(DCID 6/9) —
MANUAL
Physical Security Standards
for Sensitive Compartmented Information Facilities
(Effective 18 November 2002)
TABLE
OF CONTENTS
|
PREFACE.
|
|
1. POLICY
AND CONCEPT
|
|
1.1
Policy Statement
|
|
1.2
Concept
|
|
1.3
American Disabilities Act (ADA)
Review
|
|
2. GENERAL
ADMINISTRATIVE
|
|
2.1
SCI Facilities (SCIFs)
|
|
2.2
Physical Security Preconstruction Review and Approval
|
|
2.3
Accreditation
|
|
2.4
Co-Utilization
|
|
2.5
Personnel Controls
|
|
2.6
Control of Combinations
|
|
2.7
Entry/Exit Inspections
|
|
2.8
Control of Electronic Devices and Other Items
|
|
3.
PHYSICAL SECURITY CONSTRUCTION POLICY FOR SCIFs
|
|
3.1
Construction Policy for SCI Facilities
|
|
3.2
Temporary Secure Working Area (TSWA).
|
|
3.3
Requirements Common To All SCIFs; Within The US
and Overseas
|
|
4.
CONSTRUCTION SPECIFICATIONS
|
|
4.1
Vault Construction Criteria
|
|
4.2
SCIF Criteria For Permanent Dry Wall Construction
|
|
4.3
SCIF Construction Criteria For Steel Plate
|
|
4.4
SCIF Construction Criteria For Expanded Metal.
|
|
4.5
General.
|
|
5. GLOSSARY
|
|
|
|
ANNEX A - SCIF Accreditation Checklist
|
|
ANNEX B - Intrusion Detection Systems (IDS)
|
|
ANNEX C - Tactical Operations/Field Training
PART I - Ground Operation.
PART II - Aircraft/Airborne Operation.
PART III - Shipboard Operation.
|
|
ANNEX D
PART I - Electronic Equipment in Sensitive
Compartmented Facilities (SCIFs)
PART II - Disposal of Laser Toner Cartridges
|
|
ANNEX E - Acoustical Control and Sound Masking Techniques
|
|
ANNEX F - Personnel Access Controls
|
|
ANNEX G - Telecommunications Systems and Equipment
|
PREFACE:
DCID 6/9, Physical Security Standards for Sensitive Compartmented
Information Facilities (SCIFs) was approved by the
Director of Central Intelligence (DCI) on 30 January 1994.
A complete copy of DCID 6/9 consists of the basic DCID and annexes A through
G. The annexes are as follows:
|
Annex A -
|
SCIF Checklist (approved 27 May 1994)
|
|
Annex B -
|
Intrusion Detection Systems (revised 18 November 2002)
|
|
Annex C -
|
Tactical Operations/Field Training (approved 27 May 1994)
Part I - Ground Operation
Part II- Aircraft/Airborne Operation
Part III - Shipborne Operation
|
|
Annex D -
|
Part I - Electronic Equipment in SCIFs
(approved 30 January 1994)
Part II - Handling and Disposal of Laser Toner Cartridges (revised 5 June 1998)
|
|
Annex E -
|
Acoustical control and Sound Masking Techniques (approved 30 January 1994)
|
|
Annex F -
|
Personnel Access Controls (revised 18 November 2002)
|
|
Annex G -
|
Telephone Security (revised 18 November 2002)
|
1. POLICY AND CONCEPT
1.1 Policy Statement
1.1.1 Physical
security standards are hereby established governing the construction and
protection of facilities for storing, processing, and discussing Sensitive
Compartmented Information (SCI) which requires extraordinary security
safeguards. Compliance with this DCID 6/9
Implementing Manual (hereafter referred to as the "Manual") is
mandatory for all Sensitive Compartmented Information Facilities (SCIFs) established after the effective date of this manual,
including those that make substantial renovations to existing SCIFs. Those SCIFs approved prior to the effective date of this Manual
will not require modification to meet these standards.
1.1.2 The physical
security safeguards set forth in this Manual are the standards for the
protection of SCI. Senior Officials of
the Intelligence Community (SOICs), with DCI
concurrence, may impose more stringent standards if they believe extraordinary
conditions and circumstances warrant. SOICs may not delegate this authority. Additional cost resulting from more stringent
standards should be borne by the requiring Agency, Department, or relevant
contract.
1.1.3 In situations
where conditions or unforeseen factors render full compliance to these
standards unreasonable, the SOIC or designee may waive specific requirements in
accordance with this Manual. However,
this waiver must be in writing and specifically state what has been
waived. The Cognizant Security Authority
(CSA) must notify all co-utilizing agencies of any waivers it grants.
1.1.4 All SCIFs must be accredited by the SOIC or designee prior to
conducting any SCI activities.
1.1.5 One person is
now authorized to staff a SCIF, which eliminates the two-person rule (the
staffing of a SCIF with two or more persons in such proximity to each other to
deter unauthorized copying or removal of SCI).
1.2 Concept
1.2.1 SCIF design must
balance threats and vulnerabilities against appropriate security measures in
order to reach an acceptable level of risk.
Each security concept or plan must be submitted to the CSA for approval. Protection against surreptitious entry,
regardless of SCIF location, is always required. Security measures must be taken to deter
technical surveillance of activities taking place within the SCIF. TEMPEST security measures must be considered
if electronic processing of SCI is involved.
1.2.2 On military and
civilian compounds, there may exist security controls such as identification
checks, perimeter fences, police patrols, and other security measures. When considered together with the SCIF
location and internal security systems, those controls may be sufficient to be
used in lieu of certain physical security or construction requirements
contained in this Manual.
1.2.3 Proper security
planning for a SCIF is intended to deny foreign intelligence services and other
unauthorized personnel the opportunity for undetected entry into those
facilities and exploitation of sensitive activities. Faulty security planning and equipment
installation not only jeopardizes security but wastes money. Adding redundant security features causes
extra expense which could be used on other needed features. When security features are neglected during
initial construction, retrofitting of existing facilities to comply with
security requirements is necessary.
1.3 American Disabilities Act (ADA)
Review
1.3.1 Nothing in this
manual shall be construed to contradict or inhibit compliance with the law or
building codes. CSAs
shall work to meet appropriate security needs according to the intent of this
Manual at acceptable cost.
2. GENERAL ADMINISTRATIVE
2.1 SCI Facilities (SCIFs)
A SCIF is an accredited area, room, group of rooms, buildings, or
installation where SCI may be stored, used, discussed, and/or electronically
processed. SCIFs
will be afforded personnel access control to preclude entry by unauthorized
personnel. Non-SCI indoctrinated
personnel entering a SCIF must be continuously escorted by an indoctrinated
employee who is familiar with the security procedures of that SCIF. The physical security protection for a SCIF
is intended to prevent as well as detect visual, acoustical, technical, and
physical access by unauthorized persons.
