CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO.

849

PARTICULAR SPECIFICATIONS

S Parameter Specifications - Min. Description

No.
3. Processor Min. One or Two as required to meet the Application Requirements
of Intel Xeon or AMD latest processors, up to 20 cores/processor @
2.5 Ghz base freq. or equivalent or better

5. Memory Minimum 64 GB, scalable to 256GB

6. Disks supported Front drive bays: Up to 10 x 2.5” SAS/SATA (HDD/SSD) with up to 2
NVMe SSD or higher.

7. RAID Controller 12Gbps PCIe 3.0 with RAID 1, 5, 10, 50 with 4 GB / 8 GB Cache
Memory on single / Multiple controllers.

8. Disks configured 3x 600GB 15K RPM SAS drives or higher.

9. 1G Networking 2 x 1 Gbps Copper Ethernet ports

features
10. 10G Networking 2 x 10G Copper Ethernet ports slots option shall be available for
features upgrade

11. Certified for OS Windows Server 2016 or higher, VMWare vSphere, vCenter, Red
Hat Enterprise Linux, SUSE Linux Enterprise Server or as per
Application OEM sizing & solution requirements (Bidder must submit
details of compliance & technical specifications)

12. Power Supply Redundant Power Supply

13. Management Support for integration with Microsoft System Center, VMware
integration vCenter, BMC Software
14. Power & temperature Real-time power meter, thresholds, alerts & capping with historical
power counters. Temperature monitoring

15. Pre-failure alert Should provide predictive failure monitoring & proactive alerts of
actual or impending component failure for fan, power supply,
memory, CPU, RAID, NIC, HDD

16. Configuration & Latest & OEM specific meeting Application requirements; agent free
Management monitoring; RAID & storage management; auto configurations; etc.

17. LED / LCD panel Should display system ID, status information and system error code
followed by descriptive text on LED Indicator / LCD Panel.

18. HTML5 support HTML5 support for virtual console & virtual media without using Java
or ActiveX plugins

19 GPU (Specific for GPU Support - The hardware must come in-built with minimum 2/3
Server based Ais and no of GPUs from NVDIA or Intel or equivalent with the capability to
FRS Application Only. support minimum 4 GPUs' per hardware
Not for ANPR & other
Applications)
20 Server security Hardware root of trust; digitally signed firmware & updates; secure
passwords
21 Warranty As mentioned in RFP.

INTEGRATED ACCESS CONTROL SYSTEM:

ACCESS CONTROL SYSTEM CONTROLLER –

IP BASED INTELLIGENT MODULAR ACCESS CONTROLLER

CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 850

PARTICULAR SPECIFICATIONS

Sr. Description
No.
1 The Access Modular Controller (AMC) shall conform, but not limited to the following
requirements and directives:
a. FCC
b. CE
c. UL294
2 All types of IP Based Access Controller must support & confirm/compliant to below
standards &/or protocols to safe guard against any cyber-attacks; data theft; malware;
spying -
Authenticated MAC-ID
Digitally Signed Firmware
OSDP & Weigand,
SNMP, SSL , TLS1.2,
AES256,
UL294
IPV4; IPV6
FIPS mode
Crypto memory encryption
Password protection & secured User Logs,
IP address filtering,
HTTPS encryption,
GDPR Compliant
PSIA
SNMPv3/v2c
FICAM PACS Infrastructure APL Listed
Non Hi Silicon Processor / Chipsets /PCBs
3 The AMC shall be of modular design with a download software built-in so that the application
program can be easily changed and downloaded without the physically touching the
controller itself.
3 The AMC hardware design shall be of standard 19" rack and/or wall mountable and/or rail
mountable for installation in enclosure.
4 The connection from the AMC to the AS server running the management software shall
preferably by Ethernet 100 Base T and/or RS-485.

5 The AMC shall have a web interface for doing network and configurational setting and below
information should be displayed on controller web or AS GUI, display to show all its network
parameters and actual status like:

a. IP address of the controller

b. MAC address of the controller
c. DHCP on/off
d. Status of all the inputs connected to it,
e. Status of all the outputs connected to it,
f. Online and Offline status of the controller
g. Firmware version
h. Date and Time - A real time clock (RTC) that will adjust itself to leap year computations
automatically.
6 The AMC shall support and include a standard Compact Flash (CF) memory card for storing
cardholder data and access events. Controller CF should support min 200,000 card holders
and 50,000 offline buffers. Controller shall have min 16MB RAM and 16MB Flash.
7 The AMC memory shall under no circumstance lose a single, not even the last transaction
when power fails. Shall support push firmware
8 The AMC and all devices connected to it shall continue to operate and control access in off-
line mode, even if the computer network fails.
9 The AMC memory shall store database that has a capacity with a minimum of 200,000
cardholders each having a programmable 19digits (personal Identification Number) PIN
codes.
10 The Access Controller & Access Control Software/Application suit shall be from one single
OEM to maintain end to encryption for data security, privacy & integrity.
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 851

PARTICULAR SPECIFICATIONS

Sr. Description
No.
11 The AMC provided shall support on board 02 or 04 readers and connectivity of up to 64
standards Wiegand; secure OSDP interface readers through reader interface modules. 32
reader interface modules over RS 485 where each interface module can support max up to 2
Wiegand or RS 485 or OSDP readers.

