Bedwallbase

UNCLASSIFIEDUNCLASSIFIEDTECHNICALSPECIFICATIONSFORCONSTRUCTIONANDMANAGEMENTOFSENSITIVECOMPARTMENTEDINFORMATIONFACILITIESVERSION1.
2ICTechSpec‐forICD/ICS705AnIntelligenceCommunityTechnicalSpecificationPreparedbytheOfficeoftheNationalCounterintelligenceExecutiveApril23,2012UNCLASSIFIEDiUNCLASSIFIEDTableofContentsChapter1.
Introduction1A.
Purpose.
1B.
Applicability1Chapter2.
RiskManagement.
2A.
AnalyticalRiskManagementProcess2B.
SecurityinDepth(SID)3C.
CompartmentedArea(CA)4Chapter3.
FixedFacilitySCIFConstruction.
6A.
Personnel.
6B.
ConstructionSecurity.
7C.
PerimeterWallConstructionCriteria8D.
FloorandCeilingConstructionCriteria11E.
SCIFDoorCriteria.
11F.
SCIFWindowCriteria12G.
SCIFPerimeterPenetrationsCriteria.
13H.
AlarmResponseTimeCriteriaforSCIFswithintheU.
S.
14I.
SecureWorkingAreas(SWA)14J.
TemporarySecureWorkingArea(TSWA)14Chapter4.
SCIFsOutsidetheU.
S.
andNOTUnderChiefofMission(COM)Authority20A.
General.
20B.
EstablishingConstructionCriteriaUsingThreatRatings.
20C.
Personnel.
23D.
ConstructionSecurityRequirements24E.
ProcurementofConstructionMaterials.
27F.
SecureTransportationforConstructionMaterial30G.
SecureStorageofConstructionMaterial.
31H.
TechnicalSecurity31I.
InterimAccreditations31UNCLASSIFIEDiiUNCLASSIFIEDChapter5.
SCIFsOutsidetheU.
S.
andUnderChiefofMissionAuthority.
32A.
Applicability32B.
GeneralGuidelines.
32C.
ThreatCategories.
33D.
ConstructionRequirements.
34E.
Personnel.
35F.
ConstructionSecurityRequirements37G.
ProcurementofConstructionMaterials.
39H.
SecureTransportationforConstructionMaterial41I.
SecureStorageofConstructionMaterial.
42J.
TechnicalSecurity42K.
InterimAccreditations42Chapter6.
Temporary,Airborne,andShipboardSCIFs.
43A.
Applicability43B.
Ground-BasedT-SCIFs43C.
PermanentandTacticalSCIFSAboardAircraft45D.
PermanentandTacticalSCIFsonSurfaceorSubsurfaceVessels47Chapter7.
IntrusionDetectionSystems(IDS)53A.
SpecificationsandImplementationRequirements.
53B.
IDSModesofOperation.
57C.
OperationsandMaintenanceofIDS.
59D.
InstallationandTestingofIDS.
60Chapter8.
AccessControlSystems(ACS)62A.
SCIFAccessControl.
62B.
ACSAdministration.
63C.
ACSPhysicalProtection.
63D.
ACSRecordkeeping.
63E.
UsingClosedCircuitTelevision(CCTV)toSupplementACS.
64F.
Non-AutomatedAccessControl.
64UNCLASSIFIEDiiiUNCLASSIFIEDChapter9.
AcousticProtection65A.
Overview.
65B.
SoundGroupRatings.
65C.
AcousticTesting65D.
ConstructionGuidanceforAcousticProtection66E.
SoundTransmissionMitigations66Chapter10.
PortableElectronicDevices(PEDs)68A.
ApprovedUseofPEDsinaSCIF.
68B.
Prohibitions.
69C.
PEDRiskLevels.
69D.
RiskMitigation70Chapter11.
TelecommunicationsSystems73A.
Applicability73B.
UnclassifiedTelephoneSystems73C.
UnclassifiedInformationSystems.
74D.
UsingClosedCircuitTelevision(CCTV)toMonitortheSCIFEntryPoint(s)75E.
UnclassifiedWirelessNetworkTechnology75F.
EnvironmentalInfrastructureSystems.
75G.
EmergencyNotificationSystems.
76H.
SystemsAccess.
76I.
UnclassifiedCableControl.
77J.
References.
77Chapter12.
ManagementandOperations.
79A.
Purpose.
79B.
SCIFRepository.
79C.
SCIFManagement80D.
SOPs.
81E.
ChangesinSecurityandAccreditation.
82F.
General.
82UNCLASSIFIEDivUNCLASSIFIEDG.
Inspections83H.
ControlofCombinations.
83I.
De-AccreditationGuidelines84J.
VisitorAccess84K.
Maintenance.
86L.
IDSandACSDocumentationRequirements.
86M.
EmergencyPlan87Chapter13.
FormsandPlans89FixedFacilityChecklist90TEMPESTChecklist.
110CompartmentedAreaChecklist.
120ShipboardChecklist.
130Aircraft/UAVChecklist.
144SCIFCo-UseRequestandMOA.
154ConstructionSecurityPlan(CSP)157UNCLASSIFIEDChapter1Introduction1UNCLASSIFIEDChapter1.
IntroductionA.
PurposeThisIntelligenceCommunity(IC)TechnicalSpecificationsetsforththephysicalandtechnicalsecurityspecificationsandbestpracticesformeetingstandardsofIntelligenceCommunityStandard(ICS)705-1(PhysicalandTechnicalStandardsforSensitiveCompartmentedInformationFacilities).
WhenthetechnicalspecificationshereinareappliedtonewconstructionandrenovationsofSensitiveCompartmentedInformationFacilities(SCIFs),theyshallsatisfythestandardsoutlinedinICS705-1toenableuniformandreciprocaluseacrossallICelementsandtoassureinformationsharingtothegreatestextentpossible.
ThisdocumentistheimplementingspecificationforIntelligenceCommunityDirective(ICD)705,PhysicalandTechnicalSecurityStandardsforSensitiveCompartmentedInformationFacilities(ICS-705-1)andStandardsforAccreditationandReciprocalUseofSensitiveCompartmentedInformationFacilities(ICS-705-2)andsupersedesDirectorofCentralIntelligenceDirective(DCID)6/9.
ThespecificationscontainedhereinwillfacilitatetheprotectionofSensitiveCompartmentedInformation(SCI)againstcompromisingemanations,inadvertentobservationanddisclosurebyunauthorizedpersons,andthedetectionofunauthorizedentry.
B.
ApplicabilityICElementsshallfullyimplementthisstandardwithin180daysofitssignature.
SCIFsthathavebeende-accreditedbutcontrolledattheSECRETlevel(IAW32CodeofFederalRegulations(CFR)parts2001and2004)forlessthanoneyearmaybereaccreditedonetimeusingthepreviousstandard.
TheICSCIFrepositoryshallindicatethattheaccreditationwasbaseduponthepreviousstandards.
UNCLASSIFIEDChapter2RiskManagement2UNCLASSIFIEDChapter2.
RiskManagementA.
AnalyticalRiskManagementProcess1.
TheAccreditingOfficial(AO)andtheSiteSecurityManager(SSM)shouldevaluateeachproposedSCIFforthreats,vulnerabilities,andassetstodeterminethemostefficientcountermeasuresrequiredforphysicalandtechnicalsecurity.
Insomecases,baseduponthatriskassessment,itmaybedeterminedthatitismorepracticalorefficienttomitigateastandard.
Inothercases,itmaybedeterminedthatadditionalsecuritymeasuresshouldbeemployedduetoasignificantriskfactor.
2.
SecuritybeginswhentheinitialrequirementforaSCIFisknown.
Toensuretheintegrityoftheconstructionandfinalaccreditation,securityplansshouldbecoordinatedwiththeAObeforeconstructionplansaredesigned,materialsordered,orcontractslet.
a)SecuritystandardsshallapplytoallproposedSCIfacilitiesandshallbecoordinatedwiththeAOforguidanceandapproval.
LocationoffacilityconstructionandorfabricationdoesnotexcludeafacilityfromsecuritystandardsandorreviewandapprovalbytheAO.
SCIfacilitiesincludebutarenotlimitedtofixedfacilities,mobileplatforms,prefabricatedstructures,containers,modularapplicationsorotherneworemergingapplicationsandtechnologiesthatmaymeetperformancestandardsforuseinSCIfacilityconstruction.
b)Mitigationsareverifiable,non-standardmethodsthatshallbeapprovedbytheAOtoeffectivelymeetthephysical/technicalsecurityprotectionlevel(s)ofthestandard.
Whilemoststandardsmaybeeffectivelymitigatedvianon-standardconstruction,additionalsecuritycountermeasuresand/orprocedures,somestandardsarebasedupontestedandverifiedequipment(e.
g.
,acombinationlockmeetingFederalSpecificationFF-L2740A)chosenbecauseofspecialattributesandcouldnotbemitigatedwithnon-testedequipment.
TheAOsapprovalisdocumentedtoconfirmthatthemitigationisatleastequaltothephysical/technicalsecuritylevelofthestandard.
c)Exceedingastandard,evenwhenbaseduponrisk,requiresthatawaiverbeprocessedandapprovedinaccordancewithICD705.
3.
Theriskmanagementprocessincludesacriticalevaluationofthreats,vulnerability,andassetstodeterminetheneedandvalueofcountermeasures.
Theprocessmayincludethefollowing:a)ThreatAnalysis.
Assessthecapabilities,intentions,andopportunityofanadversarytoexploitordamageassetsorinformation.
ReferencethethreatinformationprovidedintheNationalThreatIdentificationandPrioritizationAssessment(NTIPA)producedbytheNationalCounterintelligenceExecutive(NCIX)forinsidetheU.
S.
and/ortheOverseasSecurityPolicyBoard(OSPB),SecurityEnvironmentThreatList(SETL)foroutsidetheU.
S.
todeterminetechnicalthreattoalocation.
WhenevaluatingforTEMPEST,theCertifiedUNCLASSIFIEDChapter2RiskManagement3UNCLASSIFIEDTEMPESTTechnicalAuthorities(CTTA)shallusetheNationalSecurityAgencyInformationAssurance(NSAIA)listasanadditionalresourceforspecifictechnicalthreatinformation.
NOTE:Thesethreatdocumentsareclassified.
AssociatingthethreatlevelorotherthreatinformationwiththeSCIFlocation(includingcountry,city,etc.
)willnormallycarrythesameclassificationlevelidentifiedinthethreatdocument.
EnsurethatSCIFplanningdocumentsanddiscussionsthatidentifythreatwiththecountryorSCIFlocationareprotectedaccordingly.
Itiscriticaltoidentifyotheroccupantsofcommonandadjacentbuildings.
(However,donotattempttocollectinformationagainstU.
S.
personsinviolationofExecutiveOrder(EO)12333.
)Inareaswherethereisadiplomaticpresenceofhighandcriticalthreatcountries,additionalcountermeasuresmaybenecessary.
b)VulnerabilityAnalysis.
Assesstheinherentsusceptibilitytoattackofaprocedure,facility,informationsystem,equipment,orpolicy.
c)ProbabilityAnalysis.
Assesstheprobabilityofanadverseaction,incident,orattackoccurring.
d)ConsequenceAnalysis.
Assesstheconsequencesofsuchanaction(expressedasameasureofloss,suchascostindollars,resources,programmaticeffect/missionimpact,etc.
).
B.
SecurityinDepth(SID)1.
SIDdescribesthefactorsthatenhancetheprobabilityofdetectionbeforeactualpenetrationtotheSCIFoccurs.
TheexistenceofalayerorlayersofsecuritythatoffermitigationsforrisksmaybeacceptedbytheAO.
Animportantfactorindeterminingriskiswhetherlayersofsecurityalreadyexistatthefacility.
Ifapplied,theselayersmay,withAOapproval,alterconstructionrequirementsandextendsecurityalarmresponsetimetothemaximumof15minutes.
Completedocumentationofany/allSIDmeasuresinplacewillassistinmakingriskdecisionsnecessarytorenderafinalstandardsdecision.
2.
SIDismandatoryforSCIFslocatedoutsidetheU.
S.
duetoincreasedthreat.
3.
TheprimarymeanstoachieveSIDarelistedbelowandareacceptable.
SIDrequiresthatatleastoneofthefollowingmitigationsisapplied:a)Militaryinstallations,embassycompounds,U.
S.
Government(USG)compounds,orcontractorcompoundswithadedicatedresponseforceofU.
S.
persons.
b)Controlledbuildingswithseparatebuildingaccesscontrols,alarms,elevatorcontrols,stairwellcontrols,etc.
,requiredtogainaccesstothebuildingsorelevators.
ThesecontrolsshallbefullycoordinatedwithaformalagreementormanagedbytheentitythatownstheSCIF.
c)ControlledofficeareasadjacenttoorsurroundingSCIFsthatareprotectedbyalarmequipmentinstalledinaccordancewithmanufacturersinstructions.
TheseUNCLASSIFIEDChapter2RiskManagement4UNCLASSIFIEDcontrolsshallbefullycoordinatedwithaformalagreementormanagedbytheentitythatownstheSCIF.
d)Fencedcompoundswithaccesscontrolledvehiclegateand/orpedestriangate.
e)TheAOmaydevelopadditionalstrategiestomitigateriskandincreaseprobabilityofdetectionofunauthorizedentry.
C.
CompartmentedArea(CA)1.
DefinitionACAisanarea,room,orasetofroomswithinaSCIFthatprovidescontrolledseparationbetweencontrolsystems,compartments,sub-compartments,orControlledAccessPrograms.
2.
Requirementsa)TheCAshallbeapprovedbytheAOwiththeconcurrenceoftheCAProgramManagerordesignee.
TheCAChecklist(Chapter13)shallbeusedtorequestapproval.
b)AnyconstructionorsecurityrequirementsabovethoselistedhereinrequirepriorapprovalfromtheelementheadasdescribedinICS705-2.
3.
AccessControla)AccesscontroltotheCAmaybeaccomplishedbyvisualrecognitionormechanical/electronicaccesscontroldevices.
b)Spin-dialcombinationlocksshallnotbeinstalledonCAdoors.
c)IndependentalarmsystemsshallnotbeinstalledinaCA.
4.
VisualProtectionofCAWorkstationsIfcompartmentedinformationwillbedisplayedonacomputerterminalorgroupofterminalsinanareawhereeveryoneisnotaccessedtotheprogram,thefollowingmeasuresmaybeappliedtoreducetheabilityof"shouldersurfing"orinadvertentviewingofcompartmentedinformation:Positionthecomputerscreenawayfromdoorway/cubicleopening.
Useapolarizingprivacyscreen.
Usepartitionsand/orsigns.
Existingprivateofficesorroomsmaybeusedbutmaynotbeamandatoryrequirement.
5.
ClosedStorageWhenthestorage,processing,anduseofcompartmentedinformation,product,ordeliverablesisrequired,andallinformationshallbestoredwhilenotinuse,thenallofthefollowingshallapply:UNCLASSIFIEDChapter2RiskManagement5UNCLASSIFIEDa)Accessandvisualcontrolsidentifiedaboveshallbethestandardsafeguard.
b)CompartmentedinformationshallbephysicallystoredinaGeneralServicesAdministration(GSA)approvedsafe.
6.
OpenStorageInrareinstanceswhenopenstorageofinformationisrequired,thefollowingapply:a)IftheparentSCIFisaccreditedforopenstorage,aprivateofficewithaccesscontrolonthedoorisadequatephysicalsecurityprotection.
b)IftheparentSCIFhasbeenbuiltandaccreditedforclosedstorage,thentheCAperimetershallbeconstructedandaccreditedtoopenstoragestandards.
c)TheCAAOmayapproveopenorclosedstoragewithintheCA.
StoragerequirementsshallbenotedinboththeCAFixedFacilityChecklist(FFC)and,ifappropriate,inaMemorandumofUnderstanding(MOU).
7.
AcousticandTechnicalSecuritya)AllTEMPEST,administrativetelephone,andtechnicalsurveillancecountermeasure(TSCM)requirementsfortheparentSCIFshallapplytotheCAandshallbereciprocallyaccepted.
b)Whencompartmenteddiscussionsarerequired,thefollowingapply:(1)UseexistingroomsthathavebeenaccreditedforSCIdiscussions.
(2)Useadministrativeprocedurestorestrictaccesstotheroomduringconversations.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction6UNCLASSIFIEDChapter3.
FixedFacilitySCIFConstructionRequirementsoutlinedwithinthischapterapplytoallfixedfacilitySCIFs.
AdditionalinformationandrequirementsforfacilitieslocatedoutsidetheU.
S.
,itspossessionsorterritories,arefoundinChapters4and5.
AdditionalinformationandrequirementsfortemporarySCIFsaredescribedinChapter6.
A.
PersonnelRolesandresponsibilitiesofkeySCIFconstructionpersonnelareidentifiedinICS705-1andrestatedhereforreference.
1.
AOResponsibilitiesa)ProvidesecurityoversightofallaspectsofSCIFconstructionundertheirsecuritypurview.
b)Reviewandapprovethedesignconcept,ConstructionSecurityPlan(CSP),andfinaldesignforeachconstructionprojectpriortothestartofSCIFconstruction.
c)Dependingonthemagnitudeoftheproject,shalldetermineiftheSiteSecurityManager(SSM)performsdutiesonafull-time,principalbasis,orasanadditionaldutytoon-sitepersonnel.
d)AccreditSCIFsundertheircognizance.
e)PreparewaiverrequestsfortheICelementheadordesignee.
f)ProvidethetimelyinputofallrequiredSCIFdatatotheICSCIFrepository.
g)ConsiderSIDonUSGorUSG-sponsoredcontractorfacilitiestosubstituteforstandardsherein.
(SIDshallbedocumentedintheCSPandtheFFC.
)2.
SiteSecurityManagers(SSMs)Responsibilitiesa)EnsuretherequirementshereinareimplementedandadvisetheAOofcomplianceorvariances.
b)InconsultationwiththeAO,developaCSPregardingimplementationofthestandardsherein.
(Thisdocumentshallincludeactionsrequiredtodocumenttheprojectfromstarttofinish.
)c)ConductperiodicsecurityinspectionsforthedurationoftheprojecttoensurecompliancewiththeCSP.
d)DocumentsecurityviolationsordeviationsfromtheCSPandnotifytheAOwithin3businessdays.
e)Ensurethatprocedurestocontrolsiteaccessareimplemented.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction7UNCLASSIFIED3.
CTTAResponsibilitiesa)ReviewSCIFconstructionorrenovationplanstodetermineifTEMPESTcountermeasuresarerequiredandrecommendsolutions.
(Tothemaximumextentpracticable,TEMPESTmitigationrequirementsshallbeincorporatedintotheSCIFdesign.
)b)ProvidetheCognizantSecurityAuthority(CSA)AOwithdocumentedresultsofreviewwithrecommendations.
4.
ConstructionSurveillanceTechnicians(CSTs)ResponsibilitiesSupplementsiteaccesscontrols,implementscreeningandinspectionprocedures,aswellasmonitorconstructionandpersonnel,whenrequiredbytheAOB.
ConstructionSecurity1.
Priortoawardingaconstructioncontract,aCSPforeachprojectshallbedevelopedbytheSSMandapprovedbytheAO.
2.
ConstructionplansandallrelateddocumentsshallbehandledandprotectedinaccordancewiththeCSP.
3.
ForSCIFrenovationprojects,barriersshallbeinstalledtosegregateconstructionworkersfromoperationalactivitiesandprovideprotectionagainstunauthorizedaccessandvisualobservation.
SpecificguidanceshallbecontainedintheCSP.
4.
PeriodicsecurityinspectionsshallbeconductedbytheSSMordesigneeforthedurationoftheprojecttoensurecompliancewithconstructiondesignandsecuritystandards.
5.
ConstructionanddesignofSCIFsshouldbeperformedbyU.
S.
companiesusingU.
S.
citizenstoreducerisk,butmaybeperformedbyU.
S.
companiesusingU.
S.
persons(anindividualwhohasbeenlawfullyadmittedforpermanentresidenceasdefinedin8U.
S.
C.
1101(a)(20)orwhoisaprotectedindividualasdefinedbyTitle8U.
S.
C.
1324b(a)(3)).
TheAOshallensuremitigationsareimplementedwhenusingnon-U.
S.
citizens.
ThesemitigationsshallbedocumentedintheCSP.
6.
AllsitecontrolmeasuresusedshallbedocumentedintheCSP.
Amongthecontrolmeasuresthatmaybeconsideredarethefollowing:Identityverification.
Randomsearchesatsiteentryandexitpoints.
Signsatallentrypointslistingprohibitedandrestricteditems(e.
g.
,cameras,firearms,explosives,drugs,etc.
).
Physicalsecuritybarrierstodenyunauthorizedaccess.
Vehicleinspections.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction8UNCLASSIFIEDC.
PerimeterWallConstructionCriteria1.
Generala)SCIFperimetersincludeallwallsthatoutlinetheSCIFconfines,floors,ceilings,doors,windowsandpenetrationsbyductwork,pipes,andconduit.
ThissectiondescribesrecommendedmethodstomeetthestandardsdescribedwithinICS705-1forSCIFperimeters.
b)PerimeterwallconstructionspecificationsvarybythetypeofSCIF,location,useofSID,anddiscussionrequirements.
c)Closedstorageareasthatdonotrequirediscussionareasdonothaveanyforcedentryoracousticrequirements.
d)OpenstoragefacilitieswithoutSIDrequireadditionalprotectionagainstforcedandsurreptitiousentry.
e)Whenanexistingwallisconstructedwithsubstantialmaterial(e.
g.
,brick,concrete,cinderblock,etc.
)equaltomeettheperimeterwallconstructionstandards,theexistingwallmaybeutilizedtosatisfythespecification.
2.
ClosedStorage,SecureWorkingArea(SWA),ContinuousOperation,orOpenStoragewithSID-UseWallA-SuggestedStandardAcousticWall(seeconstructiondrawingfordetails).
a)Threelayersofinch-thickwallboard,onelayerontheoutsideoftheSCIFandtwoontheinsideoftheSCIFprovideadequaterigidityandacousticprotection(SoundClass3).
b)Wallboardshallbeattachedto3inch-widemetalstudsorwooden2x4studsplacedamaximumof24inchesoncenter.
c)Continuousrunners(samegaugeasstuds)forsecuringstudsshallbeanchoredtothetruefloorandtrueceilingstructures.
d)Theinteriortwolayersofwallboardshallbemountedsothattheseamsdonotalign(i.
e.
,staggerjoints).
e)Acousticfillshallbeplacedbetweenthestudsinamannerwhichpreventsslippage.
f)Thetopandbottomofeachwallshallbesealedwithanacousticsealantwhereitmeetstheslab.
g)Wallpenetrationsshallbetreatedandsealedwithacousticmaterial.
h)Entirewallassemblyshallbefinishedandpaintedfromtruefloortotrueceiling.
3.
OpenStoragewithoutSID--UseWallB-SuggestedWallforExpandedMetalorWallC-SuggestedWallforPlywood.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction9UNCLASSIFIEDa)Threelayersofinch-thickwallboard,onelayerontheoutsideoftheSCIFandtwoontheinsideoftheSCIFprovideadequaterigidityandacousticprotection(SoundClass3).
b)Metalstudsshallbe3inch-wide,16gaugemetal,mountedamaximumof16inchesoncenter.
c)Woodenstudswillbe2x4studsmountedamaximumof16inchesoncenter.
d)Continuousrunners(samegaugeasstuds)forsecuringstudsshallbeanchoredtothetruefloorandtrueceilingstructures.
e)WallB-SuggestedWallforExpandedMetal(seedrawingforWallB-SuggestedConstructionforExpandedMetal).
(1)Three-quarterinchmesh,#9(10gauge)expandedmetalshallbeaffixedtotheinteriorsideofallSCIFperimeterwallstuds.
(2)Expandedmetalshallbespot-weldedtothestudseverysixinchesalongthelengthofeachverticalstudandattheceilingandfloor.
(3)Hardenedscrewswithoneinchwashersorhardenedclipsmaybeusedinlieuofweldingtofastenmetaltothestuds.
Screwsshallbeappliedeverysixinchesalongthelengthofeachverticalstudandattheceilingandfloor.
(4)FasteningmethodshallbenotedintheFFC.
(5)Entirewallassemblyshallbefinishedandpaintedfromtruefloortotrueceiling.
f)WallC-SuggestedWallforPlywood(seedrawingforWallC-SuggestedConstructionforPlywood).
(1)Twolayersofinch-thickwallboard,onelayerontheoutsideoftheSCIFandoneontheinsideoftheSCIF.
Aplywoodlayershallsubstituteonelayerofwallboardontheinsidewallascomparedtothestandardacousticwall.
(2)Wallboardshallbeattachedto3inch-widemetalstudsorwooden2x4studsplacedamaximumof16inchesoncenter.
(3)Continuousrunners(samegaugeasstuds)forsecuringstudsshallbeanchoredtothetruefloorandtrueceilingstructures.
(4)Onelayerofinch-thickplywoodshallbeattachedvertically,directlytothewallstuds.
(5)Theplywoodshallbecontinuouslygluedandscrewedtothestudsevery12inchesalongthelengthofeachstudandattheceilingandfloor.
(6)Entirewallassemblyshallbefinishedandpaintedfromtruefloortotrueceiling.
4.
RadioFrequency(RF)ProtectionforPerimeterWallsUNCLASSIFIEDChapter3FixedFacilitySCIFConstruction10UNCLASSIFIEDa)RFprotectionshallbeinstalledatthedirectionoftheCTTAwhenaSCIFutilizeselectronicprocessinganddoesnotprovideadequateRFattenuationattheinspectablespaceboundary.
ItisrecommendedforallapplicationswhereRFinterferencefromtheoutsideoftheSCIFisaconcerninsidetheSCIF.
b)InstallationofRFprotectionshouldbedoneusingeitherthedrawingsorBestPracticesGuidelinesforArchitecturalRadioFrequencyShielding,preparedbytheTechnicalRequirementsSteeringCommitteeundertheCenterforSecurityEvaluation.
ThisdocumentisavailablethroughtheCenterforSecurityEvaluation,OfficeoftheDirectorofNationalIntelligence(ONCIX/CSE).
5.
VaultConstructionCriteriaGSA-approvedmodularvaultsmeetingFederalSpecificationAA-V-2737oroneofthefollowingconstructionmethodsmaybeused:a)ReinforcedConcreteConstruction(1)Walls,floor,andceilingwillbeaminimumthicknessofeightinchesofreinforcedconcrete.
(2)Theconcretemixturewillhaveacomprehensivestrengthratingofatleast2,500poundspersquareinch(psi).
(3)Reinforcingwillbeaccomplishedwithsteelreinforcingrods,aminimumofinchesindiameter,positionedcentralizedintheconcretepourandspacedhorizontallyandverticallysixinchesoncenter;rodswillbetiedorweldedattheintersections.
(4)Thereinforcingistobeanchoredintotheceilingandfloortoaminimumdepthofone-halfthethicknessoftheadjoiningmember.
b)Steel-LinedConstructionWhereUniqueStructuralCircumstancesDoNotPermitConstructionofaConcreteVault(1)Constructionwilluseinch-thicksteelalloy-typeplateshavingcharacteristicsofhigh-yieldandhigh-tensilestrength.
(2)Thesteelplatesaretobecontinuouslyweldedtoload-bearingsteelmembersofathicknessequaltothatoftheplates.
(3)Iftheload-bearingsteelmembersarebeingplacedinacontinuousfloorandceilingofreinforcedconcrete,theymustbefirmlyaffixedtoadepthofone-halfthethicknessofthefloorandceiling.
(4)Iffloorand/orceilingconstructionislessthansixinchesofreinforcedconcrete,asteellineristobeconstructedthesameasthewallstoformthefloorandceilingofthevault.
Seamswherethesteelplatesmeethorizontallyandverticallyaretobecontinuouslyweldedtogether.
AllvaultsshallbeequippedwithaGSA-approvedClass5vaultdoor.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction11UNCLASSIFIEDD.
FloorandCeilingConstructionCriteria1.
Floorsandceilingsshallbeconstructedtomeetthesamestandardsforforceprotectionandacousticprotectionaswalls.
2.
Allfloorandceilingpenetrationsshallbekepttoaminimum.
E.
SCIFDoorCriteria1.
ThereshallbeonlyoneprimarySCIFentrancewherevisitorcontrolisconducted.
a)Primaryentrancedoorsshallbeequippedwiththefollowing:(1)AGSA-approvedpedestriandoordeadboltmeetingFederalSpecificationFF-L-2890.
(2)AcombinationlockmeetingFederalSpecificationFF-L2740A.
(3)Anapprovedaccess-controldevice(seeChapter8).
(4)Maybeequippedwithahighsecuritykeywayforuseintheeventofanaccesscontrolsystemfailure.
b)WithAOapproval,additionalentrancedoorsmaybedesignatedforusebySCIFresidentsprovidedthatthedoorsareequippedwithanapprovedaccesscontrolsystemandaresecuredwithanapproveddeadboltorlockwhentheSCIFisnotoccupied.
Thedead-boltshallnotbeaccessiblefromtheexterior.
2.
Whenpractical,entrancedoorsshouldincorporateavestibuletoprecludevisualobservationandenhanceacousticprotection.
3.
AllperimeterSCIFdoorsshallbeequippedwithanautomatic,non-holddoor-closerwhichshallbeinstalledinternaltotheSCIF,ifpossible.
4.
Emergencyexitdoorsshall:Besecuredwithdeadlockingpanichardwareontheinside.
Havenoexteriorhardware.
Bealarmed24/7.
Providealocalaudibleannunciationwhenopened.
5.
HingepinsthatareaccessiblefromoutsideoftheSCIFdoorshallbemodifiedtopreventremovalofthedoor,e.
g.
,welded,setscrews,etc.
6.
SCIFdoorsandframeassembliesshallmeetacousticrequirementsasdescribedinChapter9unlessdeclaredanon-discussionarea.
7.
AllperimeterdoorsshallbealarmedinaccordancewithChapter7.
8.
Perimeterdoorsshallcomplywithapplicablebuilding,safety,andaccessibilitycodesandrequirements.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction12UNCLASSIFIED9.
PerimeterdoorsshallmeetTEMPESTrequirementswhenapplicable.
10.
Wooddoorsshallbe1inch-thicksolidwoodcore(woodstave).
11.
Steeldoorsshallmeetfollowingspecifications:1inch-thickfacesteelequalto18gauge.
Hingesreinforcedto7gauge.
Doorclosurereinforcedto12gauge.
Lockareapredrilledand/orreinforcedto10gauge.
12.
Avaultdoorshallnotbeusedtocontroldayaccesstoafacility.
Tomitigatebothsecurityandsafetyconcerns,avestibulewithanaccesscontroldevicemaybeconstructed.
13.
Roll-upDoorSpecificationsa)Aroll-updoorcannotbetreatedforacousticsandshallonlybelocatedinanareaoftheSCIFthatisdesignatedasanon-discussionarea.
b)Roll-updoorsshallbe18gaugesteelorgreaterandshallbesecuredinsidetheSCIFusingdead-boltsonboththerightandleftsideofthedoor.
14.
DoubleDoorSpecificationsa)Oneofthedoorsshallbesecuredatthetopandbottomwithdeadbolts.
b)Anastragalstripshallbeattachedtoonedoor(couldbeeitherthesecuredorthemovabledoordependingontheinward/outwardswingofdoorassembly)topreventobservationoftheSCIFthroughthecracksbetweenthedoors.
c)Eachdoorshallhaveanindependenthigh-securityswitch.
F.
SCIFWindowCriteria1.
EveryeffortshouldbemadetominimizeoreliminatewindowsintheSCIF,especiallyonthegroundfloor.
2.
Windowsshallbenon-opening.
3.
WindowsshallbeprotectedbysecurityalarmsinaccordancewithChapter7whentheyarewithin18feetofthegroundoranaccessibleplatform.
4.
Windowsshallprovidevisualandacousticprotection.
5.
WindowsshallbetreatedtoprovideRFprotectionwhenrecommendedbytheCTTA.
6.
Allwindowslessthan18feetabovethegroundorfromthenearestplatformaffordingaccesstothewindow(measuredfromthebottomofthewindow),shallbeprotectedagainstforcedentryandmeetthestandardfortheperimeter.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction13UNCLASSIFIEDG.
SCIFPerimeterPenetrationsCriteria1.
Allpenetrationsofperimeterwallsshallbekepttoaminimum.
2.
MetallicpenetrationsmayrequireTEMPESTcountermeasures,toincludedielectricbreaksorgrounding,whenrecommendedbytheCTTA.
3.
UtilitiesservicingareasotherthantheSCIFshallnottransittheSCIFunlessmitigatedwithAOapproval.
4.
UtilitiesshouldentertheSCIFatasinglepoint.
5.
Allutility(powerandsignal)distributionontheinteriorofaperimeterwalltreatedforacousticsorRFshallbesurfacemounted,containedinaraceway,oranadditionalwallshallbeconstructedusingfurringstripsasstand-offfromtheexistingwallassembly.
Iftheconstructionofanadditionalwallisused,gypsumboardmaybeinch-thickandneedonlygotothefalseceiling.
6.
Installationofadditionalconduitpenetrationforfutureutilityexpansionispermissibleprovidedtheexpansionconduitisfilledwithacousticfillandcapped(endofpipecover).
7.
VentsandDuctsa)AllventsandductsshallbeprotectedtomeettheacousticrequirementsoftheSCIF.
(SeeFigure4,TypicalAir(Z)DuctPenetration,forexample.
)b)Wallssurroundingductpenetrationsshallbefinishedtoeliminateanyopeningbetweentheductandthewall.
c)AllventsorductopeningsthatpenetratetheperimeterwallsofaSCIFandexceed96squareinchesshallbeprotectedwithpermanentlyaffixedbarsorgrills.
