Scif · Volume 12
Reference: Glossary, Acronyms, Standards, and Cheatsheet
12.1 How to use this volume
This is the back matter for the series: the definitions, the expanded acronyms, the exact document numbers, and a single-page distillation of the engineering. Everything here is drawn from the public, unclassified record and is meant to be consistent with Volumes 1 through 11 — where a term, a class number, or a standard citation appears earlier in the series, it means the same thing here. Two cautions carry through the whole reference. First, the SCIF world is federal-acronym-dense and the acronyms overlap across agencies; the expansions below are the ones the ICD 705 community actually uses. Second, the concept of emanation security is public but its limits are classified — no number in the TEMPEST family (NSTISSAM TEMPEST/1-92 and its lineage) is quoted here, because those numbers are not published and any hobby source that claims to quote them is guessing.
Glossary
Accreditation — The formal decision by an Accrediting Official that a specific facility, built and inspected against ICD 705 and the IC Tech Spec, is authorized to store, process, and discuss Sensitive Compartmented Information at a stated level. Accreditation is granted to a facility, not a design, and it is revocable; a change to the perimeter, the mission, or the equipment can require re-inspection.
Accrediting Official (AO) — The person with authority to accredit a SCIF (and, historically, the successor term to the Designated Accrediting Authority, DAA). The AO owns the accept-the-risk decision, approves deviations from the prescriptive constructions, and is the addressee of the Fixed Facility Checklist. In DoD/IC practice the AO is generally the senior official of the Cognizant Security Authority.
Amplified speech / amplified sound — Speech reproduced through a loudspeaker or reinforcement system (briefing audio, VTC, paging). It raises the source level enough to punch intelligible content through a wall that would contain an unassisted talker, which is why any space hosting amplified sound is held to the higher acoustic class (Sound Group 4 / STC 50) rather than the baseline (Sound Group 3 / STC 45).
BLACK — In RED/BLACK nomenclature, equipment, wiring, and areas that carry only encrypted or non-sensitive plaintext signals. A BLACK line may leave the controlled space; the crypto has already removed the information an emanation could betray. Contrast RED.
Closed storage — An accreditation mode in which SCI material is secured inside GSA-approved security containers (safes) when the SCIF is unoccupied. The perimeter and door can be lighter than for open storage because the containers, not the room, are the last line of defense after hours. Contrast open storage.
CNSS (Committee on National Security Systems) — The interagency body (chaired through the DoD/NSA) that issues policy, instructions, and advisory memoranda for national security systems, including the TEMPEST/emanation-security family (as CNSSAM, successor to the NSTISSAM memoranda) and PDS guidance (CNSSI 7003).
Co-utilization — The shared use of one accredited SCIF by more than one organization or program under a formal co-utilization agreement (CUA). It lets a second tenant operate in an existing SCIF without standing up a new facility, subject to the host AO’s terms.
Cognizant Security Authority (CSA) — The organization (or its senior official) responsible for the security of a given SCIF or program — the entity that sets requirements, oversees construction, and typically supplies the AO. “CSA” is also used more broadly across the NISP for the agency responsible for a contractor’s security; context disambiguates.
Compromising emanations — Unintended signals — radiated electromagnetic, conducted onto power and signal lines, acoustic, or optical — that carry a recoverable copy of the information an equipment is processing. The founding SCIF-era example is the 1943 Bell Labs 131-B2 mixer spiking plaintext onto a scope; the discipline of suppressing them is emanation security (see TEMPEST).
Concept approval — The first formal gate in the accreditation lifecycle: the AO/CSA reviews the proposed location, mission, size, and construction concept and approves proceeding to a full Construction Security Plan and design. Building before concept approval is the classic way to build a room the AO will not accredit.
Construction Security Plan (CSP) — The document governing how a SCIF is built securely: cleared-versus-uncleared labor, escorting, material control and inspection, secure storage of drawings, and protection of the site during construction. Required where the risk (typically the threat/location and whether the work is done by cleared personnel) warrants it.
Controlled / cleared construction — Building a SCIF using vetted (cleared) workers and inspected materials, with the site controlled against unauthorized access and tampering during the build. The counterpart to it is uncleared construction with post-hoc inspection; the CSP specifies which applies to each phase and trade.
CTTA (Certified TEMPEST Technical Authority) — The individual formally certified to perform TEMPEST reviews and countermeasure determinations for a facility. The CTTA analyzes the facility’s electronic-processing profile against the inspectable space and directs what shielding, filtering, and RED/BLACK separation are actually required — the only person authorized to set those (classified) requirements for a given SCIF.
Day gate — A secondary barrier — typically a grille or lighter locking gate — installed just inside a heavy SCIF/vault door so the massive primary door can stand open during working hours while access is still controlled. It provides visitor control and airflow without swinging the main door on every entry.
DCID 6/9 — Director of Central Intelligence Directive 6/9, “Physical Security Standards for Sensitive Compartmented Information Facilities,” the pre-2010 governing standard for SCIF construction. Superseded by ICD 705 and the IC Tech Spec, but still cited in older facility records and legacy accreditations.
Emanation security (EMSEC) — The umbrella term for protecting information against recovery from compromising emanations. TEMPEST is the U.S. program/standards family within EMSEC; the concepts (radiated, conducted, acoustic, optical leakage; shielding; zoning; RED/BLACK) are public, the limits are not.
Expanded metal — Sheet steel slit and stretched into a rigid diamond lattice. The IC Tech Spec’s Wall B uses 3/4-inch mesh, #9 (10-gauge) expanded metal welded to the studs at six-inch spacing as a forced-entry layer; because the metal is never fully severed it keeps far more strength than woven wire. It does not improve the acoustic rating.
