In an industry that's difficult to explain, I get a lot of questions.
Let us help you understand the basic building blocks of SCIFs, regulations, construction, and accreditation.
Question
What is a SCIF?
ANSWER
A SCIF (Sensitive Compartmented Information Facility) is a secure room or area used for handling classified information. SCIFs have strict access control measures and are designed to prevent unauthorized access, electronic eavesdropping, and other security risks. They are typically used for activities such as classified briefings, data storage, and communications.
Question
What is ICD 705?
ANSWER
ICD 705 is a set of standards and specifications developed by the United States government for the construction and management of SCIFs. It provides detailed guidelines for the physical security, construction, and installation of SCIFs, including perimeter security, access control, sound attenuation, and protection against electronic eavesdropping.
Question
Who does ICD 705 apply to?
ANSWER
The ICD 705 standards apply to all SCIFs used by the U.S. government and its contractors to handle classified information.
Question
Is it difficult to build a SCIF?
ANSWER
Due to the strict security requirements and specialized construction needs, building a SCIF can be challenging and requires experienced contractors and architects who are familiar with the ICD 705 standards.
Question
Can anyone build a SCIF?
ANSWER
It is important to note that the construction and operation of SCIFs are subject to strict government oversight and security clearance requirements. Always inform your government Accrediting Official (AO) of your location and design intent prior to starting design or construction.
Question
What does the Accrediting Official do?
Answer
The AO will review your design and provide an Authorization to Proceed (ATP) allowing the design and construction to begin. They will also perform periodic reviews and site inspections during the project timeline. After completion, the AO will sign your accreditation letter, assigning your secure space a SCIF ID number.
Question
What else do I need to operate my SCIF?
ANSWER
Your government TEMPEST representative will perform an inspection of your cabling to be sure you meet the red/black separation requirements. Once approved, they will issue an Authorization to Proceed. Now your technology solutions may be installed.
Question
What does TEMPEST mean?
ANSWER
TEMPEST is a U.S. government codename used to refer to a set of standards and guidelines for protecting electronic equipment from eavesdropping and other forms of electronic surveillance.
Question
Who determines TEMPEST standards and guidelines?
ANSWER
CNSSAM (Committee on National Security Systems Policy and Minimum Standards for Management of Information Systems and Networks) is a U.S. government committee responsible for setting policy and minimum standards for the management of information systems and networks that handle national security information.
Question
What regulation governs TEMPEST standards and guidelines?
ANSWER
CNSSAM TEMPEST/1-13. This standard covers a wide range of topics, including the design and construction of secure facilities, the use of shielded cabling and connectors, the selection and configuration of electronic equipment, and the implementation of security measures such as encryption and authentication. Compliance with these standards is required for any electronic equipment or facility used to handle classified or sensitive information by U.S. government agencies or their contractors.