Executive Summary

Video Surveillance Systems (VSS) are a critical tool in federal facilities, but they are often designed and operated in ways that do not survive audit scrutiny. The problem is not that facilities lack cameras. The problem is that cameras are deployed without clear standards for placement, retention, resolution, or integration with other security systems.

This white paper outlines design standards for CCTV/VSS that are defensible in audits and effective in operations. The standards cover camera placement principles, retention policy considerations, resolution and lighting requirements, and how to integrate VSS with access logs and other security systems for faster investigations and stronger evidence.

The paper is intended for facility managers, contracting officers, and security leadership responsible for video surveillance in federal facilities.

Why VSS Matters (and Why It Often Fails)

Video surveillance serves multiple purposes in federal facilities:

Detection of unauthorized access or suspicious activity

Verification of alarms

Investigation of incidents

Documentation of facility operations

Deterrence of unauthorized behavior

VSS fails to deliver on these purposes when it is designed without clear standards. Common failures include:

Incomplete coverage (gaps in camera placement)

Unclear retention (video is overwritten or lost)

Poor resolution (video cannot identify individuals or activities)

No integration with access control (video and access logs cannot be correlated)

No clear ownership (no one is responsible for VSS maintenance and operations)

The result is a system that looks good on paper but does not deliver value in practice.

Designing for Coverage: The Placement Problem

Camera placement is a design problem that requires understanding the facility, the mission, and the threats.

Principle 1: Identify What Needs to Be Monitored

Not every area of a facility needs to be monitored. The facility should identify:

Sensitive areas (areas that contain classified information, valuable assets, or critical systems)

Access points (doors, gates, windows where unauthorized entry might occur)

High-traffic areas (areas where unusual activity would be noticeable)

Perimeter areas (the boundary of the facility)

Principle 2: Understand the Threat

The camera placement should be designed to detect the threats that the facility faces:

Unauthorized access (cameras should cover access points)

Theft (cameras should cover areas where valuable assets are stored)

Sabotage (cameras should cover critical systems and infrastructure)

Tailgating (cameras should cover doors to verify that only authorized personnel enter)

Principle 3: Design for Coverage, Not Just Presence

A camera pointed at a wall is not coverage. Coverage means:

The camera can see the area that needs to be monitored

The camera has sufficient resolution to identify individuals and activities

The camera is positioned to avoid glare, shadows, and other obstructions

The camera covers the full depth of the area (not just the near field or far field)

Principle 4: Plan for Redundancy

A single camera is a single point of failure. The facility should consider:

Multiple cameras covering the same area from different angles

Cameras with different capabilities (wide angle, zoom, infrared)

Cameras positioned to cover areas if a primary camera fails

Principle 5: Document the Coverage Plan

The facility should document:

A diagram showing camera locations and coverage areas

The purpose of each camera (what is it monitoring?)

The expected resolution at key distances

Any gaps or limitations in coverage

The rationale for the placement

Resolution and Lighting: Technical Considerations

Resolution and lighting are often overlooked in VSS design, but they are critical to the system’s effectiveness.

Resolution Standards

Resolution is typically measured in pixels per foot (or pixels per meter). The facility should define resolution standards based on the purpose of the camera:

Identification (facial recognition): 60–100 pixels per foot at the subject distance. This allows identification of individuals.

Recognition (activity identification): 20–40 pixels per foot. This allows identification of activities (running, carrying objects) but not facial identification.

Detection (presence identification): 5–10 pixels per foot. This allows detection that something is present but not identification of what it is.

The facility should specify the required resolution for each camera based on its purpose.

Lighting Considerations

Lighting has a major impact on video quality. The facility should consider:

Natural lighting (varies by time of day and weather)

Artificial lighting (consistent but may create glare or shadows)

Infrared lighting (enables night vision but may not be visible to the human eye)

Backlighting (can obscure faces if not managed)

The facility should:

Assess lighting conditions at each camera location

Install supplemental lighting if needed

Specify camera types that can handle the lighting conditions (low-light cameras, infrared cameras)

Test cameras in actual lighting conditions before finalizing placement

Retention Policy: How Long to Keep Video

Retention policy is a governance issue that is often overlooked. The facility should define:

Retention Duration

How long should video be retained? The answer depends on:

Audit requirements (how long does the facility need to retain video for compliance?)

Investigation needs (how long after an incident might an investigation occur?)

Storage capacity (how much video can the facility store?)

Legal requirements (are there legal requirements for retention?)

A common standard is 30 days for routine areas and 90 days for sensitive areas. However, the facility should define its own standard based on its needs.

Retention Triggers

The facility should define events that trigger extended retention:

Security incidents (retain video for longer if an incident occurs)

Investigations (retain video while an investigation is ongoing)

Audit findings (retain video related to audit findings)

Legal holds (retain video if litigation is anticipated)

Deletion Procedures

The facility should define:

How video is deleted (secure deletion to prevent recovery)

Who approves deletion

How deletion is documented

How to handle video that is subject to retention triggers

Integration With Access Control: Correlation and Investigation

VSS is most effective when it is integrated with access control systems.

Integration Point 1: Alarm Verification

When an alarm is triggered (door forced open, motion detected), the facility should:

Retrieve video from the alarm location and time

Review video to confirm or dismiss the alarm

Preserve video as evidence if an intrusion occurred

This integration reduces false alarm response and provides evidence for investigations.