(1)Ifonedimensionofthepenetrationmeasureslessthansixinches,barsorgrillsarenotrequired.
(2)Whenmetalsoundbafflesorwaveformsarepermanentlyinstalledandsetnofartherapartthansixinchesinonedimension,thenbarsorgrillsarenotrequired.
(3)Ifbarsareused,theyshallbeaminimumofinchdiametersteel,weldedverticallyandhorizontallysixinchesoncenter;adeviationofinchinverticaland/orhorizontalspacingispermissible.
(4)Ifgrillsareused,theyshallbeofinch-mesh,#9(10gauge),case-hardened,expandedmetal.
(5)Ifbarsorgrillarerequired,anaccessportshallbeinstalledinsidethesecureperimeteroftheSCIFtoallowvisualinspectionofthebarsorgrill.
IftheareaoutsidetheSCIFiscontrolled(SECRETorequivalentproprietaryspace),theinspectionportmaybeinstalledoutsidetheperimeteroftheSCIFandbesecuredwithanAO-approvedhigh-securitylock.
ThisshallbenotedintheFFC.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction14UNCLASSIFIEDH.
AlarmResponseTimeCriteriaforSCIFswithintheU.
S.
ResponsetimesforIntrusionDetectionSystems(IDS)shallmeet32CFRParts2001and2004.
a)ClosedStorageresponsetimeof15minutes.
b)OpenStorageresponsetimewithin15minutesofthealarmannunciationiftheareaiscoveredbySIDorafiveminutealarmresponsetimeifitisnot.
I.
SecureWorkingAreas(SWA)SWAsareaccreditedfacilitiesusedfordiscussing,handling,and/orprocessingSCI,butwhereSCIwillnotbestored.
1.
TheSWAshallbecontrolledatalltimesbySCI-indoctrinatedindividualsorsecuredwithaGSA-approvedcombinationlock.
2.
TheSCIFshallbealarmedinaccordancewithChapter7withaninitialalarmresponsetimeof15minutes.
3.
AccesscontrolshallbeinaccordancewithChapter8.
4.
Perimeterconstructionshallcomplywithsection3.
C.
above.
5.
AllSCIusedinanSWAshallberemovedandstoredinGSA-approvedsecuritycontainerswithinaSCIF,avault,orbedestroyedwhentheSWAisunoccupied.
J.
TemporarySecureWorkingArea(TSWA)TSWAsareaccreditedfacilitieswherehandling,discussing,and/orprocessingofSCIislimitedtolessthan40-hourspermonthandtheaccreditationislimitedto12monthsorless.
ExtensionrequestsrequireaplantoaccreditasaSCIForSWA.
StorageofSCIisnotpermittedwithinaTSWA.
1.
WhenaTSWAisinuseattheSCIlevel,accessshallbelimitedtoSCI-indoctrinatedpersons.
2.
TheAOmayrequireanalarmsystem.
3.
Nospecialconstructionisrequired.
4.
WhentheTSWAisapprovedforSCIdiscussions,soundattenuationspecificationsofChapter9shallbemet.
5.
TheAOmayrequireaTSCMevaluationifthefacilityhasnotbeencontinuouslycontrolledattheSECRETlevel.
6.
WhentheTSWAisnotinuseattheSCIlevel,thefollowingshallapply:a)TheTSWAshallbesecuredwithahigh-security,AO-approvedkeyorcombinationlock.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction15UNCLASSIFIEDb)AccessshallbelimitedtopersonnelpossessingaminimumU.
S.
SECRETclearance.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction16UNCLASSIFIEDFigure1WallA–SuggestedStandardAcousticWallConstructionControlledAreaUncontrolledArea1.
Dependingonheighttruefloortotrueceilingandweight,metalstudsshallbeintherangeof20Gaugeto16gauge.
BottomofDeckSealantallaroundDuctOpeningsorPipe/ConduitPenetrations**5/8"gypsumwallboard3"soundattenuationmaterial,fastenedinsuchawayastopreventitfromslidingdownandleavingvoidatthetop.
AcousticalCeilingwithmetalanglemoldingsandsteelsupportgridsystemsFire-Safeornon-shrinkgroutinallvoidsabovetrack.
WallFinishasscheduledwithfinishcontinuousaboveanyfalseceiling5/8"gypsumwallboard–soundgroup4requiresadditionallayerof5/8"wallboardWallBaseandScheduledflooringContinuoustrack(Top&Bottom)w/anchorsat32"o.
c.
maximum–Bedincontinuousbeadsofacousticalsealant2CTTArecommendedcountermeasures(foilbackedwallboardorR-foil)shallbeinstalledIAWBestPracticeGuidelinesForArchitecturalRadioFrequencyShielding.
3.
Anyelectricalorcommunicationsoutletsrequiredonperimeterwallsshallbesurfacemounted.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction17UNCLASSIFIEDFigure2.
WallB-SuggestedConstructionforExpandedMetalBottomofDeckFiresafeornon-shrinkgroutinallvoidsabovetrack5/8"GypsumWallBoard(GWB)on5/8"16gaugemetalstudframingat16"o.
c.
AcousticalceilingwithmetalAnglemoldings&supportgridsystemWallFinishasscheduled–EnsurefinishiscontinuousaboveanyAcoustical("false")ceiling"#910gaugeexpandedmetalspotWeldedevery6"orscrewedwithWashersorfastenersystemtoverticalEvery6"to16gaugestudsandtoDeckandfloortrack16gaugecontinuoustrack(Top&Bottom)w/anchorsat32"o.
c.
(maximum)–Bedin2continuousBeadsofacousticsealantWallBaseasscheduledFloorFinishasscheduledNotes:1Thisdetailisintendedfor'newconstruction'--AOmustapproveanyvariationsinexpandedmetaluse2CTTArecommendedcountermeasures(foilbackedwallboardorR-foil)shallbeinstalledIAWBestPracticeGuidelinesforArchitecturalRadioFrequencyShielding.
3.
Anyelectricalorcommunicationsoutletsrequiredonperimeterwallsshallbesurfacemounted.
ControlledAreaUncontrolledArea5/8"GypsumWallBoard(GWB)on5/8"16gaugemetalstudframingat16"o.
c.
Acousticmaterial–materialshallbeFastenedinsuchawayastopreventItfromslidingdownandleavingaVoidatthetop.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction18UNCLASSIFIEDFigure3WallC–SuggestedConstructionforPlywoodBottomofDeckFiresafeornon-shrinkgroutinallvoidsabovetrack5/8"GypsumWallBoard(GWB)on5/8"16gaugemetalstudframingat16"o.
c.
AcousticalceilingwithmetalAnglemoldings&supportgridsystemWallFinishasscheduled–EnsurefinishiscontinuousaboveanyAcoustical("false")ceiling5/8"plywoodaffixed8ftverticalAnd4fthorizontalto16gaugestuds,AndDeckandfloortrackWithglueandscrewedwithsteel#10Self-tappingscrewsevery12inches16gaugecontinuoustrack(Top&Bottom)w/anchorsat32"o.
c.
(maximum)–Bedin2continuousBeadsofacousticsealantWallBaseasscheduledFloorFinishasscheduledNotes:1Thisdetailisintendedfor'newconstruction'--AOmustapproveanyvariationsinexpandedmetaluse2CTTArecommendedcountermeasures(foilbackedwallboardorR-foil)shallbeinstalledIAWBestPracticeGuidelinesforArchitecturalRadioFrequencyShielding.
3.
Anyelectricalorcommunicationsoutletsrequiredonperimeterwallsshallbesurfacemounted.
ControlledAreaUncontrolledArea5/8"GypsumWallBoard(GWB)on5/8"16gaugemetalstudframingat16"o.
c.
Acousticmaterial–materialshallbeFastenedinsuchawayastopreventItfromslidingdownandleavingaVoidatthetop.
UNCLASSIFIEDChapter3FixedFacilitySCIFConstruction19UNCLASSIFIEDFigure4TypicalPerimeterAir(Z)DuctPenetrationAcousticallyratedpartition(Planview)Acousticallylined,thru-wallsheetmetaltransferductMan-baratpartitionifductopeningsizeexceeds96SIRev.
04-053xxAccesshatch(Inbottomofduct)SECURESIDESECURESIDE3xmin.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM20UNCLASSIFIEDChapter4.
SCIFsOutsidetheU.
S.
andNOTUnderChiefofMission(COM)AuthorityA.
General1.
RequirementsoutlinedhereapplyonlytoSCIFslocatedoutsideoftheU.
S.
,itsterritoriesandpossessions,thatarenotunderCOMauthority.
2.
TheapplicationandeffectiveuseofSIDmayallowAOstodeviatefromthisguidanceatCategoryIIandIIIfacilities.
B.
EstablishingConstructionCriteriaUsingThreatRatings1.
TheDepartmentofStates(DoS)SecurityEnvironmentThreatList(SETL)shallbeusedintheselectionofappropriateconstructioncriteriabasedontechnicalthreatrating.
2.
IftheSETLdoesnothavethreatinformationforthecityofconstruction,theSETLthreatratingfortheclosestcitywithinagivencountryshallapply.
Whenonlythecapitalisnoted,itwillrepresentthethreatforallSCIFconstructionwithinthatcountry.
3.
Basedontechnicalthreatratings,buildingconstructionhasbeendividedintothefollowingthreecategoriesforconstructionpurposes:CategoryI-CriticalorHighTechnicalThreat,HighVulnerabilityBuildingsCategoryII-HighTechnicalThreat,LowVulnerabilityBuildingsCategoryIII-LowandMediumTechnicalThreat4.
FacilitiesinCategoryIAreasa)OpenStorageFacilities(1)OpenstorageistobeavoidedinCategoryIareas.
TheheadoftheICelementshallcertifymissionessentialneedandapproveoncase-by-casebasis.
Whenapproved,openstorageshouldonlybeallowedwhenthehostfacilityismanned24-hours-per-daybyaclearedU.
S.
presenceortheSCIFiscontinuouslyoccupiedbyU.
S.
SCI-indoctrinatedpersonnel.
(2)SCIshallbecontainedwithinapprovedvaultsorClassMorgreatermodularvaults.
(3)TheSCIFshallbealarmedinaccordancewithChapter7.
(4)AccesscontrolshallbeinaccordancewithChapter8.
(5)Analertsystemand/orduressalarmisrecommended.
(6)Initialalarmresponsetimeshallbefiveminutes.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM21UNCLASSIFIEDb)ClosedStorageFacilities(1)TheSCIFperimetershallprovidefiveminutesofforced-entryprotection.
(RefertoWallBorWallCconstructionmethods.
)(2)TheSCIFshallbealarmedinaccordancewithChapter7.
(3)AccesscontrolsystemshallbeinaccordancewithChapter8.
(4)SCIshallbestoredinGSA-approvedcontainersorinanareathatmeetsvaultconstructionstandards.
(5)Initialalarmresponsetimeshallbewithin15minutes.
c)ContinuousOperationFacilities(1)Analertsystemandduressalarmisrequired.
(2)ThecapabilityshallexistforstorageofallSCIinGSA-approvedsecuritycontainersorvault.
(3)Theemergencyplanshallbetestedsemi-annually.
(4)PerimeterwallsshallcomplywithenhancedwallconstructionmethodsinaccordanceWallBorCstandards.
(5)TheSCIFshallbealarmedinaccordancewithChapter7.
(6)AccesscontrolshallbeinaccordancewithChapter8.
(7)Initialresponsetimeshallbefiveminutes.
d)SWAsConstructionanduseofSWAsisnotauthorizedforfacilitiesinCategoryIareasbecauseofthesignificantrisktoSCI.
e)TSWAsConstructionanduseofTSWAsisnotauthorizedforfacilitiesinCategoryIareasbecauseofthesignificantrisktoSCI.
5.
FacilitiesinCategoryIIandIIIAreasa)OpenStorageFacilities(1)OpenstorageistobeavoidedinCategoryIIareas.
TheheadoftheICelementshallcertifymissionessentialneedandapproveoncase-by-casebasis.
Whenapproved,openstorageshouldonlybeallowedwhenthehostfacilityismanned24-hours-per-daybyaclearedU.
S.
presenceortheSCIFiscontinuouslyoccupiedbyU.
S.
SCI-indoctrinatedpersonnel.
(2)InCategoryIIIareas,openstorageshouldonlybeallowedwhenthehostfacilityismanned24-hours-per-daybyaclearedU.
S.
presenceortheSCIFiscontinuouslyoccupiedbyU.
S.
SCI-indoctrinatedpersonnel.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM22UNCLASSIFIED(3)TheSCIFperimetershallprovidefiveminutesofforced-entryprotection.
(RefertoWallBorWallCconstructionmethods.
)(4)TheSCIFshallbealarmedinaccordancewithChapter7.
(5)AccesscontrolshallbeinaccordancewithChapter8.
(6)Analertsystemand/orduressalarmisrecommended.
(7)Initialalarmresponsetimeshallbefiveminutes.
b)ClosedStorageFacilities(1)TheSCIFperimetershallprovidefiveminutesofforced-entryprotection.
(RefertoWallBorWallCconstructionmethods.
)(2)TheSCIFmustbealarmedinaccordancewithChapter7.
(3)AccesscontrolsystemshallbeinaccordancewithChapter8.
(4)SCIshallbestoredinGSA-approvedcontainers.
(5)Initialalarmresponsetimeshallbewithin15minutes.
c)ContinuousOperationFacilities(1)WallA-Standardwallconstructionshallbeutilized.
(2)TheSCIFshallbealarmedinaccordancewithChapter7.
(3)AccesscontrolshallbeinaccordancewithChapter8.
(4)Initialresponsetimeshallbefiveminutes.
(5)Analertsystemand/orduressalarmisrecommended.
(6)ThecapabilityshallexistforstorageofallSCIinGSA-approvedsecuritycontainers.
(7)Theemergencyplanshallbetestedsemi-annually.
d)SWAs(1)PerimeterwallsshallcomplywithstandardWallAconstruction.
(2)TheSCIFshallbealarmedinaccordancewithChapter7.
(3)AccesscontrolshallbeinaccordancewithChapter8.
(4)Initialalarmresponsetimeshallbewithin15minutes.
(5)TheSWAshallbecontrolledatalltimesbySCI-indoctrinatedindividualsorsecuredwithaGSA-approvedcombinationlock.
(6)Analertsystemand/orduressalarmisrecommended.
(7)AllSCIusedinanSWAshallberemovedandstoredinGSA-approvedsecuritycontainerswithinaSCIForbedestroyed.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM23UNCLASSIFIED(8)Theemergencyplanshallbetestedsemi-annually.
e)TSWAs(1)Nospecialconstructionisrequired.
(2)TheAOmayrequireanalarmsystem.
(3)WhentheTSWAisapprovedforSCIdiscussions,soundattenuationspecificationsofChapter9shallbemet.
(4)WhenaTSWAisinuseattheSCIlevel,accessshallbelimitedtoSCI-indoctrinatedpersons.
(5)TheAOmayrequireaTSCMevaluationifthefacilityhasnotbeencontinuouslycontrolledattheSECRETlevel.
(6)WhenaTSWAisnotinuseattheSCIlevel,thefollowingshallapply:(a)TheTSWAshallbesecuredwithahighsecurity,AO-approvedkeyorcombinationlock.
(b)AccessshallbelimitedtopersonnelpossessingaU.
S.
SECRETclearance.
C.
Personnel1.
SSMResponsibilitiesa)Ensuresthesecurityintegrityoftheconstructionsite(hereafterreferredtoasthe"site").
b)DevelopsandimplementsaCSP.
c)EnsuresthattheSSMshallhave24-hourunrestrictedaccesstothesite(oralternativesshallbestatedinCSP).
d)ConductsperiodicsecurityinspectionsforthedurationoftheprojecttoensurecompliancewiththeCSP.
e)DocumentssecurityviolationsordeviationsfromtheCSPandnotifiestheAO.
f)Maintainsalistofallworkersusedontheproject;thislistshallbecomepartofthefacilityaccreditationfiles.
g)Implementsprocedurestodenyunauthorizedsiteaccess.
h)Workswiththeconstructionfirm(s)toensuresecurityoftheconstructionsiteandcompliancewiththerequirementssetforthinthisdocument.
i)NotifiestheAOifanyconstructionrequirementscannotbemet.
2.
CSTRequirementsandResponsibilitiesa)PossessesU.
S.
TOPSECRETclearances.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM24UNCLASSIFIEDb)Isspeciallytrainedinsurveillanceandtheconstructiontradetodetertechnicalpenetrationsandthwartimplantedtechnicalcollectiondevices.
c)Supplementssiteaccesscontrols,implementsscreeningandinspectionprocedures,and,whenrequiredbytheCSP,monitorsconstructionandpersonnel.
d)IsnotrequiredwhenU.
S.
TOPSECRET-clearedcontractorsareusede)InCategoryIIIcountries,mustdothefollowing:(1)Shallbeginsurveillanceofnon-clearedworkersatthestartofSCIFconstructionortheinstallationofmajorutilities,whichevercomesfirst.
(2)Uponcompletionofallwork,shallclearandsecuretheareasforwhichtheyareresponsiblepriortoturningcontrolovertotheclearedAmericanguards(CAGs).
f)InCategoryIandIIcountries,mustdothefollowing:(1)Shallbeginsurveillanceofnon-clearedworkersatthestartofconstructionofpublicaccessoradministrativeareasadjacenttotheSCIF,SCIFconstruction,ortheinstallationofmajorutilities,whichevercomesfirst.
(2)Uponcompletionofallwork,shallclearandsecuretheareasforwhichtheCSTisresponsiblepriortoturningovercontroltotheCAGs.
g)OnU.
S.
militaryinstallations,whentheAOconsiderstheriskacceptable,alternativecountermeasuresmaybesubstitutedfortheuseofaCSTasprescribedintheCSP.
3.
CAGRequirementsandResponsibilitiesa)PossessesaU.
S.
SECRETclearance(TOPSECRETrequiredunderCOMauthority)b)Performsaccess-controlfunctionsatallvehicleandpedestrianentrancestothesiteexceptasotherwisenotedintheCSP.
(1)Screensallnon-clearedworkers,vehicles,andequipmententeringorexitingthesite.
(2)Deniesintroductionofprohibitedmaterials,suchasexplosives,weapons,electronicdevices,orotheritemsasspecifiedbytheAOordesignee.
(3)Conductsrandominspectionsofsiteareastoensurenoprohibitedmaterialshavebeenbroughtontothesite.
(AllsuspiciousmaterialsorincidentsshallbebroughttotheattentionoftheSSMorCST.
)D.
ConstructionSecurityRequirements1.
Priortoawardingaconstructioncontract,aCSPforeachprojectshallbedevelopedbytheSSMandapprovedbytheAO.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM25UNCLASSIFIED2.
ConstructionplansandallrelateddocumentsshallbehandledandprotectedinaccordancewiththeCSP.
3.
ForSCIFrenovationprojects,barriersshallbeinstalledtosegregateconstructionworkersfromoperationalactivities.
Thesebarrierswillprovideprotectionagainstunauthorizedaccessandvisualobservation.
SpecificguidanceshallbecontainedintheCSP.
4.
WhenexpandingexistingSCIFspaceintoareasnotcontrolledattheSECRETlevel,maximumdemolitionofthenewSCIFareaisrequired.
5.
ForareascontrolledattheSECRETlevel,orwhenperformingrenovationsinsideexistingSCIFspace,maximumdemolitionisnotrequired.
6.
AllrequirementsfordemolitionshallbedocumentedintheCSP.
7.
CitizenshipandClearanceRequirementsforSCIFConstructionPersonnela)UseofworkersfromcountriesidentifiedintheSETLas"criticaltechnicalthreatlevel"orlistedontheDoSProhibitedCountriesMatrixisprohibited.
b)GeneralconstructionofSCIFsshallbeperformedusingU.
S.
citizensandU.
S.
firms.
c)SCIFfinishwork(workthatincludesclosingupwallstructures;installing,floating,tapingandsealingwallboards;installingtrim,chairrail,molding,andfloorboards;painting;etc.
)inCategoryIIIcountriesshallbeaccomplishedbySECRET-cleared,U.
S.
personnel.
d)SCIFfinishwork(workthatincludesclosingupwallstructures;installing,floating,tapingandsealingwallboards;installingtrim,chairrail,molding,andfloorboards;painting;etc.
)inCategoryIandIIcountriesshallbeaccomplishedbyTOPSECRET-cleared,U.
S.
personnel.
e)Onmilitaryfacilities,theAOmayauthorizeforeignnationalcitizensorfirmstoperformgeneralconstructionofSCIFs.
Inthissituation,theSSMshallprescribe,withAOapproval,mitigatingstrategiestocountersecurityandcounterintelligencethreats.
f)Allnon-clearedconstructionpersonnelshallprovidetheSSMwithbiographicaldata(fullname,currentaddress,SocialSecurityNumber(SSN),dateandplaceofbirth(DPOB),proofofcitizenship,etc.
),andfingerprintcardsasallowedbylocallawspriortothestartofconstruction/renovation.
(1)TwoformsofI-9identificationarerequiredtoverifyU.
S.
persons.
(2)WheneverhostnationagreementsorStatusofForcesAgreementsmakethisinformationnotavailable,itshallbeaddressedintheCSP.
g)Whennon-U.
S.
citizensareauthorizedbytheAO:UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM26UNCLASSIFIED(1)TheSSMshallconductchecksofcriminalandsubversivefiles,local,national,andhostcountryagencyfiles,throughliaisonchannelsandconsistentwithhostcountrylaws.
(2)ChecksshallbeconductedofCIAindicesthroughthecountrysDirectorofNationalIntelligence(DNI)representativeandappropriatein-theaterU.
S.
militaryauthorities.
h)Accesstositesshallbedeniedorwithdrawnifadversesecurity,Counterintelligence(CI),orcriminalactivityisrevealed.
TheSSMshallnotifytheAOwhenaccesstothesiteisdeniedorwithdrawn.
i)Fornewfacilities,thefollowingapply:(1)Non-clearedworkers,monitoredbyCSTs,mayperformtheinstallationofmajorutilitiesandfeederlines.
(2)Installationshallbeobservedatperimeterentrypointsandwhenanytrenchesarebeingfilled.
(3)ThenumberofCSTsshallbedeterminedbythesizeoftheproject(squarefootageandprojectscope)asoutlinedintheCSP.
j)Forexistingfacilities,thefollowingapply:(1)Non-clearedworkers,monitoredbyCSTsorclearedescorts,mayperformmaximumdemolitionanddebrisremoval.
(2)TOPSECRET-clearedworkersshallbeusedtorenovateorconstructSCIFspace.
(3)SECRET-clearedindividualsmayperformtheworkwhenescortedbyTOPSECRET-clearedpersonnel.
(4)SCI-indoctrinatedescortsarenotrequiredwhentheexistingSCIFhasbeensanitizedorabarrierhasbeenconstructedtoseparatetheoperationalareasfromtheareasidentifiedforconstruction.
k)Priortoinitialaccesstothesite,allconstructionpersonnelshallreceiveasecuritybriefingbytheSSMordesigneeonthesecurityprocedurestobefollowed.
l)Ifaconstructionworkerleavestheprojectunderunusualcircumstances,theSSMshalldocumenttheoccurrenceandnotifytheAO.
TheAOshallreviewforCIconcerns.
m)TheSSMmayrequireclearedescortsorCSTsfornon-clearedworkersperformingworkexteriortotheSCIFthatmayaffectSCIFsecurity.
n)TheratioofescortpersonneltoconstructionpersonnelshallbedeterminedbytheSSMonacase-by-casebasisanddocumentedintheCSP.
Priortoassumingescortduties,allescortsshallreceiveabriefingregardingtheirresponsibilities.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM27UNCLASSIFIED8.
AccessControlofConstructionSitesa)Accesscontroltotheconstructionsiteandtheuseofbadgesarerequired.
b)GuardsarerequiredforSCIFconstructionoutsidetheU.
S.
c)AllsitecontrolmeasuresusedshallbedocumentedintheCSP.
Thefollowingaresitecontrolmeasuresthatshouldbeconsidered:Identityverification.
Randomsearchesatsiteentryandexitpoints.
Signs,inEnglishandotherappropriatelanguages,atallentrypointslistingprohibitedandrestricteditems(e.
g.
,cameras,firearms,explosives,drugs,etc.
).
Physicalsecuritybarrierstodenyunauthorizedaccess.
Vehicleinspections.
d)Guards(1)Localguards,supervisedbyCAGsandusingproceduresestablishedbytheAOanddocumentedintheCSP,maysearchallnon-clearedpersonnel,bags,toolboxes,packages,etc.
,eachtimetheyenterorexitthesite.
(2)InCategoryIcountries,CAGsshallbeassignedtoprotectthesiteandsurroundingareaasdefinedintheCSP.
(3)ForexistingSCIFs,TOPSECRET/SCI-indoctrinatedguardsarenotrequiredtocontrolaccesstothesiteorsecurestoragearea(SSA)providedthatTOPSECRET/SCI-indoctrinatedpersonnelarepresentona24-hourbasisandprescribedpostsecurityresourcesareinplace.
(4)Useofnon-clearedU.
S.
guardsornon-U.
S.
guardstocontrolaccesstothesiteorSSArequiresthepriorapprovaloftheAO.
ASECRET-cleared,U.
S.
citizenmustsuperviseanynon-clearedornon-U.
S.
guards.
Non-clearedornon-U.
S.
guardsshallnothaveunescortedaccesstothesite.
E.
ProcurementofConstructionMaterials1.
GeneralStandards.
Thesestandardsapplytoconstructionmaterials(hereafterreferredtoas"materials")usedinSCIFconstructionoutsidetheU.
S.
ThesestandardsdonotapplytoinstallationsonaroofcontiguoustotheSCIFprovidedthereisnoSCIFpenetration.
a)ProcurementsshallbeinaccordancewithFederalAcquisitionRegulations.
b)Inexceptionalcircumstances,SSMsmaydeviatefromprocurementstandardswithawaiver;suchdeviationshallbenotedintheCSP.
c)ForbuildingconstructionprojectsinCategoryIIIcountries,clearedU.
S.
citizensmayrandomlyselectupto35%ofbuildingmaterialsfromnon-specificgeneralUNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM28UNCLASSIFIEDconstructionmaterialsforSCIFconstruction.
Randomselectionmayexceed35%onlyifmaterialscanbeindividuallyinspected.
d)ForbuildingconstructionprojectsinCategoryIandIIcountries,clearedU.
S.
citizensmayrandomlyselectupto25%ofbuildingmaterialsfromnon-specificgeneralconstructionmaterialsforSCIFconstruction.
Randomselectionmayexceed25%onlyifmaterialscanbeindividuallyinspected.
e)ProcurementofmaterialsfromhostorthirdpartycountriesidentifiedintheSETLascriticalfortechnicalintelligenceorlistedintheDoSProhibitedCountriesMatrixisprohibited.
f)Allsuchmaterialsmustbeselectedimmediatelyuponreceiptoftheshipmentandtransportedtosecurestorage.
2.
InspectableMaterialsa)InspectablematerialsmaybeprocuredfromU.
S.
supplierswithoutsecurityrestrictions.
b)ThepurchaseofinspectablematerialsfromhostorthirdpartycountriesrequiresadvancedapprovalfromtheAO.
c)ProcurementofmaterialsfromhostorthirdpartycountriesidentifiedintheSETLascriticalfortechnicalintelligenceorlistedintheDoSProhibitedCountriesMatrixisprohibited.
d)Allinspectablematerialsprocuredinhostandthirdpartycountries,orshippedtositeinunsecuredmanner,shallbeinspectedusinganAO-approvedmethodasoutlinedintheCSPandthenmovedtoanSSA.
e)RandomselectionofallinspectablematerialselectedfromstockstoredoutsideoftheSSAshallbeinspectedusingAO-approvedmethodsoutlinedintheCSPpriortouseinSCIFconstruction.
3.
Non-InspectableMaterialsa)Non-inspectablematerialsmaybeprocuredfromU.
S.
suppliersorotherAO-approvedchannelswithsubsequentsecuretransportationtotheSSAattheconstructionsite.
b)Non-inspectablematerialsmaybeprocuredinahostorthirdpartycountryifrandomlyselectedbyU.
S.
citizenswithasecurityclearancelevelapprovedbytheAO.
c)Materialsshallberandomlychosenfromavailablesuppliers(typicallythreeormore)withoutadvancenoticeto,orreferralfrom,theselectedsupplierandwithoutreferenceoftheintendeduseofmaterialinaSCIF.
d)SelectionsshallbemadefromavailableshelfstockandtransportedsecurelytoanSSA.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM29UNCLASSIFIEDe)Procurementofficialsshouldbecircumspectaboutcontinuallypurchasingnon-inspectablematerialsfromthesamelocalsuppliers,andtherebyestablishingapatternthatcouldbereasonablydiscerniblebyhostileintelligenceservices,foreignnationalstaff,andsuppliers.
UNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM30UNCLASSIFIEDF.
SecureTransportationforConstructionMaterial1.
InspectableMaterialsa)Securetransportationofinspectablematerialsisnotrequired,butmaterialsshallbeinspectedusingproceduresapprovedbytheAOpriortouse.
b)Onceinspected,allinspectablematerialsshallbestoredinaSSApriortouse.
c)Ifsecurelyprocured,securelyshipped,andstoredinasecureenvironment,inspectablematerialsmaybeutilizedwithintheSCIFwithoutinspection.
2.
Non-InspectableMaterialsa)Non-inspectablematerialsincludeinspectablematerialswhenthesitedoesnotpossessthecapabilitytoinspectthembyAO-approvedmeans.
b)Non-inspectablematerialsshallbesecurelyprocuredandshippedtositebysecuretransportationfromtheU.
S.
,asecurelogisticsfacility,orlowthreatthirdpartycountryusingoneofthefollowingsecuremethods:(1)Securelypackagedorcontainerizedandunderthe24-hourcontrolofanapprovedcourierorescortoffice.
(Escortedshipmentsshallbeconsideredcompromisedifphysicalcustodyordirectvisualobservationislostbytheescortofficerduringtransit.
Non-inspectablematerialsthatareconfirmedorsuspectedofcompromiseshallnotbeusedinaSCIF.
)(2)Securelyshippedusingapprovedtransitsecuritytechnicalsafeguardscapableofdetectingevidenceoftamperingorcompromise.
(Anunescortedcontainerprotectedbytechnicalmeans("trapped")isconsideredcompromisedifevidenceoftamperingoftheprotectivetechnologyisdiscovered,orifanunacceptabledeviationfromtheapprovedtransitsecurityplanoccurs.
Non-inspectablematerialsthatareconfirmedorsuspectedofcompromiseshallnotbeusedinaSCIF.
).
(3)Non-inspectablematerialsshallbeshippedusingthefollowingsurfaceandaircarriersinorderofpreference:U.
S.
MilitaryU.
S.
FlagCarriersForeignFlagCarriersUNCLASSIFIEDChapter4SCIFsOutsidetheU.
S.
andNOTUnderCOM31UNCLASSIFIEDG.
SecureStorageofConstructionMaterial1.
ASSAshallbeestablishedandmaintainedforthesecurestorageofallSCIFconstructionmaterialandequipment.
AnSSAischaracterizedbytruefloortotrueceiling,slab-to-slabconstructionofsomesubstantialmaterial,andasolidwood-coreorsteel-claddoorequippedwithanAO-approvedsecuritylock.
2.
AllinspectedandsecurelyshippedmaterialsshallbeplacedintheSSAuponarrivalandstoredthereuntilrequiredforinstallation.
3.
AlternativeSSAsmayincludethefollowing:a)Ashippingcontainerlocatedwithinasecureperimeterthatislocked,alarmed,andmonitored.
b)AroomoroutsidelocationenclosedbyasecureperimeterthatisunderdirectobservationbyaSECRET-clearedU.
S.
citizen.
4.
TheSSAshallbeunderthecontrolofCAGsorotherU.
S.
personnelholdingatleastU.
S.
SECRETclearances.
5.
SupplementalsecurityrequirementsforSSAsshallbesetforthintheCSPandmayvarydependingonthelocationand/orthreattotheconstructionsite.
H.
TechnicalSecurity1.
TEMPESTcountermeasuresshallbepre-engineeredintotheconstructionoftheSCIF.
2.
InCategoryIcountries,aTSCMinspectionshallberequiredfornewSCIFconstructionorforsignificantrenovations(50%ormoreofSCIFreplacementcost).
3.
InCategoryIIandIIIcountries,aTSCMinspectionmayberequiredbytheAOfornewSCIFconstructionorsignificantrenovations(50%ormoreofSCIFreplacementcost).
4.
ATSCMinspectionshallberequiredifuncontrolledspaceisconverted(maximumdemolition)tonewSCIFspace.
5.
WhenaTSCMinspectionisnotconducted,amitigationstrategybasedonaphysicalsecurityinspectionthatidentifiespreventativeandcorrectivecountermeasuresshallbedevelopedtoaddressanytechnicalsecurityconcerns.
I.
InterimAccreditations1.
Uponcompletionofasuccessfulinspection,therespectiveagencysAOmayissueanInterimAccreditationpendingreceiptofrequireddocumentation.
2.
Ifdocumentationiscomplete,AOsmayissueanInterimAccreditationpendingthefinalinspection.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM32UNCLASSIFIEDChapter5.
SCIFsOutsidetheU.
S.
andUnderChiefofMissionAuthorityA.
Applicability1.
ThisportionappliestotheconstructionofSCIFslocatedoverseasandthatareonanycompoundthatfallsundertheDoSCOMauthorityorcreatedtosupportanyTenantAgencythatfallsunderCOMauthority.
2.
ThecreationofnewSCIFspaceatfacilitiesthatfallunderCOMauthorityisgovernedbybothICDsandOverseasSecurityPolicyBoard(OSPB)standardspublishedas12ForeignAffairsHandbook-6(12FAH-6).
