The 6-Step Process to Integrating the Correct High-Security Features That Guarantee Accreditation
When you set out to build a SCIF with the required high-security features it needs to get accredited, you have to do it right the first time. There’s too much on the line to get it wrong.
Let’s say you’re a smaller defense company that’s never developed a SCIF before. You’re not clear on exactly what is required in your design documents, technical specifications or Construction Security Plan (CSP). There are so many variables involved that you end up stumbling through the dark, trying to accomplish something you can’t even see properly.
You’re almost always going to overlook a requirement, and that means your accreditation official will delay your accreditation, or worse, won’t accredit your facility at all. Before you know it, your deadline is out the window, management is breathing down your neck and the time-sensitive government program that needs that facility can’t move into it and begin operating.
This is not a pleasant scenario for anyone, and it’s a situation that no defense company, site security manager (SSM) or facility security officer (FSO) should ever have to experience. Follow these six steps to make sure your SCIF is designed and built correctly the first time.
Step 1: Get a Government Sponsor
The first thing you need to do is make sure that your government sponsor is involved. Your sponsor is the entity that gave you (or is planning to give you) the classified contract. There are 16 entities in the US government intelligence community (IC) that have the authority to accredit SCIFs, and your sponsor will be one of them — or possibly a second- or third-tier level of the IC element. Without a government sponsor it is impossible to have an accredited SCIF, even if you have a facility built to SCIF standards.
Step 2: Develop Pre-construction Documentation
The SSM of your project is responsible for this step. Working with the accreditation officer and the designer, your SSM determines the high-security features you need based on security in depth (SID), inspectable space, risk analysis, fixed facility documentation, accreditation documentation, telecommunications systems design, any red-black separation requirements, access control system (ACS) and intrusion detection system (IDS) requirements, and closed-circuit television (CCTV) requirements before you move forward.
In most cases, the Certified TEMPEST Technical Authority (CTTA) will determine which (if any) TEMPEST measures need to be integrated into the SCIF’s design. Once you have a complete pre-construction design package, you need to submit it to the accrediting official for approval before you proceed any further.
Step 3: Develop the Facility Design
The details of your design depend on whether the SCIF is going to be ground-up construction or part of an existing building. They also depend on the existing SID, whether the facility is going to be open or closed storage and other considerations as identified by the accreditation official. You also have to take the government program’s functional requirements into consideration in your design, such as heating and cooling demands, infrastructure, lab or data processing needs and so on.
Once you’ve established the correct criteria, you can proceed with the actual design documents. At minimum, these include the project plans, project specifications, the pre-construction Fixed Facility Checklist (FFC), the TEMPEST Checklist and the Construction Security Plan (CSP). The design process can last anywhere from four to twenty-four weeks, depending on the size, location and complexity of the project. Make sure your design team is well experienced in the development of SCIFs to minimize gaps in your design documentation.
Step 4: Get Jurisdiction Approval
After your completed design is approved by the accrediting official, you then have to get approval from whatever jurisdiction the project is located in. For example, if the SCIF is on a military base, it has to be approved by the local military jurisdiction. If it’s in a municipality, you’ll need to talk to the local building department. (Note: When you create the design plans and documentation for your SCIF, the plans should not contain any verbiage that indicates that the project is a secure facility.)
Step 5: Construct the SCIF
After everything has been approved, you’re ready to build your SCIF.
Your contractors should always be qualified people who have proven experience building SCIFs (at least two to three facilities per year for the last three years). During construction, your SSM needs to make sure that the building process is executed in accordance with every detail of the CSP. Every person who comes onto the job site must be documented, the project design documents must be controlled and other elements of the CSP must be adhered to and executed properly.
Your SSM needs to document the entire construction process in accordance with the CSP. These processes are as important as the actual construction itself.
Step 6: Get Government Accreditation
After the SCIF has been built and all other jurisdictions (building authorities, corporate management, etc.) have signed off on the project, the last thing you need is to prepare your final accreditation documents and schedule a final accreditation inspection.
The inspection is performed by a government accrediting official (AO) who verifies that all of the required high-security features of the SCIF have been installed according to what was preapproved in the design and pre-construction documents. The AO will also verify that the CSP was properly followed during construction of the SCIF and that all the required documentation was developed during the construction processes. Your AO will inspect your SCIF and all of its systems to ensure that they function the way they were designed to function and that the facility is ready to operate as a Sensitive Compartmented Information Facility (SCIF).
Get It Right the First Time Around
There are a lot of compelling reasons why it’s not good to stumble around on your own trying to design and build a SCIF. Adamo has designed and built hundreds of facilities with high-security features during our decades of experience. We have worked for a wide range of defense companies as well as branches of the military and government, and we guarantee accreditation for any SCIF project that we design and construct.