Physical security criteria are governed by whether the SCIF is in the United
States or not, according to the following
conditions: closed storage, open storage, continuous operations, secure working
area.
2.2 Physical Security Preconstruction Review and Approval
CSAs shall review physical security
preconstruction plans for SCIF construction, expansion or modification. All documentation pertaining to SCIF
construction will be appropriately controlled and restricted on a need-to-know
basis. The approval or disapproval of a
physical security preconstruction plan shall be made a matter of record.
2.2.1 The requester
shall submit a Fixed Facility Checklist (FFC, Annex A) to the respective CSA
for review and approval.
2.2.2 The Checklist
submission shall include floor plans, diagrams of electrical communications,
heating, ventilation, air conditioning (HVAC) connections, security equipment
layout (to include the location of intrusion detection equipment), etc. All diagrams or drawings must be submitted on
legible and reproducible media.
2.2.3 The CSA shall be
responsible for providing construction advice and assistance and pre-approving
SCIF construction or modification.
2.3 Accreditation
The CSA will ensure SCIFs
comply with DCID 6/9. The CSA is
authorized to inspect any SCIF, direct action to correct any deficient situation,
and withdraw SCIF accreditation. The
procedures for establishment and accreditation of SCIFs
are prescribed below:
2.3.1 The procedures
for establishment and accreditation of SCIFs from
conception through construction must be coordinated and approved by the SOIC or
CSA.
2.3.2 SCI shall never
be handled, processed, discussed, or stored in any facility other than a
properly accredited SCIF unless written authorization is granted by the CSA.
2.3.3 An inspection of
the SCIF shall be performed by the CSA or appointed representative prior to
accreditation. Periodic reinspections shall be based on threat, physical
modifications, sensitivity of programs, and past security performance. Inspections may occur at any time, announced
or unannounced. The completed fixed
facility checklist will be reviewed during the inspection to ensure continued
compliance. TSCM evaluations may be
required at the discretion of the CSA, as conditions warrant. Inspection reports shall be retained within
the SCIF and by the CSA. All SCIFs shall maintain on site, current copies of the
following documents:
a. DCID 6/9 Fixed
Facility Checklist
b. Accreditation
authorization documents (e.g., physical, TEMPEST, and AIS).
c. Inspection
reports, including TSCM reports, for the entire period of SCIF accreditation
d. Operating
procedures, Special Security Officer Contractor Special Security Officer
(SSO/CSSO) appointment letters, Memoranda of
Agreement (MOAs), Emergency Action Plans, etc.
e. Copies of any
waivers granted by the CSA.
2.3.4
Inspection: Authorized inspectors shall be admitted to a SCIF without delay or
hindrance when inspection personnel are properly certified to have the
appropriate level of security clearance and SCI indoctrination for the security
level of the SCIF. Short notice or
emergency conditions may warrant entry without regard to the normal SCIF duty
hours. Government owned equipment needed
to conduct SCIF inspections will be admitted into SCIF without delay.
2.3.5
Facilities which are presently accredited, under construction or in the
approval process at the date of implementation of this Manual shall not require
modification to conform to these standards.
2.3.5.1
Facilities undergoing major modification may be required to comply
entirely with the provisions of this Manual.
Approval for such modifications shall be requested through the CSA and
received prior to any modifications taking place within the SCIF.
2.3.5.2
In the event a need arises to reopen a SCIF after the accreditation has been
terminated, the CSA may approve the use of a previously accredited SCIF based
upon a review of an updated facility accreditation package.
2.3.6
Withdrawal of Accreditation:
2.3.6.1
Termination of Accreditation: When it has been determined that a SCIF is no
longer required, withdrawal of accreditation action will be initiated by the
SSO/CSSO. Upon notification, the CSA
will issue appropriate SCI withdrawal correspondence. The CSA or appointed representative will
conduct a close out inspection of the facility to ensure that all SCI material
has been removed.
2.3.6.2
Suspension or Revocation of Accreditation: When the CSA determines that there
is a danger of classified information being compromised or that security
conditions in a SCIF are unsatisfactory, SCI accreditation will be suspended or
revoked. All appropriate authorities
must be notified of such action immediately.
2.4 Co-Utilization
2.4.1
Agencies desiring to co-utilize a SCIF should accept the current accreditation
and any waivers. Any security
enhancements required by an agency or department requesting co-utilization
should be funded by that organization, and must be approved by the SOIC with
DCI concurrence prior to implementation.
A co-utilization agreement must be established prior to occupancy.
2.4.2
Special Access Programs (SAP) co-located within a SCIF will meet the physical
security requirements of this Manual and DCI Special Access Programs (SAP)
Policy, January 4, 1989.
2.5 Personnel Controls
2.5.1
Access rosters listing all persons authorized access to the facility shall be
maintained at the SCIF point of entry.
Electronic systems, including coded security identification cards or
badges may be used in lieu of security access rosters.
2.5.2
Visitor identification and control: Each SCIF shall have procedures for
identification and control of visitors seeking access to the SCIF.
2.6 Control of Combinations
2.6.1
Combinations to locks installed on security containers/safes, perimeter doors,
windows and any other openings should be changed whenever:
a. A combination
lock is first installed or used;
b. A combination
has been subjected, or believed to have been subjected to compromise; and
c. At other times
when considered necessary by the CSA.
2.6.2
All combinations to SCIF entrance doors should be stored in another SCIF of
equal or higher accreditation level.
When this is not feasible, alternate arrangements will be made in
coordination with the CSA.
2.7 Entry/Exit Inspections
The CSA shall prescribe procedures for inspecting persons, their property,
and vehicles at the entry or exit points of SCIFs, or
at other designated points of entry to the building, facility, or
compound. The purpose of the inspection
is to deter the unauthorized removal of classified material, and deter the
introduction of prohibited items or contraband.
This shall include determination of whether inspections are randomly
conducted or mandatory for all, and whether they apply for visitors only or for
the entire staff assigned. All personnel
inspection procedures should be reviewed by the facility's legal counsel prior
to promulgation.
2.8 Control of Electronic Devices and Other Items
2.8.1
The CSA shall ensure that procedures are instituted for control of electronic
devices and other items introduced into or removed from the SCIF. See Annex D for guidance.
2.8.2
The prohibition against electronic equipment in SCIFs
does not apply to those needed by the disabled or for medical or health reasons
(e.g. motorized wheelchairs, hearing
aids, heart pacemakers, amplified telephone headsets, teletypewriters for the
hearing impaired). However, the SSO or
CSSO shall establish procedures for notification that such equipment is being
entered in to the SCIF.