Ifthereisaconflictbetweenthestandards,themorestringentshallapply.
3.
ForSCIFsconstructedinnewfacilities(newcompoundornewofficebuildingunderCOMauthority),theproponentactivityshallcoordinatespecificrequirementsfortheproposedSCIFwiththeDoS/OverseasBuildingsOperations(OBO).
4.
ForexistingfacilitiesunderCOMauthority,theprojectproponentactivitymustcoordinateSCIFrequirementswithDoS/BureauofDiplomaticSecurity(DS),theaffectedEmbassyorConsulate(throughtheRegionalSecurityOfficer(RSO)andGeneralServicesOfficer(GSO)),andDoS/OBO.
5.
TemporaryortacticalSCIFsmayonlybeauthorizedbyexceptionforfacilitiesunderCOMauthority.
TheAOofthetenantagencyshallnotifyboththeRSOandtheDoSAOoftherequirementandtheexpecteddurationofthesefacilities.
Priortoaccreditation,thetenantagencyAOmustcoordinatewiththeDoSAO.
B.
GeneralGuidelines1.
SCIFslocatedunderCOMauthorityoutsidetheU.
S.
arelocatedwithintheCAA.
2.
PriortoinitiatinganySCIFimplementationprocessforupgradeornewconstructioninanexistingofficebuilding,thetenantagencyCSAshalldothefollowing:a)ObtainconcurrencefromthePostsCounterintelligenceWorkingGroup(CIWG).
b)ObtainwrittenapprovalfromtheCOM.
c)NotifytheDoSAOofCWIGandCOMapprovals.
d)CoordinateOSPBpreliminarysurveywiththepostRSO/EngineeringServicesOffice(ESO)ifspaceisnotcoreCAA.
3.
APreliminarySurveyshallbedevelopedbytheRSO/ESOandsubmittedtoDoS/DSforreviewandapprovalpriortoawardingaconstructioncontract.
ACSPshallthenbedevelopedbythetenantandforwardedtoDoS/OBOforprocessing.
4.
AllSCIFdesign,construction,orrenovationshallbeincompliancewithOSPBstandardsforfacilitiesunderCOMauthority.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM33UNCLASSIFIED5.
AnywaiversthataregrantedforaSCIFbyawaiverauthoritythatwouldresultinnon-compliancewithOSPBstandardsshallrequireanexceptiontoOSPBstandardsfromDoS/DS.
6.
WrittenapprovaloftherequestforanexceptiontoOSPBstandardsmustbereceivedpriortothecommencementofanyconstructionprojects.
7.
Uponcompletionofconstruction,thetenantagencyAOwillaccredittheSCIFforSCIoperations.
C.
ThreatCategories1.
TheDoSSETLshallbeusedintheselectionofappropriateconstructioncriteria.
Basedontechnicalthreatratings,buildingconstructionhasbeendividedintothreecategoriesforconstructionpurposes:CategoryI-CriticalorHighTechnicalThreat,HighVulnerabilityBuildingsCategoryII-HighTechnicalThreat,LowVulnerabilityBuildingsCategoryIII-LowandMediumTechnicalThreat2.
HighandLowVulnerabilityBuildingswillbedeterminedinaccordancewiththedefinitionsintheOSPBstandards.
3.
SCIFdesignandconstructionshallcomplywiththebuildingcodesutilizedbyDoS/OBO.
4.
SCIFconstructionprojectsaresubjecttotheDoSConstructionSecurityCertificationrequirementsstipulatedinSection160(a),PublicLaw100-204,asamended.
ConstructionactivitiesmaynotcommenceuntiltherequiredcertificationhasbeenobtainedfromDoS.
5.
SCIFconstructionprojectsaresubjecttopermitrequirementsestablishedbyDoS/OBO.
6.
OpenstorageinCategoryIandIIareasistobeavoided.
TheCSAshallcertifymission-essentialneedandapproveonacase-by-casebasis.
7.
OpenstorageshallonlybeallowedforCategoryIIIpostswhenthehostfacilityismanned24-hoursperdaybyaclearedU.
S.
presence(i.
e.
,MarineSecurityGuard).
8.
OpenstorageofSCImaterialisnotauthorizedinlock-and-leavefacilities(i.
e.
,noMarineSecurityGuard).
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM34UNCLASSIFIEDD.
ConstructionRequirements1.
PerimeterWallConstruction(allfacilitiesregardlessoftypeorlocation).
a)Perimeterwallsshallcomplywithenhancedwallconstruction(SeedrawingsforWallsBandC.
)b)Perimetershallmeetacousticprotectionstandardsunlessdesignatedasanon-discussionarea.
2.
AllSCIFsmustbealarmedinaccordancewithChapter7.
3.
Initialalarmresponsetimesshallbewithin15minutesforclosedstorageandfiveminutesforopenstorage.
4.
AccesscontrolsystemsshallbeinaccordancewithChapter8.
5.
SCIshallbestoredinGSA-approvedcontainers.
6.
Analertsystemand/orduressalarmisrecommended.
7.
ContinuousOperationFacilitiesa)Analertsystemand/orduressalarmisrecommended.
b)ThecapabilityshallexistforstorageofallSCIinGSA-approvedsecuritycontainers.
c)Theemergencyplanshallbetestedsemi-annually.
d)TheSCIFshallbealarmedinaccordancewithChapter7.
e)AccesscontrolshallbeinaccordancewithChapter8.
f)Initialresponsetimeshallbefiveminutes.
8.
TSWAsa)WhenaTSWAisinuseattheSCIlevel,thefollowingapply:(1)UnescortedaccessshallbelimitedtoSCI-indoctrinatedpersons.
(2)TheAOmayrequireanalarmsystem.
(3)Nospecialconstructionisrequired.
(4)WhentheTSWAisapprovedforSCIdiscussionsthefollowingapply:SoundattenuationspecificationsofChapter9shallbemet.
TheAOmayrequireaTSCMevaluationifthefacilityhasnotbeencontinuouslycontrolledattheSECRETlevel.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM35UNCLASSIFIEDb)WhentheTSWAisnotinuseattheSCIlevel,thefollowingshallapply:(1)TheTSWAshallbesecuredwithaDoS/DS-approvedkeyorcombinationlock.
(2)UnescortedaccessshallbelimitedtopersonnelpossessingaU.
S.
SECRETclearance.
9.
SWAa)Initialalarmresponsetimesshallbewithin15minutes.
b)TheSWAshallbecontrolledatalltimesbySCI-indoctrinatedindividualsorsecuredwithaGSA-approvedcombinationlock.
c)TheSWAshallbealarmedinaccordancewithChapter7.
d)AccesscontrolshallbeinaccordancewithChapter8.
e)PerimeterwallsshallcomplywithstandardWallA.
f)Analertsystemand/orduressalarmisrecommended.
g)AllSCIusedinaSWAshallberemovedandstoredinGSA-approvedsecuritycontainerswithinaSCIForbedestroyed.
h)Thereshallbeanemergencyplanthatistestedsemi-annually.
E.
Personnel1.
SSMRequirementsandResponsibilitiesa)PossessesaU.
S.
TOPSECRETclearance.
b)Ensuresthesecurityintegrityoftheconstructionsite.
c)DevelopsandimplementsaCSP.
d)Shallhave24-hourunrestrictedaccesstothesite(oralternativesshallbestatedinCSP).
e)ConductsperiodicsecurityinspectionsforthedurationoftheprojecttoensurecompliancewiththeCSP.
f)DocumentssecurityviolationsordeviationsfromtheCSPandnotifiestheRSOandthetenantAO.
g)Maintainsalistofallworkersutilizedontheproject;thislistshallbecomepartofthefacilityaccreditationfiles.
h)Implementsprocedurestodenyunauthorizedsiteaccess.
i)Workswiththeconstructionfirm(s)toensuresecurityoftheconstructionsiteandcompliancewiththerequirementssetforthinthisdocument.
j)NotifiestheRSOandtenantAOifanyconstructionrequirementcannotbemet.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM36UNCLASSIFIED2.
CSTRequirementsandResponsibilitiesa)PossessesaTOPSECRETclearance.
b)Isspeciallytrainedinsurveillanceandtheconstructiontradetodetertechnicalpenetrationsandtodetectimplantedtechnicalcollectiondevices.
c)Supplementssiteaccesscontrols,implementsscreeningandinspectionprocedures,andwhenrequiredbytheCSP,monitorsconstructionandpersonnel.
d)IsnotrequiredwhencontractorswhoareU.
S.
citizenswithU.
S.
TOPSECRETclearancesareused.
e)InCategoryIIIcountriesthefollowingshallapply:(1)TheCSTshallbeginsurveillanceofnon-clearedworkersatthestartofSCIFconstruction.
(2)Uponcompletionofallwork,theCSTshallclearandsecuretheareasforwhichtheyareresponsiblepriortoturningcontrolovertotheCAGs.
f)InCategoryIandIIcountriesthefollowingshallapply:(1)TheCSTshallbeginsurveillanceofnon-clearedworkersatthestartofconstructionofpublicaccessoradministrativeareasadjacenttotheSCIF,orSCIFconstruction,whichevercomesfirst.
(2)Uponcompletionofallwork,theCSTshallclearandsecuretheareasforwhichtheCSTisresponsiblepriortoturningovercontroltotheCAGs.
3.
CAGRequirementsandResponsibilitiesa)PossessesaU.
S.
TOPSECRETclearance.
b)PerformsaccesscontrolfunctionsatallvehicleandpedestrianentrancestothesiteexceptasotherwisenotedintheCSP.
(1)Screensallnon-clearedworkers,vehicles,andequipmententeringorexitingthesite.
(2)Useswalk-throughand/orhand-heldmetaldetectorsorothermeansapprovedbytheRSOordesigneetodenyintroductionofprohibitedmaterialssuchasexplosives,weapons,electronicdevices,orotheritemsasspecifiedbytheRSOordesignee.
(3)Conductsrandominspectionsofsiteareastoensurenoprohibitedmaterialshavebeenbroughtontothesite.
AllsuspiciousmaterialsorincidentsshallbebroughttotheattentionoftheSSM.
c)InCategoryIIIcountries,CAGsshallbeassignedtoprotectthesiteandsurroundingareaatthestartofconstructionoftheSCIForcommencementofoperationsoftheSSA.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM37UNCLASSIFIEDd)InCategoryIandIIcountries,CAGsshallbeassignedtoprotectthesiteandsurroundingareaatthestartofconstructionoftheSCIF,areasadjacenttotheSCIF,orcommencementofoperationsoftheSSA.
e)ForexistingSCIFs,TOPSECRET/SCI-indoctrinatedU.
S.
citizenguardsarenotrequiredtocontrolaccesstothesiteorSSAprovidedthefollowingapply:(1)TOPSECRET/SCI-indoctrinatedU.
S.
citizensarepresentona24-hourbasisintheSCIFortheSCIFcanbeproperlysecuredandalarmed.
(2)PrescribedpostsecurityresourcesareinplacetomonitortheSSA.
F.
ConstructionSecurityRequirements1.
Priortoawardingaconstructioncontract,aCSPforeachprojectshallbedevelopedbytheSSMandapprovedbyDoS/DSandDoS/OBOandthetenantAO.
2.
ConstructionplansandallrelateddocumentsshallbehandledandprotectedinaccordancewiththeCSP.
3.
ForSCIFrenovationprojects,barriersshallbeinstalledtosegregateconstructionworkersfromoperationalactivities.
Thesebarrierswillprovideprotectionagainstunauthorizedaccessandvisualobservation.
SpecificguidanceshallbecontainedintheCSP.
4.
WhenexpandingexistingSCIFspaceintoareasnotcontrolledattheSECRETlevel,maximumdemolitionofthenewSCIFareaisrequired.
5.
ForareascontrolledattheSECRETlevelthatmeetOSPBpre-conditions,orwhenperformingrenovationsinsideexistingSCIFspace,maximumdemolitionisnotrequired.
6.
AllrequirementsfordemolitionshallbedocumentedintheCSP.
7.
PeriodicsecurityinspectionsshallbeconductedbytheSSMordesigneeforthedurationoftheprojecttoensurecompliancewithconstructiondesignandsecuritystandards.
8.
CitizenshipandClearanceRequirementsforSCIFConstructionPersonnela)UseofworkersfromcountriesidentifiedascriticalforTechnicalorHumanIntelligencethreat,orlistedontheDoSProhibitedCountriesMatrix,isprohibited.
b)GeneralconstructionandfinishworkisdefinedbyOSPBstandards.
c)GeneralconstructionofSCIFsshallbeperformedusingU.
S.
citizensandU.
S.
firms.
UseofforeignnationalcitizensorfirmstoperformgeneralconstructionofSCIFsmaybeauthorizedinaccordancewithOSPBstandards.
Inthissituation,theCSPshallprescribemitigatingstrategiestocountersecurityandcounterintelligencethreats.
d)SCIFfinishworkshallbeaccomplishedbyappropriatelyclearedpersonnelasdirectedbyOSPBstandardsforCAAconstruction.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM38UNCLASSIFIEDe)Allnon-clearedconstructionpersonnelshallprovidetheSSMwithbiographicaldata(fullname,currentaddress,SSN,DPOB,proofofcitizenship,etc.
),andfingerprintcardsasallowedbylocallawspriortothestartofconstruction/renovation.
f)TwoformsofI-9identificationarerequiredtoverifyU.
S.
persons.
g)Wheneverhostnationagreementsmakethisinformationnotavailable,itshallbeaddressedintheCSP.
h)Whennon-U.
S.
citizensareauthorized,thefollowingshallapply:(1)TheSSMshallconduct,throughliaisonchannels,checksofcriminalandsubversivefiles,localandnational;andhostcountryagencies,consistentwithhostcountrylaws.
(2)ChecksshallalsobeconductedofCIAindicesthroughthecountrysDNIrepresentativeandappropriatein-theaterU.
S.
militaryauthorities.
(3)Accesstositesshallbedeniedorwithdrawnifadversesecurity,CI,orcriminalactivityisrevealed.
TheSSMshallnotifytheAOandRSOwhenaccesstothesiteisdeniedorwithdrawn.
(4)Forexistingfacilities,thefollowingapply:Non-clearedworkersmonitoredbyCSTsmayperformmaximumdemolitionforconversionofnon-CAAtoSCIF.
Debrisremovalbynon-clearedworkersmustbemonitoredataminimumbyclearedU.
S.
citizenescorts.
TOPSECRET-clearedU.
S.
citizensmustperformmaximumdemolitionwithin,orpenetratingtheperimeterof,anexistingSCIF.
TOPSECRET-clearedU.
S.
citizensshallbeusedtorenovateSCIFspace.
SECRET-clearedindividualsmayperformtheworkwhenescortedbyTOPSECRET-clearedU.
S.
citizens.
SCI-indoctrinatedescortsarenotrequiredwhentheexistingSCIFhasbeensanitizedorabarrierhasbeenconstructedtoseparatetheoperationalareasfromtheareasidentifiedforconstruction.
i)Priortoinitialaccesstothesite,allconstructionpersonnelshallreceiveasecuritybriefingbytheSSMordesigneeonthesecurityprocedurestobefollowed.
j)Ifaconstructionworkerleavestheprojectunderunusualcircumstances,theSSMshalldocumenttheoccurrenceandnotifytheRSOandtenantAO.
TheRSOshallreviewforCIconcerns.
k)TheSSMmayrequireclearedescortsorCSTsfornon-clearedworkersperformingworkexteriortotheSCIFthatmayaffectSCIFsecurity.
l)TheratioofescortpersonneltoconstructionpersonnelshallbedeterminedbytheSSMonacase-by-casebasisanddocumentedintheCSP.
Priortoassumingescortduties,allescortsshallreceiveabriefingregardingtheirresponsibilities.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM39UNCLASSIFIED9.
AccessControlofConstructionSitesa)Accesscontroltotheconstructionsiteandtheuseofbadgesarerequired.
b)GuardsarerequiredforSCIFconstructionoutsidetheU.
S.
c)AllsitecontrolmeasuresusedshallbedocumentedintheCSP.
d)Thefollowingsitecontrolmeasuresshouldbeconsidered:(1)Identityverification.
(2)Randomsearchesatsiteentryandexitpoints.
(3)Signs,inEnglishandotherappropriatelanguages,atallentrypointslistingprohibitedandrestricteditems(e.
g.
,cameras,firearms,explosives,drugs,etc.
).
(4)Physicalsecuritybarrierstodenyunauthorizedaccess.
(5)Vehicleinspections.
10.
LocalGuardsa)Localguards,supervisedbyCAGsandusingproceduresestablishedbytheRSOanddocumentedintheCSP,maysearchallnon-clearedpersonnel,bags,toolboxes,packages,etc.
,eachtimetheyenterorexitthesite.
b)Useofnon-clearedU.
S.
guardsornon-U.
S.
guardstocontrolaccesstothesiteorsecurestoragearea(SSA)requiresthepriorapprovaloftheRSO.
ASECRET-clearedU.
S.
citizenmustsupervisenon-clearedornon-U.
S.
guards.
Non-clearedornon-U.
S.
guardsshallnothaveunescortedaccesstothesite.
G.
ProcurementofConstructionMaterials1.
GeneralStandardsa)ThesestandardsapplytoconstructionmaterialsusedinSCIFconstructionunderCOMauthority.
ThesestandardsdonotapplytoinstallationsonaroofcontiguoustotheSCIFprovidedthereisnoSCIFpenetration.
b)ProcurementsshallbeinaccordancewithFederalAcquisitionRegulations.
c)Inexceptionalcircumstances,SSMsmaydeviatefromprocurementstandardswithawaiver;suchdeviationshallbenotedintheCSP.
d)ForbuildingconstructionprojectsinCategoryIIIcountries,clearedU.
S.
citizensmayrandomlyselectupto35%ofbuildingmaterialsfromnon-specificgeneralconstructionmaterialsforSCIFconstruction.
Randomselectionmayexceed35%onlyifmaterialscanbeindividuallyinspected.
e)ForbuildingconstructionprojectsinCategoryIandIIcountries,clearedU.
S.
citizensmayrandomlyselectupto25%ofbuildingmaterialsfromnon-specificgeneralconstructionmaterialsforSCIFconstruction.
Randomselectionmayexceed25%onlyifmaterialscanbeindividuallyinspected.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM40UNCLASSIFIEDf)Allsuchmaterialsmustbeselectedimmediatelyuponreceiptoftheshipmentandtransportedtosecurestorage.
g)ProcurementofmaterialsfromhostorthirdpartycountriesidentifiedintheSETLascriticalfortechnicalintelligence,orlistedontheDoSProhibitedCountriesMatrix,isprohibited.
2.
InspectableMaterialsSpecificallyDestinedforSCIFConstructiona)InspectablematerialsspecificallydestinedforSCIFconstructionmaybeprocuredfromU.
S.
third-countryorlocalsupplierswithoutsecurityrestrictions.
b)AllinspectablematerialsspecificallydestinedforSCIFconstructionprocuredinhostandthirdpartycountriesorshippedtositeinanunsecuredmannerfromtheU.
S.
shallbeinspectedusingaDoS/DS-approvedmethodandthenmovedtoanSSA.
c)AllinspectablematerialselectedfromstockstoredoutsideoftheSSAshallbeinspectedusingDoS/DS-approvedmethodspriortouseinSCIFconstruction.
3.
Non-InspectableMaterialsSpecificallyDestinedforSCIFConstructiona)Non-inspectablematerialsspecificallydestinedforSCIFconstructionshallbeprocuredfromU.
S.
supplierswithsubsequentsecuretransportationtotheSSAattheconstructionsite.
b)Onanexceptionalbasis,non-inspectablematerialsmaybeprocuredinahostorthirdpartycountryifrandomlyselectedbyclearedU.
S.
citizens.
(1)Materialsshallberandomlychosenfromavailablesuppliers(typicallythreeormore)withoutadvancenoticeto,orreferralfrom,theselectedsupplierandwithnoreferenceoftheintendeduseofmaterialinaSCIF.
(2)Suchselectionsshallbemadefromavailableshelfstock,broughtimmediatelyunderpersonalcontrolofaclearedU.
S.
citizen,andtransportedsecurelytoanSSA.
(3)Procurementofficialsshouldbecircumspectaboutcontinuallypurchasingnon-inspectablematerialsfromthesamelocalsuppliersandestablishingapatternthatcouldbereasonablydiscerniblebyhostileintelligenceservices,foreignnationalstaff,andsuppliers.
UNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM41UNCLASSIFIEDH.
SecureTransportationforConstructionMaterial1.
InspectableMaterialsSpecificallyDestinedforSCIFConstructiona)InspectablematerialsdonotrequiresecuretransportationbutshallbeinspectedusingproceduresapprovedbytheDoS/DSpriortouseintheSCIF.
b)Onceinspected,allinspectableitemsshallbestoredinanSSA.
c)MaterialsmaybeutilizedwithintheSCIFwithoutinspectionifsecurelyprocured,securelyshipped,andstoredinasecureenvironment.
2.
Non-inspectableMaterialsSpecificallyDestinedforSCIFConstructiona)Non-inspectablematerialincludesinspectablematerialswhenthesitedoesnotpossessthecapabilitytoinspectbyDo/DS-approvedmeans.
b)Non-inspectablematerialsshallbesecurelyprocuredandshippedtositebysecuretransportationfromtheU.
S.
,asecurelogisticsfacility,orlowthreatthirdpartycountryusingoneofthefollowingsecuremethods:(1)Securelypackagedorcontainerizedandunderthe24-hourcontrolofanapprovedcourierorescortofficer.
(Escortedshipmentsshallbeconsideredcompromisedifphysicalcustodyordirectvisualobservationislostbytheescortofficerduringtransit.
Non-inspectablematerialsthatareconfirmedcompromisedorsuspectedofcompromiseshallnotbeusedinaSCIF.
)(2)Securelyshippedusingapprovedtransitsecuritytechnicalsafeguardscapableofdetectingevidenceoftamperingorcompromise.
(Anunescortedcontainerprotectedbytechnicalmeans("trapped")isconsideredcompromisedifevidenceoftamperingoftheprotectivetechnologyisdiscovered,orifanunacceptabledeviationfromtheapprovedtransitsecurityplanoccurs.
Non-inspectablematerialsthatareconfirmedcompromisedorsuspectedofcompromiseshallnotbeusedinaSCIF.
)(3)Non-inspectablematerialsshallbeshippedusingthefollowingsurfaceandaircarriersinorderofpreference:U.
S.
MilitaryU.
S.
FlagCarriersForeignFlagCarriersUNCLASSIFIEDChapter5SCIFsOutsidetheU.
SandUnderCOM42UNCLASSIFIEDI.
SecureStorageofConstructionMaterial1.
Uponarrival,allinspectedandsecurelyshippedmaterialsshallbeplacedintheSSAuntilrequiredforinstallation.
2.
AnSSAshallbeestablishedandmaintainedforthesecurestorageofallSCIFconstructionmaterialandequipment.
Itischaracterizedbytruefloortotrueceiling,slab-to-slabconstructionofsomesubstantialmaterialandasolidwood-coreorsteel-claddoorequippedwithaDoS/DS-approvedsecuritylock.
3.
AlternativeSSAsmayincludeashippingcontainerlocatedwithinasecureperimeterthatislocked,alarmed,andmonitored,oraroomoroutsidelocationenclosedbyasecureperimeterthatisunderdirectobservationbyaSECRET-clearedU.
S.
citizen.
4.
TheSSAshallbeunderthecontrolofCAGsorotherU.
S.
citizensholdingatleastU.
S.
SECRETclearances.
5.
SupplementalsecurityrequirementsforSSAsshallbesetforthintheCSPandmayvarydependingonthelocationand/orthreattotheconstructionsite.
J.
TechnicalSecurity1.
TEMPESTcountermeasuresshallbepre-engineeredintothebuilding.
2.
ATSCMinspectionshallberequiredinCategoryIcountriesfornewSCIFconstructionorsignificantrenovations(50%ormoreofSCIFreplacementcost).
3.
ATSCMinspectionmayberequiredbytheAOinCategoryIIorIIIcountriesfornewSCIFconstructionorsignificantrenovations(50%ormoreofSCIFreplacementcost).
4.
ATSCMinspection,conductedatthecompletionofconstruction,shallberequiredifuncontrolledspaceisconverted(maximumdemolition)tonewSCIFspace.
5.
WhenaTSCMinspectionisnotconducted,amitigationstrategybasedonaphysicalsecurityinspectionthatidentifiespreventativeandcorrectivecountermeasuresshallbedevelopedtoaddressanytechnicalsecurityconcerns.
K.
InterimAccreditations1.
Uponcompletionofasuccessfulinspection,therespectiveagencysAOmayissueanInterimAccreditationpendingreceiptofrequireddocumentation.
2.
Ifdocumentationiscomplete,AOsmayissueanInterimAccreditationpendingthefinalinspection.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs43UNCLASSIFIEDChapter6.
Temporary,Airborne,andShipboardSCIFsA.
Applicability1.
GeneralInformationa)ThischaptercoversallSCIFsdesignedtobetemporaryorsuchasthoseatsitesforcontingencyoperations,emergencyoperations,andtacticalmilitaryoperations.
b)Thesestandardsapplytothefollowing:(1)Allground-basedtemporarySCIFs(T-SCIFs),includingthoseonmobileplatforms(e.
g.
,trucksandtrailers).
(2)SCIFsaboardaircraft.
(3)SCIFsaboardsurfaceandsub-surfacevessels.
c)WhenemployingT-SCIFs,ariskmanagementapproachshallbeusedthatbalancestheoperationalmissionandtheprotectionofSCI.
2.
Accreditationa)AccreditationfortheuseofT-SCIFsshallnotexceedoneyearwithoutmissionjustificationandapprovalbytheAO.
b)WhentheT-SCIFownerdeterminesthataT-SCIFisnolongerrequired,thewithdrawalofaccreditationshallbeinitiatedbytheSSO/ContractorSpecialSecurityOfficer(CSSO).
(1)Uponnotification,theAOwillissueappropriateSCIwithdrawalcorrespondence.
(2)TheAOorappointedrepresentativewillconductaclose-outinspectionofthefacilitytoensurethatallSCImaterialhasbeenremoved.
B.
Ground-BasedT-SCIFs1.
T-SCIFStructuresandActivationa)Ground-basedT-SCIFsmaybeestablishedinhardenedstructures(e.
g.
,buildings,bunkers)orsemi-permanentstructures(e.
g.
,truck-mountedortowedmilitaryshelters,prefabricatedbuildings,tents).
b)Permanent-typehardenedstructuresshallbeusedtothegreatestextentpossibleforT-SCIFs.
c)PriortoT-SCIFactivation,theAOmayrequiresubmissionofastandardfixedfacilitychecklistoraT-SCIFchecklistproducedbeforeorafteradeployment.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs44UNCLASSIFIED2.
SCIStorageandDestructiona)Underfieldorcombatconditions,openstorageofSCImediaandmaterialsrequiresacontinuouspresencebySCI-indoctrinatedpersonnel.
b)UnderfieldorcombatconditionseveryeffortshallbemadetoobtainfromanyavailablehostcommandnecessarysupportforthestorageandprotectionofSCI(e.
g.
,securitycontainers,generators,guards,weapons,etc.
).
c)ThequantityofSCImaterialwithinaT-SCIFshallbelimited,totheextentpossible,toanamountconsistentwithoperationalneeds.
d)AllSCIshallbestoredinGSA-approvedsecuritycontainers.
e)TheAOmayapproveexceptionstothestorageofSCImaterialinGSA-approvedstoragecontainersforaspecifiedperiodoftime.
f)Whennolongerneeded,SCImaterialshallbedestroyedbymeansapprovedbytheAO.
3.
SecurityRequirementsa)T-SCIFsecurityfeaturesshallprovideacoustical,visual,andsurreptitiousentryprotection.
b)ATSCMinspectionshallberequestedforanystructureproposedforT-SCIFuseifthespacewaspreviouslyoccupiedbyanon-U.
S.
element.
ItistheAOsresponsibilitytoevaluateoperatingtheSCIFpriortoTSCMinspectionandformallyassumeallriskassociatedwithearlyoperation.
c)Whenpossible,T-SCIFsshallbeestablishedwithintheperimetersofU.
S.
-controlledareasorcompounds.
d)IfaU.
S.
-controlledareaorcompoundisnotavailable,theT-SCIFshallbelocatedwithinanareathataffordsthegreatestdegreeofprotectionagainstsurreptitiousorforcedentry.
e)WhenaT-SCIFisinoperation,theperimeterofitsimmediateareashallbeobservedandprotectedbyU.
S.
guardswithU.
S.
SECRETclearances.
Guardsshallbeequippedwithemergencycommunicationdevicesand,ifnecessary,withweapons.
f)Duringnon-operationalhours,theT-SCIFshallbeprovidedsecurityprotectioninaccordancewithAOguidelines.
g)TheT-SCIFshallhaveonlyoneentrancewhichshallbecontrolledduringhoursofoperationbyanSCI-indoctrinatedpersonusinganaccessroster.
h)UnclassifiedtelecommunicationsequipmentshallmeettherequirementsoutlinedinChapter10tothegreatestextentpractical.
i)TelephonesobtainedinaforeigncountryshallnotbeusedwithinaT-SCIF.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs45UNCLASSIFIEDj)CablesandwirespenetratingtheT-SCIFperimetershallbeprotected.
TheAOmayrequireinspectionsandroutingofcablesandwiringthroughprotectivedistributionsystemsormayrequireothercountermeasures.
k)AO-approvedemergencydestructionandevacuationplansshallbedevelopedandrehearsedperiodicallybyallpersonnelassignedtotheT-SCIF;theresultsoftherehearsaldrillsshallbedocumented.
l)Whenintransit,ground-basedandmobile(e.
g.
,truck-mounted,towedmilitaryshelters)T-SCIFscontainingunsecuredandnon-encryptedSCIshallbeaccompaniedbyaU.
S.
TOPSECRET-clearedindividualwithSCIaccessapproval(s).
m)Duringmovement,T-SCIFstructuresshallbesecuredwithGSA-approvedlockingdevicesandequippedwithtamper-evidentseals.
n)Whenintransit,hardenedT-SCIFshavingnoopenstorageofSCImaybemonitoredbyaU.
SSECRET-clearedindividual.
o)HardenedT-SCIFsshallbedesignedwithTEMPESTcountermeasuresasidentifiedbytheCTTA.
TheAO,incollaborationwiththeCTTA,shallprovidered/blackseparationand"protecteddistribution"guidanceforfieldinstallationinaccordancewithNSTISSAMTEMPEST2/95and2/95AandCNSSI7003.
p)WhenaT-SCIFisnolongerrequired,theresponsibleSCIsecurityofficialshallconductathoroughfacilityinspectiontoensureallSCImaterialhasbeenremoved.
C.
PermanentandTacticalSCIFSAboardAircraft1.
TheAircraftFacilityChecklist(seeForms&Plans)willbeusedforpermanentSCIFsaboardaircraft.
2.
TheAOmaydeterminethatanAircraftFacilityChecklistmaynotberequiredfortacticalSCIFsaboardaircraftifthefollowinginformationisprovided:a)Nameofaircraft(tailnumber)/airborneT-SCIF.
b)Majorcommand/organization.
c)IDnumberofparentSCIF,ifapplicable.
d)LocationT-SCIFdeployedfromanddateofdeployment.
e)LocationT-SCIFdeployedtoanddateofdeployment.
f)SCIcompartment(s)involvedinT-SCIFoperations.
g)TimeperiodforT-SCIFoperations.
h)Nameofexerciseoroperation.
i)Pointsofcontact(responsibleofficers).
j)TypeofaircraftandareatobeaccreditedasaT-SCIF.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs46UNCLASSIFIEDk)DescriptionofsecuritymeasuresforentireperiodofT-SCIFuse(standardoperatingprocedures).
l)Additionalcommentstoaddclarification.
3.
SecurityRequirementsforAircraftwhenOperatinginSupportofMissionsInvolvingSCIMateriala)SCIFlocationshallbeidentifiedbyaircrafttailnumber.
b)AccesstotheaircraftinteriorshallbecontrolledatalltimesbySCI-indoctrinatedpersonnel.
c)TherearenouniquephysicalsecurityconstructionstandardsforSCIFsaboardaircraft.
d)Accreditation,suchasthatfromtheDefenseCourierService,isnotrequiredforaircraftusedsolelytotransportSCImaterialbetweenairfields.
e)WhenallpersonnelonanaircraftarenotbriefedoneverySCIcompartmentaboard,proceduralmethodsorphysicalbarriersshallbeemployedtoisolatecompartmentsoftheSCI.
f)WhenanaircraftT-SCIFisnolongerrequired,theresponsibleSCIsecurityofficialshallconductaninspectionoftheaircrafttoensureallSCImaterialhasbeenremoved.
4.
SCIStorageandDestructiona)SCImaterialsshallbeencryptedorsecuredinanAO-approvedsecuritycontainer.
b)Whennolongerneeded,SCImaterialsshallbedestroyedbymeansapprovedbytheAO.
c)FollowinganunscheduledlandinginU.
S.
-controlledornon-hostileterritory,theseniorSCI-indoctrinatedpersonshallretaincontroloftheSCImaterialuntilapprovedstoragearrangementscanbeeffectedthroughalocalSpecialSecurityOfficerorSCI-indoctrinatedofficial.
d)Priortoanunscheduledlandinginunfriendlyorhostileterritory,everyreasonableeffortshallbemadetodestroyunencryptedSCImaterialandcommunicationssecurityequipmentinaccordancewiththeemergencydestructionplan.
e)Iftheaircraftisstationary,intheabsenceofSCI-indoctrinatedpersonnel,allSCIinformationshallbeencryptedorremovedandstoredinanalternativeaccreditedSCIForlocationapprovedbytheAO.
f)EmergencydestructionplansforSCImaterialshallbedeveloped,approvedbytheAO,andrehearsedperiodicallybyallpersonnelassignedtotheaircraft;rehearsalresultsshallbedocumented.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs47UNCLASSIFIED5.
