard was developed in accor-
required to gain access to a site or event. This guide does not
dance with internationally recognized principles on standard-
address a requirement for a physical badge as a prerequisite for
ization established in the Decision on Principles for the
a credential. A badge may be an accepted credential across
Development of International Standards, Guides and Recom-
jurisdictional lines and other credentials may be issues by the
mendations issued by the World Trade Organization Technical
AHJ at the scene.
Barriers to Trade (TBT) Committee.
1.4 This guide reinforces the importance of controlling
2. Referenced Documents
access to a site by individuals with the proper identification,
2.1 DAMA International:
qualification, and authorization, which supports effective man-
The DAMA Guide to the Data Management Body of
agement of deployed resources.
Knowledge 2009
1.5 This guide relies on the existing rules, regulations, laws,
2.2 Federal Emergency Management Agency:
and policies of the AHJ. Regulations identifying personal and
Guideline for the Credentialing of Personnel July 2011
National Response Framework January 2008
NIMS Guide 0002 National Credentialing Definition and
This guide is under the jurisdiction of ASTM Committee E54 on Homeland Criteria, March 27, 2007
Security Applications and is the direct responsibility of Subcommittee E54.02 on
Emergency Preparedness, Training, and Procedures.
Current edition approved June 15, 2021. Published July 2021. Originally Available from DAMA international, http://www.dama.org/i4a/pages/
approved in 2014. Last previous edition approved in 2014 as E2842 – 14. DOI: Index.cfm?pageid=3364.
10.1520/E2842-14R21. Available from http://www.fema.gov/pdf/emergency/nrf/nrf-core.pdf.
2 5
As defined in National Incident Management System (NIMS) 2008. Available from http://www.fema.gov/pdf/emergency/nims/ng_0002.pdf.
Copyright © ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United States
E2842 − 14 (2021)
NIMS Guideline for the Credentialing of Personnel July 3.2.9 incident—an occurrence, natural or man-made, that
2011 requires a response to protect life or property. (NIMS 2008)
2.3 Department of Homeland Security:
3.2.10 issuer—theorganizationthatisissuingacredentialto
NIMS December, 2008
an applicant. Typically, this is an organization for which the
Homeland Security Presidential Directive (HSPD)
applicant is working. (FIPS 201)
12 Policy for a Common Identification Standard for
3.2.11 National Incident Management System (NIMS)—a
Federal Employees and Contractors, August 27, 2004
set of principles that provides a systematic, proactive approach
2.4 NIST Standard:
guiding government agencies at all levels, the private sector,
FIPS 201 Personal Identification Verification (PIV) of Fed-
and NGOs to work seamlessly to prepare for, prevent, respond
eral Employees and Contractors and Associated Special
to, recover from, and mitigate the effects of incidents, regard-
Publications (SPs), March 2011
less of cause, size, location, or complexity, in order to reduce
2.5 NFPA Standard:
the loss of life or property and harm to the environment.
NFPA 1600 Standard on Disaster/Emergency Management
(NIMS 2008)
and Business Continuity Programs, NFPA 2007
3.2.12 Non-Governmental Organization (NGO)—an entity
NOTE 1—Further information on these subjects can be found in
with an association that is based on the interests of its
Appendix X1.
members, individuals, or institutions. It is not created by
government, but it may work cooperatively with government.
3. Terminology
Such organizations serve a public purpose, not a private
3.1 The following definitions are intended for use in this
benefit. Examples of NGOs include faith-based charity orga-
guide.
nizations or organizations such as the American Red Cross.
3.2 Definitions: (NIMS 2008, NFR)
3.2.1 affıliation—the association of a non-credentialed indi-
3.2.13 scene—the geographical area(s) of an incident with
vidual or group of individuals under the supervision of an
boundaries and access points. There may be multiple levels of
AHJ-compliant credentialed responder for the purpose of
a scene that may require multiple access points based upon
gaining access to accomplish a specific incident or event
security, risk, or other factors as defined by the AHJ where
mission.
different levels of credentialing may be assigned.
3.2.2 applicant—an individual applying for a credential.
3.2.14 sponsor—individual or entity endorsing the applicant
3.2.3 attribute—a qualification, certification, authorization, to receive the credentials.
or privilege of the credential holder.
4. Significance and Use
3.2.4 Authority Having Jurisdiction (AHJ)—the
organization, office, or individual responsible for enforcing the
4.1 There is currently no way to ensure consistency among
requirements of a code or standard or approving equipment,
all entities across the nation for access to an incident or event
materials, an installation, or a procedure. (NFPA 1600)
scene. This guide is intended to enable consistency in creden-
3.2.5 credential—a credential is an attestation of the tials with respect to verification of identity, qualifications, and
deployment authorization (NIMS 0002).
identity, qualification, and authorization of an individual to
allow access to an incident or event site.
