Montgomery -- The Alabama Law Enforcement Agency (ALEA) has made available the following Access Letter Template, and accompanying guidance produced by the U.S. Department of Homeland Security, as a recommended — but optional — resource for state and local authorities who may not already have a similar template or process in place during the COVID-19 pandemic. ALEA fully recognizes access letters may only be a stop-gap measure, but they will be most useful before a formal credential- or registration-based statewide or national system is commissioned and widely in use.
Recommended Practices from the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA):
- Compose as one page in length.
- Feature both a date of issue and date of expiration.
- Identify intended recipient (e.g., “to whom it may concern”), as well as for whom access is being requested (e.g., employee, contractor or vendor).
- Specify the name of the situation to which it applies (i.e., COVID-19 response).
- Provide rationale for why access and/or re-entry is being requested.
- Include a signatory and provide a point of contact for additional questions.
- Require a mechanism for verification, anti-fraud measures, and authentication procedures, such as a corporate identification or badge with photo.
- Reference authoritative guidance to justify reason for requesting access (e.g., president’s/ governor’s/mayor’s Coronavirus guidelines; and U.S. DHS/CISA “Guidance on the Essential Critical Infrastructure Workforce”).
Instructions from DHS and CISA:
This template may be useful for organizations and their employees, contractors or vendors who have been identified as essential critical infrastructure workers – including both workers from public and private sectors. It contains standard language that may be modified. Specific content and language in the letter should be coordinated with the appropriate state and/or local authority granting access.
- Where “Requesting Entity” is referenced, enter information specific to the public or private sector entity requesting access.
- Where “Sponsoring Agency” is referenced, enter information specific to the state and/or local authority sponsoring the letter and supporting the request for access, which may be the same authority charged with granting or denying access.
- All data fields should be completed by the requesting entity that drafts the letter, after consultation with the sponsoring agency (e.g., emergency management agency).
- Contact CISA.CAT@CISA.DHS.GOV for only questions regarding the intended use of this template or the Essential Critical Infrastructure Workforce guidance.