AdditionalSecurityRequirementsforStationaryAircrafta)Theaircraftshallbeparkedwithinacontrolledareathataffordsthegreatestprotectionagainstsurreptitiousorforcedentry.
b)IntheabsenceofSCI-indoctrinatedpersonnel,allSCIinformationshallbeencryptedorremovedandstoredinanalternativeaccreditedSCIForlocationapprovedbytheAO.
c)IftheaircraftcannotbepositionedwithinaU.
S.
-controlledarea,theSCIisnotencrypted,andremovaloftheSCIisnotpossible,thenthefollowingmeasuresmustbetaken:(1)SCI-indoctrinatedpersonnelshallremainwiththeaircraft.
(2)Aguardforcethatcancontroltheperimeteroftheaircraftshallbedeployed,unlessinfeasible.
TheguardsshallpossessU.
S.
SECRETclearancesandbearmedandequippedwithemergencycommunicationdevices.
d)IftheaircraftislocatedwithinaU.
S.
-controlledarea,theSCIisnotencrypted,andremovalofSCIisnotpossiblethen,thefollowingmeasuresshallbetaken:(1)TheAOmaymitigatetherequirementforSCI-indoctrinatedpersonnelprovidedtheaircraftisequippedwith,orstoredwithinastructureequippedwith,anintrusiondetectionsystemapprovedbytheAO.
(2)AllaircrafthatchesanddoorsshallbesecuredwithAO-approvedlocksandtamper-evidentseals.
(3)Aguardforcemustbeavailabletorespondtoanalarmwithinfiveminutes.
(4)GuardsshallpossessU.
S.
SECRETclearancesandbearmedandequippedwithemergencycommunicationdevices.
(5)IfaclearedU.
S.
guardforceisnotavailable,theAOmayapproveothermitigationmeasures.
D.
PermanentandTacticalSCIFsonSurfaceorSubsurfaceVessels1.
PermanentshipboardSCIFsshallconsistofanyareaaboardavesselwhereSCIisprocessed,stored,ordiscussed.
2.
TheShipboardChecklist(seeForms&Plans)willbeusedforpermanentSCIFs.
TheAOmaydeterminethatthischecklistmaynotberequiredprovidingthebelowinformationisavailable:a)Nameofvessel/hullnumber.
b)Majorcommand/organization.
c)IDnumberofparentSCIF,ifapplicable.
d)LocationSCIFdeployedfromanddateofdeployment.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs48UNCLASSIFIEDe)LocationSCIFdeployedtoanddateofdeployment.
f)SCIcompartment(s)andsub-compartmentsinvolvedinSCIFoperations.
g)Nameofexerciseoroperation.
h)Pointsofcontact(responsibleofficers).
i)DescriptionofsecuritymeasuresforentireperiodofSCIFuse(standardoperatingprocedures).
j)Additionalcommentstoaddclarification.
3.
SecurityRequirementsforPermanentSCIFsa)Theperimeter(walls,floors,andceiling)shallbefabricatedofstructuralbulkheadscomprisedofstandardshipboard/submarineconstructionmaterials.
b)Elementsoftheperimetershallbefullybracedandweldedorbondedinplace.
c)Doorsshallconformtothefollowingrequirements:(1)Perimeterdoorsandemergencyexit(s)shallbeconstructedofstandardshipboardmaterialsandshallbemountedinaframe,bracedandweldedorbondedinplaceinamannercommensuratewiththestructuralcharacteristicsofthebulkhead,deck,oroverhead.
(2)TheprimaryentrydoorshallbeequippedwithaGSA-approvedcombinationlockandanaccesscontroldevice.
(3)Ifthedoorisinabulkheadthatispartofanairtightperimeter,theairtightintegritymaybemaintainedbyco-locatingthedoorwiththemetaljoinerdoor,orbyaddingavestibule.
(4)MetaljoinerdoorsshallbeequippedwithacombinationlockthatmeetsspecificationFF-L-2740AandwithanaccesscontroldeviceapprovedbytheAO.
(5)Doorsshallbeconstructedinamannerthatwillprecludeunauthorizedremovalofhingepinsandanchorbolts,andobstructaccesstolock-inboltsbetweenthedoorandframe.
(6)DoorwaysorsimilaropeningsthatallowvisualaccesstotheSCIFshallbescreenedorcurtained.
d)Nodamagecontrolfittingsorcablesshallbelocatedwithin,orpassthrough,theSCIF.
Thisdoesnotapplytosmokedampersorotherlife-safetydevicesthatareoperatedbypersonnelwithinthespaceduringworkinghours.
e)Removablehatchesanddeckplateslessthan10squarefeetthataresecuredbyexposednutsandbolts(externaltotheSCIF)shallbesecuredwithahighsecuritypadlock(unlesstheirweightmakesthisunreasonable).
PadlockkeysshallbestoredinasecuritycontainerlocatedwithintheSCIF.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs49UNCLASSIFIEDf)Vents,ducts,andsimilaropeningswithacross-sectionalmeasurementgreaterthan96inchesshallbeprotectedbyafixedbarrierorsecuritygrill.
(Thisrequirementisnotapplicabletothrough-ductsthatdonotopenintotheSCIF.
)(1)Grillsshallbefabricatedofsteeloraluminumgratingorbarswithathicknessequaltotheperimeterbarrier.
(2)Ifagratingisused,bridgecenter-to-centermeasurementswillnotexceed1.
5inchesby4inches.
(3)Barsshallbemountedinagridpattern,six-inchesoncenter.
(4)Thegratingorbarsshallbeweldedintoplace.
g)ConstructionoftheSCIFperimetershallaffordadequatesoundattenuation.
AirhandlingunitsandductsmayrequirebafflesifSCIFdiscussionscanbeoverheadinadjacentareas.
h)TheSCIFshallbeequippedwithanAO-approvedintrusiondetectionsystem(IDS)orothercountermeasuresifSCI-indoctrinatedpersonnelcannotcontinuouslyoccupythearea.
i)PassingscuttlesandwindowsshouldnotbeinstalledbetweentheSCIFandanyotherspaceontheship.
Ifinstalled,theyshallbesecuredontheinsideoftheSCIF.
j)AllSCIcryptographicandprocessingequipmentshallbelocatedwithintheSCIF.
k)UnclassifiedtelecommunicationsshallmeettherequirementsoutlinedinChapter11,tothegreatestextentpractical.
l)Sound-poweredtelephoneswillnotbepermittedintheSCIFwithoutadditionalmitigationsdeterminedbytheAO.
Ifadeviationisgranted,sound-poweredtelephoneslocatedwithintheSCIFandconnectingtolocationsoutsidetheSCIFshallcomplywiththefollowing:(1)Telephonecablesshallnotbreakouttojack-boxes,switchboards,ortelephonesetsotherthanatdesignatedstations.
CablesshallnotbesharedwithanycircuitotherthancallorsignalsystemsassociatedwiththeSCIFcircuit.
(2)Telephonecablesshallbeequippedwithaselectorswitchlocatedatthecontrollingstationandshallbecapableofdisconnectingallstations,selectinganyonestation,anddisconnectingtheremainingstations.
(3)Sound-poweredtelephonesnotequippedwithaselectorswitchshallhaveapositivedisconnectdeviceattachedtothetelephonecircuit.
(4)WithinanySCIF,sound-poweredtelephonesnotusedforpassingSCIinformationshallhaveawarningsignprominentlyaffixedindicatingtherestriction.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs50UNCLASSIFIED(5)Acallorsignalsystemshallbeprovided.
Callsignalstation,typeID/D,shallprovideanin-linedisconnecttopreventaloudspeakerfromfunctioningasamicrophone.
m)TheapprovaloftheAOisrequiredforunencrypted,internal,communication-announcingsystemsthatpassthroughtheSCIFperimeter.
n)Intercommunications-typeannouncingsystemsinstalledwithinanSCIFshallmeetthefollowingstandards:(1)Thesystemshalloperateonlyinthepush-to-talkmode.
(2)Receiveelementsshallbeequippedwithalocalbufferamplifiertopreventloudspeakersorearphonesfromfunctioningasmicrophones.
(3)Exceptasspecified,radiotransmissioncapabilityforplainradio-telephone(excludingsecurevoice)willnotbeconnected.
(4)Cableconductorsassignedtothetransmissionofplainlanguageradio-telephonewillbeconnectedtogroundateachendofthecable.
(5)AwarningsignwillbepostedthatindicatesthesystemmaynotbeusedtopassSCI.
(6)UnencryptedinternalcommunicationsystemsthatpassthroughtheSCIFperimetershallbeingroundedferrousconduit.
o)CommercialintercommunicationequipmentshallnotbeinstalledwithinaSCIFwithoutpriorAOapproval.
p)Loudspeakersusedongeneralannouncingsystemsshallbeequippedwithaone-waybufferamplifiertoprotectagainstmicrophonicresponses.
q)PneumatictubesystemsshallnotbeinstalledwithintheSCIF.
Thefollowingsafeguardsapplytoexistingsystemsonolderships:(1)CoversshallbelockedatbothendswithanAO-approvedlock.
KeysshallbestoredwithinanapprovedsecuritycontainerwithintheSCIF.
(2)Thesystemshallhavethecapabilitytomaintainthepressureorvacuumandthecapabilitytolockinthesecurepositionattheinitiatingend.
(3)Thereshallbeadirectvoicecommunicationslinkbetweenbothendstoconfirmthetransportationandreceiptofpassingcartridges.
(4)CartridgespassingSCImaterialshallhaveadistinctivecolor.
(5)Pneumatictubesshallbevisuallyinspectablealongtheirentirelength.
(6)TheCTTAshallconductaTEMPESTcountermeasuresinspectionandshallrecommendsafeguardstolimitcompromisingemanations.
TEMPESTsafeguardsshouldbepre-engineeredintoplatformstothegreatestextentpossible.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs51UNCLASSIFIED4.
GeneralRequirementsforT-SCIFsa)SCIFsonsub-surfacevesselsshallbeaccreditedasT-SCIFs.
b)T-SCIFsaboardavesselincludeportableplatformsorcontainerstemporarilyplacedwithinshipspacesuchasembarkedPortableShipboardCollectionVans.
c)T-SCIFsshallbeoccupiedbyanSCI-indoctrinatedpersonatalltimesunlessthefacilityisprotectedbyaGSA-approvedlock,anapprovedintrusiondetectionsystem,andaresponsecapabilityorothercountermeasuresapprovedbytheAO.
5.
SecurityRequirementsforT-SCIFsa)OverallT-SCIFconstructionstandardsshallbethesameasthoseusedforpermanentshipboardSCIFs.
b)Vents,ducts,andsimilaropeningsshallbeconstructedtothesamestandardsasthoseusedforashipboardSCIF.
c)SCImaterialsshallbedestroyedbymeansapprovedbytheAOwhennolongerneeded.
d)AO-approvedemergencydestructionplansshallberehearsedperiodicallybyallpersonnelassignedtotheT-SCIFandtherehearsalsdocumented.
e)UnclassifiedtelecommunicationsshallmeettherequirementsforashipboardSCIF,tothegreatestextentpractical.
f)WhentheT-SCIFisnolongerrequired,theresponsibleSCIsecurityofficialshallconductaclosinginspectionoftheT-SCIFtoensureallSCImaterialhasbeenremoved.
g)TheCTTAshallconductaTEMPESTcountermeasuresinspectionandshallrecommendsafeguardstolimitcompromisingemanations.
TEMPESTsafeguardsshouldbepre-engineeredintoplatformstothegreatestextentpossible.
6.
AdditionalSecurityStandardsforMobilePlatformsorContainersa)Constructionoftheperimetermustbeofsufficientstrengthtorevealevidenceofphysicalpenetration(exceptforrequiredantennacablesandpowerlines).
b)Doorsmustfitsecurelyandbeequippedwithalockingdevicethatcanbelockedfromtheinsideandoutside.
7.
SCIStorageandDestructiona)SCImaterialshallbestoredinaGSA-approvedsecuritycontainerthatisweldedorotherwisepermanentlysecuredtothestructuraldeck.
b)Whennolongerneeded,SCImaterialsshallbedestroyedbymeansapprovedbytheAO.
UNCLASSIFIEDChapter6Temporary,Airborne,andShipboardSCIFs52UNCLASSIFIEDc)AO-approvedemergencydestructionandevacuationplansshallbedevelopedandrehearsedperiodicallybyallpersonnelassignedtotheSCIFandtherehearsalsshallbedocumented.
UNCLASSIFIEDChapter7IntrusionDetectionSystems53UNCLASSIFIEDChapter7.
IntrusionDetectionSystems(IDS)A.
SpecificationsandImplementationRequirements1.
GeneralSCIFIDSRequirementsa)SCIFsshallbeprotectedbyIDSwhennotoccupied.
b)InteriorareasofaSCIFthroughwhichreasonableaccesscouldbegained,includingwallscommontoareasnotprotectedattheSCIlevel,shallbeprotectedbyIDS.
c)DoorswithoutaccesscontrolsystemsandthatarenotunderconstantvisualobservationshallbecontinuouslymonitoredbytheIDS.
d)IfanycomponentoftheIDSisdisruptedtotheextentthesystemnolongerprovidesessentialmonitoringservice(e.
g.
,lossoflinesecurity,inoperableIDE,andlossofpower),SCI-indoctrinatedpersonnelshallphysicallyoccupytheSCIFuntilthesystemisreturnedtonormaloperation.
Asanalternative,theoutsideSCIFperimetermaybecontinuouslymonitoredbyaresponseorguardforce.
e)IDSfailureshallbeaddressedintheSCIFemergencyplan.
2.
SystemRequirementsa)IDSinstallationrelatedcomponentsandmonitoringstationsshallcomplywithUnderwritersLaboratories(UL)StandardforNationalIndustrialSecuritySystemsfortheProtectionofClassifiedMaterial,UL2050.
b)InstallationshallcomplywithanExtent3installationasreferencedinUL2050.
c)SystemsdevelopedandusedexclusivelybytheUSGdonotrequireULcertificationbutshallcomplywithanExtent3installationasreferencedinUL2050.
d)InteriorareasofaSCIFthroughwhichreasonableaccesscouldbegained,includingwallscommontoareasnotprotectedattheSCIlevel,shallbeprotectedbyIDSconsistingofmotionsensorsandhighsecurityswitches(HSS)thatmeetUL634level1or2requirements,and/orotherAO-approvedequivalentsensors.
HSSLevel2ispreferred.
e)IDS-associatedcablingthatextendsbeyondtheSCIFperimetershallbeinstalledinrigidconduitorshallemploylinesecurity.
f)TheIDSshallbeindependentofsystemssafeguardingotherfacilities.
g)IfamonitoringstationisresponsibleformorethanoneIDS,thereshallbeanaudibleandvisibleannunciationforeachIDS.
h)IDSsshallbeseparatefrom,andindependentof,fire,smoke,radon,water,andothersystems.
UNCLASSIFIEDChapter7IntrusionDetectionSystems54UNCLASSIFIEDi)IftheIDSincorporatesanaccesscontrolsystem(ACS),notificationsfromtheACSshallbesubordinateinprioritytoIDSalarms.
j)SystemkeyvariablesandpasswordsshallbeprotectedandrestrictedtoU.
S.
SCI-indoctrinatedpersonnel.
k)IDSinstallationplansshallbecontrolledasdeterminedbytheAO.
l)SystemsshallnotincludeaudioorvideomonitoringwithouttheapplicationofappropriatecountermeasuresandAOapproval.
Systemscontainingauto-resetfeaturesshallhavethisfeaturedisabled.
m)TheAOshallapproveallsystemplans.
FinalsystemacceptancetestingshallbeincludedaspartoftheSCIFaccreditationpackage.
n)Falsealarmsshallnotexceedonealarmper30-dayperiodperzone.
Falsealarmsareanyalarmsignaltransmittedintheabsenceofaconfirmedintrusionthatiscausedbychangesintheenvironment,equipmentmalfunction,orelectricaldisturbances.
Iffalsealarmsexceedthisrequirement,atechnicalevaluationofthesystemshallbeconductedtodeterminethecause,repairedorresolved,anddocumented.
3.
SystemComponentsa)Sensors(1)AllsystemsensorsshallbelocatedwithintheSCIF.
(2)WithAOapproval,sensorsexternaltotheSCIFperimeterandanyperimeterequipmentusedmaybeconnectedtotheIDSprovidedthelinesareinstalledonaseparatezoneandroutedwithingroundedconduit.
(3)Failedsensorsshallcauseimmediateandcontinuousalarmactivationuntilthefailureisinvestigatedandcorrected.
(4)Dualtechnologysensorsareauthorizedwheneachtechnologytransmitsalarmconditionsindependentoftheothertechnology.
(5)AsufficientnumberofmotiondetectionsensorsshallbeinstalledtomeettherequirementsofparagraphA.
2.
d,shallbeUL639listed,orshallbeapprovedbytheAO.
However,thefollowingspecialcircumstancesapplytomotiondetectionsensors:Motiondetectionsensorsarenotrequiredabovefalseceilingsorbelowfalsefloors.
ForfacilitiesoutsidetheU.
S.
andinCategoryIandIIcountries,motiondetectionssensorsabovefalseceilingsorbelowfalsefloorsmayberequiredbytheAO.
UNCLASSIFIEDChapter7IntrusionDetectionSystems55UNCLASSIFIED(6)Whentheprimaryentrancedooremploysadelaytoallowforchangingthesystemmodeofaccess,thedelayshallnotexceed30seconds.
(7)SCIFperimeterdoorsshallbeprotectedbyanHSSandamotiondetectionsensor.
(8)Emergencyexitdoorsshallbealarmedandmonitored24hoursperday.
b)PremiseControlUnits(PCUs)(1)PCUsshallbelocatedwithinaSCIFandonlySCIFpersonnelmayinitiatechangesinaccessmodes.
(2)Operationoftheaccess/secureswitchshallberestrictedbyusingadeviceorprocedurethatvalidatesauthorizeduse.
(3)CablingbetweenallsensorsandthePCUshallbededicatedtothesystem,containedwithintheSCIF,andshallcomplywithnationalandlocalelectriccodesandCommitteeforNationalSecuritySystems(CNSS)standards.
IfthewiringcannotbecontainedwithintheSCIF,suchcablingshallmeettherequirementsforExternalTransmissionLineSecurity3.
b.
(10)below.
(4)AlarmstatusshallbecontinuouslydisplayedwithanalphanumericdisplayatthePCUand/ormonitoringstation.
(5)Everyeffortshallbemadetodesignandinstallthealarm-monitoringpanelinalocationthatpreventsobservationbyunauthorizedpersons.
(6)ThemonitoringstationorPCUshallidentifyanddisplayactivatedsensors.
(7)Immediateandcontinuousalarmannunciationsshalloccurforthefollowingconditions.
IntrusionDetectionFailedSensorTamperDetectionMaintenanceMode(amaintenancemessagemaydisplayinplaceofanalarm)Zonesthatareshuntedormaskedduringmaintenancemode(8)Failed/changedpowerstatusshallbeindicatedatthePCUand/ormonitoringstation.
(9)AnIDSwithanauto-alarmresetfeatureshallhaveitdisabled.
AllsystemeventsshallberesetbyauthorizedSCI-indoctrinatedpersonnelafteraninspectionoftheSCIFandadeterminationforthecauseofthealarmhasbeenmade.
(10)IDStransmissionlinesleavingtheSCIFtothemonitoringstation,mustmeetNationalInstituteofStandardsandTechnology,FederalInformationProcessingStandards(FIPS)certifiedencryptedlines.
TheFIPSstandardemployedmustbenotedontheUL2050/CRZHCertificateorothercertificateemployed.
ForUNCLASSIFIEDChapter7IntrusionDetectionSystems56UNCLASSIFIEDPremiseControlUnitscertifiedunderUL1610eitheraFIPS197orFIPS140-2isacceptableencryptioncertificationandmethod.
ForPremiseControlUnitscertifiedunderUL1076onlyFIPS140-2istheacceptableencryptioncertificationandmethod.
AlternativemethodsshallbeapprovedbytheAOandnotedontheIDSCertificatec)IntegratedIDS.
(1)TheICelementsChiefInformationOfficer(CIO)shallbeconsultedbeforeconnectinganIDStoagovernmentLANorWANundertheircognizance.
(2)IncaseswheretheIDShasbeenintegratedintoanetworkedsystem(localareanetwork(LAN)orwideareanetwork(WAN)),therequirementsbelowshallbemet.
IfanycomponentoftheIDSisremotelyprogrammable,aNetworkIntrusionDetectionSystems(NIDS)isrequired.
Systemapplicationsoftwareshallbeinstalledonahostcomputerdedicatedtosecuritysystems.
ThehostcomputershallbelocatedinanalarmedareacontrolledattheSECRETorhigherlevel.
Allsystemcomponentsandequipmentshallbeisolatedwithdedicatedfirewalls,orsimilarenhancements,thatareconfiguredtoallowdatatransfersonlybetweenthePCUandmonitoringstation.
Asecondarycommunicationpathmaybeutilizedtoaugmentanexistingdatacommunicationlinktoreduceinvestigationsofdatacommunicationfailuresoflessthanfiveminuteduration.
Thesupervisionprovidedbythesecondarycommunicationpathshallbeequivalenttothatoftheprimarycommunicationpath.
AuniqueuserIDandpasswordisrequiredforeachindividualgrantedaccesstothesystemhostcomputer.
Passwordsshallbeaminimumoftwelvecharactersconsistingofalpha,numeric,andspecialcharacters,andshallbechangedeverysixmonths.
Firewallsshallbemonitoredforunauthorizedaccessattempts,andallaccessattemptsandchangestothesystemnetworkshallbelogged.
NetworkadministratorsshallimmediatelynotifytheAOordesigneeofanyunauthorizedmodifications.
TheIDSnetworksystemadministratorshallbeaU.
S.
citizenandSCI-indoctrinated.
AlltransmissionsofsysteminformationovertheLAN/WANshallbeencryptedusingNationalInstituteofStandardsandTechnologyFIPSAEScertifiedencryptedlines.
UNCLASSIFIEDChapter7IntrusionDetectionSystems57UNCLASSIFIEDRemotenetworkedsystemterminalsshall:oEnsurethatnonSCI-indoctrinatedpersonnelwithaccesstotheremoteterminalcannotmodifytheIDSorACS.
oRequireanindependentuserIDandpasswordinadditiontothehostloginrequirements.
oHavesystemauditingsoftwarethatshalllogandmonitorfailedloginsandIDS/ACSapplicationprogrammodifications.
B.
IDSModesofOperation1.
GeneralInformationa)Thesystemshalloperateineitheraccessorsecuremode.
b)ThereshallbenoremotecapabilityforchangingthemodeofoperationoraccessingthestatusofthesystemunlessSCIFpersonnelconductadailyauditofallopeningsandclosings.
c)Changingaccess/securestatusofthesystemshallbelimitedtoSCI-indoctrinatedpersonnel.
2.
RequirementsforAccessModea)Wheninaccessmode,normalauthorizedentryintotheSCIF,inaccordancewithprescribedsecurityprocedures,shallnotcauseanalarm.
b)Tampercircuitsandemergencyexitdoorcircuitsshallremaininthesecuremodeofoperation.
c)ThePCUshallhavetheabilitytoallowalarmpointstoremaininsecurestatuswhileotherpointsareinaccessstatus.
3.
RequirementsforSecureModea)ThesystemshallbeplacedintosecuremodewhenthelastpersondepartstheSCIF.
b)Arecordshallbemaintainedidentifyingthepersonresponsibleforactivatinganddeactivatingthesystem.
c)EachfailuretoactivateordeactivatethesystemshallbereportedtotheresponsibleSCIFSecurityManager.
Recordsoftheseeventsshallbemaintainedfortwoyears.
d)Wheninthesecuremode,anyunauthorizedentryintotheSCIFshallcauseanalarmtobeimmediatelytransmittedtothemonitoringstation.
4.
RequirementsforMaintenanceandZoneShunting/MaskingModesa)Whenmaintenanceisperformedonasystem,asignalforthisconditionshallbeautomaticallysenttothemonitoringstation.
UNCLASSIFIEDChapter7IntrusionDetectionSystems58UNCLASSIFIEDb)Whenazoneorsensorisshuntedforreasonsotherthanmaintenance,theshuntedormaskedzonesensorshallbedisplayedassuchatthemonitoringstationorPCUthroughouttheperiodtheconditionexists.
c)Anysensorthathasbeenshuntedshallbereactivateduponthenextchangeinstatusfromaccesstosecure.
d)Allmaintenanceperiodsshallbearchivedinthesystem.
e)TheAOmayrequirethataPersonalIdentificationNumber(PIN),formaintenancepurposes,beestablishedandcontrolledbySCI-indoctrinatedpersonnel.
f)AshuntedormaskedzoneorsensorshallbedisplayedassuchatthemonitoringstationorPCUthroughouttheperiodtheconditionexistsunlessitoccursduringamaintenanceperiod.
g)Computingdevicesareallowedattachmenttosystemequipmenteithertemporarilyorpermanentlyforthepurposesofsystemmaintenanceorrepair.
(1)SuchdevicesshallbekeptundercontrolofSCI-indoctrinatedpersonnelatalltimes.
(2)Whennotinuse,thecomputingdevicesshallbesecuredwithintheSCIF.
(3)MassstoragedevicescontainingSCIFalarmequipmentdetails,configurations,oreventdatawillbeprotectedatanappropriatelevelapprovedbytheAO.
h)Aftertheinitialinstallation,thecapabilityforremotediagnostics,maintenance,orprogrammingofIDEshallnotexistunlessaccomplishedonlybyappropriatelySCI-indoctrinatedpersonnelandshallbeappropriatelyloggedorrecordedintheRemoteServiceModeArchive.
Aself-testfeatureshallbelimitedtoonesecondperoccurrence.
5.
RequirementsforElectricalPowera)Intheeventofprimarypowerfailure,thesystemshallautomaticallytransfertoanemergencyelectricalpowersourcewithoutcausingalarmactivation.
b)Twenty-fourhoursofuninterruptiblebackuppowerisrequiredandshallbeprovidedbyanuninterruptiblepowersupply(UPS),batteries,orgenerators,oranycombination.
c)AnaudibleorvisualindicatoratthePCUshallprovideanindicationoftheprimaryorbackupelectricalpowersourceinuse.
d)Equipmentatthemonitoringstationshallvisiblyandaudiblyindicateafailureinapowersourceorachangeinpowersource.
TheindividualsystemthatfailedorchangedshallbeindicatedatthePCUormonitoringstationasdirectedbytheAO.
6.
MonitoringStationsUNCLASSIFIEDChapter7IntrusionDetectionSystems59UNCLASSIFIEDa)Monitoringstationsshallbegovernment-managedoroneofthefollowinginaccordancewithUL2050:(1)CSA-operatedmonitoringstation.
(2)Governmentcontractormonitoringstation(formerlycalledaproprietarycentralstation).
(3)Nationalindustrialmonitoringstation.
(4)Clearedcommercialcentralstation(seeNISPOM).
b)MonitoringstationemployeesshallbeeligibletoholdaU.
S.
SECRETclearance.
c)Monitoringstationoperatorsshallbetrainedinsystemtheoryandoperationtoeffectivelyinterpretsystemincidentsandtakeappropriateresponseaction.
d)Recordsshallbemaintainedfortwoyearsandindicatethefollowing:Timeofreceiptofalarm.
Name(s)ofsecurityorresponseforcepersonnel.
Dispatchtime.
Arrivaltimeofrespondingpersonnel.
Natureofthealarm.
Follow-upactionsthatweretaken.
C.
OperationsandMaintenanceofIDS1.
AlarmResponsea)Alarmactivationsshallbeconsideredanunauthorizedentryuntilresolved.
b)TheresponseforceshalltakeappropriatestepstosafeguardtheSCIF,aspermittedbyawrittensupportagreement,untilanSCI-indoctrinatedindividualarrivestotakecontrolofthesituation.
2.
SystemMaintenancea)MaintenanceandrepairpersonnelshallbeescortediftheyarenotTOPSECRET-clearedandindoctrinatedforSCIFaccess.
b)Repairsshallbeinitiatedwithinfourhoursofreceiptofanalarm.
c)TheSCIFshallbecontinuouslymannedbySCI-indoctrinatedpersonnelona24-hourbasisuntilrepairsarecompleted.
d)Thefollowingapplytoemergency-powerbatterymaintenance:(1)Thebatterymanufacturersperiodicmaintenancescheduleandproceduresshallbefollowedanddocumentedinthesystemsmaintenancelogsandretainedfortwoyears.
UNCLASSIFIEDChapter7IntrusionDetectionSystems60UNCLASSIFIED(2)Ifthecommunicationspathisviaanetwork,thelocaluninterruptiblepowersourceforthenetworkshallalsobetested.
(3)Batteriesshallbetested,underload,until50%oftheircapacityhasbeenexpended.
(4)Ifageneratorisusedtoprovideemergencypower,themanufacturersrecommendedmaintenanceandtestingproceduresshallbefollowed.
e)NetworkMaintenance(1)NIDSsystemadministratorsshallmaintainconfigurationcontrol,ensurethelatestoperatingsystemsecuritypatcheshavebeenapplied,andconfiguretheoperatingsystemtoprovideahighlevelofsecurity.
(2)InsidetheU.
S.
,networkmaintenancepersonnelwithinaSCIFshallbeaU.
S.
personandbeescortedbyclearedSCIFindividuals.
(3)OutsidetheU.
S.
,networkmaintenancepersonnelshallbeU.
S.
TOPSECRET-clearedorU.
S.
SECRET-clearedandescortedbySCIFpersonnel.
D.
InstallationandTestingofIDS1.
PersonnelRequirementsa)InstallationandtestingwithintheU.
S.
shallbeperformedbyU.
S.
companiesusingU.
S.
citizens.
b)InstallationandtestingoutsideoftheU.
S.
shallbeperformedbypersonnelwhoareU.
S.
TOPSECRET-clearedorU.
S.
SECRET-clearedandescortedbySCIFpersonnel.
2.
InstallationRequirementsAllsystemcomponentsandelementsshallbeinstalledinaccordancewithrequirementsofthisdocument,UL2050,andmanufacturersinstructionsandstandards.
3.
Testinga)AcceptancetestingshallbeconductedonsystemspriortooperationalusetoprovideassurancethattheymeetallrequirementsofthissectionpriortoSCIFaccreditation.
b)Semi-annualIDStestingshallbeconductedtoensurecontinuedperformance.
c)Recordsoftestingandtestperformanceshallbemaintainedinaccordancewithdocumentationrequirements.
d)MotionDetectionSensorTestingAllmotiondetectionsensorsshallbetestedtoensureactivationofthesensorataminimumoffourconsecutivestepsatarateofonesteppersecond;thatis,30UNCLASSIFIEDChapter7IntrusionDetectionSystems61UNCLASSIFIEDinches±3inchesor760mm±80mmpersecond.
Thefour-stepmovementshallconstitutea"trial.
"(1)Thetestshallbeconductedbytakingafour-steptrial,stoppingforthreetofiveseconds,andtakinganotherfour-steptrial.
(2)TrialsshallberepeatedthroughouttheSCIFandfromdifferentdirections.
(3)AnalarmshallactivateatleastthreeoutofeveryfourconsecutivetrialsmadebymovingprogressivelythroughtheSCIF.
e)HSSTestingAllHSSdevicesshallbetestedtoensurethatanalarmsignalactivatesbeforethenon-hingedsideofthedooropensbeyondthethicknessofthedoorfromtheclosedposition,e.
g.
,thesensorinitiatesbeforethedooropens1inchfora1inchdoor.
f)TamperTestingEachIDSequipmentcovershallbeindividuallyremovedoropenedtoensurethereisalarmactivationatthePCUormonitoringstationinboththesecureandaccessmodes.
(1)Tamperdetectiondevicesneedonlybetestedwheninstalled.
(2)TheAOmayrequiremorefrequenttestingoftampercircuits.
UNCLASSIFIEDChapter8AccessControlSystems62UNCLASSIFIEDChapter8.
AccessControlSystems(ACS)A.
SCIFAccessControl1.
Guidelinesa)SCIFsshallbecontrolledbySCI-indoctrinatedpersonnelorbyanAO-approvedACStoensureaccessisrestrictedtoauthorizedpersonnel.
b)PersonnelaccesscontrolshallbeutilizedatallSCIFs.
c)VisualrecognitionofpersonsenteringtheSCIFbyanSCI-indoctrinatedpersonattheentrancetoaSCIFistheidealaccesscontrol.
d)EntranceswherevisitorcontrolisconductedshallbeundercontinuousvisualobservationunlesstheSCIFisproperlysecured.
e)WhentheSCIFisanentirebuilding,accesscontrolshalloccuratthebuildingperimeter.
2.
ACSRequirementsifContinuousVisualObservationisNotPossiblea)AnautomatedpersonnelACSthatverifiesanindividualsidentitybeforetheindividualispermittedunescortedaccessshallbeutilizedwhenpersonalrecognitionandverificationisnotused.
Automatedverificationshallemploytwoofthefollowingthreetechnologies:(1)Identification(ID)badgeorcardusedinconjunctionwiththeaccesscontroldevicethatvalidatestheidentityofthepersontowhomthecardisissued.
Compromisedorlostaccesscardsshallbereportedimmediatelyandupdatedinthesystemtoreflect"noaccess.
"(2)Apersonalidentificationnumber(PIN)thatisenteredintothekeypadbyeachindividual.
ThePINshallconsistoffourormorerandomdigits,withnoknownorlogicalassociationtotheindividualorwhichcanbederivedfromthepersonorsystemgenerated.
CompromisedPINsshallbereportedimmediatelytothefacilitySecurityOfficer(SO)orSCIFSOandupdatedinthesystemtoreflect"noaccess.
