A Sensitive Compartmented Information Facility (SCIF) is constructed with the purpose of handling, storing, discussing, or processing confidential, secret and top-secret information. The goal is to provide physical security against a forced or covert entry into a space containing sensitive information along with technical security to prevent video or acoustic surveillance. The security requirements to protect against these actions need to be identified early to achieve an accredited SCIF that avoids costly delays and budget overruns.
Beginning with the End in Mind
The complex nature of SCIF design and construction places added importance and emphasis on the pre-construction phase. The below stakeholders must be involved early to assess and define the risk mitigation plan. Evaluating threats and vulnerability will get everyone on the same page regarding successful outcomes. A first step is identifying the intended use and classification of the space, such as a closed area or a radio frequency (RF) shielded facility. Also, the pre-construction documentation put together by the Site Security Manager (SSM) needs to be submitted to the Accrediting Official (AO) before the project moves forward into design. The project will have to be approved by the AO several times during the course of design and construction. Taking the time to meet with the stakeholders to gain an understanding of the desired classification, security measures, and depth of security wanted will be key in processing a complete project with no surprises that will risk the accreditation process.
Accrediting Official (AO): Person designated by the Cognizant Security Authority (CSA) who is responsible for all aspects of SCIF management and operations.
Site Security Manage (SSM): Person designated by the AO who is responsible for all aspects of SCIF management and operations.
Certified TEMPEST Technical Authority (CTTA): US Government appointed employee who has met and achieved requirements regarding TEMPEST.
Mission Users: Person who will work, operate, handle SCI in the facility once the facility becomes operational.
Architect/Engineer: The design of the SCIF shall be performed by US companies utilizing US Citizens or US Persons.
General Contractor: The construction of the SCIF shall be performed by US companies utilizing US Citizens or US Persons.
Security is the main premise in designing and constructing a SCIF. Understanding and successfully designing and constructing the security requirements are the keys handing a successfully completed project to the owner. Security comes in layers when constructing a SCIF and can include items such as a security fence, an access control point entrance at the gate, an access control system in the building or an intrusion detection system. The physical perimeter of the SCIF space should include walls, floors, and ceilings with a sound transmission class (STC) rating of 45 or 50, radio frequency shielding, SCIF-rated doors and vault type construction. The penetrations for mechanical, electrical, fire protection and communication utilities should be limited and will require special design details. Lastly, it must be determined if adjacent areas require enhanced security to receive and maintain SCIF accreditation.
Why It Matters
This part is straight forward, a secured room is critical for protecting classified and sensitive information pertaining to US affairs and ongoing government projects. Therefore, you not only need this construction in the heart of government operations but at any facility that is engaged with government contracts pertaining to research and development, technology and information storage and general discussion of US affairs.