What does CIP-006 R1.3 recommend where technically feasible?

CIP-006 R1.3 emphasizes the importance of utilizing multiple different physical access controls in a way that enhances security while ensuring that access to critical facilities is managed effectively. The recommendation for diversity in physical access controls is based on the principle that relying on a single type or method of access control can create vulnerabilities. By employing multiple different physical access controls, an organization can create layers of security that are more resilient to potential breaches or failures.

This multi-faceted approach allows for a combination of methodologies, such as badge readers, visitor logs, and manned security checks, which can provide comprehensive protection against unauthorized access. Additionally, using diverse types of controls can help mitigate risks associated with the failure of any one system.

Implementing a single physical access control system may seem simpler but could lead to a higher risk in the event that the control fails or is bypassed. Focusing solely on biometric systems neglects the benefits of having varied methods of access control and may exclude individuals who cannot meet those specific requirements. Remote monitoring strategies, while valuable, do not inherently replace the need for varied physical access measures and focus primarily on oversight rather than direct access management.