"(3)Biometricpersonalidentityverificationusinguniquepersonalcharacteristicssuchasfingerprint,irisscan,palmprint,etc.
b)TheautomatedpersonnelACSshallensurethattheprobabilityofanunauthorizedindividualgainingaccessisnomorethanoneintenthousandwhiletheprobabilityofanauthorizedindividualbeingrejectedaccessisnomorethanoneinonethousand.
Manufacturersmustcertifyinwritingthattheirsystemmeetsthesecriteria.
UNCLASSIFIEDChapter8AccessControlSystems63UNCLASSIFIEDB.
ACSAdministration1.
ACSadministratorsshallbeSCI-indoctrinated.
2.
Remotereleasebuttonsthatby-passtheACSshallbeinsidetheSCIFandinalocationthatprovidescontinuousvisualobservationofpersonnelenteringtheSCIF.
3.
ACSsshallnotbeusedtosecureanunoccupiedSCIF.
4.
Whennotoccupied,SCIFsshallbealarmedandinsecuremodeinaccordancewithChapter7andsecuredwithanapprovedGSAFF-L-2740Acombinationlock.
5.
AuthorizedpersonnelwhopermitanotherindividualtoentertheSCIFshallverifytheindividualsauthorizedaccess.
6.
SCIFaccessauthorizationshallberemovedwhentheindividualistransferred,terminated,ortheaccessapprovalissuspendedorrevoked.
C.
ACSPhysicalProtection1.
Cardreaders,keypads,communicationinterfacedevices,andotheraccesscontrolequipmentlocatedoutsidetheSCIFshallbetamper-protectedandbesecurelyfastenedtoawallorotherfixedstructure.
2.
Electricalcomponents,associatedwiring,ormechanicallinksshallbeaccessibleonlyfrominsidetheSCIF.
3.
Systemdatathatiscarriedontransmissionlines(e.
g.
,accessauthorizations,personalidentification,orverificationdata)toandfromequipmentlocatedoutsidetheSCIFshallbeprotectedusingFIPSAEScertifiedencryptedlines.
Ifthiscommunicationtechnologyisnotfeasible,transmissionlinesshallbeinstalledasapprovedbytheAO.
4.
Equipmentcontainingaccess-controlsoftwareprogramsshallbelocatedintheSCIForaSECRETcontrolledarea.
5.
ElectricdoorstrikesinstalledinconjunctionwithapersonnelACSshallhaveapositiveengagementandbeapprovedunderUL1034forburglarresistance.
D.
ACSRecordkeeping1.
RecordsshallreflecttheactiveassignmentofIDbadge/card,PIN,levelofaccess,entries,andsimilarsystem-relatedinformation.
2.
RecordsandinformationconcerningencodedIDdata,PINs,Authenticationdata,operatingsystemsoftware,oranyotherdataassociatedwiththepersonnelACSshallbesecuredinanopen-storagefacilityor,whenunattended,securedinaGSA-approvedcontainerinaclosed-storagefacility.
AccesstosuchdatashallberestrictedtoonlySCI-indoctrinatedpersonnelresponsiblefortheaccesscontrolsystem.
3.
Recordsofpersonnelremovedfromthesystemshallberetainedfortwoyearsfromthedateofremoval.
UNCLASSIFIEDChapter8AccessControlSystems64UNCLASSIFIED4.
Recordsofsecurityincidents(violations/infractions)regardingACSshallberetainedbytheSOforfiveyearsfromthedateofanincidentoruntilinvestigationsofsystemviolationsandincidentshavebeenresolved.
E.
UsingClosedCircuitTelevision(CCTV)toSupplementACS1.
CCTVmaybeusedtosupplementthemonitoringofaSCIFentranceforremotecontrolofthedoorfromwithintheSCIF.
Thesystemshallpresentnotechnicalsecurityhazard.
2.
TheremotecontroldeviceshallbewithintheinterioroftheSCIF.
3.
ThesystemshallprovideaclearviewoftheSCIFentranceandshallbemonitored/operatedbySCI-indoctrinatedpersonnelwithintheSCIF.
4.
CCTVcommunicationlinesshouldbelocatedwithintheSCIF.
CommunicationlinesthatmustrunexternaltotheSCIFshallbeinstalledtopreventtamperingasapprovedbytheAO.
F.
Non-AutomatedAccessControl1.
Non-automatedaccesscontroldevices(mechanical,electric,orelectromechanical)maybeapprovedbytheAOtocontrolaccesstoSCIFswherethenumberofpersonnelthatrequireaccessislowandthereisonlyoneentrance.
2.
Combinationsshallconsistoffour(4)ormorerandomdigits.
3.
Theuseofpasskeystobypasssuchdevicesshouldbeavoidedexceptwhenlocalfire/safetycodesrequirethem.
AnypasskeysforsuchdevicesmustbestrictlycontrolledbySCI-indoctrinatedpersonnel.
4.
Mechanicalaccesscontroldevices(e.
g.
,UNICAN,Simplex)shallbeinstalledtopreventmanipulationoraccesstocodingmechanismsfromoutsidethedoor.
5.
Thefollowingshallapplytoelectricorelectromechanicalaccesscontroldevices:a)Thecontrolpanelorkeypadshallbeinstalledinsuchamannertoprecludeunauthorizedobservationofthecombinationortheactionsofacombinationchange.
b)TheselectionandsettingofcombinationsshallbeaccomplishedbytheSOandshallbechangedwhencompromisedordeemednecessarybytheSO.
c)ThecontrolpanelinwhichthecombinationandallassociatedcablingandwiringissetshallbelocatedinsidetheSCIFandshallhavesufficientphysicalsecuritytodenyunauthorizedaccesstoitsmechanism.
UNCLASSIFIEDChapter9AcousticProtection65UNCLASSIFIEDChapter9.
AcousticProtectionA.
Overview1.
ThisestablishesDNIguidelinestoprotectclassifiedconversationsfrombeinginadvertentlyoverheardoutsideaSCIF.
2.
Thisisnotintendedtoprotectagainstdeliberatetechnicalinterceptionofaudioemanations.
B.
SoundGroupRatingsTheabilityofaSCIFstructuretoretainsoundwithintheperimeterisratedusingadescriptivevalue,theSoundTransmissionClass(STC).
TosatisfythenormalsecuritystandardsofSCIFs,thefollowingtransmissionattenuationgroupshavebeenestablished:SoundGroup3-STC45orbetter.
LoudspeechfromwithintheSCIFcanbefaintlyheardbutnotunderstoodoutsideoftheSCIF.
Normalspeechisunintelligiblewiththeunaidedhumanear.
SoundGroup4-STC50orbetter.
VeryloudsoundswithintheSCIF,suchasloudsinging,brassmusic,oraradioatfullvolume,canbeheardwiththehumanearfaintlyornotatalloutsideoftheSCIF.
C.
AcousticTesting1.
Audiotestsshallbeconductedtoverifystandardsaremet.
Testsmaybeinstrumentalornon-instrumentalasapprovedbytheAO.
TestmethodusedshallbedetailedintheCSP.
2.
InstrumentalAcousticTestsa)Onlythosewithtrainingonaudiotestingtechniquesshallconductinstrumentalacoustictestsb)WithallSCIFdoorsclosed,allperimeterwallsandopenings(e.
g.
,airreturns,doors,windows,etc.
)shallbetestedalongmultiplepointstoensurethateitherSoundGroup3or4ismet.
c)Audiotestsourcesshallhaveavariablesoundleveloutput.
d)Theoutputfrequencyrangeshallincludenormalspeech.
e)Testspeakersshallbeplacedsixfeetfromthetestwalland4feetoffthefloor.
f)Audiogainofthetestsourceshallproduce"loudorveryloudspeech"asdefinedbySoundGroup3and4levelsrespectively.
g)Asanalternative,instrumentedtestingmaybeperformedtoNoiseIsolationClass(NIC)standards.
ResultsshallcomplywithNIC40forSoundGroup3andNIC45forSoundGroup4.
UNCLASSIFIEDChapter9AcousticProtection66UNCLASSIFIED3.
Non-InstrumentalAcousticTestsAllnon-instrumentaltestsshallbeapprovedbytheAO.
D.
ConstructionGuidanceforAcousticProtection1.
TheSCIFperimetershallbedesignedandconstructedtomeetSoundGroup3orbetterstandards.
(SeeconstructiondrawingsforWallA,B,orC.
)2.
Areasthatprovideforamplifiedconversations,suchasconferencecenters,videoteleconference(VTC)rooms,orsimilarareas,shallbedesignedandconstructedtomeetSoundGroup4standards.
(SeeconstructiondrawingsforWallA,B,orC.
)3.
Utility(e.
g.
,power,signal,telephone)distributionshallbesurfacemountedtoasound-treatedwallandshallnotcompletelypenetratethesound-engineeredstructure.
E.
SoundTransmissionMitigations1.
ConstructionofwallsasdescribedinChapter3(WalltypesA,BandC)orwithbrick,concrete,orothersubstantivematerialandacousticallytreatingpenetrations,wallsanddoorsshouldprovidethenecessaryacousticprotectionforSoundgroup3.
2.
WhenSoundGroup3or4cannotbemetwithnormalconstruction,supplementalmitigationstoprotectclassifieddiscussionsfrombeingoverheardbyunauthorizedpersonsmayincludebutnotbelimitedtothefollowing:a)Structuralenhancementssuchastheuseofhigh-densitybuildingmaterials(i.
e.
,sounddeadeningmaterials)canbeusedtoincreasetheresistanceoftheperimetertovibrationataudiofrequencies.
b)Facilitydesigncanincludeaperimeterlocationorstand-offdistancewhichpreventsnon-SCI-indoctrinatedperson(s)traversingbeyondthepointwhereSCIdiscussionsbecomesusceptibletointerception.
Forexample,useofaperimeterfenceorprotectivezonebetweentheSCIFperimeterwallsandtheclosest"listeningplace"ispermittedasanalternativetoothersoundprotectionmeasures.
c)Soundmaskingdevices,inconjunctionwithanamplifierandspeakersortransducers,canbeusedtogenerateanddistributevibrationsornoise;noisesourcesmaybenoisegenerators,tapes,discs,ordigitalaudioplayers.
d)Speakers/transducersmustproducesoundatahigherlevelthanthevoiceconversationswithintheSCIF.
e)Speakers/transducersshallbeplacedcloseto,ormountedon,anypathsthatwouldallowaudiotoleavethearea,includingdoors,windows,commonperimeterwalls,vents/ducts,andanyothermeansbywhichvoicecanleavetheSCIF.
f)Wiresandtransducersshall,tothegreatestextentpossible,belocatedwithintheperimeteroftheSCIF.
UNCLASSIFIEDChapter9AcousticProtection67UNCLASSIFIEDg)ThesoundmaskingsystemshallbesubjecttoinspectionduringTSCMevaluations.
h)IftheAOdeterminesrisktobelow,aspeakermaybeinstalledoutsidetheSCIFdoorifthefollowingconditionsaremet:ThecableexitingtheSCIFshallbeencasedwithinrigidconduit.
ThesoundmaskingsystemshallbesubjecttoreviewduringTSCMevaluations.
i)Forcommonwalls,thespeakers/transducersshallbeplacedsothesoundoptimizestheacousticalprotection.
j)Fordoorsandwindows,thespeakers/transducersshallbeplacedclosetotheapertureofthewindowordoorandthesoundprojectedinadirectionfacingawayfromconversations.
k)Oncethespeakersortransducersareoptimallyplaced,thesystemvolumeshallbesetandfixed.
ThevolumelevelforeachspeakershallbedeterminedbylisteningtoconversationsoutsidetheSCIForareatobeprotected,andthespeakervolumeadjusteduntilconversationsareunintelligiblefromoutsidetheSCIF.
l)Sound-sourcegeneratorsshallbepermanentlyinstalledandnotcontainanAM/FMreceiverandshallbelocatedwithintheSCIF.
m)Anysound-sourcegeneratorwithintheSCIFthatisequippedwithacapabilitytorecordambientsoundshallhavethatcapabilitydisabled.
n)Examplesofgovernment-ownedorgovernment-sponsoredsound-sourcegeneratorsaregivenbelow:Audioamplifierwithastandalonecomputer(nonetworkconnection).
Audioamplifierwithacassettetapeplayer,compactdisc(CD)player,ordigitalaudioplayer,orwithadigitalaudiotape(DAT)playbackunit.
Integratedamplifierandplaybackunitincorporatinganyoftheabovemusicsources.
Anoisegeneratororshiftnoisesourcegeneratorusingeitherwhiteorpinknoise.
UNCLASSIFIEDChapter10PortableElectronicDevices68UNCLASSIFIEDChapter10.
PortableElectronicDevices(PEDs)A.
ApprovedUseofPEDsinaSCIF1.
HeadsofICelementsmayinstituteandmaintainmitigationprograms(countermeasures)toallowintroductionofPEDsintoSCIFsundertheircognizance.
SuchdecisionsarenotapplicabletofacilitiesunderthecognizanceofotherheadsofICelements.
2.
TheAO,andwhenappropriatetheinformationsystems(ISs)authorizingofficial(s),shallcollaborateandapprovetheintroductionanduseofPEDsintoaSCIF.
3.
OutsidetheU.
S.
,headsofintelligenceelementsmayapprovePEDusagebywaiverandincludethefollowing:DefinedmissionneedforPEDusage.
Definedperiodoftime.
Statementofresidualrisk.
4.
WithintheU.
S.
,iftheCSAdeterminestheriskfromPEDstoSCIundertheircognizanceisacceptable,takingaPEDintotheSCIFmaybeallowedwiththefollowingrestrictions:a)Acompleteriskassessmentaddressingeachcomponentofriskmustbecompleted.
b)OnlyPEDswithlowriskmaybeallowedentrytoaSCIF.
c)MitigationshallbeappliedtoPEDsevaluatedtobehighandmediumrisktoreducethePEDrisktolowbeforethedevicemaybeallowedentry.
d)AssessmentsmayresultinaCSAdeterminationtoprohibitspecificPEDs;anydeterminationshallbeappliedtoallSCIFsundertheCSAscognizance.
5.
Government-ownedPEDs,withphysicallydisconnectedwirelesscapability,maybeapprovedtoprocessand/orbeconnectedtoagovernmentclassifiedorunclassifiedinformationsystem(IS)providedthefollowingapply:a)UseandstorageofthePEDisspecifiedintheSystemSecurityPlanforthegovernmentsystemtowhichitisconnected.
b)ThePEDisaccreditedbytheauthorizingofficialfortheIS.
6.
Contractor-ownedandgovernment-sponsoredPEDs,withphysicallydisconnectedwirelesscapability,maybeapprovedtoprocessand/orbeconnectedtoagovernmentclassifiedorunclassifiedISprovidedthefollowingapply:a)UseandstorageisspecifiedintheSystemSecurityPlanforthegovernmentsystemtowhichitisconnected.
b)ThePEDisaccreditedbytheAuthorizingOfficialfortheIS.
UNCLASSIFIEDChapter10PortableElectronicDevices69UNCLASSIFIEDc)Useandstorageisspecifiedintheappropriatecontract(s)toincludethegovernmentsrighttoseizeifandwhennecessary.
B.
Prohibitions1.
Personally-ownedPEDsareprohibitedfromprocessingSCI.
Connectingpersonally-ownedPEDstoanunclassifiedISinsideSCIFsmayonlybedonewhenwirelesscapabilityisphysicallydisconnectedandhastheapprovaloftheAOfortheIS.
2.
Personally-ownedPEDsareprohibitedinSCIFsoutsidetheU.
S.
IftheCSAdeterminesthatmissionrequirementsdictateaneed,government-orcontractor-ownedPEDsmaybepermittedinaSCIFbyspecificexceptionoriftheCSAdeterminestheriskislow.
3.
IfaPEDistransportedoutsidetheU.
S.
andleftunattendedorphysicalcontrolislost,thatdeviceshallnotbereintroducedintoaSCIF.
C.
PEDRiskLevels1.
GeneralInformationa)LevelsofriskarebasedonthefunctionalityofPEDs.
b)TheCSAandappropriateauthorizingofficialfortheIS(whenaportableISisinvolved)willdeterminerisklevelandmitigationrequirementsfordevicesnotaddressed.
2.
Low-,Medium-,andHigh-riskPEDsa)Low-riskPEDsaredeviceswithoutrecordingortransmissioncapabilitiesandmaybeallowedintoaSCIFbyCSAswithoutmitigation.
Low-riskPEDsinclude,butarenotlimitedto,thefollowing:Electroniccalculators,spellcheckers,languagetranslators,etc.
Receive-onlypagers.
Audioandvideoplaybackdeviceswithvolatilestoragecapability.
Radios(receive-only).
Infrared(IR)devicesthatconveynointelligencedata(e.
g.
,text,audio,video,etc.
),suchasanIRmouseorremotecontrol.
b)Medium-riskPEDsaredeviceswithbuilt-infeaturesthatenablerecordingortransmittingdigitaltext,digitalimages/video,oraudiodata;however,thesefeaturescanbephysicallydisabled.
Medium-riskPEDsmaybeallowedinaSCIFbytheCSAwithappropriatemitigations.
Examplesofmedium-riskPEDsinclude,butarenotlimitedto,thefollowing:Voice-onlycellulartelephones.
PortableISs,suchaspersonaldigitalassistants(PDAs),tabletpersonalcomputers,etc.
UNCLASSIFIEDChapter10PortableElectronicDevices70UNCLASSIFIEDDevicesthatmaycontainorbeconnectedtocommunicationsmodemsDevicesthathavemicrophonesorrecordingcapabilitiesOpticaltechnologiessuchasinfrared(IR)otherthanthoseidentifiedinparagraph10.
C.
2.
abovec)High-riskPEDsarethosedeviceswithrecordingand/ortransmittingcapabilitiesthatrequiremoreextensiveortechnicallycomplexmitigationmeasurestoreducetheinherentriskorthosethatcannotbesufficientlymitigatedwithcurrenttechnology.
TheCSAmayapproveentryanduseofgovernment-andcontractor-ownedPEDsforofficialbusinessprovidedmitigationmeasuresareinplacethatreducestherisktolow.
Examplesinclude,butarenotlimitedto,thefollowing:ElectronicdeviceswithRFtransmittingcapabilitiesincludingwirelessdevices(WiFi/IEEE802.
11,Bluetooth,etc.
).
Photographic,video,andaudiorecordingdevices.
Multi-functioncellulartelephones.
D.
RiskMitigation1.
HeadsofICelementsshallestablishriskmitigationprogramsifhigh-ormedium-riskPEDsareallowedintoSCIFs.
2.
Riskmitigationprogramsshallcontainthefollowingelements:a)FormalapprovalprocessforPEDs.
b)InitialandannualrefreshertrainingforthoseindividualswithapprovaltobringPEDsintoaSCIF.
c)DevicemitigationcompliancedocumentslistingthespecificPEDs,theirpermitteduse,requiredmitigations,andresidualriskaftermitigation.
d)Auseragreementthatspecifiesthefollowing:(1)TheUSGoradesignatedrepresentativemayseizethePEDforphysicalandforensicexaminationatthegovernmentsdiscretion.
(2)TheUSGandthedesignatedrepresentativearenotresponsibleforanydamageorlosstoadeviceorinformationstoredonpersonally-ownedPEDsresultingfromphysicalorforensicexamination.
3.
Riskmitigationprogramsmayincludethefollowingelements:a)RegistrationofPEDserialnumbers.
b)PEDsecuritytrainingprogram.
c)Reportingproceduresforlossorsuspectedtampering.
d)LabelingapprovedPEDsforeasyidentification.
UNCLASSIFIEDChapter10PortableElectronicDevices71UNCLASSIFIEDe)Electronicdetectionequipmenttodetecttransmitters/cellphones.
4.
ThefollowingsampletablemaybeusedtoidentifyPEDcapabilitiesthatcouldbeallowedorprohibited,andcapabilitiesthatrequiremitigationandmitigationmethods.
UNCLASSIFIEDChapter10PortableElectronicDevices72UNCLASSIFIEDPEDSampleTablePEDFunctionalitiesIntroductionPermittedApproval&/orRegistrationRequiredMitigationRequiredPriortoUsePEDUsePermittedSingle-functionRFreceiver(Pager,AM/FMRadio,etc.
)1YesNoNoneYesCDPlayer2YesNoNoneYesMedicaldevices3YesYesNoneYesInfrared(IR)capabilityYesYesMetalTape4YesPEDswithmicrophoneportsYesYesDisablewiringoruseadapter/eraseplug5YesMP3players(withoutrecordorRFcapability)YesYesYesYesCellphone6YesNoBatteryremoved7NoRFtransmitter8ProhibitedProhibitedWirelesstransmittingcapabilitiesProhibitedProhibitedPersonallyownedlaptopsProhibitedProhibitedAnydevicecapableofrecordingimages(photographic,video)oraudioincludingdevicesconnectedtomemorysticks,thumbdrivesorflashmemory.
ProhibitedProhibitedPersonallyownedPEDscapableofconnectingtosystemswithintheSCIFwithoutinterfacecablesorcradles.
9ProhibitedProhibitedRFReceivermaynothaveexternalcablingorcontainanyinternalorexternalconnectivitycapabilities.
2CDplayerscapableofplayingCD,CD-R,CD-RW,andMP3formatsarepermitted.
Onlycommerciallyproducedmediaisallowed.
NopersonallyproducedCDsareallowedinSCIFs.
3Medicaldevicesareexceptionstotheserequirements.
4Metaltapemustbeaminimumof3mils(.
003inch)thickandcompletelycovertheIRportwhilewithinSCIF.
5Microphonewiresmustbecut/disabledonnon-laptopPEDs.
Anadapter/eraseplugmustbeinsertedintolaptopexternalmicrophoneports.
Anyadaptorthatisdesignedfortheexternalmicrophoneportmaybeusedprovidedthattheadapterdoesnotprovideanyfunctionalityotherthandisablingtheinternalmicrophone.
6Single-functioncellphoneisdefinedasacellularphonewithnoadditionalcapabilities(canonlybeusedforvoicecommunicationsoveracellularnetwork,storageofspeeddialandcallerIDinformationispermitted).
7CellphonesmustbeturnedoffandthebatteryremovedwhileintheSCIF.
Inaddition,multi-functioncellphonesmustbeapprovedandmeetallothermitigationrequirements.
8RFtransmitterisdefinedasanyradiofrequencytransmitter,exceptsingle-functioncellphonesthatareaddressedseparately.
9ExcludesmitigatedIRfunction.
CablesandcradlesforpersonallyownedPEDsareprohibited.
UNCLASSIFIEDChapter11TelecommunicationsSystems73UNCLASSIFIEDChapter11.
TelecommunicationsSystemsA.
Applicability1.
Thisguidanceiscompatiblewith,butmaynotsatisfy,securityrequirementsofotherdisciplinessuchasInformationSystemsSecurity,CommunicationsSecurity(COMSEC),OperationalSecurity(OPSEC),orTEMPEST.
2.
Thissectionoutlinesthesecurityrequirementsthatshallbemettoensurethefollowing:Protectionofinformation.
Configurationofunclassifiedtelecommunicationssystems,devices,features,andsoftware.
Accesscontrol.
Controlofthecableinfrastructure.
B.
UnclassifiedTelephoneSystems1.
Abaselineconfigurationofallunclassifiedtelephonesystems,devices,features,andsoftwareshallbeestablished,documented,andincludedintheSCIFFFC.
2.
TheAOshallreviewthetelephonesystembaselineconfigurationandsupportinginformationtodetermineiftheriskofinformationlossorexploitationhasbeensuitablymitigated.
3.
Whensecurityrequirementscannotbemet,unclassifiedtelephoneequipmentshallbeinstalledandmaintainedinnon-discussionareasonly.
4.
Whennotinuse,unclassifiedtelephonesystemsshallnottransmitaudioandshallbeconfiguredtopreventexternalcontroloractivation,technicalexploitation,orpenetration.
5.
Unclassifiedtelephonesystemsshallincorporatephysicalandsoftwareaccesscontrolstopreventdisclosureormanipulationofsystemprogramminganddata.
Thefollowingspecificrequirementsshallbemet:a)On-hookandoff-hookaudioprotectionshallbeprovidedbyequipmentidentifiedbytheNationalTelephoneSecurityWorkingGroupwithinCNSSI5006,NationalInstructionforApprovedTelephoneEquipment,oranequivalentTSG2systemconfigurationwithinanAO-approvedcontrolledspace.
b)IfaComputerizedTelephoneSystem(CTS)isselectedforisolation,itshallbeinstalledandconfiguredasdetailedinTSG2withsoftwareandhardwareconfigurationcontrolandauditreporting(suchasstationmessagedetailreporting,calldetailreporting,etc.
).
c)Systemprogrammingshallnotincludetheabilitytoplace,orkeep,ahandsetoff-hook.
UNCLASSIFIEDChapter11TelecommunicationsSystems74UNCLASSIFIEDd)Configurationofthesystemshallensurethatallon-hookandoff-hookvulnerabilitiesaremitigated.
e)EquipmentusedforadministrationoftelephonesystemsshallbeinstalledinsidetheSCIForacontrolledareawhereaccessislimitedtoauthorizedpersonnel.
f)WhenlocalorremoteCTSadministrationterminalsarenotcontainedwithinacontrolledareaandsafeguardedagainstunauthorizedmanipulation,theuseofCNSSI5006approvedtelephoneinstrumentsshallberequired,regardlessoftheCTSconfiguration.
g)SpeakerphonesandaudioconferencingsystemsshallnotbeusedonunclassifiedtelephonesystemsinSCIFs.
ExceptionstothisrequirementmaybeapprovedbytheAOwhenthesesystemshavesufficientaudioisolationfromotherclassifieddiscussionareasintheSCIFandproceduresareestablishedtopreventinadvertenttransmissionoutsidetheSCIF.
h)Featuresusedforvoicemailorunifiedmessagingservicesshallbeconfiguredtopreventaccesstoremotediagnosticports,internaldialtone,anddialplans.
i)Telephoneansweringdevicesandfacsimilemachinesshallnotcontainfeaturesthatintroducesecurityvulnerabilities,e.
g.
,remoteroommonitoring,remoteprogramming,orothersimilarfeaturesthatmaypermitoff-premiseaccesstoroomaudio.
j)AllunclassifiedtelephonesystemsandassociatedinfrastructureshallbephysicallyisolatedfromclassifiedinformationandtelecommunicationssystemsinaccordancewithDNIandCNSSTEMPESTguidance.
k)ThesecurityrequirementsandinstallationguidelinescontainedintheNationalTelecommunicationsSecurityWorkingGroup(NTSWG)publicationCNSSI5000shallbefollowedforVoiceoverInternetProtocol(VoIP)systemsinstalledinaSCIF.
C.
UnclassifiedInformationSystems1.
Unclassifiedinformationsystemsshallbesafeguardedtopreventhardwareorsoftwaremanipulationthatcouldresultinthecompromiseofdata.
2.
Informationsystemsequipmentwithtelephonicoraudiofeaturesshallbeprotectedagainstremoteactivationand/orremovalofaudio(analogordigitized)information.
3.
Videocamerasusedforunclassifiedvideoteleconferencingandvideorecordingequipmentshallbedeactivatedanddisconnectedwhennotinuse.
4.
VideodevicesshallfeatureaclearlyvisibleindicatortoalertSCIFpersonnelwhenrecordingortransmitting.
UNCLASSIFIEDChapter11TelecommunicationsSystems75UNCLASSIFIEDD.
UsingClosedCircuitTelevision(CCTV)toMonitortheSCIFEntryPoint(s)1.
CCTVmaybeusedtosupplementthemonitoringofaSCIFentranceandtorecordeventsforinvestigation.
2.
ThesystemshallpresentnotechnicalsecurityhazardtotheSCIF.
3.
Thesystemandallcomponents,includingcommunicationsandcontrollines,shallbeexteriortotheSCIFperimeter.
4.
ThesystemmayprovideaclearviewoftheSCIFentrancebutnotenabletheviewertoobserveclassifiedinformationwhenthedoorisopennorexternalcontrolpadsoraccesscontrolcomponentsthatwouldenablethemtoidentifyPINs.
E.
UnclassifiedWirelessNetworkTechnology1.
TheuseofdevicesorsystemsutilizingwirelesstechnologiesposeahighriskandrequireapprovalfromtheAO,CTTA,andITsystemsapprovingauthoritypriortointroductionintotheSCIF.
2.
WirelesssystemsshallmeetallTEMPESTandTSCMrequirementsandshallbeweighedagainstthefacilitiesoverallsecurityposture(i.
e.
,facilitylocation,threat,aswellasanycompensatorycountermeasuresthatcreateSID)whenevaluatingthesesystems.
3.
AllseparationandisolationstandardsprovidedinTEMPESTstandardsareapplicabletounclassifiedwirelesssystemsinstalledorusedinSCIFs.
F.
EnvironmentalInfrastructureSystems1.
TheFFCshallincludeinformationonwhetherornotenvironmentalinfrastructuresystems(alsoreferredtoasbuildingmaintenancesystems)arelocatedintheSCIF.
Examplesincludethefollowing:PremisemanagementsystemsEnvironmentalcontrolsystemsLightingandpowercontrolunitsUninterruptedpowersources2.
TheFFCshallidentifyallexternalconnectionsforinfrastructuresystemsthatservicetheSCIF.
Examplesofthepurposeofexternalconnectionsincludethefollowing:RemotemonitoringAccessandexternalcontroloffeaturesandservicesProtectionmeasurestakentopreventmaliciousactivity,intrusion,andexploitationUNCLASSIFIEDChapter11TelecommunicationsSystems76UNCLASSIFIEDG.
EmergencyNotificationSystems1.
TheintroductionofelectronicsystemsthathavecomponentsoutsidetheSCIFperimeterisprohibited,withthefollowingexceptions:a)ThesystemisapprovedbytheAO.
b)Thesystemisrequiredforsecuritypurposes.
c)Thesystemisrequiredunderlifesafetyregulations.
2.
Ifrequired,andspeakersorothertransducersarepartofasystemthatisnotwhollycontainedintheSCIFbutareinstalledintheSCIFforlifesafetyorfireregulations,thesystemmustbeprotectedasfollows:a)AllincomingwiringshallbreachtheSCIFperimeteratonepoint.
TEMPESTorTSCMconcernsmayrequireelectronicisolationandshallrequirereviewandapprovalbytheCTTA.
b)One-way(audiointotheSCIF)communicationsystemsshallhaveahighgainamplifier.
c)Two-waycommunicationsystemsshallonlybeapprovedwhenabsolutelynecessarytomeetsafety/securityrequirements.
TheyshallbeprotectedsothataudiocannotleavetheSCIFwithouttheSCIFoccupantsbeingalertedwhenthesystemisactivated.
d)AllelectronicisolationcomponentsshallbeinstalledwithintheSCIFandasclosetothepointofSCIFpenetrationaspossible.
H.
SystemsAccess1.
InstallationandmaintenanceofunclassifiedsystemsanddevicessupportingSCIFoperationsmayrequirephysicalorremoteaccess.
TherequirementsoutlinedinthissectionshallapplytotelecommunicationsdeviceslocatedwithintheSCIForinacontrolledareaoutsidetheSCIF.
2.
Installationandmaintenancepersonnelrequiringphysicalaccessshallpossesstheappropriateclearanceandaccess,orwillbeescortedandmonitoredatalltimeswithintheSCIFbytechnicallyknowledgeable,U.
S.
SCI-indoctrinatedpersonnel.
3.
Remotemaintenanceshallbeprotectedagainstmanipulationoractivation.
4.
AllcapabilitiesforremotemaintenanceanddiagnosticservicesshallbespecifiedintheFFC.
5.
TheFFCshallidentifyallproceduresandcountermeasurestopreventunauthorizedsystemaccess,unauthorizedsystemmodification,orintroductionofunauthorizedsoftware.
6.
RemotemaintenanceanddiagnosismaybeperformedfromaSCIForanadjacentcontrolledareaoveraprotectedlinkinaccordancewithFIPSAESstandards.
UNCLASSIFIEDChapter11TelecommunicationsSystems77UNCLASSIFIED7.
TelephonesystemsonlymaybeaccessedoveranunclassifiedtelephonelineasspecifiedinTSG2Standard,Section4.
c.
I.
UnclassifiedCableControl1.
Totheextentpossible,alltelecommunicationscablingshallentertheSCIFthroughasingleopeningandallowforvisualinspection.
2.
Cable,eitherfiberormetallic,shallbeaccountedforfromthepointofentryintotheSCIF.
a)Theaccountabilityshallidentifythepreciseuseofeverycablethroughlabeling.
b)Logentriesmayalsobeused.
c)Designatedspareconductorsshallbeidentified,labeled,andbundledtogether.
3.
Unusedconductorsshallberemoved.
Ifremovalisnotfeasible,themetallicconductorsshallbestripped,boundtogether,andgroundedatthepointofingress/egress.
4.
UnusedfibershallbeuncoupledfromtheinterfacewithintheSCIF,capped,andlabeledasunusedfiber.
J.
References1.
Overviewa)TheNTSWGpublishesguidancefortheprotectionofsensitiveinformationandunclassifiedtelecommunicationsinformationprocessingsystemsandequipment.
b)NTSWGdocumentsarecurrentlyintransitionfromTSG/NTSWGdocumentstoCommitteeonNationalSecuritySystems(CNSS)publications.
c)TheListofReferencesisprovidedforusebypersonnelconcernedwithtelecommunicationssecurity.
2.
ListofReferencesa)TSGStandard1(IntroductiontoTelephoneSecurity).
ProvidestelephonesecuritybackgroundandapprovedoptionsfortelephoneinstallationsinUSGsensitivediscussionareas.
b)TSGStandard2(TSGGuidelinesforComputerizedTelephoneSystems)andAnnexes.
