High-assurance, defense and police
High-security government, defense, and police
Minimal dependencies and maximum traceability. Mobile validation and keyless entry to the lock are not permitted. The basis is keyed access with controlled management points. Issuance is hybrid with vault processes within chain of custody. Flex is wired within security zones.
Policy in brief
-
Mobile validator: no
-
Keyless to the lock: no
-
Flex (wired): yes
-
Default issuance: hybrid
-
Integrations: often
-
Publication: no units, locations, or security details
Context and assets
Access is segmented into zones with strict governance. Processes are formal. Logging and separation of management are fundamental principles. Configuration must remain predictable despite limitations in devices and networks.
Recommended setup
Rights-based access with the key as the core
Mechatronic cylinders and padlocks for offline access without keyless dependencies.
Controlled management points
Controlled management points
Synchronization only via controlled points within allowed zones. No mobile validation in the process.
Hybrid issuance
Critical zones: vault-driven issuance with traceable issuance and return.
Other zones: key-to-person control where policy permits, with strict expirations and exception management.
Flex (wired)
Flex for wired I/O and internal process couplings within policy.
Software and hosting
CAW Enterprise as the management base. On-prem where hosting policy requires logging or IT governance requires it. EU-hosted dedicated only if explicitly permitted.
Pitfalls within the sector
Rights
Expanding exemption rights without restructuring
Zones
Sharing technical details about zones or measures with the public
Process design
Basing process design on speed rather than governance