4.2 This guide is intended to be used by any entity that
3.2.6 credentialing—the administrative process for validat-
manages and controls access to an incident scene to facilitate
ing the qualifications of personnel and assessing their
interoperability and ensure consistency.
background, for authorization and permitting/granting access
to an incident (site or event). (NIMS Guide 0002)
5. A Framework for the Credentialing of Personnel
3.2.7 event—a planned occurrence or large-scale gathering
5.1 The framework is built upon credentialing principles
that requires planning, coordination, and support from the
andelementswithanapproachthatshouldbeestablishedasthe
emergency management community, such as a National Spe-
initialstepsofcredentialingactivities.Thefollowingprinciples
cial Security Event (NSSE) or the Superbowl.
are recommended for consideration:
3.2.8 entity—a governmental agency or jurisdiction, private 5.1.1 Standards Based—Consistent with applicable national
or public company, partnership, nonprofit organization, or standards or industry-accepted best practices.
other organization that has disaster/emergency management 5.1.2 Interoperability—Ability of systems, personnel, (stan-
and continuity of operations responsibilities. (NFPA 1600)
dards) and equipment to provide and receive functionality,
data, information, or services, or combinations thereof, to and
from other systems, personnel, and equipment among both
Available from http://www.fema.gov/pdf/emergency/nims/NIMS_core.pdf.
public and private agencies, departments, and other organiza-
AvailablefromU.S.GovernmentPrintingOfficeSuperintendentofDocuments,
tions in a manner enabling them to operate effectively together
732 N. Capitol St., NW, Mail Stop: SDE, Washington, DC 20401, http://
www.access.gpo.gov.
(NIMS 2008).
Available from National Institute of Standards and Technology (NIST), 100
5.1.3 Trust—Confidence in the identity and qualifications of
Bureau Dr., Stop 1070, Gaithersburg, MD 20899-1070, http://www.nist.gov.
the individual, and confidence in the manner in which the
Available from National Fire Protection Association (NFPA), 1 Batterymarch
Park, Quincy, MA 02169-7471, http://www.nfpa.org/assets/files/dpf/nfpa1600.pdf. credentials are validated at the scene.
E2842 − 14 (2021)
5.1.4 Physical and Cyber Security—Use of best practices to (14) Qualification Information,
protect the physical credential and associated data. Refer to the (15) Authorization Information (to deploy),
Data Security Management section of Appendix X3 for more (16) Signature,
information. (17) Agency-specific Text Area,
(18) Rank,
5.1.5 Privacy—To protect an individual’s private informa-
(19) PDF Bar Code,
tion in accordance with applicable laws; for example, name,
(20) Color Coding for Employee Affiliation,
social security number, biometric records, medical records, or
tribal enrollment. (21) Photo Border for Employee Affiliation,
(22) Agency-specific Data,
5.1.6 Transparency—Policies are implemented in an open
(23) Magnetic Strip,
and understandable manner.
(24) Return to “If Lost” Language,
5.1.7 Sustainability and Portability—Capacity to maintain
(25) Physical Characteristics of Cardholder,
credentialing activities and to remain effective when the AHJ
(26) Additional Language for Emergency Responder
or the overall authority, or both, changes.
Officials,
5.2 Credentialing Program Elements—The following cre-
(27) Standard Section 499, Title 18 Language,
dentialing program elements are recommended building blocks
(28) Linear 3 of 9 Bar Code, and
for a credentialing framework: planning, funding,
(29) Agency-specific Text.
implementation, agreements, information management, train-
Depending upon the credentialing solution based on the
ing and exercises, and audit process. For more information,
entity’s credentialing plan, there may be specific requirements
refer to Appendix X4 – Sample Credentialing Plan Template.
for data or placement. Refer to Appendix X2 for example
5.2.1 Planning—Planning should consider the jurisdiction’s
credentials.
strategy for credentialing as well as development of plans to
5.2.4 Distribution—This should include ways of maintain-
address goals, objectives, and business rules. Planning should
ing control of credentials while distributing to the appropriate
also establish roles and responsibilities and address the imple-
parties or responders. This process shall also account for lost,
mentation process and supporting procedures.
stolen, or revoked credentials, or combinations thereof.
5.2.2 Business Rules—The AHJ should detail how creden-
5.2.5 Timelines/Schedules—These elements should detail
tials will be granted, including to whom and through what
any phased approach for implementation or maintenance of the
authorization process. Rules must include a provision and plan
credentialing program.
to ensure private information is protected through the adher-
5.2.6 Needs Assessment—The needs assessment identifies
ence to privacy laws and policies, information management,
and validates the target audience and requirements for the
and protection processes. Business rules should include a
credentialingplanandprocess,includingidentificationofthose
process for verification of a person’s identification, verification
with a potential need for access, numbers and types of
of attributes, and deployment authorization. Business rules
individuals in a given skill area, and the status of extant
should also be in place for access permissions (from least
credentials in that area.
secure to most secure) at incident scenes requiring varying
security perimeters. Additionally, rules should include a pro- 5.2.7 Plans and Procedures—The credentialing plan should
cessforappealandreciprocityacrossjurisdictionalboundaries. include:
5.2.3 Credential Elements—Credentials can be anything
5.2.7.1 Purpose—Describe the reasoning for the develop-
used to identify that a person’s identity, qualifications, and ment of a credentialing plan.
authorization have been validated, for example badges, arm
5.2.7.2 Scope—Applicability of the plan, the items for
bands, vest, clothing, index cards, or any combination of
inclusion, and the intended audience.
mechanisms. The following is a list of elements that may be
5.2.7.3 Definitions—Specific definitions for key words used
consideredtodeveloptoverifyidentification,qualification,and
in the plan.
authorization information:
5.2.7.4 Authorities—Applicable legislation, regulations,
(1) Photograph,
directives, or policies, or combinations thereof, to create and
(2) Name (Last, First, Middle Initial),
implement the credentialing plan. For more detailed informa-
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.