12 The AMC provided shall support min 8 (Eight) different card formats with 8 different facility
codes simultaneously.
The AMC shall support long custom card formats up to 128 bit long and card no up to 64 bit
long to provide the additional security and unique card number as minimum but not limited to
the following card formats:
Wiegand 26 bit, 32bit, 35-bit, 36 Bit, 37 bit, 40 bit, 56 bit, 64 bit and 128 bit.

13 The AMC Shall support min 255 Access Levels & 255 Times Zones.
14 The AMC shall provide programmable I/Os 08/04 on board, and shall be expandable to I/O
512/544, using I/O extensions modules.
15 The AMC shall support 256-bit AES data encryption between controller to AS server over
TCP/IP. Master keys shall be downloaded to the AMC, which shall then be authenticated
through the AS based on a successful match. The proposed Controller shall conform to
IPV4; IPV6; DHCP; DNS; SSL; TLS1.2; NAC-802.1x.

16 All inputs provided shall be configurable to provide 2- or 4- status selectable, via End-Of-line
(EOL) resistors, namely:
a. Input Closed
b. Input Opened
c. Input Shorted (provided in 4-status mode)
d. Input Tamper (Cable cut, provided in 4-status mode)
17 EOL resistor's values shall be flexible selectable in the AS management software during
configuration.
18 UPS shall be provided to continually supply power to the AMC and readers for a minimum of
2-hours, in the event of power failure.
19 The AMC shall generate a transaction record and save them in the memory for every alarm,
they include:
a. Time/date of occurrence and restoration.
b. Location of alarm sensors.
20 Users shall be able to use the web client to print badges via the personnel profile in the web
client and will also no longer be required resize the print dialog box

21 Users shall be able to define filter criteria in the search text box and have the correct filter
results returned.
22 Shall allow both the web and thick clients to show all clearance codes.
23 Shall allow to use all badge holders to have a valid photo showing in the left pane of the web
client
24 The Controller must support Integrations for -
Regional I/O shares I/O status
Wireless locks
Map Power Supply Alarms and Events using PSIA
Reader firmware and configuration download
Supports 1 total RS-485 I/O protocol
Regional IO shares IO states amongst multiple controllers
Relay count activations
Interoperability with older host software using Legacy Mode feature
Synchronize time using NTP
25 The Controller must support the below Card Reader Functions
1. Multiple card format support by reader
2. Paired reader support
3. Alternate reader support
4. Elevator support
5. Turnstile support
6. Biometric device support
7. Open Supervised Device Protocol (OSDP) and OSDP SC compliant
8. Occupancy count
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 852

PARTICULAR SPECIFICATIONS

Sr. Description
No.
9. Support of multi-occupancy rules
10. Anti-pass-back support
i. Area-based, reader-based, or time based
ii. Nested area, hard, soft, or timed forgiveness
11. Supports host-based approval rules
12. Keypad support with programmable user commands, card input
13. Shunt relay support
14. Strike follower relay support
15. Threat level and Operating Modes
16. Host controlled OSDP reader pass-through
17. Elevator floor override
26 The proposed IP ACS SYSTEM CONTROLLER & ACS SYETM SOFTWARE must be single
OEM only for seamless synchronization of personnel data & security.

27 The Power Supply Unit shall meet the below criteria -

• 120/230VAC – 12V/4A.
• Built in Fire Alarm disconnect on a per output basis (2 Outputs)
• Low battery cutoff protects batteries from deep discharge
• Dedicated fast charger prolongs battery life
• Enhanced surge immunity for input/output protection
• Dual outputs main and auxiliary
28 Make in China or Origin of China is not allowed
Make in China &/or components; SOC or any such critical deemed fit by TEC being sourced
from restricted counties shall not be allowed
29 The proposed Controller shall be calibrated to suit to PoE requirements by meeting the
minimum requirements of having 02 no of Wiegend; OSDP support under each of the PoE
Controller capable to expanded up to 32 readers support on OSDP &/or Weigend interface
for a full fledged PoE Controller. Multiple configuration of 2/4/8/12/16 Readers OSDP &/or
Weigend support interfaces PoE enabled Controllers can be defined. The minimum I/O
support against each of the PoE Controller shall be 2/2 and maximum shall be 290 /290.
30 The full fledged 32 Reader PoE Controller comprising of the on-field modules shall have
minimum on-board 98 /6 - Inputs /Outputs support