2.8.3
Emergency and police personnel and their equipment, including devices carried
by emergency medical personnel responding to a medical crisis within a SCIF,
shall be admitted to the SCIF without regard to their security clearance
status. Emergency personnel will be
escorted to the degree practical.
However, debriefing of emergency personnel will be accomplished as soon
as possible, if appropriate.
2.8.4
Equipment for TEMPEST or Technical Surveillance Countermeasures (TSCM) testing
shall be admitted to a SCIF as long as the personnel operating the equipment
are certified to have the appropriate level of security clearance and SCI
indoctrination.
3. PHYSICAL SECURITY CONSTRUCTION POLICY FOR SCIFs
3.1 Construction Policy for SCI Facilities
Physical security criteria is governed by whether the SCIF is located in the
US or not,
according to the following conditions: closed storage, open storage, continuous
operations, secure working areas.
3.1.1
Closed Storage
3.1.1.1
Inside U.S:
a. The SCIF must
meet the specifications in Chapter 4 Permanent Dry Wall Construction).
b. The SCIF must be
alarmed in accordance with Annex B to this manual.
c. SCI must be
stored in GSA approved security containers.
d. There must be a
response force capable of responding to an alarm within 15 minutes after
annunciation and a reserve response force available to assist the responding
force.
e. The CSA may
require any SCIF perimeter walls accessible from exterior building ground level
to meet the equivalent protection afforded by Chapter 4 (Expanded Metal)
construction requirement.
3.1.1.2
Outside U.S.:
a. The SCIF must
meet the construction specifications for SCIFs as set
forth in Chapter 4 (Steel Plate or Expanded Metal). SCIFs within US
Government controlled compounds [1][1] ,
or equivalent, having armed immediate response forces may use specifications
indicated in Chapter 4 (Permanent Dry Wall Construction) with prior approval of
the CSA.
b. The SCIF must be
alarmed in accordance with Annex B.
c. All SCI
controlled material will be stored in GSA-approved containers having a rating
for both forced and surreptitious entry equal to or exceeding that afforded by
Class 5 containers.
d. There must be a
response force capable of responding to an alarm within 10 minutes and a
reserve response force available to assist the responding force.
3.1.2
Open Storage
3.1.2.1
INSIDE US: When open storage is justified and approved by the CSA. the SCIF must:
a. be alarmed in
accordance with Annex B;
b. have a response
force capable of responding to an alarm within 5 minutes and a reserve response
force available to assist the response force; and
c. meet one of the
following:
1. SCIFs within a controlled US
government compound or equivalent may use specifications indicated in Chapter 4
(Permanent Dry Wall Construction): or
2. SCIFs within a controlled building with continuous
personnel access control, may use specifications indicated in Chapter 4
(Permanent Dry Wall Construction). The
CSA may require any SCIF perimeter walls accessible from exterior building
ground level to meet the equivalent protection afforded by Chapter 4 (Expanded
Metal) construction requirements; or
3. SCIFs which are not located in a controlled building or
compound may use specifications indicated in Chapter 4 (expanded Metal) or
(Vault) constructions requirements.
3.1.2.2
OUTSIDE US: Open storage of SCI material will be avoided. When open storage is justified as mission
essential, vault construction is preferred.
The SCIF must:
a. be alarmed in
accordance with Annex B;
b. have a response
force capable of responding to an alarm within 5 minutes and a reserve response
force available to assist the responding force.
c. have an
adequate, tested plan to protect, evacuate, or destroy the material in the
event of emergency or natural disaster; and
d. meet one of the
following:
1. The construction
specification for vaults set forth in Chapter 4 (Vaults); or
2. With the approval of the CSA, SCIFs located on a controlled US
government compound or equivalent having immediate response forces, may use
expanded metal, steel plate, or GSA approved modular vaults in lieu of vault
construction.
3.1.3
Continuous Operation
3.1.3.1
INSIDE THE US:
a. The SCIF must
meet the construction specifications as identified in Chapter 4 (Permanent Dry
Wall Construction). An alert system and
duress alarm may be required by the CSA, based on operational and threat
conditions.
b. Provisions should
be made for storage of SCI in GSA approved containers. If the configuration of the material
precludes this, there must be an adequate, tested plan to protect, evacuate, or
destroy the material in the event of emergency, civil unrest or natural
disaster.
c. There must be a
response force capable of responding to an alarm within 5 minutes and a reserve
response force available to assist the responding force.
3.1.3.2
OUTSIDE THE US:
a. The SCIF must
meet the construction specifications for SCIFs as set
forth in Chapter 4 (Expanded Metal). An
alert system and duress alarm may be required by the CSA, based on operational
and threat conditions. (b) The
capability must exist for storage of all SCI in GSA-approved security
containers, or the SCIF must have an adequate, tested plan to protect,
evacuate, or destroy the material in the event of emergency or natural
disaster.
b. SCIFs located within US Government controlled compounds, or
equivalent, having immediate response forces, may use the secure area
construction specifications as listed in Chapter 4 (Permanent Dry Wall
Construction) with prior approval of the CSA
c. There must be a
response force capable of responding to an alarm within 5 minutes, and a
reserve response force available to assist the responding force.
3.1.4
Secure Working Areas are accredited facilities used for handling, discussing,
and/or processing SCI. but where SCI
will not be stored.
3.1.4.1
INSIDE THE U.S.:
a. The Secure
Working Area SCIF must meet the specifications set forth in Chapter 4
(Permanent Dry Wall Construction).
b. The Secure
Working Area SCIF must be alarmed with a balanced magnetic switch on all
perimeter entrance doors.
c. No storage of
SCI material is authorized.
d. There must be a
response force capable of responding to an alarm within 15 minutes after
annunciation, and a reserve response force available to assist the responding
force.
3.1.4.2
OUTSIDE THE U.S.:
a. The Secure
Working Area SCIF must meet the construction specifications indicated in
Chapter 4 (Permanent Dry Wall Construction).
b. The Secure
Working Area SCIF must be equipped with an approved alarm system as set forth
in Annex B.
c. No storage of
SCI material is authorized.
d. There must be a
response force capable of responding to an alarm within 10 minutes, and a
reserve response force available to assist the responding force.
3.2 Temporary Secure Working Area (TSWA)
3.2.1
A Temporary Secure Working area is defined as a temporarily accredited facility
that is used no more than 40 hours monthly for the handling, discussion, and/or
processing of SCI, but where SCI should not be stored. with sufficient justification, the CSA may
approve longer periods of usage and storage of SCI for no longer than 6 months.
3.2.2
During the entire period the TSWA is in use, the entrance will be controlled
and access limited to persons having clearance for which the area has been
approved. Approval for using such areas
must be obtained from the CSA setting forth room number(s), building, location,
purpose, and specific security measures employed during usage as well as during
other periods. TSWAs
should be covered by an alarm system.
