D6 Research

The Intersect of Physical and Cybersecurity

OSDP Standard: Analysis & Feasibility Assessment. Research Report

Base Price: $4,500.00
Vendor Version
(Includes 5 user license)

Select # of Licenses:
Category: Tag:

Description

*This research report is on pre-sale. Purchase now and save 10%. The estimated release date is February 7, 2020 (currently in draft peer reviews). 

 

OSDP (Open Supervised Device Protocol) is a specification developed by the Security Industry Association (commonly referred to as “SIA”), and most recently voted to becomes a standard by the IEC. Intended to bring overdue improvements to securing, managing, and supervising access control devices, it’s designed to provide the market with a path toward interoperability between heterogeneous manufacturers within an end user environment.

While the benefits of OSDP appeal to both end users and manufacturers, the OSDP specification is written primarily with manufacturers in mind in the form of technical design consideration, data structures, syntax, commands, etc. In essence, the specification emulates guidance for manufacturers as to “how to build OSDP into a product”.

The objective of the specification is solely to define a protocol to perform communications between two devices. How applications handle invoking the protocol (or receiving any data associated with it) is out of scope. Collaboration between industry manufacturers was undertaken to define, develop, and produce the specification limited involvement from the end user community.

However, a core part of successful end user security programs is for them to determine what challenges they want to solve and if such solutions operate in a specific way that would enable the best-fit for their success in their unique environment. This would include not only capabilities but also a clear understanding of potential limitations.

As written, OSDP makes no apparent attempt to provide end users with this perspective. As a result, OSDP requires a great deal of knowledge and interpretation on an end user’s behalf.

This report represents a body of research that has deeply studied the specification, manufacturer and industry participant’s intent, and end user’s requirement. It’s designed to provide end users with insight to determine whether OSDP is a feasible path to meet the goals of their security program through a contextual understanding of the specification, its advantages and limitations, key considerations, and relevant points of reference to the evolution (and dependencies) of their security programs. This vendor version provides vendors with an improved understanding as to where OSDP may align with end user security programs today as well as how its feasibility may be impacted by evolving technologies, best practices, and stakeholder structures within security programs. 

*Each report licenses of this vendor version includes a CTRL (redistributable content license, see “License” page under “Research” menu for more details) and ability to use the included OSDP requirements tool with clients (that maps end-user recommended program improvements to OSDP specification commands which can then be used to define and assess specific vendor implementations and improve dialogue regarding their requirements). 

Report Sample

Coming Soon…

Table of Contents

MAIN SECTIONS (FULL TABLE WILL BE UPDATED SHORTLY)

Research Objectives

  • Scope, criteria for inclusion, assumptions
  • Research methodology & process

Executive Overview

  • Overview of OSDP (intent and evolution, non-technical)
  • Factors leading to confusion
  • Key considerations for end users
  • Research conclusions summary

Specification Intent and Design Concepts

  • History to present
  • Discussion of intent, scope, and limitations
  • Core design concepts for end users

OSDP Technical Overview

  • Core elements of OSDP
  • Message and packet structures
  • Message commands, replies, delivery
  • Potential applications
  • Output of information

Specification Concepts in Device Management

  • Scope and application of device Configuration
  • Generating, invoking, and executing.
  • Limitations: Specification and manufacturer implementation

Supervised Communications, Outputs, and Use for Audit & Reporting

  • Past vs Future of Physical Security Reporting, Audit, and Governance
  • Future Governance and Audit Requirements
  • Detection, anomaly analysis, audit, response, actionability, and triage.
  • OSDP capability, limitations, gap, source of gaps, potential paths for resolution

OSDP Specification Security Concepts

  • Cryptography
  • Key management and lifecycle (generation, deployment, disposal, etc.)
  • Storage and transport
  • Advisory for vetting vendor implementations

OSDP Threat Model Assessment

  • Attack Surface of OSDP (as implemented per specification, guidance)
  • Attack Surface of OSDP (where there are either gaps in specific guidance or manufacturers fail to execute guidance).
  • Areas of Vulnerability
  • Specific Risks
  • Potential Attacks
  • Remediation and Compensating Controls
  • Analyst Assessment

Beyond The OSDP Specification

  • Future of OSDP
  • Potential communication variations (over IP, wireless, etc.)
  • Potential device variations (types of devices involved in the protocol)

Feasibility Assessment

  • Looking at the future of physical security program management
  • Demands of stakeholders and types of end user program profiles
  • Analysis of applications that may not be ideally managed by OSDP
  • (IOT, Smart Buildings, Sensory, Competing architectures, the evolution of management and reporting concepts)
  • Advantages and limitations of OSDP Specification (at current and/or inherent)
  • Assessment of OSDP alternatives
  • The potential blending of OSDP and alternatives (permanent or migration path)

End User Self Assessment Tool

 

 

 

 

Product Enquiry

Recent posts

Events

Select Your Role

In order to view our store, you must select your role first