FINGERPRINT RECOGNITION DEVICE:

Sl. Parameters Features Description
No
1 Optical Sensor Biometric In-built with application; High-precision OP5 optical
sensor
Certification Standards CE, FCC, BIS, RoHS, REACH, WEEE, UL 294
Compliance
2 RFID ACS Protocols 125kHz EM, HID Prox & 13.56MHz MIFARE,
MIFARE Plus, DESFire EV1/EV2*, FeliCa, iCLASS
SE/SR/Seos, NFC, 2.4GHz BL
3 Mobile Card NFC, BLE
4 Protection Ingress Protection IP67; IK09
5 Fingerprint Live Fingerprint Yes
Detection
Users (1:1) 500,000

Users (1: N) 100000

6 Capacity Max. Finger Two templates per finger

Enrollment per
Finger
Max. Finger 10,00,000 (1:1), 200,000(1: N)
Enrollment
Text Log 10,00,000
CPU 1.2 GHz Dual Core or better
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 853

PARTICULAR SPECIFICATIONS

Sl. Parameters Features Description

No
Memory Minimum 2GB Flash + 128 MB RAM
8 Construction LED Type Multi-colour
Sound Buzzer
Operating -20°C ~ 50°C; 80% RHNC
Environment
Tamper Detection In-built
Ethernet 10/100 Mbps
9 On-board RS-485 1Ch ; , OSDP V2.1.6
Interface Wiegand 1ch I/O
TTL Input 2ch Inputs
Relay 1 Relay
PoE IEEE 802.3af compliant
Power Supply Voltage: DC 12V ~ DC 24V; 500-700 mA

INTEGRATED FACIAL RECOGNITION DEVICE

Sl. Parameters Features Description

No
1 T&A Time & Attendance In-built with application

2 RFID ACS Protocols 125kHz EM & 13.56MHz MIFARE, MIFARE Plus,

DESFire EV1/EV2, FeliCa; FBI PIV and FBI Mobile
ID FAP20
3 Mobile Card NFC, BLE
4 Protection Ingress Protection IP65
5 Face Live Face Yes
Detection
Template ISO19794-2, ANSI-378
Extractor / Matcher MINEX certified and compliant
6 Fingerprint Live Fingerprint Yes
Detection
Users (1:1) 100,000

Users (1: N) Face: 50,000

Fingerprint: 100,000
Card: 100,000
7 Capacity Max. Face 2
Enrollment per
User
Max. Finger 10
Enrollment per
User
Text Log 5,000,000
Image Log 50,000
CPU 1.8 GHz Dual Core or better
Memory 16GB Flash + 2GB RAM
8 Construction LCD Type 7” IPS color LCD
LCD Resolution 800 x 1280 pixels
Sound 16bit
Operating -20°C ~ 50°C; 80% RHNC
Environment
Tamper Detection In-built
Ethernet 10/100 Mbps
9 On-board RS-485 1Ch
Interface Wiegand 1ch I/O
TTL Input 2ch Inputs
Relay 1 Relay
USB USB 2.0
Power Supply Voltage: DC 12V ~ DC 24V; 2.5 A
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 854

PARTICULAR SPECIFICATIONS

GUARD TOUR SYSTEM

Sl. No Item Description

1 Guard Tour System

The proposed guard tour system shall facilitate to create a facility walk-through that is
defined by a series of reader checkpoints. The cardholder, or guard, walks through the
facility and presents his card at predefined readers within time windows. Failure to arrive at
a checkpoint within the window generates notification to those who must respond. Each of
the Guard Tour events shall be identified by the icon linked to each field with multiple
options to define the event –
• Normal waiting – guard remains within the normal waiting period.
• Late Waiting – guard has not arrived at the checkpoint during the allotted time.
• Arrived on time – guard arrives at the checkpoint at the configured time.
• Arrived early – guard arrives at the checkpoint before the defined time.
• Arrived late – guard arrives at the checkpoint after the defined time.
• Never arrived – guard never arrives at the checkpoint.
2 The proposed system shall allow to select and expand the Guard Tours’ subdirectory
comprising a detailed list of Guard Tours allowing the operator to select the Guard Tour he
/ she wants to initiate through a Guard Tour dialog box containing a list of cards that are
applicable to participate in Guard Tours or defined or customized.
3 The proposed Guard Tour System shall allow to monitor & manage specific details
including:
• Card Number – card number of the cardholder or guard.
• Start Time – start time of the Guard Tour.
• End Time – end time of the guard tour. This information does not appear until the guard
tour ends. The guard tour may end by two methods, by right clicking the guard tour from
the Hardware Configuration tree view and selecting Stop Guard Tour, or by the guard
completing the guard tour.
• Earliest Arrival Time – earliest time the guard may arrive at the checkpoint, as set by the
tolerance, before an alarm is reported.
• Latest Arrival Time – latest time the guard may arrive at the checkpoint, as set by
tolerance, before an alarm is reported.
• Arrived Time – actual arrival time of the guard at each checkpoint. This information is
displayed once the guard presents the card at the reader.
• Current Status – status of the checkpoint. This information changes as the guard tour
progresses. The system shall allow configuring Hardware Templates in line with Guard
Tour requirements online &/or remotely enabling to edit a guard tour from within Hardware
Configuration.
4 Guard Tour Functions –
The proposed system shall allow to define & access Guard Tour functions in tree list/ tree
view, including the selection and expanding of the Guard Tours’ subdirectory in the
Hardware Configuration tree view.
The proposed system shall allow to add; create a New Guard Tour(s); delete a current
guard tour; viewing dependencies of a Guard Tour; edit a current guard tour as per defined
privileges; display the names of all resources that depend upon the guard tour; copy a
guard tour and insert the copy’s icon in the Guard Tour including changes allowed for the
way the icons are displayed or customized in alarm window.
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 855