These areas should not be used for periods exceeding an average total of
40 hours per month. No special
construction is required other than to meet sound attenuation requirements as
set forth in Annex E, when applicable.
If such a facility must also be used for the discussion of SCI, a
Technical Surveillance Countermeasures (TSCM) evaluation may be required at the
discretion of the CSA, as conditions warrant.
3.2.3
When not in use at the SCI level, the TSWA will be:
a. Secured with a keylock or a combination lock approved by the CSA.
b. Access will be limited
to personnel possessing a US Secret clearance.
3.2.4
If such a facility is not alarmed or properly protected during periods of
non-use, a TSCM inspection may be conducted prior to use for discussion at the
SCI level.
3.3 Requirements Common To All SCIFs;
Within The US
and Overseas
3.3.1
CONSTRUCTION: The SCIF perimeter walls, floors and ceiling, will be permanently
constructed and attached to each other.
All construction must be done in such a manner as to provide visual
evidence of unauthorized penetration.
3.3.2
SOUND ATTENUATION: The SCIF perimeter walls, doors, windows, floors and
ceiling, including all openings, shall provide sufficient sound attenuation to
preclude inadvertent disclosure of conversation. The requirement for sound attenuation are
contained within Annex E.
3.3.3
ENTRANCE, EXIT, AND ACCESS DOORS:
3.3.3.1
Primary entrance doors to SCIFs shall be limited to
one. If circumstances require more than
one entrance door, this must be approved by the CSA. In some circumstances, an emergency exit door
may be required. In cases where local
fire regulations are more stringent, they will be complied with. All perimeter SCIF doors must be closed when
not in use, with the exception of emergency circumstances. If a door must be left open for any length of
time due to an emergency or other reasons, then it must be controlled in order
to prevent unauthorized removal of SCI.
3.3.3.2
All SCIF perimeter doors must be plumbed in their frames and the frame firmly
affixed to the surrounding wall. Door
frames must be of sufficient strength to preclude distortion that could cause
improper alignment of door alarm sensors, improper door closure or degradation
of audio security.
3.3.3.3
All SCIF primary entrance doors must be equipped with an automatic door closer,
a GSA-approved combination lock and an access control device with the following
requirements: [2][2]
a. If doors are
equipped with hinge pins located on the exterior side of the door where it
opens into an uncontrolled area outside the SCIF, the hinges will be treated to
prevent removal of the door (e.g., welded, set screws, etc.)
b. If a SCIF
entrance door is not used as an access control door and stands open in an
uncontrolled area, the combination lock will be protected against unauthorized
access/tampering.
3.3.3.4
Control doors: The use of a vault door for controlling daytime access to a
facility is not authorized. Such use
will eventually weaken the locking mechanism, cause malfunctioning of the
emergency escape device, and constitute a security and safety hazard. To preclude this, a second door will be
installed and equipped with an automatic door closer and an access control
device. (It is preferable that the
access door be installed external to the vault door.)
3.3.3.5
SCIF emergency exit doors shall be constructed of material equivalent in
strength and density to the main entrance door.
The door will be secured with deadlocking panic hardware on the inside
and have no exterior hardware. SCIF
perimeter emergency exit doors should be equipped with a local enunciator in
order to alert people working in the area that someone exited the facility due
to some type of emergency condition.
3.3.3.6
Door Construction Types: Selections of entrance and emergency exit doors shall
be consistent with SCIF perimeter wall construction. Specifications of doors, combination locks,
access control devices and other related hardware may be obtained from the
CSA. Some acceptable types of doors are:
a. Solid wood core
door, a minimum of 1 3/4 inches thick.
b. Sixteen gauge
metal cladding over wood or composition materials, a minimum of 1 3/4 inches
thick. The metal cladding shall be
continuous and cover the entire front and back surface of the door.
c. Metal fire or
acoustical protection doors, a minimum of 1 3/4 inches thick. A foreign manufactured equivalent may be used
if approved by the CSA.
d. A joined metal
rolling door, minimum of 22 gauge, used as a loading dock or garage structure
must be approved on a case-by-case basis.
3.3.4
PHYSICAL PROTECTION OF VENTS, DUCTS, AND PIPES:
3.3.4.1
All vents, ducts, and similar openings in excess of 96 square inches that enter
or pass through a SCIF must be protected with either bars, or grills, or
commercial metal duct sound baffles that meet appropriate sound attenuation
class as specified in Annex E. Within
the United States,
bars or grills are not required if an IDS is used. If one dimension of the duct measures less
than six inches, or duct is less than 96 square inches, bars are not required;
however, all ducts must be treated to provide sufficient sound
attenuation. If bars are used, they must
be 1/2 inch diameter steel welded vertically and horizontally six (6) inches on
center; if grills are used, they must be of 9-gauge expanded steel; if
commercial sound baffles are used, the baffles or wave forms must be metal
permanently installed and no farther apart than six (6) inches in one
dimension. A deviation of l/2 inch in
vertical and/or horizontal spacing is permissible.
3.3.4.2
Based on the TEMPEST accreditation, it may be required that all vents, ducts,
and pipes must have a non-conductive section (a piece of dissimilar material
e.g., canvas, rubber) which is unable to carry electric current, installed at
the interior perimeter of the SCIF.
3.3.4.3
An access port to allow visual inspection of the protection in the vent or duct
should be installed inside the secure perimeter of the SCIF. If the inspection port must be installed
outside the perimeter of the SCIF, it must be locked.
3.3.5
WINDOWS:
3.3.5.1
All windows which might reasonably afford visual surveillance of personnel,
documents, materials, or activities within the facility, shall be made opaque
or equipped with blinds, drapes or other coverings to preclude such visual
surveillance.
3.3.5.2
Windows at ground level [3][3]
will be constructed from or covered with materials which will provide
protection from forced entry. The
protection provided to the windows need be no stronger than the strength of the
contiguous walls. SCIFs
located within fenced and guarded government compounds or equivalent may
eliminate this requirement if the windows are made inoperable by either
permanently sealing them or equipping them on the inside with a locking
mechanism.
3.3.5.3
All perimeter windows at ground level shall be covered by an IDS.
4. CONSTRUCTION SPECIFICATIONS.
4.1 Vault Construction Criteria
4.1.1
Reinforced Concrete Construction: Walls, floor, and ceiling will be a minimum
thickness of eight inches of reinforced concrete. The concrete mixture will have a
comprehensive strength rating of at least 2,500 psi. Reinforcing will be accomplished with steel
reinforcing rods, a minimum of 5/8 inches in diameter, positioned centralized
in the concrete pour and spaced horizontally and vertically six inches on
center; rods will be tied or welded at the intersections. The reinforcing is to be anchored into the
ceiling and floor to a minimum depth of one-half the thickness of the adjoining
member.
