How the ICD 705 policy is helping unify SCIF/SAPF construction standards
Reciprocity of standards, where all 18 Intelligence Community (IC) elements follow the same requirements for SCIF and SAPF construction, is one of the stated goals of the Intelligence Community Directive (ICD) 705 policy. Prior to the 705, different IC elements had their own standards for how they wanted their facilities constructed along with the DCID 6/9 standards they all followed. The DoD followed a completely different standard with JAFAN 6/9. With the introduction of the ICD 705 Technical Specifications, or Tech Spec, in 2010, these standards have become more unified across all 18 IC elements.
With each new version of the Tech Spec released, new requirements have been introduced that furthered the goal of reciprocity by mandating more clear-cut rather than situational options. For example, the Tech Spec now only requires GSA-approved locking hardware for doors, which limits the variations of locksets used.
Of course, the Tech Spec is not entirely black and white on SCIF construction standards. While most of its requirements are more black-and-white, there are many that are more open to interpretation or adaptation, like the ability to choose from either one of the three suggested wall types, or to use your own build that meets your facility’s needs.
While a situational assessment of risks and vulnerabilities is crucial for each facility being constructed, reciprocal standards are important because they can help ease the turnover in facilities as they change hands from one program or contract to the next.
Why Reciprocity is Necessary
In the SCIF/SAPF space, it’s not uncommon for an existing facility to have various programs move in and out of it over the years. When each agency had their personal preferences, problems could arise when one agency took over or collaborated in a space with another agency.
In some cases, when a new agency would take over a SCIF or SAPF space, they would have a different internal security standard than the previous tenant and would want to make changes to the facility before they begin their work. This could be something simple, like adding sound masking, or something far more complicated, like adding foil to the walls as a TEMPEST mitigation.
When an agency seeks a major renovation before moving in their program, it causes a delay in mission readiness while construction takes place.
Cost of Renovation
Along with the time cost associated with a renovation and pause in the program, there is an actual monetary cost as well. Something like adding foil to the walls means opening all the walls back up, which not only causes a major delay but is also a very pricey endeavor.
Ultimately, if every agency expects changes to be made to match their different security standards, the price tag increases quickly whenever facilities change hands.
What Would Full Reciprocity Look Like?
Today, the high-security industry is closer to full reciprocity than ever before thanks to the Tech Spec standardizing requirements across all IC elements. However, the Tech Spec still takes an approach to security that relies largely on situational assessments, which leaves room for variations. There are some fundamentals of construction that are consistent across IC elements in most regions of the country, but there are also variables driven by things like preference, situational threat analysis and personal experiences of the individual accrediting the space.
There are still barriers that exist to reaching full reciprocity, and achieving it may lead to higher costs for the government, depending on how they continue to move toward full reciprocity.
In one possible approach, all secure facilities could be built to the highest possible standards to make sure that every potential security need is meant. Of course, requirements like radio frequency (RF) shielding or expanded metal in the walls can increase the cost of a project significantly. This would also downplay or even eliminate the situational assessment currently required for facilities, which can put these facilities and their programs at risk if the threat assessment mindset is diminished or not applied at all.
Along with the higher cost, this system creates a new security concern. If every facility is built identically, it would be easier for outside forces, including our enemies, to know the exact security profile of a facility.
Alternatively, there is a way to reach full reciprocity while maintaining a situational mindset. This would require greater coordination between multiple agencies through the guidance of experts like the Accrediting Official (AO) or Certified TEMPEST Technical Authority (CTTA). Currently, these officials have large caseloads that limit how much time and guidance they can give to a project. This results in slower coordination between the accrediting team and the party who is building the SCIF/SAPF.
An increase in these personnel or in the time they have available to collaborate during the assessment phase would help each project have the time it needs to fully address their situational needs. However, there would again be an obvious cost to this in terms of salaries and training expenses. In both scenarios, full reciprocity would come with a large cost.
The Tech Spec currently offers far greater uniformity of requirements than we’ve seen in years past, however, which gives great benefits to the high-security world.
In the current SCIF and SAPF construction environment, situational assessment remains a key factor in building a secure facility. Figuring out your security needs can be an overwhelming prospect, which is where Adamo can step in and consult on your projects. Our experts can help you tackle whatever challenges arise and guide you in any step, from pre-design to accreditation.