Establishesrequirementsforplanning,installing,maintaining,andmanagingCTS,andprovidesguidanceforpersonnelinvolvedinwritingcontracts,inspecting,andprovidingsystemadministrationofCTS.
c)TSGStandards3,4,5,andCNSSI5001.
Containsdesignspecificationsfortelecommunicationmanufacturersandarenotnecessarilyapplicabletofacilitysecuritypersonnel.
d)CNSSI5000.
Establishesrequirementsforplanning,installing,maintaining,andmanagingVoIPsystems.
UNCLASSIFIEDChapter11TelecommunicationsSystems78UNCLASSIFIEDe)CNSSI5006.
Listsapprovedequipmentwhichinherentlyprovideon-hooksecurity.
f)NTSWGInformationSeries(ComputerizedTelephoneSystems).
AReviewofDeficiencies,Threats,andRisks,December1994).
Describesdeficiencies,threats,andrisksassociatedwithusingcomputerizedtelephonesystems.
g)NTSWGInformationSeries(ExecutiveOverview,October1996).
ProvidesthesalientpointsoftheTSGstandardsandpresentstheminanon-technicalformat.
h)NTSWGInformationSeries(CentralOffice(CO)Interfaces,November1997).
Providesanunderstandingofthetypesofservicesdeliveredbythelocalcentralofficeanddescribeshowtheyareconnectedtoadministrativetelecommunicationssystemsanddevices.
i)NTSWG/NROInformationSeries(EverythingYouAlwaysWantedtoKnowaboutTelephoneSecurity…butwereafraidtoask,2ndEdition,December1998).
DistillstheessenceoftheTSGstandards(whichcontainsoundtelecommunicationspractices)andpresentstheminareadable,non-technicalmanner.
j)NTSWG/NROInformationSeries(InfrastructureSuretyProgram…securingthelastmile,April1999).
ProvidesanunderstandingofofficeautomationandinfrastructuresystemprotectionthatcontributestoSCIFoperation.
k)NTSWGInformationSeries(ComputerizedTelephoneSystemsSecurityPlanManual,May1999).
Assiststoimplementandmaintainthe"secure"operationofCTSsasusedtosupportSCIFoperations.
(Theterm"secure"relatestothesafeandrisk-freeoperation,nottheuseofencryptionoratransmissionsecuritydevice.
)l)DirectorofNationalIntelligence,IntelligenceCommunityDirective702,TechnicalSurveillanceCountermeasures.
m)DirectorofNationalIntelligence,IntelligenceCommunityDirective503,IntelligenceCommunityInformationTechnologySystemsSecurityRiskManagement,CertificationandAccreditation.
n)SPBIssuance00-2(18January2000).
InfrastructureSuretyProgramandtheManagementAssessmentTool.
UNCLASSIFIEDChapter12ManagementandOperations79UNCLASSIFIEDChapter12.
ManagementandOperationsA.
PurposeToestablishsafeguardsandproceduresnecessarytopreventtheunauthorizeddisclosureofSCIandotherclassifiednationalsecurityinformationinSCIFs.
Todefineadministrativeprocessesthatshallprovideasecureoperatingenvironmentandenableadequatesecurityoversight,management,andoperationsofSCIFsB.
SCIFRepository1.
AsrequiredbyICD705,theDNIshallmanageaninventoryofinformationonallSCIFswhichshallbereportedtotheDNIviatheSCIFrepositorynotlaterthan180daysaftertheeffectivedateofICD705andupdatednolaterthan30daysafterchangesoccurthereafter.
2.
ReportableSCIFAdministrativeInformation:SCIFIDAOIDLocationofSCIFoInU.
S.
oOutsideU.
S.
oUnderCOMSCIFTypeoClosedStorageoOpenStorageoSWAoTSWAoT-SCIFSIDInitialAccreditedDateRe-AccreditationDateReviewdateWaiversDatewaiverapprovedWaiverapprovalauthority/IDExceededstandardsDoesnotmeetstandardsDatewaiverexpiresUNCLASSIFIEDChapter12ManagementandOperations80UNCLASSIFIEDC.
SCIFManagement1.
SOResponsibilities:a)TheSCIFSOshallberesponsibleforallaspectsofSCIFmanagementandoperationstoincludesecuritypolicyimplementationandoversight.
b)TheSOshallprepareacomprehensiveStandardOperatingProcedure(SOP)thatdocumentsmanagementandoperationsoftheSCIF.
c)TheSOshallreviewtheSOPatleastannuallyandreviseitwhenanyaspectofSCIFsecuritychanges.
d)TheSOshallissueandcontrolallSCIFkeys.
Locksshallbechangedwhenakeyislostorisbelievedtobecompromised.
e)TheSOshallconductannualself-inspectionstoensurethecontinuedsecurityofSCIFoperations,identifydeficiencies,anddocumentcorrectiveactionstaken.
InspectionresultsshallbeforwardedtotheAOandcopiesretainedbytheSOuntilthenextinspection.
f)TheSOshallcreateanemergencyplantobeapprovedbytheAO.
PlansshallbereviewedandupdatedannuallyandallSCIFoccupantsshallbefamiliarwiththeplans.
Drillsshallbeconductedascircumstanceswarrant,butatleastannually.
Theemergencyplanmaybeanextensionofanoveralldepartment,agency,orinstallationplan.
(1)ForSCIFswithintheU.
S.
,emergencyplansshalladdressthefollowing:FireNaturaldisasterCivilunrestIntrusiondetectionsystemfailuresAdmittanceofemergencypersonnelTheprotectionofSCIFoccupantsandclassifiedinformationEvacuationrequirementsandemergencydestruction(2)ForSCIFsoutsidetheU.
S.
,emergencyplansshalladdressalloftheaboveandshallincludeinstructionsfortheemergencydestructionorremovalofSCIwherepoliticalinstability,terrorism,hostcountryattitudes,orcriminalactivitysuggestthepossibilitythataSCIFmaybeoverrun.
g)TheSOshallcontrolpasswordstoaccessthemaintenancemodeofcopiersandotherofficeequipment.
h)TheSOshalldevelopanSOPthataddressesactionstobetakenwhenIDSmaintenanceaccessisrequired.
UNCLASSIFIEDChapter12ManagementandOperations81UNCLASSIFIED2.
RequiredSCIFDocumentationa)CopiesofalldocumentsrelatingtoSCIFaccreditationshallbemaintainedbytheSCIFSOandinclude,butnotlimitedto,thefollowing:SCIFaccreditationFixedfacilitychecklistConstructionsecurityplanCTTAevaluationISaccreditationSOPsTheresultsofthefinalacceptancetestoftheoriginalsysteminstallationandanyteststosystemmodificationsmadethereafterEmergencyplanb)Asapplicable,thefollowingdocumentsshallbemaintainedbytheSCIFSO:TSCMreportsCo-utilizationagreementsMemorandaofagreementSelf-inspectionreportsCompartmentedareachecklistShipboardSCIFchecklistAircraft/UAVchecklistAcopyoftheCRZHcertificate(UL2050)D.
SOPs1.
AcomprehensiveSOPthatdocumentsmanagementandoperationsoftheSCIFshallbepreparedbytheSO.
2.
TheSOPshallbeincludedintheaccreditationpackageandapprovedbytheAO.
3.
Allindividualsassignedto,orhavingunescortedaccessto,theSCIFshallbefamiliarwithandadheretotheSOP.
4.
AllSOPrevisionsshallbeprovidedtotheAOforapproval.
5.
SOPsshallbetailoredtoaspecificSCIF.
6.
SOPsshallincludespecificareasofsecurityconcernasdefinedbyprogramormissionrequirements.
7.
ThefollowingareexamplesofsubjectsthatshouldbeaddressedinanSOP:Self-inspectionsSecurityincidentsandviolationsAlarmsystemsandresponserequirementsOpeningandclosingproceduresUNCLASSIFIEDChapter12ManagementandOperations82UNCLASSIFIEDAccesscontrolsVisitoraccessEscortproceduresEquipmentmaintenanceproceduresHandling,processing,anddestructionofclassifiedmaterialBadgeproceduresEnd-of-daysecurityproceduresPersonnelandpackageinspectionproceduresSecurecommunicationsdeviceinstructionsE.
ChangesinSecurityandAccreditation1.
ChangesaffectingthesecuritypostureoftheSCIFshallbeimmediatelyreportedbytheSOtotheAOtoincludeanycorrectiveormitigatingactionstaken.
2.
IfanAOdeterminesthatSCIFsecurityconditionsareunsatisfactory,SCIFaccreditationmaybesuspendedorrevoked.
a)AllappropriateauthoritiesandSCIFoccupantsshallbeimmediatelynotifiedandtheSCIFcloseduntildeficientconditionsarecorrected.
b)AllSCImaterialshallberelocatedtoanotherSCIF.
F.
General1.
Exceptforlawenforcementofficialsorotherpersonnelrequiredtobearmedintheperformanceoftheirduties,firearmsandotherweaponsareprohibitedinSCIFs.
2.
Photography,video,andaudiorecordingequipmentarerestrictedbutmaybeauthorizedforofficialpurposesasdocumentedintheSOP.
3.
ProceduresshallbeestablishedtocontrolITstoragemediauponenteringorexitingaSCIFinaccordancewithICD503(IntelligenceCommunityInformationTechnologySystemsSecurityRiskManagement,CertificationandAccreditation).
4.
SCIFperimeterdoorsshallremainclosedandcontrolledatalltimes.
Whenadoorneedstobeopen,itshallbecontinuallymonitoredbyanSCI-indoctrinatedindividual.
5.
AllSCIFoccupantsshallbefamiliarwithemergencyplansanddrillsshallbeconductedascircumstanceswarrant,butatleastannually.
6.
Wheretheriskofhostileactionissignificant,SCImaterialsshallbemaintainedatanabsoluteminimum.
UNCLASSIFIEDChapter12ManagementandOperations83UNCLASSIFIEDG.
Inspections1.
SCIFinspectionsshallbeperformedbytheAO,ordesignee,priortoaccreditation.
2.
HeadsofICelementsshallconductperiodicsecurityreviewstoensuretheefficiencyofSCIFoperations,identifydeficiencies,anddocumentcorrectiveactionstaken.
AllrelevantdocumentationassociatedwithSCIFaccreditation,inspections,andsecurityadministrationmaybesubjecttoreview.
3.
Periodicinspectionsshallbeconductedbasedonthreat,facilitymodifications,sensitivityofprograms,pastsecurityperformance,oratleasteveryfiveyears.
4.
SOsshallconductannualself-inspectionstoensurethecontinuedsecurityofSCIFoperations,identificationofdeficiencies,andtodocumentcorrectiveactionstaken.
InspectionresultsshallbeforwardedtotheAOandcopiesretainedbytheSOuntilthenextinspection.
5.
AuthorizedinspectorsshallbeadmittedtoaSCIFwithoutdelayorhindrancewheninspectionpersonnelareproperlycertifiedtohavetheappropriatelevelofsecurityclearanceandSCIindoctrinationforthesecurityleveloftheSCIF.
6.
Short-noticeoremergencyconditionsmaywarrantentrywithoutregardtothenormalSCIFdutyhours.
7.
Government-ownedequipmentneededtoconductSCIFinspectionswillbeadmittedintotheSCIFwithoutdelay.
Specifically,equipmentforTEMPESTorTechnicalSurveillanceCountermeasures(TSCM)testingshallbeadmittedtoaSCIFaslongasthepersonneloperatingtheequipmentarecertifiedtohavetheappropriatelevelofsecurityclearanceandSCIindoctrination.
H.
ControlofCombinations1.
Combinationstolocksinstalledonsecuritycontainers/safes,perimeterdoors,windows,andanyotheropeningshouldbechangedinthefollowingcircumstances:a)Whenacombinationlockisfirstinstalledorused.
b)Whenacombinationhasbeensubjected,orbelievedtohavebeensubjected,tocompromise.
c)Wheneverapersonknowingthecombinationnolongerrequiresaccesstoitunlessothersufficientcontrolsexisttopreventaccesstothelock.
d)AtothertimeswhenconsiderednecessarybytheSO.
2.
Whenthelockistakenoutofservice,itwillberesetto50-25-50.
3.
AllcombinationstotheSCIFentrancedoorsshouldbestoredinadifferentSCIF.
Whenthisisnotfeasible,alternativearrangementsshallbemadeincoordinationwiththeAO.
UNCLASSIFIEDChapter12ManagementandOperations84UNCLASSIFIEDI.
De-AccreditationGuidelinesSCIFcloseoutsandde-accreditationsshallcomplywiththefollowingprocedures:1.
Inspectallareas,storagecontainers,andfurnitureforthepresenceofclassified,sensitive,orproprietaryinformation.
2.
Resetsafecombinationsto50-25-50andlockthecontainers.
3.
Affixwrittencertificationtoallstoragecontainersthatthecontainerdoesnotcontainclassified,sensitive,orproprietaryinformation.
Thecertificationshallincludethedateofinspectionandthenameandsignatureoftheinspector.
4.
EnsurethatreproductionandprintingequipmentisdecertifiedordisposedofinaccordancewithAOguidance.
5.
Disposeof,orrelocate,SCIcomputerequipment,media,harddrives,andportablestoragemediaasapprovedbytheAO.
6.
RequestrevocationofAutomatedInformationSystems(AIS)accreditation.
7.
RequestrevocationofSCIFaccreditation.
8.
IftheSCIFwillbeusedforanothermissionorprojectthatrequiresalarms,transferalarmservicetothenewactivity.
9.
IftheSCIFwillnotbeusedforanothermissionorprojectandallclassifiedinformationhasbeenremoved,thefollowingshalloccur:a)Alarmserviceshallbediscontinued.
b)CombinationsontheentrancedoorandanyGSAcontainersshallbechangedto50-25-50.
c)Allkeysshallbeaccountedfor.
J.
VisitorAccess1.
GeneralRequirementsa)VisitorlogsshallbeusedtorecordallSCIFvisitorsandincludethefollowinginformation:VisitorsfullnameOrganizationCitizenshipPurposeofthevisitPointofcontactDate/timeofthevisitb)Government-issuedidentificationshallberequiredasameansofpositiveidentification.
UNCLASSIFIEDChapter12ManagementandOperations85UNCLASSIFIEDc)Visitorlogsshallberetainedfortwoyearsafterthedateofthelastentry.
d)VisitorclearanceverificationshallbeaccomplishedusingtheDNIScatteredCastlesdatabasetothegreatestextentpossible.
e)Visitorswhoseclearanceshavenotbeenverifiedmaybepermitted,underescort,entryintotheSCIF;however,accesstoand/ordiscussionofclassifiedinformationshallbedeniedpendingclearanceverification.
f)Visitors,SCIFoccupants,andtheirpossessionsmaybesubjecttoscreeningandinspectionstodetertheunauthorizedremovalofclassifiedmaterialortheintroductionofprohibiteditemsorcontraband.
g)ScreeningandinspectionproceduresshallbedocumentedandapprovedbytheAO.
2.
SCIFAccessbyUnclearedandEmergencyPersonnela)Unclearedpersonnelshallbeescortedatalltimesbyclearedpersonnel.
b)Theratioofclearedescortstounclearedpersonnelshallbedeterminedonacase-by-casebasisbytheSO.
c)Priortoassumingescortduties,allescortsshallreceiveabriefingbytheSOordesigneeoutliningtheirresponsibilities.
d)UnclearedpersonnelshallbekeptunderobservationatalltimeswhileintheSCIF.
Escortsshallensureprecautionsaretakentoprecludeinadvertentaccesstoclassifiedinformation.
e)Lights,signs,orotheralertingmechanismsorproceduresshallbeusedtoalertSCIFoccupantsofthepresenceofunclearedpersonnel.
f)EmergencypersonnelandequipmentshallbeallowedaccesstoSCIFsandbeescortedtothedegreepractical.
Ifexposedtoclassifiedinformation,theyshallsignaninadvertentdisclosurestatementwhenfeasible.
UNCLASSIFIEDChapter12ManagementandOperations86UNCLASSIFIEDK.
Maintenance1.
SCI-indoctrinatedmaintenancepersonnelshallbeusedtotheextentpossible.
2.
Proceduresforperformingmaintenanceonofficeequipment,includingtheuseofdiagnosticequipment,shallbedocumentedintheSCIFSOP.
3.
Computerizeddiagnosticequipment,toincludeassociatedhardwareandsoftware,shallbekeptundercontrolwithinaSCIFandshallbemanagedtoprohibitthemigrationofclassifieddatawhenconnectedtoclassifiedsystems.
ProceduresshallbedocumentedintheSOP.
4.
PasswordstoaccessthemaintenancemodeofcopiersandotherofficeequipmentshallbecontrolledbytheSO.
5.
Officeequipmentthatisnolongerserviceable,suchascopiersandclassifiedfaxmachines,shallbesanitizedbyhavingvolatilememoryerasedandnon-volatilememoryanddiskstorageremovedforterminaldestruction.
L.
IDSandACSDocumentationRequirementsThefollowingdocumentsandrecordsshallbemaintainedwithintheSCIF:1.
SystemPlanssuchassystemdesign,equipment,andinstallationdocumentation.
2.
MOAsestablishedforexternalmonitoring,response,orboth,andwhichshallincludethefollowinginformation:ResponsetimeforresponseforcesandSCIFpersonnel.
Responsibilitiesoftheresponseforceuponarrival.
MaintenanceofSCIFpointsofcontact.
Lengthoftimeresponsepersonnelarerequiredtoremainon-site.
3.
MonitoringStationSOPand/oracopyofthemonitoringstationULcertificate.
4.
MaintenanceaccessSOP.
5.
Records,logs,andarchives.
6.
Recordsofsystemtesting(fortwoyears)shallincludethefollowinginformation:TestingdatesNamesofindividualsperformingthetestSpecificequipmenttestedMalfunctionsdetectedCorrectiveactionstakenUNCLASSIFIEDChapter12ManagementandOperations87UNCLASSIFIED7.
Recordsofguardorresponseforcepersonneltesting.
8.
ThePCUshallcontainasecured,non-volatileevent(alarm)logcapableofstoringatleastsixmonthsofevents,oraprintershallbeinstalledthatprovidesreal-timerecordingofopenings,closings,alarms,troublealarms,andlossofcommunications.
a)Ifthesystemhasnoprovisionforautomaticentryintoarchive,theAOmayauthorizeamanualloggingsystem.
b)Monitoringpersonnelshallrecordthetime,source,typeofalarm,andactiontaken.
c)TheSCIFSOshallroutinelyreviewthehistoricalrecords.
d)Resultsofinvestigationsandobservationsbytheresponseforceshallalsobemaintainedatthemonitoringstation.
e)Recordsofalarmannunciationsshallberetainedfortwoyears.
f)Shuntingormaskingofanyzoneorsensorshallbeloggedinthesystemarchives.
g)Allmaintenanceperiodsshallbearchivedintothesystem.
h)Anarchiveshallbemaintainedforallremoteservicemodeactivities.
9.
AccessControlSystemsRecordswhichinclude:a)TheactiveassignmentofIDbadge/card,PIN,levelofaccess,entries,andsimilarsystem-relatedinformationb)Recordsofpersonnelremovedfromthesystemwhichshallberetainedfortwoyearsfromthedateofremoval.
10.
Recordsofsecurityincidents(violations/infractions)regardingautomatedsystemsshallberetainedbytheSOforfiveyearsfromthedateofanincidentoruntilinvestigationsofsystemviolationsandincidentshavebeenresolved.
M.
EmergencyPlan1.
TheSOshallcreateanemergencyplan.
2.
TheemergencyplanshallbeapprovedbytheAOandmaintainedon-siteforeachaccreditedSCIF.
3.
Theemergencyplanmaybeanextensionofanoveralldepartment,agency,orinstallationplan.
4.
Theemergencyplanshalladdressthefollowing:FireNaturaldisasterCivilunrestAdmittanceofemergencypersonnelintoaSCIFTheprotectionofSCIFoccupantsandclassifiedinformationUNCLASSIFIEDChapter12ManagementandOperations88UNCLASSIFIEDEvacuationrequirementsEmergencydestruction5.
Plansshallbereviewedatleastannuallyandupdatedasnecessary.
6.
AllSCIFoccupantsshallbefamiliarwiththeplansanddrillsshallbeconductedascircumstanceswarrant,butatleastannually.
7.
Wherepoliticalinstability,terrorism,hostcountryattitudes,orcriminalactivitysuggeststhepossibilitythataSCIFmaybeoverrun,emergencyplansshallincludeinstructionsforthesecuredestructionorremovalofSCIunderadversecircumstancesandincludecontingenciesforlossofelectricalpowerandnon-availabilityofopenspacesforburningorchemicaldecompositionofmaterial.
8.
Wheretheriskofhostileactionsaresignificant,SCIholdingsandreferencematerialsshallbemaintainedatanabsoluteminimumrequiredforcurrentworkingpurposes.
Ifreferenceorothermaterialisneeded,itshallbeobtainedfromotheractivitiesandreturnedordestroyedwhennolongerneeded.
UNCLASSIFIED89Chapter13.
FormsandPlansThispageintentionallyleftblank.
UNCLASSIFIED90CLASSIFYACCORDINGTOFACILITYSPONSORCLASSIFICATIONGUIDANCEFixedFacilityChecklist[InsertOrgName][Date][Address]UNCLASSIFIED91SCIFFixedFacilityChecklistCLASSIFYACCORDINGTOFACILITYSPONSORCLASSIFICATIONGUIDANCECHECKApplicableblocksDomesticOverseasNotCOM[]OverseasCOMPre-construction,CompleteSectionsasRequiredbyA/OFinalFFCAccreditationUpdate/PageChangeChecklistContentsSectionA:GeneralinformationSectionB:Security-in-DepthSectionC:SCIFSecuritySectionD:DoorsSectionE:IntrusionDetectionSystems(IDS)SectionF:TelecommunicationSystemsandEquipmentBaselineSectionG:AcousticalProtectionSectionH:ClassifiedDestructionMethodsSectionI:InformationSystems/TEMPEST/TechnicalSecurityUNCLASSIFIED92ListofAttachments--TEMPESTChecklist--OtherAttachmentsasRequired(Diagramsmustbesubmitted)SectionA:GeneralInformation1.
SCIFDataOrganization/CompanyNameSCIFIdentificationNumber(ifapplicable)Organizationsubordinateto(ifapplicable)ContractNumber&ExpirationDate(ifapplicable)ConceptapprovalDate/by(ifapplicable)CognizantSecurityAuthority(CSA)DefenseSpecialSecurityCommunicationSystemInformation(ifapplicable)DSSCSMessageAddressDSSCSINFOAddressIfnoDSSCSMessageAddress,pleaseprovidepassinginstructions2.
SCIFLocationStreetAddressBuildingName/#Floor(s)Suite(s)Room(s)#CityBase/PostState/CountryZipCode3.
MailingAddress(ifdifferentfromSCIFlocation)StreetorPostOfficeBoxCityStateZipCodeUNCLASSIFIED934.
ResponsibleSecurityPersonnelPRIMARYALTERNATENameCommercialPhoneDSNPhoneSecurePhoneSTEOtherPhoneHomeSecureFaxCommandorRegionalSpecialSecurityOffice/Name(SSO)(ifapplicable)CommercialPhoneOtherPhone5.
E-MailAddressofResponsibleSecurityPersonnelClassified(Network/SystemName&Level)Unclassified(Network/SystemName)Other(Network/SystemName)6.
AccreditationData(RefChapter:12E)a.
Category/CompartmentsofSCIRequested:1)Indicatestoragerequirement:OpenClosedContinuousOperationNone2)IndicatethefacilitytypePermanentTemporarySecureWorkingAreaTSWA3)Co-UseAgreementsYesNoIfyes,providesponsor:b.
SAP(s)co-locatedwithinSCIFYesNoIfyes,identifySAPClassificationlevel(checkallthatapply)SCITopSecretSecretConfidentialUNCLASSIFIED94c.
SCIFDutyHoursHourstoHours:DaysPerWeek:d.
TotalsquarefootagethattheSCIFoccupies:e.
HasorwillCSArequestedanywaiversYesNoN/AIfyes,attachacopyofapprovedwaiverConstruction/Modification(Ref:Chapter3B)IsconstructionormodificationcompleteYesNoN/AIfno,entertheexpecteddateofcompletionWasallconstructioncompletedinaccordancewiththeCSPYesNoN/AIfnot,explainchanges.
7.
Inspections(Ref:Chapter12G)HasaTSCMInspectionbeenperformedYesNoIfyes,providethefollowinga.
TSCMServicecompletedbyOn(Attachacopyofreport)WeredeficienciescorrectedYesNoN/AIfno,explainb.
LastphysicalsecurityinspectionbyOn(Attachacopyofreport)WeredeficienciescorrectedYesNoN/AIfno,explainc.
LastStaffAssistanceVisitby:On(Attachacopyofreport)8.
REMARKS:SectionB:Security-in-Depth1.
DescribebuildingexteriorSecurity(Ref:Chapter2B)UNCLASSIFIED95a.
IstheSCIFlocatedonamilitaryinstallation,embassycompound,USGcompoundorcontractorcompoundwithadedicatedU.
S.
personresponseforceYesNob.
IstheSCIFlocatedinanentireBuildingYesNoc.
IstheSCIFlocatedonasinglefloorofBuildingYesNod.
IstheSCIFlocatedinasecludedareaofBuildingYesNoe.
IstheSCIFlocatedonafencedcompoundwithaccesscontrolledvehiclegateand/orpedestriangateYesNoFenceTypeHeightDoesitsurroundthecompoundHowisitcontrolledHowmanygatesHoursofusageHowaretheycontrolledwhennotinuse1)IstheFenceAlarmedIfso,describealarmsystems(i.
e.
–Microwave)2)FenceLighting3)BuildingLightingf.
IsthereexternalCCTVcoverageIfso,describetheCCTVsystem.
(includemonitorlocationsonmap)g.
GuardsYesNoStaticRovingClearancelevelofguards(ifapplicable)Duringwhathours/daysAnySCIFdutiesYesNoIfyes,describeduties2.
DescribeBuildingSecurity(PleaseprovidelegiblegeneralfloorplanoftheSCIFperimeter)UNCLASSIFIED96IstheSCIFlocatedinacontrolledbuildingwithseparateaccesscontrols,alarms,elevatorcontrols,stairwellcontrol,etc.
requiredtogainaccesstobuildingorelevatorYesNoIfyes,isSCIFcontrolledbybldgownersIfcontrolledbySCIFowners,isalarmactivationreportedtoSCIFownersbyagreementYesNoYesNob.
ConstructionTypec.
Windowsd.
Doorse.
DescribeBldgAccessControlsContinuousYesNoIfno,duringwhathoursClearancelevelofguards(ifapplicable)AnySCIFdutiesIfyes,describedutiesDuringwhathours/daysYesNo3.
DescribeBuildingInteriorSecurityAreofficeareasadjacenttotheSCIFcontrolledandalarmedIfyes,describeadjacentareasandtypesofalarmsystems.
YesNoControlledbySCIFOwnerIfcontrolledbyBldgowner,alarmactivationreportedtoSCIFownerbyagreementYesNoYesNo4.
SecurityIn-DepthUNCLASSIFIED97Whatexternalsecurityattributesand/orfeaturesshouldtheAOconsiderbeforedeterminingwhetherornotthisfacilityhasSecurityIn-DepthPleaseidentify/explainallfactors:SectionC:SCIFSecurity1.
HowisaccesstotheSCIFcontrolled(Ref:Chapter8)a.
ByGuardForceYesNoIfyes,whatistheirminimumsecurityclearancelevelb.
IsGuardForceArmedYesNoN/Ac.
ByassignedpersonnelYesNoIfyes,dopersonnelhavevisualcontrolofSCIFentrancedoord.
ByaccesscontroldeviceYesNoIfyes,whatkindAutomatedaccesscontrolsystemNon-AutomatedIfNon-Automated1.
Isthereaby-passkeyYesNoN/AIfyes,howistheby-passkeyprotected2.
Manufacturer:Model:(Attachsheetifadditionalspaceisrequiredforthisinformation)IfAutomated1.
Isthereaby-passkeyYesNoN/AIfyes,howistheby-passkeyprotected2.
Manufacturer:Model:(Attachsheetifadditionalspaceisrequiredforthisinformation)3.
Areaccesscontroltransmissionlinesprotectedby128-bitencryption/FIBS140YesNoIfno,explainthephysicalprotectionprovided.
4.
IsautomatedaccesscontrolsystemlocatedwithinaSCIForanalarmedareacontrolledattheSECRETlevelYesNoUNCLASSIFIED985.
IstheaccesscontrolsystemencodedandisIDdataandPINsrestrictedtoSCI-indoctrinatedpersonnelYesNo6.
DoesexternalaccesscontroloutsideSCIFhavetamperprotectionYesNo7.
IstheaccesscontroldeviceintegratedwithIDSYesNoN/A8.
IstheaccesscontroldeviceintegratedwithaLAN/WANSystemYesNoN/A2.
DoestheSCIFhavewindows(Ref:Chapter3F)a.
AretheyacousticallyprotectedYesNoN/AIfyes,howPleaseexplainb.
AretheysecuredagainstforcedentryYesNoN/AIfyes,howPleaseexplainc.
AretheyprotectedagainstvisualsurveillanceYesNoN/AIfyes,howPleaseexplain3.
DoventilationductspenetratetheSCIFperimeter(Ref:Chapter3G)YesNo(Indicateallductpenetrationsandtheirsizeonaseparatefloorplanasanattachment)a.
Anyductsover96squareinchesthatpenetrateperimeterwallsYesNoIfyes,howaretheyprotectedIDS(DescribeinSectionE)Bars/Grills/MetalBafflesOther,pleaseexplainDescribeProtection:b.
InspectionportsYesNoIfyes,aretheywithintheSCIFYesNoIfno,aretheysecuredYesNoPleaseexplainc.
DoallventilationductspenetratingtheperimetermeetacousticalrequirementsYesNo(NOTE:Allductsandvents,regardlessofsizemayrequireacousticalprotection)Ifyes,howaretheyprotectedUNCLASSIFIED99MetalBafflesNoiseGeneratorZ-DuctOther(Describe)Describethemethodofventilationandductworkprotection(ifapplicable)4.
Construction(Ref:Chapter3B)a.
DescribePerimeterWallConstruction:b.
Trueceiling(materialandthickness)YesNoc.
FalseceilingYesNoIfyes,whatisthetypeofceilingmaterialWhatisthedistancebetweenfalseandtrueceilingd.
Truefloor(materialandthickness)YesNoe.
FalsefloorYesNoIfyes,whatisthetypeoffalseflooringWhatisthedistancebetweenfalseandtruefloor5.
REMARKS:SectionD:Doors1.
DescribeSCIFprimaryentrancedoorconstruction(indicateonfloorplan)(Ref:Chapter3E)a.
DoesthedooranddoorframemeetsoundattenuationrequirementsYesNoIfno,haveacousticalcountermeasuresbeenemployedYesNob.
DescribeSCIFperimeterdoorstoincludethicknessandtypeofdoor.
c.
IsanautomaticdoorcloserinstalledYesNoIfno,pleaseexplaind.
Isadoorsweep/thresholdsinstalledYesNoIfno,pleaseexplaine.
Isanacoustical/astragalstripYesNoIfno,pleaseexplainUNCLASSIFIED100installed2.
DescribenumberandtypeofdoorsusedforSCIFemergencyexitsandotherperimeterdoorsincludingdayaccess(showonfloorplan)a.
DothedoorsanddoorframesmeetsoundattenuationrequirementsYesNoIfno,haveacousticalcountermeasuresbeenemployedYesNob.
HasexteriorhardwarebeenremovedYesNoc.
HaslocalenunciatorbeeninstalledYesNoDescribehowthedoorhingesexteriortotheSCIFaresecuredagainstremoval(ifinanuncontrolledarea).
3.
LockingDevicesa.
IstheprimaryentrancedoorequippedwithaGSA-approvedpedestriandoordeadboltmeetingFederalSpecificationFF-L-2890includinglockmeetingFF-L-2740AYesNob.
Listcombinationlockmanufacturer,modelnumberandgroupratingManufacturer:ModelNumber:c.
DoestheentrancedoorstandopenintoanuncontrolledareaYesNoIfyes,pleasedescribetamperprotection.
d.
Emergencyexitsandotherperimeterdoors:Describe(locks,metalstrip/bar,deadbolts,localannunciation,andpanichardware).
e.
Whereisthelockcombination(s)filed(PleaseidentifytheSCIFAOandSCIFID#)4.
REMARKS:UNCLASSIFIED101SectionE:IntrusionDetectionSystems1.
GeneralIDSDescription(Ref:Chapter7A)a.
HastheIDSconfigurationbeenapprovedbytheAOYesNob.
IdentityofIDSinstaller:IdentityofIDSmonitoringfirm:c.
PremiseControlUnit(PCU)ManufacturerModelNumberTamperProtectionYesNod.
IsthePCUlocatedinsidetheSCIFperimeter(indicatedonfloorplan)YesNoIfno,pleaseexplaine.
LocationofinteriormotiondetectionprotectionAccessiblepointsofentry/perimeterYesNoAnyothersSpecifyYesNof.
HastheIDSalarmmonitorstationbeeninstalledtoUnderwritersLaboratoriescertifiedstandardsYesNoContractorfacilitysubmitcopyofCertificateg.
HastheIDSpassedAOorUL2050installationandacceptancetestsYesNoIfyes,attachacopyofcertificate(Non-commercialproprietarysystemmustanswerallquestions)h.
HighSecuritySwitchesTypeIYesNoi.
HighSecuritySwitchesTypeIIYesNoj.
Motionsensor(indicatesensorplacementonalegiblefloorplan;8x11"or11"x17"paper)k.
Areanyotherintrusiondetectionequipmentsensors/detectorsinuseYesNoPleaseidentifymake,modelandmanufacturerandfunction(indicateonfloorplan)UNCLASSIFIED102MakeModelManufacturerFunctionl.