PARTICULAR SPECIFICATIONS

5 Guard Tour Sequencing –

The proposed Guard Tour System shall allow the define or configure the Guard Tours
sequencing or customized as per below –
1. Enter a description (or edit the current description) that identifies the guard tour in the
description field.
2. Add a logical device to the guard tour from the list of logical Device Details dialog box/
window / tree.
3. Enter a sequence from the Sequence drop-down box. The sequence number specifies
the order in which the device is visited during the tour. For example, sequence 1 means
the device is visited first, sequence 2 means the device is visited second, and so on.
4. Choices of the buttons next to the Logical Device field, shall be available for selection
and there by defining, to select the device(s) for the tour in the logical devices dialog box
appears.
5. Enter the time required for the guard to reach the logical device from the previous
device checkpoint. The time does not require to be exact or absolute, but a range of time
or time period can be allocated with options of criticality linked to it. need to be exact. In
the next steps, the user can specify plus and minus tolerances.
6. Enter a plus tolerance in minutes. This is the number of minutes by which the guard can
exceed the time you specified in the “Time Required to Reach,” field in the previous step. If
the guard exceeds the tolerance number you enter here, someone is notified.
7. Enter a minus tolerance in minutes. This is the number of minutes by which the guard
can precede the time you specified in the “Time Required to Reach,” field. If the guard
arrives at the device earlier than the minus tolerance, someone is notified.
8. The system must provide to select or Click or OK at the Logical Device Details dialog
box. The device appears in the Add/Edit Guard Tours dialog box as a guard checkpoint
6 Integrations; Interoperability & Scalability
The proposed Guard Tour System &/or module or application shall be able to seamlessly
integrate with proposed unified Access System; integrated Duress Alarm System & PA
System for unified single GUI for alarms; events & SOPs.
The proposed Guard Tour System &/or module or application shall be compliant with OBIX
&/or SOAP; Niagara Framework of open comprehensive software infrastructure for device-
to-enterprise applications.

INTEGRATED ACCESS CONTROL SYSTEM (IACS)

SL. Minimum Specifications

No.
A IACS system data resilience
1 Server support including Windows® Server 2012/2016/2019, Windows 10 (32-bit and 64-
bit), SQL Server 2012/ 2014/ 2016/2019
The proposed System must be available to support a minimum of 32 readers; 1no each of
the server license, concurrent user license; badging licenses. The System if require can be
upgraded to un-restricted no of reader licenses; concurrent badging & client licenses.

The system shall be capable to send failover alarms to other integrated systems via Web
API/SOAP; OBIX protocol.
2 IACS must have inbuilt module if a workstation fail, other workstations shall be able to take
over operational roles. The operator shall be notified if the IACS workstation becomes off-
line to system server. The system shall escalate important alarms on other workstations
automatically when not acknowledged within the set time.

