LIGHTNING MOBILE ELECTRIC // PUBLIC RELEASE / DECEMBER 2, 2025

ACCESS CONTROL SPECIFICATION - V 12.4.1

COMMAND \\ ACCESS CONTROL SPECIFICATION

ACCESS OTHER DOCUMENTS ON THE SERVER HERE

Access Control System Specification | Lightning Mobile Electric LLC
Lightning Mobile Electric
LME-SECACC-012.4.1 v12.4.1

Access Control System

Technical Specification
Document ID
LME-SECACC-012.4.1
Classification
Public
Effective Date
December 2, 2025
Section 01

Purpose

This specification defines the tiered access control framework governing physical entry and information access within Lightning Mobile Electric LLC facilities, systems, and operational domains. The framework establishes three discrete authorization levels, each providing escalating privileges for physical access, temporal constraints, and audit log visibility.

This framework applies to all LME operational sites across Colorado, Utah, Wyoming, Idaho, and Oklahoma service regions.
Section 02

Scope

This specification applies to all controlled access points, secured areas, and access-controlled objects within LME operational domains. Implementation encompasses physical entry systems (electronic locks, card readers, biometric devices), logical access controls, and associated audit logging infrastructure.

Section 03

Definitions

  • Access Point
    Any physical or logical entry mechanism subject to authorization control (doors, gates, secure containers, systems).
  • Scheduled Access Window
    A defined time period during which a credential holder is authorized to access specific resources.
  • Access Log
    A chronological record of all access events including successful entries, denials, and administrative modifications.
  • Domain
    A logical grouping of access points and objects under unified administrative control.
  • Credential Holder
    Any individual issued authentication credentials (card, PIN, biometric enrollment) at any access level.
Access Flow Architecture

Physical Access Flow

CREDENTIAL ACCESS POINT AUTHENTICATION + SCHEDULE CHECK GRANTED DENIED AUDIT LOG

Digital / Data Access Flow

DATA REQUEST AUTHORIZATION LEVEL CHECK LEVEL 1 Own Log LEVEL 2 L2 Logs LEVEL 3 All Logs FILTERED DATA Based on Level
Section 04

Access Level Specifications

Level 1 Standard Access

Level 1 authorization provides baseline access privileges appropriate for general personnel operating within defined schedules. This tier enforces temporal constraints and limits audit visibility to self-generated events only.

Physical Access Authorization to operate assigned access points during scheduled access windows only. Access attempts outside designated windows shall be denied and logged.
Temporal All access privileges are bounded by pre-defined schedule parameters. Credential validation includes real-time schedule verification.
Audit Visibility Read-only access to personal access log. Credential holder may view their own entry/exit events, timestamps, and access point identifiers.
Level 2 Extended Access

Level 2 authorization provides elevated privileges for supervisory personnel or roles requiring unrestricted temporal access and expanded audit oversight.

Physical Access Authorization to operate assigned access points at any time. No temporal restrictions apply; credential validation bypasses schedule verification.
Temporal None. Access privileges are available 24/7/365 unless explicitly revoked or suspended.
Audit Visibility Read-only access to personal log plus aggregate logs for all Level 2 access points and objects regardless of initiating party.
Level 3 Administrative Access

Level 3 authorization provides full administrative control over the access control system within a designated domain, including credential management and comprehensive audit visibility.

Physical Access Authorization to operate all access points within the administered domain at any time. No temporal or resource restrictions apply.
Temporal None. Administrative privileges are available 24/7/365 unless explicitly revoked.
Administration Authority to create, modify, and revoke credential assignments. Ability to define scheduled access windows and assign access levels within the domain.
Audit Visibility Full read access to all access logs across the entire Level 3 domain, including all access events, administrative changes, and system events.
Section 05

Permission Matrix

The following matrix summarizes the capability differential across authorization tiers:

Capability L1 L2 L3
Physical access to assigned points Sched
24/7 unrestricted access
View personal access log
View Level 2 resource logs
View all domain access logs
Modify credential permissions
Configure access schedules
Section 06

Implementation Requirements

  • Authentication All access events shall require positive credential authentication prior to access point release.
  • Audit Integrity Access logs shall be immutable once created. All entries shall include timestamp, credential ID, access point ID, and event outcome.
  • Fail-Secure Access points shall default to locked state upon power loss or system malfunction unless designated as life-safety egress.
  • Time Sync Systems shall synchronize with authoritative time sources (NTP) to ensure accurate schedule enforcement and log timestamps.
  • Admin Audit All Level 3 administrative actions shall be logged with administrator credential and justification where applicable.
For implementation support or questions regarding this specification, contact LME Operations Management.
End of Specification - Lightning Mobile Electric LLC