4.1.2
GSA-approved modular vaults meeting Federal Specification FF-V-2737, may be
used in lieu of a 4.1.1 above.
4.1.3
Steel-lined Construction: Where unique structural circumstances do not permit
construction of a concrete vault, construction will be of steel alloy-type of
1/4" thick, having characteristics of high yield and tensile
strength. The metal plates are to be
continuously welded to load-bearing steel members of a thickness equal to that
of the plates. If the load-bearing steel
members are being placed in a continuous floor and ceiling of reinforced
concrete, they must be firmly affixed to a depth of one-half the thickness of
the floor and ceiling.
If the floor and/or ceiling construction is less
than six inches of reinforced concrete, a steel liner is to be constructed the
same as the walls to form the floor and ceiling of the vault. Seams where the steel plates meet
horizontally and vertically are to be continuously welded together.
4.1.4
All vaults shall be equipped with a GSA-approved Class 5 or Class 8 vault
door. Within the US,
a Class 6 vault door is acceptable.
Normally within the United States
a vault will have only one door that serves as both entrance and exit from the
SCIF in order to reduce costs.
4.2 SCIF Criteria For Permanent Dry Wall Construction
Walls, floor and ceiling will be permanently constructed and attached to
each other. To provide visual evidence
of attempted entry, all construction, to include above the false ceiling and
below a raised floor, must be done in such a manner as to provide visual
evidence of unauthorized Penetration.
4.3 SCIF Construction Criteria For Steel Plate
Walls, ceiling and floors are to be reinforced on the inside with steel
plate not less than 1/8" thick. The
plates at all vertical joints are to be affixed to vertical steel members of a
thickness not less than that of the plates.
The vertical plates will be spot welded to the vertical members by
applying a one-inch long weld every 12 inches; meeting of the plates in the
horizontal plane will be continuously welded.
Floor and ceiling reinforcements must be securely affixed to the walls
with steel angles welded or bolted in place.
4.4 SCIF Construction Criteria For Expanded Metal
Walls are to be reinforced, slab-to-slab, with 9-gauge expanded metal. The expanded metal will be spot welded every
6 inches to vertical and horizontal metal supports of 16-gauge or greater
thickness that has been solidly and permanently attached to the true floor and
true ceiling.
4.5 General
The use of materials having thickness or diameters larger than those
specified above is permissible. The
terms "anchored to and/or embedded into the floor and ceiling" may
apply to the affixing of supporting members and reinforcing to true slab or the
most solid surfaces; however, subfloors and false
ceiling are not to be used for this purpose.
5. GLOSSARY
Access Control System:
A system to identify and/or admit personnel with properly authorized access
to a SCIF using physical, electronic, and/or human controls.
Accreditation: The
formal approval of a specific place, referred to as a Sensitive Compartmented
Information Facility (SCIF), that meets prescribed physical, technical, and
personnel security standards.
Acoustic Security:
Those security measures designed and used to deny aural access to
classified information.
Astragal Strip: A
narrow strip of material applied over the gap between a pair of doors for
protection from unauthorized entry and sound attenuation.
Authorized Personnel:
A person who is fully cleared and indoctrinated for SCI, has a valid
need to know, and has been granted access to the SCIF.
Balanced Magnetic Switch (BMS): A type of IDS sensor which may be installed
on any rigid, operable opening (i.e., doors, windows) through which access may
be gained to the SCIF.
Break-Wire Detector: An IDS sensor used with screens and
grids, open wiring, and grooved stripping in various arrays and configurations
necessary to detect surreptitious and forcible penetrations of movable
openings, floors, walls, ceilings, and skylights. An alarm is activated when the wire is
broken.
Closed Storage: The
storage of SCI material in properly secured GSA approved security containers
within an accredited SCIF.
Computerized Telephone System (CTS): Also referred to as a hybrid key system,
business communication system, or office communications system.
Cognizant Security Authority (CSA): The single principal designated by a SOIC
(see definition of SOIC) to serve as the responsible official for all aspects
of security program management with respect to the protection of intelligence
sources and methods, under SOIC responsibility.
Continuous Operation:
This condition exists when a SCIF is staffed 24 hours every day.
Controlled Area/Compound:
Any area to which entry is subject to restrictions or control for
security reasons.
Controlled Building:
A building to which entry is subject to restrictions or control for
security reasons.
Co-Utilization: Two
or more organizations sharing the same SCIF
Dead Bolt: A lock
bolt with no spring action. Activated by
a key or turn knob and cannot be moved by end pressure.
Deadlocking Panic Hardware:
A panic hardware with a deadlocking latch that has a device when in the
closed position resists the latch from being retracted.
Decibel (db): A unit
of sound measurement.
Document: Any
recorded information regardless of its physical form or characteristics,
including, without limitation, written or printed matter, data processing cards
and tapes, maps, charts, paintings, drawings, photos, engravings, sketches,
working notes and papers, reproductions of such things by any means or process,
and sound, voice, magnetic or electronic recordings in any form.
Dual Technology:
PIR, microwave or ultrasonic IDS sensors which combine the features of
more than one volumetric technology.
Expanded Steel: Also
called EXPANDED METAL MESH. A lace work
patterned material produced from sheet steel by making regular uniform cuts and
then pulling it apart with uniform pressure.
Guard: A properly
trained and equipped individual whose duties include the protection of a
SCIF. Guards whose duties require direct
access to a SCIF, or patrol within a SCIF, must meet the clearance criteria in
Director of Central Intelligence Directive 6/4.
CSA will determine if indoctrination is required.
Intelligence Community (and agencies within the (and agencies within
the Community): Refers to the
United States Government agencies and organizations identified in section
3.4(f) (1 through 7) of Executive Order 12333.
Intrusion Detection System:
A security alarm system to detect unauthorized entry.
Isolator: A device or assembly of devices which
isolates or disconnects a telephone or Computerized Telephone System (CTS) from
all wires which exit the SCIF and which as been accepted as effective for
security purposes by the Telephone Security Group (TSG approved).
Key Service Unit (KSU):
An electromechanical switching device which controls routing and
operation of an analog telephone system.
Line Supervision:
Class I: Class I line security is achieved through the
use of DES or an algorithm based on the cipher feedback or cipher block
chaining mode of encryption.
Certification by NIST or another independent testing laboratory is
required.
Class II: Class II line supervision refers to systems
in which the transmission is based on pseudo random generated or digital
encoding using an interrogation and response scheme throughout the entire
communication, or UL Class AA line supervision.
The signal shall not repeat itself within a minimum six month period,
Class II security shall be impervious to compromise using resistance, voltage,
current, or signal substitution techniques.