3 Operational User login requirements

a) All software applications must be run from the toolbar, which may be accessed only by
logging in using a predefined username and password.

b) Swipe to Login feature. Using this feature, the workstations can be configured so that the
user must swipe their ID card and enter a password before gaining access to any
applications.
c) System administrator tools to restrict login access to the system data via workstation and
web browser, must be highly configurable.
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 856

PARTICULAR SPECIFICATIONS

d) Unlimited system usernames shall be supported and each user name shall have a user
selected password.
e) Password expiry, minimum password length, and at least one number and one character
can be enforced.
f) User configurable timeout or dead man feature must automatically close all applications
and log the user out.
4 Single Sign On (SSO)
a) The system must support integration Windows Single Sign On via Microsoft Active
Directory and Lightweight Directory Access Protocol (LDAP) with Kerberos Key Distribution,
thus allowing a single action of user authentication and authorization to permit a user
access to the system workstation software.

b) Single Sign On must remove the need to enter multiple passwords when logging on to
the system via a client PC.
c) Access to the system software must be granted to users after using their Windows login
credentials.
d) Single Sign On must support both the client workstation software

5 The system shall include an application to enable the system administrator or IACS
supervisors to allow or disallow workstation operators from accessing certain system
applications. The following features must be provided: -

a) Workstation user option configuration will provide at least five authorisation levels.

b) In addition to authorisation levels, application checkpoints and field checkpoints will

provide the system administrator a great level of flexibility when configuring workstation
operator data access. Systems with a factory set (or non-user configurable) system data
access permissions will not be considered.

c) Application user checkpoints must include read only permission, add, edit or delete
permissions one or more authorisation level.

d) Application field checkpoints must restrict individual field data access within an
application, option shall include: - hide, display and/or edit for one or more authorisation
level.
e) Company restriction shall be supported, thus details on Personnel belonging to one or
more Companies in the system can be hidden from the operator

6 IACS Server Software

a The IACS central server must be compliant to either Linux 64bit OS or Windows 64bit OS
and shall use Oracle /SQL / MYSQL / PostgreSQL/ IBM Informix/Sybase latest database
engine.
b The database character set standard shall be open to OS' and all browsers.

c The IACS Central Database Server will carry out the following core tasks: -

d Record cardholder personal and access information.

e Control card verification for the recording of cards on the system.
f Control data flow to the Ethernet Reader Controllers - card and configuration information.

g Provide automatic updates of Ethernet Reader Controllers and field device changes, so that
the system is continually updated.
h Provide alarm and status information in real-time to client workstations in use for system
monitoring.
i Pass alarms to an integrated email over SMTP for a text messaging service to user defined
recipients or as per set privileges.
j Issue broadcast messages to the Ethernet Reader Controllers.
k System must include Integrated software capable to back up the system to stored files or
removable media and restore that system data. Systems requiring separate backup and
restore software shall not be considered.

l Backup data shall include transaction and alarm data, database audit files etc.

m Backup of system configuration updates

n The backup software shall notify the monitoring software of backup status alarms.
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 857

PARTICULAR SPECIFICATIONS

o Backup failure and other critical system alarms shall be notified to any user via the
workstation user application menu, as an onscreen warning message.

p The central IACS server shall maintain a full audit log of every change made to the
database.
q This log will consist of the “before and after” details of any database changes, when they
were made and the user name of the person who logged into the toolbar to make those
changes.
r MS SQL based database will be stored in flat files on hard disk and will not be removed
unless it has reached a user defined age limit, e.g. default of five years.

s SQL search tool will be provided to allow the user to examine these files.

t ACS system resilience can be defined as the ability of the system to deal with the
malfunction of any component. Should any device fail other connected devices will
continue to operate independently or in offline mode. The monitoring system shall be
alerted.
u The IACS system shall feature Integrated hot-standby software. The software shall support
automatic hardware failover, manual hardware failover as well as manage real-time data
replication between the primary and secondary servers.

7 System software interface tools

a The system shall provide a number of Integrated software development tools.

b Application Programming Interface (API)

a) The system API provides a way to interface a 3 rd party system.
The API as a minimum shall enable application developers to:-
· Create, Edit, and Delete cardholder information, including
photographic image and signature
· Create, Edit, and Delete visitor card information
· Create, Edit, and Delete vehicle card information
· Acknowledge and Cancel alarms
· Remotely open access control doors (either based on configured
door open time or extended opening)
· Remotely switch outputs on field devices
c b) Usage of the API should be via Stored Procedure Language (SPL) allowing 3 rd party
application developers to connect to the system database using ODBC or JDBC to execute
the SPL stored procedures.
d Other External systems interface tool shall be provided -
The external systems application will allow the user to specify a number of ASCII strings
that are to be exported from the system on the event of an alarm.

ASCII strings shall be exported to a system connected to the Access Control central
database server via Ethernet or RS232.
Additional strings shall be sent when a system alarm is acknowledged or cancelled.

