THE REPORT PROVIDES INFORMATION ABOUT HARDWARE SYSTEMS AND CONTROL PROCEDURES RELEVANT TO PLANNING AND IMPLEMENTING CONTROLLED ACCESS IN SUPPORT OF A PHYSICAL-SECURITY SYSTEM. THREE LEVELS OF ACCESS CONTROL ARE EVALUATED: AUTHORIZATION, IDENTIFICATION, AND IDENTITY VERIFICATION. MANUAL, AUTOMATED, AND SEMIAUTOMATED SYSTEMS ARE DESCRIBED FOR PERFORMING THE ACCESS-CONTROL FUNCTIONS OF INTERROGATION, DECISION, AND RESPONSE. THE LAST PHASE OF THE PAC REPORT EMPHASIZES THE RATIONALE FOR AND TESTING OF ACCESS CONTROL SYSTEMS. TESTING PROGRAMS ARE DESCRIBED FOR PROVIDING QUANTITATIVE MEASURES OF THE CAPABILITY OF THE EQUIPMENT, PERSONNEL, OR SYSTEM USED TO CONTROL ACCESS. THIS INCLUDES PROCEDURES FOR EVALUATING SYSTEMS BEFORE THEY ARE PLACED IN SERVICE AND FOR INSERVICE TESTING OF OPERATING SYSTEMS. INSERVICE TESTING INCLUDES SCENARIO TESTS THAT RESEMBLE REAL-LIFE SITUATIONS THAT MAY BE ENCOUNTERED IN ANY ACCESS-CONTROL SYSTEM. TEST RESULTS WILL PROVIDE A MEASURE OF FALSE-ACCEPT AND FALSE-REJECT ERRORS, PROBLEM AREAS, AND ACCEPTABILITY OF THE SYSTEM FOR BOTH THE USER AND ADMINISTRATOR. TABULAR DATA AND REFERENCES ARE INCLUDED. (AUTHOR ABSTRACT MODIFIED--KBL)