Motion Detection Sensor:
An alarm sensor that detects movement.
Non-Conductive Section:
Material (i.e. canvas, rubber,
etc.) which is installed in ducts.
vents, or pipes, and is unable to carry audio or RF emanations.
Non-Discussion Area:
A clearly defined area within a SCIF where classified discussions are
not authorized due to inadequate sound attenuation.
Open Storage: The
storage of SCI material within a SCIF in any configuration other than within
GSA approved security containers.
Response Force:
Personnel (not including those on fixed security posts) appropriately
equipped and trained, whose duties include initial or follow up response to
situations which threaten the security of the SCIF. This includes local law enforcement support
or other external forces as noted in agreements.
Secure Working Area:
An accredited SCIF used for handling, discussing and/or processing of
SCI, but where SCI will not be stored.
Senior Official of the Intelligence Community (SOIC): The head of an agency, of fine, bureau, or
intelligence element identified in section 3.4(f) (1 through 6) of Executive
Order 12333.
Sensitive Compartmented Information (SCI): SCI is classified information concerning or
derived from intelligence sources, methods or analytical processes, which is
required to be handled exclusively within formal control systems established by
the Director of Central Intelligence.
Sensitive Compartmented Information Facility (SCIF): An accredited area, room, group of rooms,
building, or installation where SCI may be stored, used, discussed and/or electronically
processed.
Sound Group: Voice
transmission attenuation groups established to satisfy acoustical
requirements. Ratings measured in sound
transmission class may be found in the Architectural Graphic Standards.
Sound Transmission Class (STC): The rating used in architectural
considerations of sound transmission loss such as those involving walls,
ceilings, and/or floors.
Special Access Program (SAP): Any approved program which imposes
need-to-know or access controls beyond those normally required for access to
CONFIDENTIAL, SECRET, or TOP SECRET information.
Surreptitious Entry:
Unauthorized entry in a manner which leaves no readily discernible
evidence.
Tactical SCIF: An
accredited area used for actual or simulated war operations for a specified
period of time.
Technical Surveillance Countermeasures (TSCM) Surveys and
Evaluations: A physical,
electronic, and visual examination to detect technical surveillance devices,
technical security hazards, and attempts at clandestine penetration.
Type Accepted Telephone:
Any telephone whose design and construction conforms with the design
standards for Telephone Security Group approved telephone sets. (TSG Standard #3, #4, or #5).
Vault: A room(s)
used for the storing, handling, discussing, and/or processing of SCI and
constructed to afford maximum protection against unauthorized entry.
Waiver: An exemption
from a specific requirement of this document.
DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE (DCID)
6/9
ANNEX
A - SCIF Accreditation Checklist
(Effective 27 May 1994)
|
Table of Contents
· Section
A--General Information
· Section
B--Peripheral Security
· Section
C--SCIF Security
· Section
D--Doors
· Section
E--Intrusion Detection Systems
· Section
F--Telephone System
· Section
G--Acoustical Protection
· Section
H--Administrative Security
·
Attachments
|
DATE _________________
FIXED FACILITY CHECKLIST
[ ] PRECONSTRUCTION [ ] NEW [ ] MODIFIED FACILITY
Section A -- General Information
|
1.
|
SCIF Data: Organization/Company Name:
_____________________________
SCIF Identification Number (if applicable): _____________________________
Organization subordinate to (If applicable): _____________________________
Contract Number & Expiration Date: _________________________________
CSA: _________________________________________________________
Project Headquarter Security Office (if applicable): _______________________
|
|
2.
|
SCIF Location: _________________________________________________
Street Address: _________________________________________________
_____________________________________________________________
Bldg Name/#: __________________ Floor: _______________________
Room(s) No: __________________
City: _________________________
State/Country: _________________
ZIP Code: _____________________
|
|
3.
|
Responsible Security Personnel:
Primary: _______________________ Alternate: _____________________
Commercial Telephone: _____________________
DSN Telephone: __________________________
Secure Telephone: Type: ____________________
Home Telephone: __________________________
Fax No: (specify both classified and unclassified)
Classified: ______________________ Unclassified: _____________________
Other: _____________________________________
|
|
4.
|
Accreditation Data:
a. Category of SCI
Requested: _____________________________________
Indicate the storage required:
_____ Open Storage _____ Closed Storage ____ Continuous Operation
_____ Secure Working Area _____ Temporary Secure Working Area
b. Existing
Accreditation Information (If applicable):
1. (1) Category
of SCI: _________________________________________
2. (2)
Accreditation granted by: ___________________________________
on ___________
c. Last TEMPEST
Accreditation (if applicable): Accreditation granted
by: _____________________________________________ on _______
d. If Automated
Information Systems (AISs) are used, has an
accreditation
been granted? ______ YES _____ NO
Accreditation granted by: ____________________________ on ________
e. SAP co-located
within SCIF? ______ YES _____ NO
(If Yes, Classification: ________, and provide copy of Co-utilization
Agreement for SAP oeration in SCIF.)
f. Duty Hours:
_______ hours to hours, _______ days per week.
g. Total square
feet SCIF occupies: ___________
|
|
5.
|
Construction/modification: Is construction or modification
complete?
______ YES _____ NO _____ N/A (If NO, expected date of completion)
_____________________________________________________________
|
|
6.
|
Inspections:
a. TSCM Service
completed by ________________________ on _______ (Attach copy of report)
Were deficiencies corrected? ______ YES _____ NO _____ N/A
(If NO, explain:) ______________________________________________
b. Last Physical
Security Inspection by____________________ on ______(Attach copy of report)
Were deficiencies corrected? ______ YES _____ NO _____ N/A
(If NO ,explain:) ______________________________________________
c. Last
Security Assistance visit by_______________________ on ______
|
|
7.
|
REMARKS:
_____________________________________________________
|
Section B -- Peripheral Security
|
8.
|
Describe building exterior security:
a. Fence:
___________________________________________________
b. Fence Alarm:
______________________________________________
c. Fence
lighting: _____________________________________________
d. Television
(CCTV): _________________________________________
e. Guards:
___________________________________________________
f. Other:
___________________________________________________
|
|
9.
|
Building:
1.