Integration Point 2: Access Event Investigation

When an unusual access event occurs (access outside normal hours, access by an unauthorized person), the facility should:

Retrieve video from the access point and time

Review video to understand what happened

Correlate video with access logs to understand the sequence of events

This integration provides context for access events and supports investigations.

Integration Point 3: Incident Investigation

When an incident occurs (theft, sabotage, unauthorized access), the facility should:

Retrieve video from the incident location and time

Correlate video with access logs to understand who was present

Use video and access logs together to reconstruct the incident

This integration provides the strongest evidence for investigations.

Technical Requirements for Integration

To support integration, the facility should:

Ensure that VSS and access control systems have synchronized time (within 1 second)

Maintain access logs with sufficient detail (who, what, when, where)

Ensure that video and access logs can be retrieved together

Develop procedures for correlating video and access logs

Audit-Ready VSS: What Auditors Look For

Auditors reviewing VSS typically focus on:

Coverage

Are sensitive areas covered?

Are access points covered?

Are there gaps in coverage?

Is coverage documented?

Resolution

Is resolution sufficient to identify individuals and activities?

Is resolution appropriate for the purpose of the camera?

Is resolution documented?

Retention

Is retention policy documented?

Is retention policy being followed?

Is video being retained for the required duration?

Is deletion being documented?

Integration

Is VSS integrated with access control?

Can video and access logs be correlated?

Are procedures in place for investigation?

Maintenance

Is VSS being maintained?

Are cameras functioning?

Are backups being performed?

Is maintenance documented?

Access Control

Who can access video?

Is access logged?

Are procedures in place to prevent unauthorized access?

Designing a VSS Program (Practical Steps)

A facility designing or upgrading VSS should follow these steps:

Step 1: Define the Mission

What is the VSS supposed to accomplish?

Detect unauthorized access?

Verify alarms?

Support investigations?

Deter unauthorized behavior?

Document facility operations?

Step 2: Identify Coverage Requirements

Based on the mission, identify:

Sensitive areas that need coverage

Access points that need coverage

High-traffic areas that need coverage

Perimeter areas that need coverage

Step 3: Assess Lighting and Environmental Conditions

For each area that needs coverage:

Assess lighting conditions

Identify potential obstructions

Identify environmental challenges (weather, vibration)

Determine camera type and placement

Step 4: Design the System

Select camera types and locations

Define resolution requirements

Plan for redundancy

Plan for integration with access control

Document the design

Step 5: Define Retention Policy

Define retention duration for different areas

Define retention triggers for extended retention

Define deletion procedures

Document the policy

Step 6: Define Integration Requirements

Define how VSS will be integrated with access control

Define procedures for correlation and investigation

Define technical requirements (time synchronization, data formats)

Document the requirements

Step 7: Define Maintenance and Operations

Define maintenance procedures and schedules

Define backup procedures

Define access control procedures

Define monitoring and alerting

Document the procedures

Step 8: Implement and Test

Install cameras according to design

Test coverage and resolution

Test integration with access control

Train personnel on operations and maintenance

Conduct exercises and drills

Common VSS Failures (and How to Avoid Them)

The following failures are common in federal facilities:

Failure 1: Incomplete Coverage

Cameras are installed, but there are gaps in coverage. Some areas are not monitored.

How to avoid: Document the coverage plan, verify coverage before finalizing installation, conduct regular reviews to identify gaps.

Failure 2: Poor Resolution

Cameras are installed with insufficient resolution. Video cannot identify individuals or activities.

How to avoid: Define resolution requirements based on purpose, test resolution in actual lighting conditions, upgrade cameras if resolution is insufficient.

Failure 3: Unclear Retention

Video retention policy is unclear or not enforced. Video is overwritten or lost.

How to avoid: Document retention policy, implement automated retention management, verify that retention is being followed.

Failure 4: No Integration With Access Control

VSS and access control are separate systems. Video and access logs cannot be correlated.

How to avoid: Plan for integration during system design, ensure time synchronization, develop procedures for correlation.

Failure 5: No Maintenance Plan

VSS is installed but not maintained. Cameras fail. Backups are not performed.

How to avoid: Define maintenance procedures, assign responsibility for maintenance, conduct regular testing, document all maintenance.

Failure 6: Unclear Access Control

Anyone can access video. There is no log of who accessed what video.

How to avoid: Define access control procedures, implement access logging, conduct regular reviews of access logs.

Conclusion

CCTV/VSS is a critical tool in federal facilities, but it is only effective when it is designed with clear standards for coverage, resolution, retention, and integration. The facilities that have audit-ready VSS programs are those that:

Define clear coverage requirements based on mission and threats

Specify resolution requirements appropriate for the purpose

Define and enforce retention policies

Integrate VSS with access control for investigation support

Maintain systems consistently

Control access to video

This paper has outlined the design standards and operational considerations that support an audit-ready VSS program. The next step is to assess the current VSS, identify gaps, and develop a plan to close them.

Next Step

If the facility wants a practical review of VSS design, identification of gaps, and recommendations for improvement, Schedule a Consultation at bluevioletsecurity.com.

This content is provided for general informational purposes only and does not constitute legal or regulatory advice. Compliance requirements and regulations are subject to change. Blue Violet Security, LLC recommends consulting with appropriate legal and regulatory counsel before making compliance determinations.