High security has a lot of acronyms to keep straight; here are some of the most important to know
If there’s one thing the government loves, it’s acronyms. If you work in the Sensitive Compartmented Information Facility (SCIF) or Special Access Program Facility (SAPF) construction space in any capacity, the odds are you hear a lot of acronyms being thrown around on a daily basis. Here’s a guide to some of the most common acronyms you are likely to hear. So if you’re ever feeling overwhelmed with the sheer volume of acronyms someone managed to pack into a sentence, reference this and breathe easy.
ACS: Access Control System. This refers to the tech used to manage access in and out of a secure facility, such as fingerprint recognition, card scanners or PINs.
ADA: Americans with Disabilities Act. The law that requires facilities be built in a way to accommodate those with disabilities, like making them wheelchair accessible.
AO: Accrediting Official. This is the person who has the final say over whether a project will be accredited or not.
CA: Compartmented Area. These are sub-divisions within a facility that allow multiple classified programs to operate without having to each have their own facility.
CCTV: Closed Circuit Television. This is a form of video surveillance where the video is sent to a specific place or set of monitors for viewing.
COMSEC: Communications security. These are measures taken to protect information from telecommunications and is a subset of OPSEC.
CONUS: Continental United States. The area of the U.S. located inside the continent of North America.
CSA: Cognizant Security Authority. Someone who works as a counterpart to the AO and with whom you can work on a facility’s concept approval instead of the AO.
CSP: Construction Security Plan. Establishes the security protections for the design and construction of a SCIF or SAPF
CST: Construction Surveillance Technician. A worker whose job is to ensure the security of new facilities and monitor workings during construction.
CTTA: Certified TEMPEST Technical Authority. An important official in the SCIF constriction process who gives oversight for TEMPEST mitigations.
CUA: Co-Utilization/Co-Use Agreement. A document that will need to be submitted when multiple programs will share the facility.
DNI: The Director of National Intelligence. The head of the U.S. Intelligence Community.
FFC: Fixed Facility Checklist. A document that gives information about the SCIF or SAPF including your SID, doors and IDS.
FSO: Facility Security Officer. An employee in a company who holds a clearance and oversees the security and personnel clearances.
GSA: General Services Administration. A government administration that manages and supports the basic functioning of federal agencies. They approve the containers that can hold classified materials.
ICD: Intelligence Community Directive. Most likely the ICD 705, which is the directive that establishes the standards of SCIF and SAPF construction. Policy established by the Director of National Intelligence.
IDS: Intrusion Detection System. This is the tech used to monitor if someone has gotten into the facility who shouldn’t be, such as glass break sensors or motion detectors.
MEP: Mechanical, Electrical, Plumbing. A common acronym in any type of construction, these three trades within SCIF construction commonly come with concerns including mitigating the risks from wall penetrations.
MFA: Multi-factor Authentication. When a system requires multiple types of verification of identity before granting access.
NIC: Noise Isolation Class. The field measurement of sound insulation performance, like for a wall assembly. This will differ from the STC score, which is a lab measurement.
OCONUS: Outside Continental United States. Areas, including Alaska, Hawaii and U.S. territories outside the continental U.S.
ODNI: Office of the Director of National Intelligence. This is a government organization that provides oversight to the intelligence community.
OPSEC: Operations security. This refers to any systems and processes put in place to protect information from potential adversaries.
ROM: Rough order of magnitude. A ballpark figure of what something will cost.
RF: Radio Frequency. Usually discussed in relation to RF shielding and preventing compromising emanations from escaping the facility. RF is a measurement that shows electromagnetic waves.
RFI: Request for Information. When doing a project proposal, this is the stage where the contractor asks questions to make sure they have what they need for their proposal.
RFP: Request for Proposal. When a project owner requests contractors to bid or propose a price for a project and for details on how they’d execute the project.
RFQ: Request for Quote. When a project owner requests contractors to bid or propose a price when they know exactly what they want and do not need details from the contractor on how they’d execute it.
SAP: Special Access Program. Security protocols that provide highly classified information with safeguards. Typically associated with Department of Defense programs.
SCI: Sensitive Compartmented Information. Information about certain intelligence sources and methods that needs to safeguarded.
SETL: Security Environment Threat List. A list of countries with U.S. diplomatic missions complied by the Department of State.
SID: Security in Depth. The multiple layers of security that safeguard an asset.
SOP: Standard Operating Plan. A set of instructions created to help workers carry out routine operations.
SSM: Site Security Manager. This is a key role in SCIF and SAPF construction who oversees the site during construction, makes sure security procedures are followed and helps put together the final accreditation package.
STC: Sound Transmission Class. The lab measurement of how much sound is insulated in items like a wall assembly.
SWA: Secure Working Area. An area accredited for use, handling, discussing and/or processing of SCI but where SCI is not stored.
TEMPEST: While this is written like an acronym, it is actually an unclassified short name. This is the study, investigation and mitigation of unintended emanations. If these emanations escape the facility, they can be captured and compromise security.
T-SCIF: Temporary Secure Compartmented Information Facility. SCIFs designed to be temporary or such as those at sites for contingency operations, emergency operations and tactical military operations.
TSCM: Technical Surveillance Countermeasure. A sweep for eavesdropping devices, hidden microphones or bugs.
TFA: Two-factor authentication. When a system requires two types of verification of identity before granting access.
UL: Underwriters Laboratories. A safety science corporation that sets standards for alarm systems. UL 2050 is the standard for SCIFs.