Active Directory LDAP Synchronization

The integration must process additions, updates, and deletions on a scheduled basis
allowing the Microsoft Active Directory service to centrally manage cardholder access
control details.
Synchronization should be configurable for hourly or daily updates, with the ability to specify
exact time intervals and days of the week.
Configuration of the directory synchronization must be carried out using a built-in web
based interface to the central server.
8 Reporting Tools
a The IACS must be able to generate reports either via workstation application tools and/or
web browser clients.
b The operator shall determine report parameters based on simple pick lists available for
each individual report menu. Systems requiring the user to type complicated search strings
will not be acceptable.
c Standard system reports shall include
· Access Level changes
· Alarm Reports
· Transaction Reports
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 858

PARTICULAR SPECIFICATIONS

· First & Last transaction report

· Device Reports
· Device Access Report
· Device configuration reports
· Personnel Reports
· Card parking Reports
· Absentee Report
9 Custom reports
a The Integrated web-based report designer will provide a graphical query tool, based on
simple pick lists available for each individual report menu enabling users to select data from
tables and fields within the system database. Systems requiring third party reporting tools or
a command line user interface for custom reports shall not be considered.

b Reports including custom user reports shall be exportable, either as an electronic file or
automatically as an email attachment.
c All reports including custom user reports can be scheduled on a daily, weekly, or monthly
basis.

10 Personnel Data and Enrolment

A Valid cards must be able to be printed with a photo and other cardholder information to
allow the ACS cards to be used as an identification card.

B The system shall provide a means of issuing a preconfigured card format for each category
of card holder. As a minimum category shall include Staff, Visitors and Vehicles. A card
format shall include:
a) A user defined print design template. For printed cards, this feature will aid visual
confirmation of a card’s validity.

b) A limited subset of the total system access levels and time

zones.
c) One of a number of specific card types configured by the
system user. Specification for Card Type shall include options to set as a minimum:

· The card type is machine readable, e.g. a card reader.

· Setting a range of pre-printed or “hot stamp” numbers.
d) Enrolment options for each card type must include the
following:
· Read card Number
· Card No will be factory programmed; card auto PIN shall be system generated.
· Enforce biometric enrolment and card number simultaneously
during enrolment process enrolment.
C Each card holder shall be assigned to a Company / Group / Team /Individual or as per SOP
as decided by Security Agencies or customer. Should that
Company/Group/Team/Individual status be terminated, then all access cards associated
with that company shall be denied access. When the Company status is activated, current
card status shall be restored.

D After a user defined period, infrequently used cards can be parked, or otherwise
automatically moved to a reduced or null access level.
E Supports option to de-activate cards which are not used in “N” no of days

F A workstation operator will be able to park/un-park a cardholder with one click.

G A Card holder can be given special status, thus ensuring a card reader will respond
differently, than to a normal card holder with similar permissions.

H The system database shall support the “Foreign Language” character strings. Thus
allowing dynamic entry of foreign language strings, especially to be used when printing
badge name, or other user data fields that will not be in English for example.

I A card holder can be assigned a threat level status, thus a card holders’ access at certain
readers will be dynamically altered depending on the threat level status of the system.
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 859

PARTICULAR SPECIFICATIONS

a) Each card holder will be assigned a threat level status

b) An increase in Threat levels will demand additional security, for
example:
·Doors in “Open Mode” will lock and require card access
· Readers with keypad in “Card Only” mode will require card and
PIN
· Biometric readers in “Card Only” mode will require Card &
Biometric
· Access via some card readers shall be denied to some groups of
card holders, until the threat level is reduced.
J The system software shall provide means for bulk loading of card numbers using a data file
generated from another source. The external file shall be an ASCII file in comma, pipe,
colon or space-delimited format.

K Image Capture
a) Each personnel record shall support one personnel portrait and
one signature sample.
b) The ability to store other document scans associated with the
personnel record or card holder, such as driving licence,
business card, and other such permits or documents etc. is
mandatory.
Card enrolment with Fingerprint
a) The system must include an Integrated method to create two separate encoded
templates generated by a card holder’s fingerprint for each card holder in the system.

b) In the event a card is lost or damaged, the card holder shall not need to return to the
enrolment station to have a new card issued.
11 Visitor management system (VMS)
A Valid visitor cards must be able to be printed with a photo and other cardholder information
to allow the ACS cards to be used as an identification card.

B The VMS system shall provide a means of issuing a preconfigured card format for various
categories of visitor card holder. A card format shall include a set print design template and
a limited set of access levels and time zones. This feature will aid visual confirmation of a
card’s validity.
C Image Capture
D Each personnel record shall support one personnel portrait, signature and feature the ability
to store other document scans such as driving licence, business card, and other such
permits or documents etc.
39 Vehicle and driver management system
A Valid visitor cards must be able to be printed with a photo and other cardholder information
to allow the ACS cards to be used as an identification card.