DoestheIDSextendbeyondtheSCIFperimeterYesNom.
CanthestatusofPCUbechangedfromoutsideIDSprotectionYesNoIfyes,isanauditconducteddailyYesNon.
DoanyintrusiondetectionequipmentcomponentshaveaudioorvideocapabilitiesYesNoIfyes,pleaseexplain.
o.
PCUAdministratorSCIindoctrinatedYesNop.
ExternalTransmissionLineSecurity:q.
WhatisthemethodoflinesecurityNationalInstituteofStandardsandTechnology(NIST)FIBSAESencryptionYesNo1)Ifyes,hastheencryptionbeencertifiedbyNISToranotherindependenttestinglaboratoryYesNo2)IfnotNISTstandard,isthereanalternateYesNo3)Ifyes,pleaseexplain4)DoesthealternatelineutilizeanycellularorotherRadioFrequency(RF)capabilityYesNoManufacturerModelNumberr.
DoesanypartoftheIDSuselocalorwideareanetwork(LAN/WAN)YesNoN/A1)IsthehostcomputerdedicatedsolelyforsecuritypurposesYesNoN/A2)IsthehostcomputersecuredwithinanalarmedareacontrolledattheSECRETorhigherlevelYesNoN/A3)IsthehostcomputerprotectedthroughfirewallsorsimilardevicesYesNoN/A4)Isthepasswordforthehostcomputeruniqueforeachuserandatleast8-characterslongconsistingofalpha,numeric,andspecialcharactersYesNoN/A5)Isthepasswordchangedsemi-annuallyYesNoN/A6)AreremotesecurityterminalsprotectedthesameastheYesNoN/AUNCLASSIFIED103hostcomputerIfno,pleaseexplain:2.
IsemergencypoweravailablefortheIDSYesNoN/AGeneratorYesNoIfyes,howmanyhoursBatteryYesNoIfyes,howmanyhours3.
WhereistheIDSalarmmonitorstationlocated4.
Doesthemonitorstationhaveanyremotecapabilities(i.
e.
,resettingalarms,issuingPINs,accessing/securingalarms,etc.
YesNoN/AIfyes,pleaseexplain:5.
DoestheIDShaveanyautomaticfeatures(i.
e.
,timedauto-secure,auto-accesscapabilitiesYesNoN/A6.
DoesthePCU/keypadhavedialoutcapabilitiesYesNoN/A7.
IDSresponsepersonnelYesNoN/Aa.
Whoprovidesinitialalarmresponseb.
DoestheresponseforcehaveasecurityclearanceYesNoIfyes,whatistheclearancelevelc.
DoyouhaveawrittenagreementwithexternalresponseforceYesNod.
EmergencyproceduresdocumentedYesNoe.
Responsetoalarmcondition:Minutesf.
AreresponseprocedurestestedandrecordsmaintainedYesNoIfno,pleaseexplain:g.
HasacatastrophicfailureplanbeenapprovedbytheCSAYesNo8.
DoestheIDSundergosemiannualtestingYesNo9.
HaveIDSrecordsbeenmaintainedYesNoIfno,pleaseexplain:10.
REMARKS:SectionF:TelecommunicationSystemsandEquipmentBaseline1.
Isthefacilitydeclareda"NoClassifiedDiscussionArea"(Ref:YesNoUNCLASSIFIED104Chapter11A)Ifyes,thentheaudioprotectionquestionswithinthissectionmaybeidentifiedasN/AIfthefacilityisdeclareda"NoClassifiedDiscussionArea",arewarningnoticespostedprominentlywithinthefacilityYesNoN/A2.
Doesthefacilityhaveanyunclassifiedtelephonesthatareconnectedtothecommercialpublicswitchtelephonenetwork(PSTN)YesNoWhatisthemethodofon-hookprotection1)CNSSI5006(TSG-6)approvedtelephoneorinstrumentYesNoN/A(Pleaseidentifyalltelephoneequipment/stationsand/orinstrumentsbeingusedeitherbeloworasanattachment)ManufacturerModelNumberTSGNumber(ifapplicable)2)CNSSI5006(TSG-6)approveddisconnectdeviceYesNoN/Aa.
LinedisconnectYesNoN/Ab.
RingerprotectionYesNoN/AManufacturerModelNumberTSGNumber(ifapplicable)3)CNSSI5002(TSG-2)configuredcomputerizedtelephonesystem(CTS)YesNoN/Aa.
Ifyes,pleaseprovidethefollowinginformationabouttheCTSManufacturerModelb.
Ifyes,pleaseprovidespecificlocationoftheCTSc.
HowisthefacilityprotectingtheCTSphysicallycontrolledd.
Ifyes,whatistheclearancelevel(ifany)offacilityorareawheretheswitchislocatedandhowisareacontrollede.
Howareallcables,signallinesandintermediatewritingframesbetweentheSCIFtelephonesandtheCTSphysicallyprotectedwithinaphysicallycontrolledspacef.
Areallprogrammedia,suchastapesand/ordisks,fromtheCTSaffordedphysicalprotectionfromunauthorizedalterationsYesNoUNCLASSIFIED105g.
Isanup-to-datemastercopyoftheCTSsoftwareprogrammaintainedforconfirmationand/orreloadingoftheoperatingsystemYesNoh.
DoestheCTShavethecapabilitytoforceorholdatelephonestationoff-hookYesNoi.
DoestheCTSuseremotemaintenanceanddiagnosticproceduresorotherremoteaccessfeaturesYesNoIfyes,explainmaintenanceproceduresj.
DotheCTSinstallersandprogrammershavesecurityclearancesYesNoIfyes,atwhataccesslevel(minimumestablishedbyAO)Ifno,areescortsprovidedYesNo4)IsitaVoiceoverInternetProtocol(VOIP)phonesystem(IPS)(RefCNSSI5000)YesNoN/Aa.
Ifyes,pleaseprovidethefollowinginformationabouttheIPSManufacturerModelNumberIPSLocationb.
Doallunclassifiedtelephoneswithinthefacilityhaveahold,muteand/orpush-to-talk[handset]capability,(foroff-hookaudioprotection)YesNoN/AIfno,pleaseexplainc.
IsaccesstothefacilityhousingtheIPSphysicallycontrolledYesNod.
Ifyes,whatistheclearancelevel(ifany)offacilityorareawheretheswitchislocatedandhowistheareacontrollede.
Areallcables,signallinesandintermediatewiringframesbetweentheSCIFtelephonesandtheIPSphysicallyprotectedorcontainedwithinaphysicallycontrolledspaceYesNoIfno,pleaseexplainf.
Areallprogrammedia,suchastapesand/ordisks,fromtheIPSaffordedphysicalprotectionfromunauthorizedalterationsYesNog.
Isanup-to-datemastercopyoftheIPSsoftwareprogrammaintainedforconfirmationand/orreloadingoftheoperatingsystemYesNoh.
DoestheIPShavethecapabilitytoforceorholdatelephonestationoff-hookYesNoUNCLASSIFIED106i.
DoestheIPSuseremotemaintenanceanddiagnosticproceduresorotherremoteaccessfeaturesYesNoj.
DotheIPSinstallersandprogrammershavesecurityclearancesYesNoIfyes,atwhataccesslevel(minimumestablishedbyAO)Ifno,areescortsprovidedYesNo3.
Automatictelephonecallansweringa.
ArethereanyautomaticcallansweringdevicesforthetelephonesintheSCIFYesNo1)Ifyes,pleaseidentifythetypeVoicemail/unifiedmessageserviceYesNoStandalonetelephoneansweringdevice(TAD)YesNo2)ProvidemanufacturerandmodelnumberoftheequipmentManufacturerModela.
Arespeakerphones/microphonesenabledYesNoIfyes,hastheremoteroommonitoringcapabilitybeendisabledYesNoHasthisbeenapprovedforusebytheAOYesNoN/AProvidedetailedconfigurationproceduresIfapplicable,isthevoicemailorunifiedmessagingservicesconfiguredtopreventunauthorizedaccessfromremotediagnosticportsorinternaldialtoneYesNo4.
Areanymulti-functionofficemachines(M-FOMs)usedwithintheSCIF(M-FOMsareelectronicequipmentthatcanbeusedatnetworkorstandaloneprinters,facsimiles,andcopiers)YesNoa.
Ifyes,pleaseidentifythedevicetoinclude(PleaseidentifyallM-FOMdevicesinuse,eitherbeloworasanattachment)–IncludeamanufactureVolatilestatementforeachM-FOM.
MakeModelSerialNumberUNCLASSIFIED107b.
Ifyes,pleaseidentifyallfeaturesandinformationprocessinglevelofeachM-FOM1)CopierYesNoN/AIfyes,level(s)ofinformation2)FacsimileYesNoN/AIfyes,level(s)ofinformation3)Printer(connectedtoastandalonecomputerornetwork)YesNoN/AIfyes,pleaseexplainandidentifythesystem(s)andthelevel(s)ofinformationc.
DoestheM-FOMhavememorystoragecapabilityYesNoN/AIfyes,whatkindVolatile(informationinmemoryclears/eraseswhenpoweredoff)Non-volatile(informationinmemorythatremainswhenpoweredoff)d.
DoestheM-FOMhaveadigitalharddriveYesNoN/Ae.
HavemaintenanceanddispositionproceduresbeenestablishedYesNoN/Af.
DoestheM-FOMhavevoicetransmissioncapabilityand/oratelephonehandsetYesNoN/AIfyes,howisthisfeatureprotectedPleasedescribe5.
Arethereanyvideoteleconference(VTC)systemsinstalledYesNoIfyes,whatlevel(s)ofinformationistheVTCsystemprocessingWhichroom(s)containVTCsystems6.
ArethereanycommercialtelevisionreceiversinstalledYesNoIfyes,provideaseparateannotatedfloorplanofthecommercialtelevisionsystem7.
DoestheSCIFhaveanyautomatedenvironmentalinfrastructuresystemsYesNoIfyes,describewhatcountermeasureshavebeentakentoprovideagainstmaliciousactivity,intrusion,andexploitation.
(Example:premisemanagementsystems,environmentalcontrolsystems,lightingandpowercontrolunits,uninterruptedpowersources)8.
REMARKS:SectionG:AcousticalProtectionUNCLASSIFIED1081.
DoallareasoftheSCIFmeetAOrequiredacousticalprotectionstandards"(Ref:Chapter9A)YesNoIfno,describeadditionalmeasurestakentoprovideconformingacousticalprotection(e.
g.
,addedsoundinsulation,doorandwindowscoverings,nodiscussionareas,soundmasking,etc.
)2.
Arethereanyamplifiedaudiosystemsusedforclassifiedinformation(ExampleVTC,PAsystems,etc.
)YesNoIfyes,arethewalls/ceilings/flooroftheroomwheretheamplifiedaudiosystemresidesacousticallytreatedtomeetaSoundGroup4orSTC50YesNoN/A3.
IsthereapublicaddressormusicsystementirelycontainedwithintheSCIFYesNoIfyes,provideaseparateannotatedfloorplanforeachsystem4.
IstheSCIFequippedwithapublicaddress,emergency/fireannouncementormusicsystemoriginatingoutsidetheSCIFYesNoSectionH:ClassifiedDestructionMethods1.
Destructionmethods(Ref:Chapter12M)a.
Describethemethodandequipmentusedfordestructionofclassified/sensitivematerial(ifmorethanonemethodordevice,useRemarkstodescribe).
ListallmanufacturerandmodelsMethodDeviceManufacturerModelb.
IsasecondarymethodofdestructionavailableYesNoc.
Describethelocationofdestructionsite(s)inrelationtothesecurefacilityd.
Describemethodorprocedureusedforhandlingnon-solubleclassified/sensitivematerialatthisfacilitye.
DoyouhaveawrittenEmergencyActionPlan(EAP)approvedbyAO(ifrequired)YesNoN/A2.
REMARKS:SectionI:INFOSEC/TEMPEST/TechnicalSecurity1.
Doesthefacilityelectronicallyprocessclassifiedinformation(Ref:Chapter13)YesNoIfyes,completeTEMPESTCHECKLISTFORSCIFFormUNCLASSIFIED109Thispageintentionallyleftblank.
UNCLASSIFIED110CLASSIFYACCORDINGTOFACILITYSPONSORCLASSIFICATIONGUIDANCETEMPESTChecklist[InsertOrgName][Date][Address]UNCLASSIFIED111TEMPESTCHECKLIST(Classifiedwhenfilledin)DATE:(Selecttheappropriateblock)SECTIONA-SCIFIdentificationData1.
SCIFData:Organization/CompanyName:Organizationsubordinateto:OfficeE-mailaddress:C)U)2.
SCIFLocation:StreetAddress:Bldg.
Name/Number:Floor(s)RoomNo(s)City:State/Country:ZipCode:MilitaryBase/InstallationName:GPSCoordinates:3.
PrimarySCIFPoint(s)ofContact:Name(s)DSN/CommercialTelephone:SecureTelephone:SecureFaxNo:UnclassifiedFaxNo:SecureE-mailAddress:UnclassifiedE-mailAddress:UNCLASSIFIED1124.
AlternateSCIFPoint(s)ofContact:Name(s)DSN/CommercialTelephone:SecureTelephone:SecureFaxNo:UnclassifiedFaxNo:SecureE-mailAddress:UnclassifiedE-mailAddress:SECTIONB-SCIFEquipment/Systems1.
SignalLinesandSignalDistributionSystems:a.
ArethereanySignalLines/SignalDistributionsystemsthatexittheSCIF{}Yes{}No(skipto2)b.
IfYes,whattypeoflinesexittheSCIFIfyes,giveadiagramidentifyingthelocationandlinetypes.
ClearlyidentifyanyusageofaProtectedDistributionSystem.
{}FiberOptic(Skipto2.
){}Coaxial{}CopperWiresc.
IftheyareCoaxialorCopperwires,isthereanykindofFilterorIsolationdeviceinstalledonthem{}YES{}NO(Skiptoe.
)d.
IfYes,whattypeofdeviceisusedinthesystemIfneeded,useadditionalsheets.
MakeModelLocationMakeModelLocationMakeModelLocation________e.
IfNo,describeeachSignalLines/SignalDistributionSystems.
Detailwhereitgoes,whatitconnectstooutsidetheSCIF,thecompositionofline,thenumberoflines,etc.
Ifneeded,useadditionalsheets.
UNCLASSIFIED113SubmitfloorplansoftheSCIFthatshowthelocation,routingandidentityofallsignallinesandsignaldistributionsystemswithintheSCIF.
IdentifythemasBLACKorREDandincludealltelephonelines,signallines,alarmlines,etc.
Ifapplicable,indicatewheretheyleavetheSCIFareaandshowthelocationsofallfilters,Isolatorsandamplifiers2.
PowerLinesandPowerDistributionSystems:a.
ArethereanyPowerLines/PowerDistributionSystemsthatexittheSCIF{}YES{}NO(Skipto3.
)Ifyes,provideadiagramshowingwhereitexitstheSCIF.
b.
DescribeeachPowerLines/PowerDistributionSystems.
DetailwhereitleavestheSCIF,whatitconnectstooutsidetheSCIF,doesthepowercomefromaHostNationsource,doesthepowercomefromaUScontrolledgenerator,describethematerialcompositionoftheline,thenumberoflines,voltagesinvolved,etc.
Ifneeded,useadditionalsheets.
SubmitfloorplansoftheSCIFshowingthelocation,routingandidentityofallpowerlinesandpowerdistributionsystemswithintheSCIF.
IdentifythemasBLACKorRED.
Ifapplicable,indicatewheretheyleavetheSCIFareaandshowthelocationsofallfilters,Isolatorsandamplifiers.
3.
Heating,VentilationandAirConditioning(HVAC)Systems;WaterPipes;GasPipes,SprinklerSystems,etc.
:a.
DescribeeachHVACSystemsorpipe.
Pleaseexplainindetail:path,connectionsin/outsideoftheSCIF,compositionoftheventorpipe,size,accessibility,etc.
ProvideadiagramindicatingtheirexitsfromtheSCIF.
Ifthereareanygroundingmitigations,pleaseindicateonthediagram.
ArewaveguidesinstalledIfneeded,useadditionalsheets.
UNCLASSIFIED114SubmitfloorplansoftheSCIFshowingthelocation,routingandidentityofallHVACsystemsandpipeswithintheSCIF.
Ifapplicable,indicatewheretheyleavetheSCIareaandshowthelocationsofallisolatorsandnon-conductivebreaks.
4.
RadioTransmission/ReceptionDevice:a.
ArethereanyRadioTransmittersorReceiverslocatedintheSCIForwithinthreemetersoftheSCIFsperimeterwall{}YES(GotoDevice#1.
){}NO(Skipto5.
)Device#1:a.
TypeofequipmentMakeModelnumberb.
ListhowmanyhourstheequipmentisusedHoursper:day____week____month_____c.
Priortoencryption,whatisthehighestclassificationleveloftheinformationtransmitted{}SCI{}TOPSECRET{}SECRET{}CONFIDENTIAL{}UNCLASSIFIEDd.
Listtheroomnumber(s)wheretheequipmentislocated:e.
Listthedistancebetweentheradiotransmission/receptiondeviceandthenearestREDequipmentorcryptogearf.
Isthepowerfortheradiotransmission/receptionequipmentisolatedfromthepowerfortheREDprocessingequipment{}YES{}NO(Skiptoh.
)g.
IfYes,howaretheyisolated{}Separatepowercircuit(Skipto5.
){}Powerlinefilters(Shouldbeannotatedin2d.
)h.
IfNo,describeeachtransmitterpowersource.
Pleaseexplainindetail:path,connectionsin/outsideoftheSCIF,compositionoftheline,voltage,size/gauge,accessibility,etc.
Ifneeded,useadditionalsheets.
UNCLASSIFIED115ForAdditionalDevices(useadditionalsheets)SubmitfloorplansoftheSCIFshowingthetransmitterlocations,signalandpowerlineroutingandtheidentityofallsystemcomponentsinstalledwithintheSCIF.
Ifapplicable,indicatewheretheyleavetheSCIarea,wheretheantennaisandshowthelocationsofallIsolatorsandfilters.
5.
MultilevelSystems:a.
Arethereanymulti-levelsystems(e,g,equipmentthatprocessesdifferentclassificationlevels)locatedintheSCIForwithinonemeteroftheSCIFsperimeterwall{}YES{}NO(Skipto6)Ifso,describethelevelindetail.
6.
TelecommunicationsSystems:a.
WhatkindoftelecommunicationssystemsareintheSCIF(VoIP,DSM)Pleasedescribe.
7.
ExistingTEMPESTCountermeasures:a.
ListanyexistingTEMPESTcountermeasuressuchasshieldedenclosures,supplementalshielding,filters(power,signal,telephone,etc.
.
.
),andnon-conductivesectionsinmetallicdistributionsystems(pipes,a/cducts,etc.
.
.
).
b.
Describeconstructionmethodandmaterialsusedin:Perimeterwall:Floor:UNCLASSIFIED116Ceiling:c.
DoestheSCIFperimeterhavewindows{}YES(Answerbelow.
){}NO(GotoSECTIONC.
)Listquantity,size,andanycountermeasuresusedandpertinentinformationaboutyourwindows.
SECTIONC-InformationProcessingVolumeofInformationProcessed-DescribethepercentageandvolumeofinformationprocessedattheUNCLASSIFIED,SENSITIVE,CONFIDENTIAL,SECRET,andTOPSECRETlevels.
SECTIOND-Maps/DiagramsSubmitthesedrawingsevenifyousubmittedthemwithyourFFCforphysicalsecurityaccreditation.
TheFFCisroutedtodifferentsectionsandareconsideredseparateactions.
Softcopiesarepreferredandwhilemostformatsareacceptable,PowerPointisrecommended.
UNCLASSIFIED1171.
External:(PleaseindicateonallexternalmapsacompassheadingthatdisplaysNorthataminimum.
)a.
SubmitscaledrawingsormapsofthelocationofyourSCIFsbuildingwithinthebase/post/compound/cityinwhichitislocated.
b.
Ifyouareonamilitarybase/post,agovernmentcontrolledfacility/areaoracompound/campusthatissolelycontrolledbyyourcompanywitha24hourguardforce,indicatethedistancebetweenthebuildingandtheclosestboundaryofthecompoundinmeters.
Alsoindicatethedistanceinmeterstotheboundariesineachcardinaldirection(i.
e.
East,West,NorthandSouth).
Submitscaledrawingsormapsofthelocationofthepost/base/facility/area/campus/compoundinrelationshiptothenearestcity.
c.
Ifyouarenotinacontrolledarea,showonthemap/drawingsthedistancesinmetersfromtheSCIFperimetertotheclosestlimitofSCIFsinspectablespaceboundary(thoseareaswheretheU.
S.
governmentoryourcompanydoesnothavethelegalauthoritytoidentifyand/orremoveaTEMPESTexploitationorwhereitwouldbeimpracticaltoconductaTEMPESTattack).
d.
Showthelocationsofanyareaswithin100metersoftheSCIFwhichareoccupiedbyForeignNationalsorcontrolledbyForeignEntitles/CompaniesthatarenotreadilyaccessiblebySCIFpersonnelidentifytheoccupantsandtheirdistanceinmetersfromtheSCIFperimeter.
2.
Internal:SubmitscaledrawingsormapsofthelocationofyourSCIFwithinthebuildingorfacilitythatitresides.
ProvidefloorplansoftheSCIFitselfandprovidethefollowing:a.
Locationandidentifybymanufacture,model,type,andlevelofclassificationofanyequipmentthatiselectronicallyprocessesunencryptedNationalSecurityInformation(NSI).
Forlargefacilities,thislistcanbeplacedonaseparatespreadsheetandnumbers/symbolscanbeusedinthedrawing.
b.
LocationofallSignalLineDistributionSystems,telephoneinstruments,lineandpowerfiltersand/orisolators,signalgroundpoints,etc.
.
.
c.
Routingandidentityoflines,cablesandothermetallicconductorswhichleavetheSCIarea,includingtelephone,power,signal,alarmlines,pipes,airducts,etc.
.
.
d.
IftheSCIFislocatedinaMulti-storybuildingNOTentirelycontrolledbytheUSgovernment,submitafloorplanoftheentirefloorandidentifytheoccupantsoftheotherspaces.
Inaddition,providethenamesoftheoccupantsonthefloorsaboveandbelowand,ifpossible,identifyanyforeignnationals.
GSAfacilitiesarenotexemptfromtheaboverequirement.
UNCLASSIFIED118e.
IndicatewhethertheSCIFsharesacommonwallwithanynon-governmentorganizations.
Ifso,listthemandshowtheirlocationsonthediagramandmaps.
UNCLASSIFIED119Thispageintentionallyleftblank.
UNCLASSIFIED120UNCLASSIFIEDCLASSIFYACCORDINGTOFACILITYSPONSORCLASSIFICATIONGUIDANCECompartmentedAreaChecklist[InsertOrgName][Date][Address]UNCLASSIFIED121UNCLASSIFIEDCHECKApplicableblocksInitialApprovalRe-approvalModifiedFacilityPre-constructionNewFacilityPageChangeChecklistContentsSectionA:GeneralinformationSectionB:CompartmentedAreaSecuritySectionC:CompartmentedAreaTypeDescriptionsListofAttachments(Diagramsmustbesubmittedon8"x11"or11"x17"format)UNCLASSIFIED122UNCLASSIFIEDSectionA:GeneralInformation1.
SCIFInformationOrganization/CompanyNameSCIFIdentificationNumber(ifapplicable)Organizationsubordinateto(ifapplicable)CognizantSecurityAuthority(CSA)DefenseSpecialSecurityCommunicationSystemInformation(ifapplicable)DSSCSMessageAddressDSSCSINFOAddressIfnoDSSCSMessageAddress,pleaseprovidepassinginstructionsb.
ExistingSCIFAccreditationInformationOpenStorageClosedStorageITProcessingDiscussionsContinuousOperationFixedSWATSWAOther2)Accreditationgrantedby:on:c.
Ifautomatedinformationsystem(AIS)isused,hasanaccreditationbeengrantedYesNoIfyes,identifycompartmentclassificationlevel(checkallthatapply)SCITopSecretSecretConfidentiald.
SCIFdutyhours:hourstohours)daysperweek.
e.
TotalsquarefootagethattheSCIFoccupies:f.
AnywaiversYesNoN/AIfyes,attachacopyofapprovedwaiver2.
LocationofProposedCompartmentedAreaStreetAddressBuildingName/#Floor(s)Suite(s)Room(s)#CityBase/PostUNCLASSIFIED123UNCLASSIFIEDState/CountryZipCodeContractnumberandexpirationdate(ifapplicableContractNumber:ExpirationDate:3.
MailingAddress(ifdifferentfromSCIFlocation)StreetorPostOfficeBoxCityStateZipCode4.
RequestorContactInformationNamePhoneOpen:E-MailUnclass:Classified:AdditionalE-mail5.
ResponsibleSecurityPersonnelPRIMARYALTERNATENameCommercialTelephoneDSNTelephoneSecureTelephoneSTETelephoneOtherTelephoneHomeTelephoneFacsimileClassified:Unclassified:CommandorRegionalSpecialSecurityOffice/name(SSO):(ifapplicable)CommercialTelephoneOtherTelephoneInformationUNCLASSIFIED124UNCLASSIFIEDSystemSecurityOfficerCommercialTelephoneSecureTelephone6.
CompartmentedAreaInformationa.
Compartmentedareaaccreditationleveldesired:1)IndicateCArequirementsOpenStorageClosedStorageITProcessingDiscussionsContinuousOperation2)IndicatetheCATypeRequested(SeeSectionC)Type1Type2Type3SectionB:CompartmentedAreaSecurity1.
Areallequipment(computers,copiers,printers,scanners,fax,etc.
)usedtoprocesscompartmentedinformationapprovedtoprocesscompartmentedprograminformationorasystemsecurityplan(SSP)submittedforapprovaltotheappropriateinformationsystemauthorizingofficialYesNoProvideacopyoftheapprovaldocumentationoracopyoftheSSPsubmitted.
2.
Workstationsinacubicleorofficeconfiguration–Type1:IstheCAinacubicleorotheropenenvironmentYesNoIstheworkstationinaclosableofficeYesNoIftheofficeisclosable,isthereanaccesscontroldeviceYesNoIfyes,pleaseprovidemanufacturerandmodelUNCLASSIFIED125UNCLASSIFIEDMANUFACTURERMODELAredisplayscreenspositionedtoavoid"shoulder-surfing"YesNoArepolarizedprivacyscreensinstalledYesNoIsprintingofCAmaterialrequiredYesNoIfyes,explainprinterlocation,connectivityandprocedurestoretrieveprintedmaterial.
Isscanning/copyingofCAmaterialrequiredYesNoIfyes,explaincopier/scannerlocation,connectivityandprocedurestoprotectCAmaterial.
IsstorageofCAmaterialrequiredwithintheCAYesNoIfyes,doonlyindividualsbriefedtotheCAprogramhaveaccesstotheGSAapprovedstoragecontainerYesNoDescribeprocedurestosecuretheworkstationwhentheindividualleavestheCA(foranylengthoftime).
DescribeprocedurestosecuretheCAattheendofday.
3.
CAswitharequirementfordiscussionsofcompartmentedinformation–Type2:AreallindividualswithintheCAbriefedtothecompartmentYesNoIfNo,describeprocedurestopreventinadvertentdisclosureofcompartmentedinformation.
IstheCAconstructedtomeetICS705-1acousticstandardsYesNoIfYes,describeacousticprotectionmethodused.
IssecureteleconferencingequipmenttobeusedYesNoUNCLASSIFIED126UNCLASSIFIEDDescribetheproceduresforcontrollingaccessduringprogramdiscussionsandcontrolofmeetingmaterialused(ifapplicable)duringandafterthediscussions.
4.
CAswitharequirementforstrictaccountabilityofcompartmentedinformation–Type3:AreallpersonnelwhohaveunescortedaccesstotheCAbriefedtothecompartmentedprogramYesNoDoestheCAmeetICS705-1standardforacousticprotection(ifapplicable)YesNoIfYes,describeacousticprotectionmethodused.
ArestoragecontainersGSAapprovedYesNoAreallequipment(computers,copiers,printers,scanners,fax,etc.
)usedtoprocesscompartmentedinformationapprovedorasystemsecurityplan(SSP)submittedforapprovalYesNo5.
Describetheproceduresforcontrollingaccessduringprogramdiscussionsandcontrolofmeetingmaterialused(ifapplicable)duringandafterthediscussions.
Inaddition,includeanyremarkstoassistintheapprovalprocess.
6.
Additionalsecuritymeasures(locks,alarms,dedicatedreadingrooms,etc.
)areconsiderswaivers(above)tothestandardsandrequireapprovaloftheICElementHead.
Identifyanyadditionalsecurityrequirementsrequested:UNCLASSIFIED127UNCLASSIFIEDSectionC:CompartmentedAreaTypeDescriptions1.
CompartmentedAreaTypes:a.
TypeI:Aworkstationenvironmentthatisusedtoviewandprocesscompartmentedinformation.
TypeIcomprisesopenbays,openspaces,orasetofroomswithmultiplecubiclesinanaccreditedSCIFwherecompartmentedinformationmaybesecurelyviewedand/orprocessed,i.
e.
,viaanapprovedcomputerworkstationbyauthorizedpersonnel.
Workstationsintheseenvironmentsmayincludecomputerswithsingleormultiplemonitors.
Polarizedprivacyscreensmaybeusedonacomputermonitortopreventpersonsotherthantheauthorizedusertoviewthematerial,i.
e.
,shouldersurfing,orwhenamonitorfacesaprimarydoororcommonworkarea.
Inadditiontoprocessingcompartmentedinformationonapprovedcomputerworkstations,TypeICAsmayincludetheuseofprinters,copiers,andscannerswithpriorapproval.
2.
b.
TypeII:Anareawherediscussionsofcompartmentedinformationmaytakeplace.
Ifsoequippedandapproved,compartmentedinformationmayalsobeviewedandprocessed.
ThisCAcomprisesaroom,e.
g.
,officeorconferenceroom,insideanaccreditedSCIFwherecompartmenteddiscussionsmaybeheldbyauthorizedpersonnel.
AllTypeIICAsmustmeetexistingsoundtransmissionclass(STC)requirementsperICS705-1toensurethattheroomorofficeretainssoundwithinitsperimeter.
Inadditiontocompartmenteddiscussions,TypeIICAsmaybeusedforsecurevideoteleconferencing(SVTC)andrelatedcommunicationconferencingandtheuseofsecuretelephonesforcompartmenteddiscussions.
Theuseofprinters,scanners,andcopiers,andthesecuretransferofdatatoapprovedremovablemediaorandtheuseofsecurefacsimilemachinesrequirepriorapproval.
UNCLASSIFIED128UNCLASSIFIED3.
c.
TypeIII:Arestricteddiscussionareausedforviewing,processing,printing,copying,storageandcontrolofaccountablecompartmentedinformation.
ThisCAisintendedforstoringandretainingcompartmentedinformationwhenaccountabilityandstrictcontrolofcompartmentedprograminformationisrequired.
Thisincludes,butisnotlimitedto:notes,briefs,slides,electronicpresentations,analyticpapers,removableharddrives,fieldpacks,thumbdrives,laptops,personalelectronicdevices(PEDs)orhand-helddevicesthatstorecompartmentedinformation.
InadditiontothestorageofcompartmentedmaterialinaGSA-approvedcontainer,TypeIIICAsmaybeusedforprocessingcompartmentedinformationonapprovedcomputerworkstations;theuseofprinters,scanners,andcopiers;thesecuretransferofdatatoapprovedremovablemedia;theuseofsecurefacsimilemachines;andtheuseofsecuretelephoneequipment(STE)forcompartmenteddiscussions.
AllpersonnelresidingwithinorwhohaveunfetteredaccesstoaTypeIIICAmustbeformallybriefedintoallcompartmentsthatresidewithintheTypeIIICA.
VisitorsarepermittedwithinTypeIIIareasonlywhenallcompartmentedinformation(forwhichthevisitorisnotbriefed)isstoredwithincontainers,outofsight,andwhilethevisitorisunderconstantobservationbyafullybriefedperson.
UNCLASSIFIED129UNCLASSIFIEDThispageintentionallyleftblank.
UNCLASSIFIED130UNCLASSIFIEDCLASSIFYACCORDINGTOFACILITYSPONSORCLASSIFICATIONGUIDANCEShipboardChecklist[InsertOrgName][Date][Address]UNCLASSIFIEDUNCLASSIFIED131CHECKApplicableblocksInitialAccreditationRe-AccreditationModifiedFacilityPre-constructionNewFacilityPageChangeChecklistContentsSectionA:GeneralinformationSectionB:PhysicalSecuritySectionC:IntrusionDetectionSystems(IDS)SectionD:TelecommunicationSystemsandEquipmentBaselineSectionE:ClassifiedDestructionMethodsSectionF:TEMPEST/TechnicalSecurityListofAttachments(Diagramsmustbesubmittedon8"x11"or11"x17"format)UNCLASSIFIEDUNCLASSIFIED132SectionA:GeneralInformation1.
SCIFDataa.
Organization/CompanyNameb.
NameofShipandHullnumberc.
HomePortd.
SCIFIDNumbere.
ContractNumberandExpirationDate(ifapplicable)f.
ConceptApprovalDateg.
CognizantSecurityAuthority(CSA)DefenseSpecialSecurityCommunicationSystemInformation(ifapplicable)h.
DSSCSMessageAddressDSSCSINFOAddressIfnoDSSCSMessageAddress,pleaseprovidepassinginstructionsi.
LocationofCompartments2.
CompleteMailingAddressStreetAddressBuildingName/#Floor(s)Suite(s)Room(s)#CityBase/PostState/CountryZipCode3.