Construction type: __________________________________________
2. Describe
Access Controls: ____________________________________
(1) Continuous:
_____ YES _____ NO
(2) If NO, during
what hours? __________________________________
|
|
10.
|
Remarks:
___________________________________________________________
___________________________________________________________________
___________________________________________________________________
|
Section C -- SCIF Security
|
11.
|
How is access to the SCIF controlled?
a. By Guard
Force: ____ YES ____ NO Security Clearance Level: _______
b. By Assigned
Personnel: _____ YES _____ NO
c. By Access
Control Device: _____ YES _____ NO
If yes, Manufacturer __________________ Model No _______________
|
|
12.
|
Does the SCIF have windows? _____ YES _____ NO
a. How are
they acoustically protected (If applicable) _____________________
________________________________________________________________
b. How are they
secured against opening? ______________________________
________________________________________________________________
c. How are they
protected against visual surveillance? (If applicable) __________
_______________________________________________________________
|
|
13.
|
Do ventilation ducts penetrate the SCIF perimeter?_____
YES _____ NO
a. Number and size
(Indicate on floor plan): ____________________________
_______________________________________________________________
b. If over 96 square
inches, type of protection used:
1. IDS: _____ YES
_____ NO (Describe in Section E)
2. Bars/Grills
Metal Baffles: _____ YES _____ NO
_____OTHER - Explain: _____________________________________
c. Metal Duct
Sound Baffles: Are ducts equipped with:
1. Metal Baffles:
_____ YES _____ NO
2. Noise
Generator: _____ YES _____ NO
3. Non-Conductive
Joints: _____ YES _____ NO
4. Inspection
Ports: _____ YES _____ NO
§ If YES, are they within the SCIF?_____ YES
____ NO
§ If they are located outside of the SCIF, how
are they secured? _____________________________________________________
d. If TEMPEST
accreditation authority requires; are pipes, conduits, etc., penetrating the
SCIF equipped
with non-conductive unions at the point they breach the SCIF perimeter? _____
YES _____ NO
Are they provided acoustical protection? (if applicable) ____ YES _____ NO
|
|
14.
|
Construction:
a. Perimeter walls:
1. Material
& Thickness: ______________________________________
2. Do the walls
extend from the true floor to the true ceiling?
_____ YES _____ NO
b. True ceiling
(material and thickness): ______________________________
c. False ceiling?
_____ YES _____ NO If yes:
1. Type of
ceiling material:
2. Distance
between false and true ceiling:
d. True floor
(material and thickness): _______________________________
e.
False Floor? _____ YES _____ NO If yes:
o Distance between false and true
floor:__________________________
|
|
15.
|
Remarks:
_________________________________________________________
________________________________________________________________
________________________________________________________________
|
Section D -- Doors
|
16.
|
Describe SCIF Primary Entrance Door (Indicate on floor
plan): _____________
_____________________________________________________________
_____________________________________________________________
Is an automatic door closer installed? _____ YES _____ NO
If NO, explain: _________________________________________________
|
|
17.
|
Describe number and type of doors used for SCIF emergency
exits and other
perimeter doors (Indicate on floor plan): ______________________________
_____________________________________________________________
Is an automatic door closer installed? _____ YES _____ NO
If NO, explain: _________________________________________________
_____________________________________________________________
|
|
18.
|
Describe how the door hinges exterior to the SCIF are
secured against removal
(if in an uncontrolled area):_________________________________________
_____________________________________________________________
_____________________________________________________________
|
|
19.
|
Locking devices:
a. Perimeter
SCIF Entrance Door:
1. List
manufacturer, model number and Group rating: ____________
___________________________________________________
2. Does entrance
door stand open into an uncontrolled area?
_____ YES _____ NO If YES, describe tamper protection: _____
___________________________________________________
b. Emergency Exits
and Other Perimeter Doors:
Describe (locks, metal strip/bar, deadbolts, panic hardware): __________
________________________________________________________
________________________________________________________
c. Where are the
door lock combinations filed? ______________________
________________________________________________________
|
|
20.
|
Remarks:
_____________________________________________________
_____________________________________________________________
_____________________________________________________________
|
Section E -- Intrusion Detection Systems
Give manufacturer and model numbers in
response to following questions:
|
21.
|
Method of Interior Motion Detection Protection:
a. Accessible
Perimeter? _________________________________________
Storage Areas? ______________________________________________
b. Motion Detection
Sensors (Indicate on floor Plan): ____________________
Tamper protection: _____ YES _____ NO
c. Other
(e.g. CCTV, etc.):
_______________________________________
|
|
22.
|
Door and Window Protection (Indicate on floor plan):
a. Balanced
Magnetic Switch (BMS) on door?: ________________________
Tamper protection: _____ YES _____ NO
b. If SCIF has
ground floor windows, how are they protected? ____________
c. Other
(e.g. CCTV, etc..)
______________________________________
|
|
23.
|
Method of ventilation and duet work protection:
__________________________
_______________________________________________________________
|
|
24.
|
Space above false ceiling (only outside the United
States, if required):
a. Motion
Detection Sensors: _____________________________________
Tamper protection: _____ YES _____ NO
b. Other
(e.g. CCTV):
__________________________________________
|
|
25.
|
Space below false floor only outside the United
States, if required):
a. Motion
Detection Sensors: _____________________________________
Tamper protection: _____ YES _____ NO
b. Other
(e.g. CCTV):
__________________________________________
|
|
26.
|
IDS transmission line security protection:
a. Electronic line
supervision (Manufacture and Model): __________________
__________________________________________________________
If electronic line supervision. class
of service: _____ I _____ II
b. Other:
_____________________________________________________
|
|
27.
|
Is emergency power available for the IDS? _____ YES _____
NO
TYPE: _____ Battery _____ Emergency Generator _____
Other
|
|
28.
|
Where is the IDS control unit for the SCIF located (Indicated
on floor plan)?
_______________________________________________________________
|
|
29.
|
Where is the IDS Alarm enunciator panel located (Indicate
on floor plan, Address)?
_________________________________________________________
_______________________________________________________________
_______________________________________________________________
|
|
30.
|
IDS Response Personnel: Describe:
___________________________________
_______________________________________________________________
_______________________________________________________________
Response Force Security Cleared: _____ YES _____ NO
a. Level:
_____________________________________________________
b. Emergency Procedures
documented? _____ YES _____ NO
c. Reserve Force
available? _____ YES _____ NO
d. Response time
required for alarm condition: ________ minutes.
e. Are response
procedures tested and records maintained?
_____ YES _____ NO
If no, explain: _______________________________________________
|
|
31.
|
Is the IDS tested and records maintained? _____ YES _____
NO
If no, explain: __________________________________________________
|
|
32.
|
Remarks:
_____________________________________________________
_____________________________________________________________
_____________________________________________________________
|
Section F -- Telephone System
|
33.
|
Method of on-hook security provided:
a. TSG-2
Computerized Telephone System (CTS)? _____ YES _____ NO
1.
