Key Information You Need to Know about Sensitive Compartmented Information Facilities (SCIFs)
You need to build a SCIF. But let’s face it: that’s easier said than done.
The term “SCIF” stands for “Sensitive Compartmented Information Facility.” SCIFs are complicated structures, and few people have a lot of experience with building them. If you’re looking into a SCIF, the requirements, regulations and government directives that come with it can get overwhelming fast. You may not even know where to start.
If that feeling sounds familiar, you’re in the right place.
This article will tell you exactly what a Sensitive Compartmented Information Facility is, explain its basic components and cover the latest requirements you need to know about planning and building a SCIF before you start your project.
Definition of a SCIF
A Sensitive Compartmented Information Facility is a US government-accredited facility where SCI (Sensitive Compartmented Information) can be stored, discussed and electronically processed.
SCIFs are required for government-classified SCI programs. SCI is derived primarily from intelligence-gathering activities and from classified research and development projects. It goes without saying that information like that needs to be protected.
That’s where SCIFs come in. But what makes a SCIF capable of and approved for protecting SCI?
Elements of a SCIF: What You Need to Know
SCIF facility designs are impacted by a number of factors, based on what we call security in depth, or SID. The design of a Sensitive Compartmented Information Facility depends on its inspectable space, whether the facility is classified for open or closed storage of SCI, and a few other factors.
However, all SCIFs must be built according to very specific standards, including Intelligence Community Directive 705 (ICD705) and the IC Tech Specs. Because SCIFs follow these standards, they have several key elements in common.
Physical security. Physical security includes perimeter hardening requirements and perimeter construction techniques that aid in the discovery of unauthorized intrusion.
Acoustic security. With regard to acoustic security, the entire perimeter of a SCIF needs to meet certain acoustic level standards (Sound Transmission Class 45 or 50) so that intelligible conversation doesn’t penetrate the walls. Sub-compartmented areas within the facility may also need to meet acoustic separation requirements.
Visual controls. The entire facility must be designed to eliminate any possibility of an outsider visually seeing any of the activities or information within the SCIF, whether from a distance or within close proximity. In most cases, SCIFs do not have windows, but if windows are approved by the accrediting official, visual line of sight mitigation measures must be taken into account.
Electronic access controls systems (ACS) and intrusion detection systems (IDS). Electronic access control systems (ACS) and intrusion detection systems (IDS) must meet UL2050, a high-security standard approved for Department of Defense (DoD) classified facilities. Data communications also have to meet appropriate government directives in order to handle and process SCI.
TEMPEST security. TEMPEST security refers to countermeasures for electronic emanations that may leave the SCIF space and provide intelligible information about the program operating within. TEMPEST countermeasures required for a SCIF can range from simple to very complex. Some of the more common countermeasures include putting a metallic radiant barrier foil within the perimeter wall construction, installing non-conductive sections when conductive materials pass through the perimeter wall and even filtering the facility’s power where it enters the space.
Many of the physical properties of a Sensitive Compartmented Information Facility have remained essentially the same over time. However, government requirements have changed in recent years, and you need to be just as aware of them as you do of the security elements if you want your SCIF to be approved for government accreditation.
Recent SCIF Requirement Changes
There are two key requirements that have changed when it comes to building a Sensitive Compartmented Information Facility: 1) before you start construction you must be preapproved by a government sponsor, and 2) you also need preapproval by a certified TEMPEST technical authority before you start building.
Under the old DCID6/9 standard, you were able to design and build a SCIF first and get government sponsorship and TEMPEST certification later. This changed under the most recent
Intelligence Community Directive (ICD) 705 standard in 2011. Now, the government has to be involved from the very beginning.
Without a government sponsor prior to the start of construction, you risk ending up with a non-accredited SCIF.
Adamo has been consulting on, designing, and building Sensitive Compartmented Information Facilities since 1980. We’ve built more than 500 of these types of facilities, all of which have met their accreditation requirements. We help our clients through the entire process of building a SCIF, from concept to construction to completion, so that your final accreditation is guaranteed.
To learn more, contact through our online contact form. Other types of facilities that protect sensitive or classified information include SAPFs (Special Access Program Facilities) and Closed Areas per NISPOM (National Industrial Security Program Operating Manual). You can learn more about these types of secure facilities here.