What is a SCIF?

Simply stated, a SCIF is a U.S. Government accredited facility where Sensitive Compartmented Information (SCI) can be stored, discussed or electronically processed. Primarily government and government-related contractors that require high security have the need for SCIFs. There are other spaces also used to process, store and discuss classified information such as Special Access Program Facilities (SAPF) and Closed Areas (NISPOM). To learn more about other types of specialized/secure facilities, you can read more here or check out our blog.

The areas of concern and special attention typically include physical security and hardening, acoustic controls, visual controls, access control, electronic and TEMPEST security.

The minimum requirements for SCIFs are defined in Intelligence Community Directive (ICD) 705/ IC Technical Specification.

The directive describes many specialized construction requirements with the intention to ensure that high security features are built into the facility beyond those achieved by typical commercial construction. For example, all perimeter surfaces (walls, ceilings and floor) are to be constructed so that they will reveal evidence of unauthorized entry or tampering.

Depending on each project’s individual performance requirements, additional materials may be required for construction: such as radiant barrier foil, physical perimeter hardening by use of expanded metal with heavier gauge metal studs, as well as additional protective acoustical features to prevent eavesdropping and collection of audio intelligence emanating from the SCIF.

scif-1-new

While there are standard requirements for any SCIF, each project will also have protective measures that are determined by factors such as the facility’s location, security in depth (SID), inspect-able space, program requirements ,“Open” or “Closed” storage and TEMPEST considerations. These are only a few of the factors that can determine what specific protective measures may be required. Additionally, there are various construction methods of achieving the proper protective measures required and the various methods can have a substantial cost impact on the project. It is most beneficial in terms of both time and money to ensure that the designer of a SCIF has substantial experience with the different potential requirement scenarios and that the contractor building the facility has had enough experience to avoid common assumptions that standard commercial contractors, without a lot of SCIF experience, would typically make. The most optimum solution is to select a properly qualified Design/Build firm. You can read more about the benefits of design/build here.

A few of the many specialized requirements are:

 

  • All telephone, electrical power, security systems, data and emergency systems equipment must be dedicated to and contained within the SCIF. Any utility that enters the SCIF should terminate in the SCIF and not traverse through the space. Where the conduit for any of these systems penetrate the SCIF perimeter, they must be treated to minimize the chance of compromise. Fire sprinkler systems and other metallic materials that penetrate SCIF perimeter must be grounded or use dielectric unions. Additional shielding or isolation is often required to prevent interference or electronic eavesdropping through electromagnetic or radio frequencies.
  • There are very specific requirements for ductwork. For example, if ductwork for mechanical operations has openings in the SCIF larger than 96 square inches, they must be equipped with steel man bars that are ½-inch in diameter and 6 inches on center each way, welded at the intersections, with inspection ports inside the SCIF. The openings, the ductwork and the duct breaks must also have special sections inserted to secure audio and electronic emanations from leaving the SCIF space.
  • In most cases the perimeter doors must utilize two access control technologies. The first one for operational day-to-day use, and the second for high security lock up when personnel leave the space unattended. The door and frame assembly must not only meet local building and fire/life safety requirements, but must also achieve the same specified Sound Transmission Class (STC) rating as the perimeter wall assemblies of the facility.
  • Intrusion Detection Systems (IDS) requirements include the use of UL2050 certified installers and UL2050 approved components.

scif5

 

These are just a few of the technical construction specifications that must be adhered to in order to have a properly constructed facility that is ready for government accreditation and program use. SCIFs/SAPFs will vary in size, design and construction according to the purpose of the facility, the location, the regulatory requirements, the customer and other environmental factors. These are all considerations in determining the security and safety in the materials and program activities within these facilities.