B The VMS system shall provide a means of issuing a preconfigured card format for various
categories of visitor card holder. A card format shall include a set print design template and
a limited set of access levels and time zones. This feature will aid visual confirmation of a
card’s validity.
12 Encryption & Security
I The Security Management System shall provide multiple levels of data encryption like –

a. 256-bit AES data encryption between the host and intelligent controllers. The encryption
shall ensure data integrity that is compliant with the requirements of FIPS-197 and FIPS
201. Master keys shall be downloaded to the intelligent controller, which shall then be
authenticated through the Security Management System based on a successful match.

b. Transparent database encryption, including log files and backups

c. SQL secure connections via SSL
d. OSDP Support
e. TLS1.2
f. OS hashing algorithm across the OS domain server as a hash.
g. Homeland Security Presidential Directive 12 (HSPD-12)
h. HTTPS 3rd party certificate enabled encryption & communication
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 860

PARTICULAR SPECIFICATIONS

i. SSL/ TLS 3rd party certificate

j. Compliance with Application Request Routing (ARR) proxy-based routing module

k. Complies with UL 2900-1 cyber certification standard.

l. FICAM PACS Infrastructure APL Listed
13 Compliance and Validation: The Security Management System shall incorporate signature
authentication where modifications to Security Management System resources will require
either a single or dual digital signature authentication allowing the administrators the ability
to select specified devices in the Security Management System where data manipulation
will be audited, and signatures will be required to account for the data modification.

Shall support resource modification enabling the user to specify reason for change or select
a predefined reason from a list and all data will be securely stored and maintained in the
database what can be viewed using the reporting tool in line with Title 21 CFR Part 11 Part
B compliance.

14 Live verification to access – Shall support to allow a user or guard to decide the access of
an individual who presents his/her card at a designated secure mode reader after validating
the card holder Image stored in ACS Database with live video verification; Facial
recognition enabled access control through video badging multi factor authentication being
verified.

15 Occupancy Restrictions - Shall allow the user to define the minimum and maximum
occupancy allowed in a designated area by enabling automatic logic running based on
occupancy restriction.
Shall also support a “two person rule” to restrict access to specific access areas unless two
cardholders present two different valid cards to the reader one after the other within a
period time defined by the door unlock time multiplied by a factor of 2.

Shall support the provision to allow a user or group of users via company selection, a
temporary denial of access to specific readers or areas based on a preconfigured event
.The group access function shall limit access to a group of cardholders, overriding all other
access criteria.

16 Asset Tracking - Shall maintain information related to assets that are issued to the
employees, contractor and other authorized personnel in the facility, including brass keys,
laptops, RSA keys, cell phones, company cards, etc. Reports can be generated for issue
Asset, Returned Asset & Overdue Assets.

17 Certifications/Training Module - Shall support to maintain certifications/training for a badge

holder. A certification may be linked to access groups with expiration dates. When a
certification, associated to an access group, has expired and the badge holder has an
active credential, the access group will be removed from the credential without affecting the
status of the credential

18 Maps & Icons - The Security Management System shall provide the user with the means to
add maps and indicator icons to maps that shall represent input/output points, logical
devices, or cameras located throughout the Security Management System. Security
Management System maps shall display the state and condition of alarm points. The
Security Management System shall also provide the ability to monitor the channels or
panels.

19 Unified Biometric Integration - System shall be able to enroll fingerprints or palm/hand prints
within the same in-process application without using another 3rd party application or
biometric manufacturer’s enrollment application. All biometric data is stored and maintained
in the database. System can push templates to biometric readers (1 to- many matching) or
encode to smart card (1 to 1 matching).
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 861

PARTICULAR SPECIFICATIONS

20 System Reporting – The Security Management System shall provide authorized users to
generate detailed reports through a separate crystal reporting module for this purpose. The
reporting module should have an exhaustive pre-defined set of standard reports and must
have an inbuilt custom reporting module where an operator can design any type of reports
with simple mouse clicks and drop. This reporting module shall support query reports and
statistical report. Reports can be scheduled for automatic printing on printer or email to
defined email id in non-editable format such as pdf, xps as a min. Report export must
support various format HTML, xls, pdf, xps, txt and xml.

21 The proposed ACS OEM; its Hardware & Software; etc. must be able to provide localization
requirements for varied & defined SOPs through customized text, integrated customized
alarm window; layout, graphics and multimedia, keyboard shortcuts, fonts, character sets
and locale data, as per secure development; firmware upgrades and customized API
support in India meeting and mitigating trouble shooting and localized onsite specific API
support & development.