Manufacturer/Model: _________________________________________
2. Location of
the CTS: _________________________________________
3. Do the CTS
installers and programmer have security clearances? _______
If yes, at what access level (minimum established by CSA): ____________
_________________________________________________________
If no, are escorts provided? ____________________________________
_________________________________________________________
4. Is the CTS
installed as per TSG-2 Configuration Requirements? ___YES___NO
a. If no, provide
make and model number of telephone equipment, explain
your configuration, and attach a line drawing? ____________________
b. Is access to
the facility housing the switch controlled? ___YES___NO
c. Are all lines
between the SCIF and the switch in controlled spaces?
____YES____ NO
5. Does the CTS
use remote maintenance and diagnostic procedures or other
remote access features? ____YES____ NO
If yes, explain those procedures:__________________________________
__________________________________________________________
b. TSG-6 approved
telephones?
1.
Manufacturer/Model: _________________________________________
2. TSG number:
_______________________________________________
3. Ringer
Protection (if required): __________________________________
c. TSG-6 approved
disconnect devices?
1.
Manufacturer/Model: _________________________________________
2. TSG number:
_______________________________________________
|
|
34.
|
Methods of off-hook security provided:
a. Is there a hold
or mute feature? ____ YES____ NO
1. If yes, which
feature_________, and is it provided by the: _______ CTS?
or ______ Telephone?
2. If no, are
approved push-to-operated handsets provided?
____YES ____ NO
Describe: ___________________________________________________
|
|
35.
|
Automatic telephone call answering:
a. Is there an
automatic call answering service for the telephones in the SCIF?
____YES____NO
If yes, provide make and model number of the equipment, explain the
configuration, and provide a line drawing.
________________________________
|
Section G -- Acoustical Protection
|
40.
|
Do all areas of the SCIF meet acoustical requirements?____
YES ____ NO
If no, describe additional measures taken to provide minimum acoustical
protection
e.g. door, windows, etc)
_____________________________________________
|
|
41.
|
Is the SCIF equipped with a public address, emergency/fire
announcement or music
system? _____ YES _____ NO
If yes, describe and explain how protected? ______________________________
________________________________________________________________
|
|
42.
|
If any intercommunication system that is not part of the
telephone system is used,
describe and explain how protected: ____________________________________
________________________________________________________________
|
|
43.
|
Remarks: _________________________________________________________
_________________________________________________________________
_________________________________________________________________
|
Section H -- Administrative Security
|
45.
|
Destruction Methods:
a. Describe method
used for destruction of classified/sensitive material:
Manufacturer: __________________ Model: ____________________
Manufacturer: __________________ Model: ____________________
b. Describe
location of destruction site(s) in relation to the secure facility: ______
___________________________________________________________
c. Have provisions
been made for the emergency destruction of classified/
sensitive program material? (If required):____ YES____ NO
If YES, has the emergency destruction equipment and plan been coordinated
with
the CSA? ____ YES____ NO
|
|
46.
|
If reproduction of classified/sensitive material takes
place outside the SCIF,
describe equipment and security procedures used to reproduce documents: _____
_______________________________________________________________
|
|
47.
|
Remarks:
_______________________________________________________
_______________________________________________________________
_______________________________________________________________
|
DIRECTOR OF CENTRAL INTELLIGENCE DIRECTIVE (DCID)
6/9
ANNEX B - Intrusion Detection
Systems (IDS)[4][4]
(Effective 18 November 2002)
This annex sets forth the requirements and
establishes the Standard for Intrusion Detection Systems (IDS) and associated
operations for Government and Government-Sponsored Sensitive Compartmented
Information Facilities (SCIFs). Compliance with these requirements is
mandatory for all SCIFs established after the
effective date of this annex.
1.0 IDS Overview
The IDS shall detect attempted or actual unauthorized
human entry into a SCIF. The IDS complements other physical security
measures. The IDS shall consist of three
distinct components: Intrusion Detection
Equipment (IDE), Security and Response-Force Personnel, and Security Operation
Procedures. IDS operations shall
comprise four phases as described below:
1.1 Detection Phase. The detection phase begins when a sensor
reacts to the stimuli for which the sensor was
designed to detect.
1.2 Reporting Phase. The Premise Control Unit (PCU) receives
signals from all associated sensors in the SCIF’s
alarmed zone and establishes the alarm status.
The alarm status is immediately transmitted to the Monitoring
Station. Within the Monitoring Station,
a dedicated Alarm-Monitoring panel (or central processor) monitors incoming PCU
signals. On receiving an alarm signal, a
Monitoring Station’s enunciator generates an audible and visible alarm for the
monitoring personnel.
1.3 Assessment Phase. The assessment phase is the initial phase
requiring human interaction. On
receiving an audible or visible alarm, monitoring personnel immediately assess the situation and
determine the appropriate response.
1.4 Response Phase. The response phase begins immediately after
the operator has assessed the alarm condition.
All alarms shall be immediately investigated. During the response phase, the precise nature
of the alarm shall be determined and appropriate measures taken to safeguard
the SCIF.
2.0 Definitions
2.1 Alarm. An alarm is a visual and audible indication that a sensor has detected the
entry or attempted entry of an unauthorized person into a SCIF. Alarms also signify the malfunction of a
sensor that normally causes such an alarm.
2.2 Alarm
Zone. An alarm zone is a segregated
or specified area under the control of a single Premise Control Unit (PCU).
2.3 Intrusion
Detection Equipment (IDE). IDE is
all the equipment, associated software/firmware, and communication lines
included within the IDS.
2.4 Monitoring
Station. The
monitoring station is the central point for collecting alarm status from the PCUs handling the alarm zones under control of an IDS.
2.5 Premise
Control Unit (PCU). A PCU is a
device that receives changes of alarm status
from IDS sensors, and transmits an alarm condition to the monitoring station.
2.6 Security
in-depth. A determination by the
Cognizant Security Authority (CSA) that a facility’s security programs consist
of layered and complementary controls sufficient to deter and detect
unauthorized entry and movement within the areas adjacent to the SCIF.
2.7 Sensor. Sensors are devices that respond to a
physical stimulus (as heat, light, sound, pressure, magnetism, or a particular
motion) and transmits a resulting impulse.
2.8 United
States. As used herein, the United
States includes the 48 contiguous states, Alaska, Hawaii, as well as,
protectorates, territories, and possessions under control of the United States
(for example, Puerto Rico, Guam, Wake, Midway, American Samoa, US Virgin
Islands, others). This definition does
not include US-controlled installations (for example, military bases,
embassies, leased space) located in foreign countries.
3.0 IDS Requirements
This section specifies the requirements for Intrusion Detection Systems
(IDS) and associated operations for government and government-sponsored SCIFs and other associated areas.
3.1 General
IDS Requirements. The following
general requirements apply to all SCIFs and shall be
met as a prerequisite for using a SCIF for government-classified operations.
3.1.1 SCIF
Protection. All areas of a SCIF that
reasonably afford access to the SCIF, or where SCI is stored, shal
