Procedures For Shared Keys/Passwords During Deployment

evought's picture

During deployment, it is often necessary to manage a number of pad locks, locked boxes or cabinets, keys to vehicles, keys to facilities and so forth. If not handled properly, it can quickly become a confused mess, things get lost or security is compromised. It can be particularly embarrasing to the organization to lose keys to vehicles or facilities entrusted to us by the community or the Sheriff's Office. The following procedures shall be followed to avoid these issues.
The Auxiliary has a small key safe for use on deployment which shall be mounted to the inside of a cabinet or chest. One key shall be held by the company (or site) Quartermaster and the other by a designated individual, normally the Chief of the Watch. The designated holders of the key safe key may be referred to as "the Keys". At a watch change, the key is officially relinquished to its next holder.
All keys for Auxiliary property not in active use and all spare copies of keys which are in active use shall be stored in the key safe and given numbered tags. When a key is needed, it is signed out and initialed by one of the Keys.
When keys are received and held by Auxiliary personnel, they are to be checked in to the key safe, recording any identifying marks, and information on who is authorized to use or possess the key. For flat keys, it may be convenient to use a rubbing to record its shape and any engraved numbers. One of the Keys fills out a receipt in triplicate: one copy for file, one for the individual checking it in, and one to the client. They then may be checked out as usual. When it is time for the key to be returned, the client's receipt is marked with the time, signed, and filed.
Combinations and passwords entrusted to the Auxiliary may also be written down and stored in the key safe. Retaining a copy of a master password so that it may be passed on if the individual who originally created it is not available is referred to as key escrow. It is critical, for instance, to escrow administrative passwords for Auxiliary accounts in case the authorized holder is injured. It is only necessary to escrow the high-level passwords which have the authority to change or reset lower-level passwords (i.e. the administrative or super-user password of a machine can be used to reset the passwords for user accounts). Similarly, it if a group of passwords are to be stored in a password manager (such as Apple's Key Safe of Gnome's desktop utility) then the password manager must be backed up and only the top-level password must be escrowed in the key safe.
Passwords to be written down in this manner must be recorded in logical groups, labelled with a code, and sealed in an envelope. The code identifying the password to be used must then be labelled prominently on the machine it belongs to. A number after the code designates the version of the password in use. An example may make this clear:

LCSA-WIFI 1 : Oscysbtdel?
LCSA-WIFI 2 : Trrg,tbbia
LCSA-Backup 1: GJklump836
LCSA-Admin 2 : %Plump7&illoccorb
LCSA-Admin 3 : DERF45Ford)!
Safe (Sentry 579824N) 1:  23R-18L-5R

The LCSA-WIFI password has been changed once and the LCSA-Admin password twice. The old versions are stored for a time in case it has not been updated in all places (I have turned on an old machine in many offices where no one remembers what the password was the last time it was used...).
Whenever a password/combo must be given out, such as to a relief worker from another organization, change it as soon as it is no longer in use or at the end of the deployment. Do not give out a password or combination over a radio or any other insecure channel as everyone will then have it!
Passwords for top-level Auxiliary accounts (such as to our hosting provider) which are not needed on site may be escrowed with the Chief of Staff and in the Sheriff's safe.
When writing out a password or combination, use a loose sheet of paper or flip the top sheet of a pad so that you are writing directly on a hard surface. Otherwise you will leave page impressions which can easily be recovered and used. Destroy the paper when finished or put it in the burn bag.