E-MailAddressesClassified(Network/SystemName&Level)Unclassified(Network/SystemName)Other(Network/SystemName)AdditionalAddress(Network/SystemName)4.
ResponsibleSecurityPersonnelPRIMARYALTERNATENameCommercialTelephoneDSNTelephoneUNCLASSIFIEDUNCLASSIFIED133SecureTelephone/STETelephoneOtherTelephoneHome(optional)FacsimileNumber:ClassifiedUnclassifiedCommandorRegionalSpecialSecurityOffice/Name(SSO)(ifapplicable)PRIMARYALTERNATECommercialTelephoneOtherTelephoneInformationSystemSecurityOfficerNamePRIMARYALTERNATECommercialTelephoneSecureTelephone5.
AccreditationDataa.
Category/CompartmentsofSCIRequested:1)Indicatestoragerequirement:OpenClosedContinuousOperationNone2)IndicatethefacilitytypePermanentTemporarySecureWorkingAreaSecureWorkingAreaTacticalb.
ExistingAccreditationInformation(ifapplicable)1)SCIFaccessesrequired2)Accreditationgrantedby:On:3)Waivers:4)Co-UseAgreementsYesNoIfyes,providesponsor/compartment:c.
SAP(s)co-locatedwithinSCIFYesNoIfyes,identifySAPClassificationlevel(checkallthatapply)UNCLASSIFIEDUNCLASSIFIED134SCITopSecretSecretConfidentiald.
SCIFdutyhours(hourstohours)daysperweeke.
TotalsquarefootagethattheSCIFoccupiesf.
HasCSArequestedanywaiversYesNoN/AIfyes,attachacopyoftheapprovedwaiver6.
Construction/ModificationIsconstructionormodificationcompleteYesNoN/AIfno,entertheexpecteddateofcompletion7.
Inspectionsa.
TSCMServicecompletedbyOn(Attachacopyofreport)b.
WeredeficienciescorrectedYesNoN/AIfno,explainc.
LastphysicalsecurityinspectionbyOn(Attachacopyofreport)WeredeficienciescorrectedYesNoN/AIfno,explain8.
RemarksSectionB:PhysicalSecurity1.
Decks,bulkheadsandoverheadconstructionArethedecks,bulkheadsandoverheadconstructedofaluminumplateorstandardsshipboardmaterialtruefloortoceilingYesNo2.
SecurityIn-DepthWhatexternalsecurityattributesand/orfeaturesshouldtheCSAconsiderbeforedeterminingwhetherornotthisfacilityhasSecurityIn-DepthPleaseidentify/explainallfactors:3.
AccessControls:HowisaccesstotheSCIFcontrolleda.
ByGuardForceYesNoIfyes,whatistheirminimumsecurityclearancelevelb.
IsGuardForceArmedYesNoc.
ByassignedpersonnelYesNoIfyes,dopersonnelhavevisualcontrolofSCIFentrancedoorYesNoN/AUNCLASSIFIEDUNCLASSIFIED135d.
ByaccesscontroldeviceYesNoIfyes,whatkindAutomatedaccesscontrolsystemNon-automatedIfnon-automated1.
Isthereaby-passkeyYesNoN/AIfyes,howistheby-passkeyprotected2.
ManufacturerModel(Attachsheetifadditionalspaceisrequiredforthisinformation)Ifautomated1.
AreaccesscontroltransmissionlinesprotectedbyFIPSAESencryptionYesNoIfno,explainthephysicalprotectionprovided2.
AreautomatedaccesscontrolsystemlocationswithinaSCIForanalarmedareacontrolledattheSECRETlevelYesNo3.
IstheaccesscontrolsystemencodedandisIDdataandPINsrestrictedtoSCI-indoctrinatedpersonnelYesNo4.
DoesexternalaccesscontroloutsideSCIFhavetamperprotectionYesNo5.
IstheaccesscontroldeviceintegratedwithanIDS:YesNoN/AIstheaccesscontroldeviceintegratedwithanetworksystemYesNoN/A4.
PrimaryEntranceDoora.
IsroutineingressandegresstothespacethroughonedoorYesNob.
IstheshipboardtypedoorconstructedIAWICS705-1,YesNoc.
Isdoorconstructedofaluminum/steelplateorstandardshipboardmaterialsYesNod.
IsdoorequippedwithacombinationlockthatmeetsrequirementsofaPedestrianDeadboltFederalSpecificationsFF-L-2890YesNoIncludelockmanufacturer,modelandgroupManufacturerModelGroupRatinge.
IsdoorequippedwithanaccesscontroldeviceYesNof.
Isdoorconstructedinamannerwhichwillprecludeunauthorizedremovalofhingepinsandanchorbolts,aswellasobstructaccesstolock-inboltsbetweendoorandframeYesNog.
Remarks:5.
EmergencyExitUNCLASSIFIEDUNCLASSIFIED136a.
IsspaceequippedwithanemergencyexitYesNob.
Hastheemergencyexitbeenfabricatedofaluminum/steelplateorstandardshipboardmaterialsYesNoc.
Hasdoor(s)beenmountedinaframebracedandweldedinplaceinamannercommensuratewithstructuralcharacteristicsofthebulkhead,deckoroverheadinwhichitislocatedYesNod.
Hastheemergencyexitbeenconstructedinamannerwhichwillprecludeunauthorizedremovalofhingepinsandanchorbolts,aswellasobstructsaccesstolock-inboltsbetweendoorandframeYesNoe.
Remarks6.
RestrictionsonDamageControlFittingsandCablea.
AreanyessentialdamagecontrolfittingsorcableslocatedwithinorpassthroughtheSCIFYesNob.
Remarks7.
RemovableHatchesandDeckPlatesa.
Arehatchesanddeckplateslessthan10squarefeetthataresecuredbyexposednutsandbolts(externaltoSCIF)securedwithhighsecuritypadlocksYesNob.
Ifkeypadlocksareused,arethekeysstoredinasecuritycontainerlocatedwithaspaceunderappropriatesecuritycontrolYesNoc.
Remarks:8.
VentandDuctBarriersa.
Arevents,ducts,louvers,orotherphysicalperimeterbarrieropeningswithacrosssectionaldimensiongreaterthan96squareinchesprotectedattheperimeterwithafixedbarrierorsecuritygrillYesNob.
Ifgratingsorbarsareused,aretheyweldedinplaceYesNoc.
Remarks:9.
AcousticalIsolationa.
IsthephysicalperimeteroftheSCIFsealedorinsulatedwithnon-hardeningcaulkingmaterialsoastopreventinadvertentdisclosureofSCIdiscussionsorbriefingsfromwithintheSCIFYesNob.
Ininstanceswherethephysicalperimeterbarrierisnotsufficienttocontrolvoicesorsounds,istheuseofsounddeadeningmaterialinstalledYesNoc.
DoairhandlingunitshavecontinuousdutyblowersorprovideaneffectivelevelofsoundmaskingineachairpathYesNod.
Remarks:10.
VisualIsolationa.
AredoorsorotheropeningsinthephysicalperimeterbarrierthroughwhichtheinteriormaybeviewedscreenedorcurtailedYesNoUNCLASSIFIEDUNCLASSIFIED137b.
Remarks11.
PassingWindowsandScuttlesa.
HavepassingwindowsandscuttlesbeeneliminatedfromtheSCIFYesNob.
Remarks:12.
SecureStorageEquipmenta.
IstheSCIFequippedwithasufficientnumberofGSAapprovedsecuritycontainersYesNob.
HavetheybeenweldedinplaceorotherwisesecuredtoafoundationforsafetyYesNoc.
Remarks:SectionC:IntrusionDetectionSystems(IDS)1.
AreSCIFaccessdoor(s)andemergencyexit(s)protectedbyavisualandaudiblealarmsystem:YesNoa.
DoesalarminstallationconsistofsensorsateachdoorandalertingindicatorslocatedwithintheSCIFYesNob.
Doestheemergencyexitdoor(s)alarmhaveadifferentfeatureYesNoc.
DoesthesystemhaveanalarmmonitorstationwhichiscontinuouslymannedbypersonnelcapableofrespondingtoordirectingaresponsetoanalarmviolationoftheSCIFwhenitisunmannedYesNod.
Remarks:SectionD:TelecommunicationSystemsandEquipmentBaseline1.
Isthefacilitydeclareda"NoclassifiedDiscussionArea"YesNoIfyes,thentheaudioprotectionquestionswithinthissectionmaybeidentifiedasN/AIfthefacilityisdeclaredaNoClassifiedDiscussionArea,arewarningnoticespostedprominentlywithinthefacilityYesNoN/A2.
Doesthefacilityhaveanyunclassifiedtelephonesthatareconnectedtothecommercialpublicswitchtelephonenetwork(PSTN)YesNoWhatisthemethodofon-hookprotection1)CNSS5006(TSG-6)approvedtelephoneorinstrumentYesNoN/A(Pleaseidentifyalltelephoneequipment/stationsand/orinstrumentsbeingusedeitherbeloworasanattachment)ManufacturerModelNumberTSGNumber(ifapplicable)UNCLASSIFIEDUNCLASSIFIED1382.
CNSS5006approveddisconnectdeviceYesNoN/Aa)LinedisconnectYesNoN/Ab)RingerprotectionYesNoN/AManufacturerModelNumberTSGNumber(ifapplicable)3)CNSS5002(TSG-2)configuredcomputerizedtelephonesystem(CTS)YesNoN/Aa)Ifyes,pleaseprovidethefollowinginformationabouttheCTSManufacturerModelb)Ifyes,pleaseprovidespecificlocationoftheCTSc)HowisthefacilityprotectingtheCTSphysicallycontrolledd)Ifyes,whatistheclearancelevel(ifany)offacilityorareawheretheswitchislocatedandhowisareacontrollede)Areallcables,signallinesandintermediatewiringframesbetweentheSCIFtelephonesandtheCTSphysicallyprotectedwithinaphysicallycontrolledspaceYesNoIfno,pleaseexplainf)Areallprogrammedia,suchastapesand/ordisks,fromtheCTSaffordedphysicalprotectionfromunauthorizedalterationsYesNog)Isanup-to-datemastercopyoftheCTSsoftwareprogrammaintainedforconfirmationand/orreloadingoftheoperatingsystemYesNoh)DoestheCTShavethecapabilitytoforceorholdatelephonestationoff-hookYesNoi)DoestheCTSuseremotemaintenanceanddiagnosticproceduresorotherremoteaccessfeaturesYesNoIfyes,explainmaintenanceproceduresj)DotheCTSinstallersandprogrammershavesecurityclearancesYesNoIfyes,atwhataccesslevel(minimumestablishedbyCSA)Ifno,areescortsprovidedYesNo4)IsitVoiceoverInternetProtocol(VoIP)phonesystemYesNoN/Aa)Ifyes,pleaseprovidethefollowinginformationabouttheIPSUNCLASSIFIEDUNCLASSIFIED139ManufacturerModelIPSLocationb)Doallunclassifiedtelephoneswithinthefacilityhaveahold,muteand/orpush-to-talk[handset]capability,(foroff-hookaudioprotection)YesNoN/AIfno,pleaseexplainc)IsaccesstothefacilityhousingtheIPSphysicallycontrolledYesNod)Ifyes,whatistheclearancelevel(ifany)offacilityorareawheretheswitchislocatedatandhowistheareacontrollede)Areallcables,signallinesandintermediatewiringframesbetweentheSCIFtelephonesandtheIPSphysicallyprotectedorcontainedwithinaphysicallycontrolledspaceYesNoIfno,pleaseexplainf)Areallprogrammedia,suchastapesand/ordisks,fromtheIPSaffordedphysicalprotectionfromunauthorizedalterationsYesNog)Isanup-to-datemastercopyoftheIPSsoftwareprogrammaintainedforconfirmationand/orreloadingoftheoperatingsystemYesNoh)DoestheIPShavethecapabilitytoforceorholdatelephonestationoff-hookYesNoi)DoestheIPSuseremotemaintenanceanddiagnosticproceduresorotherremoteaccessfeaturesYesNoj)DotheIPSinstallersandprogrammershavesecurityclearancesYesNoIfyes,atwhataccesslevel(minimumestablishedbyCSAIfno,areescortsprovidedYesNo3.
AutomatictelephonecallansweringArethereanyautomaticcallansweringdevicesforthetelephonesintheSCIFYesNo1)Ifyes,pleaseidentifythetypea.
Voicemail/unifiedmessageserviceYesNob.
Standalonetelephoneansweringdevice(TAD)YesNo2)ProvidemanufacturerandmodelnumberoftheequipmentManufacturerModelNumberArespeakerphones/microphonesenabledYesNoN/AUNCLASSIFIEDUNCLASSIFIED140Ifyes,hastheremoteroommonitoringcapabilitybeendisabledYesNoHasthisbeenapprovedforusebytheCSAYesNoN/AProvidedetailedconfigurationproceduresIfapplicable,isthevoicemailorunifiedmessagingservicesconfiguredtopreventunauthorizedaccessfromremotediagnosticportsorinternaldialtoneYesNo4.
AreanyMulti-FunctionOfficeMachines(M-FOMs)usedwithintheSCIF(M-FOMsareelectronicequipmentthatcanbeusedasnetworkorstandaloneprinters,facsimiles,andcopiers)YesNoa.
Ifyes,pleaseidentifythedevicetoinclude(PleaseidentifyallM-FOMdevicesinuse,eitherbeloworasanattachment(includeamanufactureVolatilestatementforeachM-FOM)MakeModelSerialNumberb.
Ifyes,pleaseidentifyallfeaturesandinformationprocessinglevelofeachM-FOM1)CopierYesNoN/AIfyes,level(s)ofinformation2)FacsimileYesNoN/AIfyes,level(s)ofinformation3)Printer(connectedtoastandalonecomputerornetworkYesNoN/AIfyes,pleaseexplainandidentifythesystem(s)andthelevel(s)ofinformation)c.
DoestheM-FOMhavememorystoragecapabilityYesNoIfyes,whatkindVolatile(informationinmemoryclears/eraseswhenpoweredoffNon-volatile(informationinmemorythatremainswhenpoweredoff)d.
DoestheM-FOMhaveadigitalharddriveYesNoN/Ae.
HavemaintenanceanddispositionproceduresbeenestablishedYesNoN/Af.
Ifreproductionofclassified/sensitivematerialstakeplaceoutsidetheSCIF,describeequipmentandsecurityproceduresusedtoreproducedocumentsg.
DoestheM-FOMhavevoicetransmissioncapabilityand/oratelephonehandsetYesNoN/AIfyes,howisthisfeaturesprotectedPleasedescribe5.
Arethereanyvideoteleconference(VTC)systemsinstalledYesNoUNCLASSIFIEDUNCLASSIFIED141Ifyes,whatlevel(s)ofinformationistheVTCsystemprocessing6.
Arealltelecommunicationssystems,devices,features,andsoftwaredocumented(Attachedtelecommunicationbaseline)YesNo7.
SoundPoweredTelephonesHaveallsoundpoweredtelephonesbeeneliminatedfromtheSCIFYesNoIfno,answerthefollowingquestionsa.
AretheresoundpoweredorothertelephonesystemsinthefacilitywhichcannotconnecttolocationsoutsidetheSCIFYesNoHowManyb.
AretheyinstalledandprotectedIAWICS705-1,SectionEYesNoRemarks8.
GeneralAnnouncingSystemDogeneralannouncingsystemloudspeakershaveanaudioamplifierandaretheoutputsignallineinstalledwithintheSCIFYesNoRemarks9.
SCIIntercommunicationsAnnouncingSystemsDoanyintercommunicationtypeannouncingsystemsthatprocessSCIpassthroughareasoutsidetheSCIFYesNoIfyes,listtype,manufacturerandmodelTypeManufacturerModelRemarks10.
CommercialInterconnectionEquipmentAreanycommercialintercommunicationsequipmentinstalledwithintheSCIFYesNoRemarks11.
PneumaticTubeSystemsa.
ArethereanypneumatictubesystemsinstalledintheSCIFYesNob.
AretheyinstalledIAWICS705-1,SectionEYesNoc.
RemarksUNCLASSIFIEDUNCLASSIFIED142SectionE:ClassifiedDestructionMethods1.
Destructionmethodsa.
Describethemethodandequipmentusedfordestructionofclassified/sensitivematerial(ifmorethanonemethodordevice,useRemarkstodescribe.
(Ifmorethanonedevice,useremarkstolistallmanufacturerandmodel)MethodDeviceManufacturerModelb.
IsasecondarymethodofdestructionavailableYesNoc.
Describethelocationofdestructionsite(s)inrelationtothesecurefacility:d.
Describemethodorprocedureusedforhandlingnon-solubleclassified/sensitivematerialatthisfacility:e.
DoyouhaveawrittenEmergencyActionPlan(EAP)approvedbyCSA(ifrequired)YesNoN/ARemarksSectionF:TEMPEST/TechnicalSecurity1.
DoesthefacilityelectronicallyprocessclassifiedinformationYesNoIfyes,whatisthehighestlevelofinformationprocessed2.
ForthelastTEMPESTAccreditation(ifapplicable),providethefollowinginformationAccreditationgrantedby:On3.
HastheCSA'sCertifiedTEMPESTTechnicalAuthority(CTTA)requiredanyTEMPESTcountermeasuresYesNoN/AIfyes,pleaseidentifythecountermeasuresthathavebeeninstalled(i.
e.
non-conductivesections,RadioFrequency(RF)shielding,power/signallinefilters,windowfilm,etc.
)4.
ArethereanyothersystemsinstalledwithinorincloseproximitytotheSCIFthathaveRFcapability(e.
g.
,firealarm,ground-to-air-radio,cellulartower,RFnetworks,etc)YesNoIfyes,pleaseexplainUNCLASSIFIEDUNCLASSIFIED143Thispageintentionallyleftblank.
UNCLASSIFIEDUNCLASSIFIED144CLASSIFYACCORDINGTOFACILITYSPONSORCLASSIFICATIONGUIDANCEAircraft/UAVChecklist[InsertOrgName][Date][Address]UNCLASSIFIEDUNCLASSIFIED145CHECKApplicableblocksInitialAccreditationRe-AccreditationModifiedFacilityPre-constructionNewFacilityPageChangeChecklistContentsSectionA:GeneralinformationSectionB:PhysicalSecuritySectionC:IntrusionDetectionSystems(IDS)SectionD:ClassifiedDestructionMethodsSectionE:TEMPEST/TechnicalSecurityListofAttachments(Diagramsmustbesubmittedon8"x11"or11"x17"format)UNCLASSIFIEDUNCLASSIFIED146SectionA:GeneralInformation1.
SCIFDataa.
Organization/CompanyNameb.
TypeofAircraftandTailNumberc.
HomeStationd.
SCIFIDNumbere.
ContractNumberandExpirationDate(ifapplicable)f.
ConceptApprovalDateg.
CognizantSecurityAuthority(CSA)h.
DefenseSpecialSecurityCommunicationSystemInformation(ifapplicable)DSSCSMessageAddressDSSCSINFOAddressIfnoDSSCSMessageAddress,pleaseprovidepassinginstructions2.
CompleteMailingAddress3.
E-MailAddressClassified(Network/SystemName&Level)Unclassified(Network/SystemName)Additional(Network/SystemName)4.
ResponsibleSecurityPersonnelPRIMARYALTERNATENameCommercialTelephoneDSNTelephoneSecureTelephoneSTETelephoneOtherTelephoneHomeTelephone(Optional)UNCLASSIFIEDUNCLASSIFIED147FAX#ClassifiedUnclassifiedCommandorRegionalSpecialSecurityOffice/Name(SSO):(ifapplicable)CommercialOtherTelephonePRIMARYALTERNATEInformationSystemSecurityOfficerName:CommercialSecure5.
AccreditationDataa.
Category/CompartmentsofSCIRequested:b.
ExistingAccreditationInformation(ifapplicable)(1)Category/CompartmentsofSCI:(2)Accreditationgrantedby:On:(3)Co-UseAgreementsYesNoIfyes,providesponsor/compartment:c.
IsthereaSAP(s)co-locatedwithintheaircraftYesNoSAPClassificationLevel(checkallthatapply)SCITopSecretSecretConfidentiald.
HasCSArequestedanywaiversYesNoN/AIfyes,attachacopyoftheapprovedwaiverConstruction/ModificationIsconstructionormodificationcompleteYesNoN/AIfno,entertheexpecteddateofcompletion6.
Inspectionsa.
LastphysicalsecurityinspectionperformedbyOn(Attachacopyofreport)WeredeficienciescorrectedYesNoN/AIfno,explainREMARKS:UNCLASSIFIEDUNCLASSIFIED148SectionB:PhysicalSecurity1.
StationaryAircraft/UAVa.
IstheaircraftlocatedwithinacontrolledareaYesNoN/AIfno,explain:b.
WhennotperformingaSCImissionisallSCIremovedfromtheaircraftandstoredinanaccreditedSCIFYesNoN/AIfyes,SCIFID:Ifno,explainhowSCIisprotectedwhentheaircraftisunoccupied:2.
AccessControl:Howisaccesstotheaircraftcontrolleda.
ByGuardForceYesNoIfyes,whatistheirsecurityclearancelevelb.
IsGuardForceArmedYesNoc.
ByAssignedPersonnel:YesNoIfYes,dopersonnelhavevisualcontroloftheentrancedoorYesNoN/Ad.
WhenprocessingSCI,areallpersonnelaboardtheaircraftclearedforalltheSCIcompartmentsthattheaircraftisaccreditedforYesNoIfnot,whataretheproceduresforsegregating/protectingSCIcompartmentsfromunauthorizeddisclosure3.
HatchesandDoorsLeadingInsidetheAircraft:a.
AredoorsequippedwithGSAapprovedlocksYesNoManufacturerModelGroupb.
AretamperserializedsealsusedwhenaircraftisunoccupiedYesNoIfyes,aresealsinstalledandalogbookmaintainedbySCIclearedpersonnelYesNoc.
Remarks4.
AcousticalIsolationa.
IsaphysicalperimeterestablishedaroundtheaircraftatadistancesoastopreventinadvertentdisclosureofSCIdiscussionsorbriefingsfromwithintheaircraftYesNoUNCLASSIFIEDUNCLASSIFIED149b.
Ininstanceswherethephysicalperimeterbarrierisnotsufficienttocontrolvoicesorsounds,aresoundcountermeasuredevicesorsoundgeneratingdevicesusedYesNoc.
Remarks5.
VisualIsolationa.
AredoorsorotheropeningsintheaircraftthroughwhichtheinteriormaybeviewedscreenedorcurtainedYesYesb.
Remarks6.
ProceduresForProtectingSCIWhenTheAircraftIsParkedInFriendly/UnfriendlyTerritoriesSectionC:IntrusionDetectionSystems(IDS)1.
IstheaircraftequippedorlocatedwithinastructureorareathathasanIDSYesNoIfyes,pleaseprovidethefollowing:a.
IDSCompanyprovidername(ifapplicable)b.
PremiseControlUnit(PCU)ManufacturerModelNumberTamperProtectionYesNoc.
WhereisthePCUlocatedd.
Locationofinteriormotiondetectionprotection:Accessiblepointsofentry/perimeterYesNoe.
HastheIDSAlarmMonitorStationbeeninstalledtoUnderwritersLaboratoriescertifiedstandardsYesNoIfyes,pleaseprovidecertificationnumberandexpirationdateofULcertificationCertificationNumberExpirationDatef.
HastheIDSpassedCSAorUL2050installationandacceptancetestsYesNoIfyes,pleaseattachacopyofcertificateandskiptoquestion2below.
(Non-commercialproprietarysystemmustanswerallquestions)g.
MotionSensors(Indicatesensorplacementonalegiblefloorplan;8.
5"x11"or11"x17"paperUNCLASSIFIEDUNCLASSIFIED150ManufacturerModelNumberTamperProtectionYesNoh.
AremotionsensorsinstalledabovethefalseceilingYesNoN/Ai.
AremotionsensorsinstalledbelowthefalsefloorsYesNoN/Aj.
Arethereanyotherintrusiondetectionequipmentsensors/detectorsinuseYesNoIfyes,pleaseidentifymake,model,andmanufacturerandfunction(indicateonfloorplan)MakeModelManufacturerFunctionk.
DoestheIDSextendbeyondtheSCIFperimeterYesNoCanthestatusofPCUbechangedfromoutsideIDSprotectionYesNoIfyes,isanauditconducteddailyYesNoHastheIDSconfigurationbeenapprovedbytheCSAYesNol.
DoanyintrusiondetectionequipmentcomponentshaveaudioorvideocapabilitiesYesNoIfyes,pleaseexplain:HastheCSAmitigatedthiscapabilityYesNom.
IDSAdministratorSCIindoctrinatedYesNon.
ExternalTransmissionLineSecurity:WhatisthemethodoflinesecurityMeetsNIST;FIPSAESEncryptionYesNoIfyes,hastheencryptionbeencertifiedbyNationalInstituteofStandardsandTechnology(NIST)oranotherindependenttestinglaboratoryYesNoIfnotNISTFIPSAES,isthereanalternateYesNoIfyes,pleaseexplain:DoesthealternatelineutilizeanycellularorotherRadioFrequency(RF)capabilityYesNoIfyes,providemanufacturerandmodelManufacturerModelo.
DoesanypartoftheIDSusealocalorWideAreNetworkYesNoN/AUNCLASSIFIEDUNCLASSIFIED151(1)IstheNetworkIntrusionDetectionSoftware(NIDS)administratoratleastTopSecret(collateral)clearedYesNoN/A(2)IsthehostcomputerdedicatedsolelyforsecuritypurposesYesNoN/A(3)IsthehostcomputersecuredwithinanalarmedareacontrolledattheSecretorhigherlevelYesNoN/A(4)IsthehostcomputerprotectedthroughfirewallsorsimilardevicesYesNoN/AArethefirewalls/devicesconfiguredtoonlyallowdatatransfersbetweenIDScomponentsYesNoN/A(5)Isthepasswordforthehostcomputeruniqueforeachuserandatleast8characterslongYesNoN/A(6)Isthepasswordchangedsemi-annuallyYesNo(7)AreremotesecurityterminalsprotectedthesameofthehostcomputerYesNoN/AIfno,pleaseexplain:p.
WastheIDSinstalledbyU.
S.
citizens:YesNoN/AIfno,pleaseexplain:q.
IsemergencypoweravailablefortheIDSYesNoN/AWhattypeGeneratorYesNoIfyes,howmanyhoursWhattypeBatteryYesNoIfyes,howmanyhoursr.
Ifapplicable,describethemethodofventilationandductworkprotection:s.
WhereistheIDSAlarmMonitorStationlocatedt.
DoestheMonitorStationhaveanyremotecapabilities(i.
e.
,resettingalarms,issuingPINs,accessing/securingalarms,etc)YesNoN/AIfyes,pleaseexplain:u.
DoestheIDShaveanyautomaticfeatures(i.
e.
,timedauto-secure,auto-accesscapabilities)YesNoN/Av.
DoesthePCU/keypadhavedialoutcapabilitiesYesNow.
IDSResponsePersonnel(1)WhoprovidesinitialalarmresponseUNCLASSIFIEDUNCLASSIFIED152(2)DoestheresponseforcehaveasecurityclearanceYesNoIfyes,whatistheclearancelevel:(3)DoyouhaveawrittenagreementforexternalresponseforceYesNo(4)EmergencyproceduresdocumentedYesNo(5)ReservesecurityforceavailableYesNo(6)Responsetoanalarmconditionminutesx.
AreresponseprocedurestestedandrecordsmaintainedYesNoIfno,pleaseexplain:y.
Ifrequired,hasaCatastrophicFailurePlanbeenapprovedbytheCSAYesNoz.
DoestheIDSundergosemiannualtestingYesNoaa.
HaveIDSrecordsbeenmaintained:YesNobb.
RemarksSectionD:ClassifiedDestructionMethods1.
Forhomestation,describethemethodandequipmentusedfordestructionofclassified/sensitivematerial(ifmorethanonemethodordevice,useRemarkssectiontodescribe(ifmorethanone,useRemarkssectiontolistallmanufacturerandmodel)MethodDeviceManufacturerModel2.
IsasecondarymethodofdestructionavailableYesNo3.
Describethelocationofdestructionsite(s)inrelationtotheaircraft4.
Describethemethodorprocedureusedforhandlingnon-solubleclassified/sensitivematerialatyourfacility5.
DoyouhaveawrittenEmergencyActionPlan(EAP)approvedbyCSAYesNo6.
Describeproceduresforin-flightemergencydestruction:7.
RemarksUNCLASSIFIEDUNCLASSIFIED153SectionE:TEMPEST/TechnicalSecurity1.
DoestheaircraftelectronicallyprocessclassifiedinformationYesNoIfyes,whatisthehighestlevelofinformationprocessed2.
HasitreceivedTEMPESTaccreditationYesNoN/ADateAccreditationgrantedby:UNCLASSIFIEDUNCLASSIFIED154SCIFCo-UseRequestandMOA1.
To:AddresseeGovernmentCSA:2.
From:RequestingGovernmentCSA:RequestingAgency:Date:POC:Name/Title:Telephone:3.
Facilitywhereco-useisdesiredCompany/DepartmentName:CompleteSCIFAddress:(street)(city,state,andzipcode)SCIFID:SCIFRoomNumbers:SitePOC(Name/Title):Telephone:4.
Classification:(Provideclassificationlevel,SCIcompartments,andstoragerequirementsforCo-Use)HighestClassification:ConfidentialSecretTopSecretSCIcompartments:Storagerequirements:openclosedUNCLASSIFIEDUNCLASSIFIED1555.
InformationSystem(IS)processingrequested:(ProvidePOCforIScoordinationifCo-UseorJoint-Use.
)InformationSystemProcessingNotRequiredCo-Use:Useasystemthatwillnotbeconnectedtosystem(s)forwhichtheagencywithcognizancefortheSCIFistheaccreditoror,useforperiodprocessingonlyanexistingsystemforwhichtheagencywithcognizancefortheSCIFistheaccreditorJoint-Use:UseanexistingsystemforwhichtheagencywithcognizancefortheSCIFistheaccreditorSuchusewillconsistof:Logicalseparationofdata(viasoftware)orco-mingledata(noseparation).
DetailedjustificationrequiredinItem9.
ISPOC(Name/Title):Telephone:6.
Duration:A.
ContractorFacility:RFPDate:(ifapplicable)ExpirationdateofContract:(enterdateor"Indefinite")ContractNumber:B.
GovernmentFacility:ExpirationDateofAgreement:(enterdateor"Indefinite")UNCLASSIFIEDUNCLASSIFIED1567.
TypeEffort:IntelRelatedOther(Ifother,describe)8.
DoesthisfacilityhavewaiversNoYes(Ifyes,listwaivers)Comments/Justification:CONCUR:(NameandTitle)(Date)*Notice:Emailorotherexchangeandreceiptofthisform,completedandconcurred,constitutesaformalMemorandumofAgreement(MOA).
Co-UsemeanstwoormoreorganizationssharingthesameSCIF.
AllpersonnelinvolvedwithCo-UseSCIFsmustbeapprovedtoICD704standards.
UNCLASSIFIEDUNCLASSIFIED157ConstructionSecurityPlan(CSP)Definition:Aplanoutliningsecurityprotectivemeasuresthatwillbeappliedtoeachphaseoftheconstructionproject.
TherequirementssetforthinthisplanprovidethebaselineforconstructionsecurityactivitiesandmaybesupplementedasrequiredbutmaynotbereducedwithoutcoordinationandapprovalfromtheAccreditingOfficial(AO).
Thecontentsbelowaresuggestedtopics.
Theplanformatandcontentshallbedevelopedbytheelementaccreditingofficial(AO)baseduponthesize,purposeandlocationoftheSCIF.
a.
SiteSecurityManager:(identifytheSSMandcontactinformation)b.
StatementofConstructionProject:(provideadescriptionoftheproposedwork)c.
ExistingSCIFID(ifprojectisassociatedwithcurrentlyaccreditedSCIF)d.
CognizantSecurityAuthority/AccreditingOfficial:(element)e.
LocationofWork:(address/location)f.
EstimatedStartDate:(estimateddateconstructionwillbegin)g.
EstimatedCompletionDate:(estimateddateconstructionwillend)UNCLASSIFIEDUNCLASSIFIED158h.
HasaRiskAssessmentBeenCompleted:(ifyesattachcopy)i.
SecurityinDepth(SID)Documentation:(Documentthelayersofprotectionofferedatthesite,suchassecurityfencingorwalls,rovingguards,marinesecurityguards,CCTVcoverage,andcontrolledand/orlimitedaccessbufferstofacility)j.
AdjacenciestoConsider:(includeadescriptionofadjacentfacilitiestoincludeotherclassifiedagencies,activities,andpresenceofforeignnationalsoperatinginadjacentspacesonallsixsidesoftheproposedSCIF)k.
ControlofConstructionPlansandDocuments:(Describehowconstructionplansandallrelateddocumentsshallbehandledandprotected)l.
ControlofOperationsifaRenovationProject(describebarriersthatwillbeinstalledtosegregateconstructionworkersfromoperationalactivities)m.
Procurement,ShippingandStorageofBuilding/FinishingMaterial:(IfrequiredbyAO,describesecuritymeasurestoensureintegrityofbuildingmaterialsand/orfinishingmaterials.
)n.
ConstructionWorkers(Dependinguponthestandardsrequired(withinU.
S.
,outsideU.
S.
,etc),forconstructionworkers,provideinformationtoverifyworkerstatus,clearancesifrequired,and/ormitigationsemployed.
)o.
SiteSecurity(Identifyplanstosecureconstructionsite,toincludeanyproposedfences,guards,CSTs,escorts,etc.
)p.
SecurityAdministration:(listsecuritydocumentationandretentionrequirementsthatshallbemaintainedbytheSSM(i.
e.
visitorlogs,namesofconstructionworkers,securityincidents,etc.
)