22 The proposed Integrated Access Control System shall meet below standards -
1. Systems benefit from UL 2900-1 cyber certification guideline. Further protection is
provided by the integration of the different Pro-Watch modules and event
management. Key benefits is – All data is protected from cyber threat
2. The whole Access Control System & Components shall contain no content or material
from any companies or their subsidiaries prohibited under US National Defense
Authorization Act (NDAA) Section 889 and can be used as part of systems which comply
with NDAA Section 889.
3. FICAM PACS Infrastructure APL Listed
4. High availability and redundant server solutions
5. Minimum and maximum occupancy enforcement
6. Secure communication thru TLS1.2
7. IP device communicate on AES 256 bit encryption
8. Advanced Encryption Standard (AES) (FIPS 197)
9. FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors
10 21 CFR Part 11 Part B compliance:- This functionality will meet the general requirements
of Validation and Compliance through Digital Signatures with special attention to the case.
11. Global and Nested Anti-pass back: The Security Management System shall support the
use of an optional anti-pass back mode, in which cardholders are required to follow a
proper in/out sequence within the assigned area.
12 NERC CIP-005-7 – The NERC CIP plan set of requirements designed to secure the
assets required for operating critical Infra CIP-005-7 standards defines cyber security
standards for electronic security perimeters
13 Support OSDP – Open supervised device protocol . This is secure way of end to end
communication from edge device to master controller and then to host all across secured
through AES packets & TLS encrypted streaming enabling full-fledged HTTPS secured
client interfaces.
14 Homeland Security Presidential Directive 12 (HSPD-12)

23 The proposed IP ACS SYSTEM CONTROLLER & ACS SYETM SOFTWARE must be
single OEM only for seamless synchronization of personnel data & security.

24 The proposed ACS OEM should have its own Repair/Service-Support Center and Toll-Free
TAC helpdesk Number and must own its RMA set up in India for a minimum period of 07
years from the date of submission of bid (not as joint venture, partnership firms; franchise;
distributor service center or through any other 3rd party association). In case of product
failure OEM should replace malfunction product with equivalent working product
immediately till the repaired or alternate product received. Necessary supporting documents
must be submitted.
25 Make in China or Origin of China is not allowed. Firmware & IPR shall be owned by OEM
and must not reside any restricting country. The firmware shall be digitally signed & secured

SMART ACCESS CARD READER

Sl. Minimum Specifications

No
CA No. CEDZ / TOKEN- 5 OF 2022 SERIAL PAGE NO. 862

PARTICULAR SPECIFICATIONS

Sl. Minimum Specifications

No
1 Supports multiple smart card technologies - 1. 15693: Reads iClass/OmniClass credentials,
card serial number 14443B: Reads iClass/OmniClass credentials (secure); 2.
iClass/OmniClass 64 bit encryption iClass SE/iCLASS Seos 128 bit AES Encryption SE for
MIFARE Classic/SE for DESFire EV1 128 bit AES Encryption

2 Supports minimum 3-5cm read ranges. Supports multiple mounting options.

3 14443A 1-3: Reads NXP MIFARE Classic credentials, Sector 14443A 1-4: Reads NXP
MIFARE DESFire EV1 credentials, AES Encrypted files 14443A: Reads NXP MIFARE
Classic, DESFire EV1 credentials, Card Serial Number (CSN or UID)

4 Certifications - UL294/cUL (US), FCC, CE (EU), C-tick, BIS;

5 Supports on-board Wiegand interfaces. Operating Voltage Range 5 - 16 VDC.

6 Supports operating environment - -20° to 60°C ; 90%RHNC

SMART ACCESS CARD

Sl. Minimum Specifications

No
1 Supports EEPROM size 1024 byte ; Write Endurance 100 000 cycles 100 000 cycles; Data
Retention support for 10 years; in-built 16 sectors at 64 byte each; support for 14443A up
to layer 3.
2 Supports 13.56MHz; 106kbit ; RF Interface up to 10cm; inbuilt access minimum keys up to
2 keys per sector; Mifare Classic Security or i-Class or DESFIRE compliance; supports
secure transport transaction 512 byte read & 16 byte write for minimum transaction time of
164 - 140 milli seconds.

Visitor Management System Software

S. Specifications
No
1 System overview
The Visitor Management System shall allow the user to track visitors, employees, assets and
deliveries as they enter and exit the facilities. The system shall also support printing of
custom designed visitor passes with details like expiration date, visit area, host being visited,
and visit purpose.
In addition, shall allow the user to:
o Keep track of contractors and consultant timesheets.
o Track which employees have regular personal visitors.
o Secure visitor log.
o Clearly identify visitors by category, to restrict access to vulnerable goods and
information.
o Designate special areas for visitors with custom badges.
o Process most visitors in 20 seconds.
o Track and print temporary parking passes.
o Print vehicle window stickers.
o Use self-expiring badges to tighten security.
o Generate end-of-day reports to ensure regulatory compliance.
o Label information packets with personalized customer information.
1.1 Visitor pre-registration

The system shall support:

o Visitor pre-registration to include security level, length of stay, and maximum entries.
o Visitor pre-registration by using Front Desk, Microsoft ® Office Outlook ® Calendar or
through Web- based application.
o Group/Event pre-registration, pre-loading of visitor picture, badge pre-printing, and
arrival instructions.
o Complete visitor registration processing within 20 seconds.