Faraday cage / Faraday enclosure — A continuous conductive boundary that attenuates electromagnetic fields crossing it, used to keep compromising emanations in (and hostile RF out). A SCIF’s RF shield, where required, is a Faraday enclosure whose performance is stated as shielding effectiveness in decibels and whose weak points are its apertures and penetrations, not its intact panels.
Fixed Facility Checklist (FFC) — The standardized package (historically DIA/DoD “Fixed Facility Checklist,” e.g. the DIA form used across the IC) documenting a specific SCIF’s construction, security systems, procedures, and floor plans, submitted to the AO as the basis for accreditation. It is the single document that describes “what was actually built.”
IC Tech Spec — Short for the IC Tech Spec for ICD/ICS 705, Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities. The buildable engineering companion to ICD 705: wall types, sound groups, doors, penetrations, RF, alarms, acoustic testing. Current public version 1.5.1, dated 26 July 2021.
ICD 705 — Intelligence Community Directive 705, “Sensitive Compartmented Information Facilities,” the top-level DNI directive that establishes uniform physical and technical security standards and the principle of reciprocity. It is implemented by ICS 705-1, ICS 705-2, and the IC Tech Spec.
IDS (Intrusion Detection System) — The alarm system protecting a SCIF: balanced magnetic door contacts, motion/volumetric sensors, and tamper protection, monitored at a UL-listed central station under UL 2050. Its job is to detect a breach and dispatch a response within the delay the door and walls buy — the reason forced-entry ratings are quoted in man-minutes.
Inspectable space — The three-dimensional zone around a SCIF that is under sufficient physical or procedural control that an adversary cannot get close enough with collection gear to exploit residual emanations. The size of the inspectable space is a primary input to the CTTA’s countermeasure determination; more control outside means fewer countermeasures required inside.
Man-passage / man-bars — Any duct, vent, or opening larger than a threshold cross-section (the Tech Spec treats openings greater than roughly 96 square inches as man-passable) must be hardened against a person passing through it — typically with welded bars or a grille (“man-bars”) — so an HVAC duct cannot become a doorway.
NISPOM — National Industrial Security Program Operating Manual, the rulebook for cleared contractors handling classified information. Formerly DoD 5220.22-M, it was codified in 2020 as 32 CFR Part 117; it governs facility clearances, collateral storage, and the industrial side of security that surrounds (and often adjoins) SCIF work.
Open storage — An accreditation mode in which SCI material may be left out — on desks, in unlocked cabinets, on unpowered equipment — inside the SCIF when it is unoccupied. It shifts the entire after-hours burden onto the perimeter, so it demands the harder walls, doors, alarms, and often vault-grade construction. Contrast closed storage.
PDS (Protected Distribution System) — A physically protected wireline or fiber path — hardened/alarmed carrier, conduit, and inspection regime under CNSSI 7003 — that allows unencrypted classified (RED) signals to travel through a less-controlled area without a shielded room around them. PDS is the wired-line alternative to encryption for getting RED signals between enclaves.
PED (Portable Electronic Device) — Phones, tablets, smartwatches, fitness trackers, laptops, wireless earbuds — anything with a radio, microphone, camera, or storage that a person might carry. PEDs are generally prohibited inside a SCIF because each is simultaneously a recorder, a transmitter, and an unmanaged emanation source; control of PEDs is a core operating procedure.
Perimeter — The continuous physical security boundary of the SCIF — all six surfaces, true floor to true ceiling — treated as one unbroken envelope. Everything that crosses it (door, duct, pipe, conduit, cable) is a controlled penetration. The governing rule of the whole discipline: a perimeter is only as good as its holes.
RED — In RED/BLACK nomenclature, equipment, wiring, and areas that carry unencrypted classified (plaintext) signals. RED lines are the ones whose emanations can betray content, so they are separated from BLACK, filtered at the boundary, and either run in a PDS or encrypted before they leave the controlled space.
Reciprocity — The ICD 705 principle that a SCIF accredited by one IC element is accepted for use by the others without being rebuilt or wholly re-inspected, provided the original accreditation is documented and current. Reciprocity is the entire point of a uniform standard: build once to ICD 705, use across the community.
SAP / SAPF — A Special Access Program is a program with access controls beyond normal collateral or SCI handling; a Special Access Program Facility is its accredited workspace. SAPFs are built to the same physical baseline (ICD 705 / the IC Tech Spec are commonly invoked) but under program-specific security direction; a facility can be dual-accredited SCIF/SAPF.
SCI (Sensitive Compartmented Information) — Classified intelligence information concerning or derived from sensitive sources, methods, or analytical processes, handled within formal control systems (“compartments”) on a strict need-to-know basis, above and beyond the collateral classification level. SCI is the material a SCIF exists to protect.
SCIF (Sensitive Compartmented Information Facility) — An accredited, access-controlled area — a room, a suite, a vault, a vehicle, or an aircraft cabin — in which SCI may be stored, discussed, and processed. The subject of this series: a building system engineered against physical intrusion, acoustic leakage, visual exposure, and compromising emanations.
Shielding effectiveness (SE) — The attenuation an RF shield provides, expressed in decibels at a stated frequency, SE = R + A + B (reflection loss + absorption loss + a multiple-reflection correction, per the Schelkunoff/Ott formulation). It is measured against a public method (IEEE Std 299); the required SE for a given SCIF derives from the CTTA’s classified analysis, not from a published table.
Single-point ground — A grounding topology in which the shield/enclosure and its equipment reference a single common point, avoiding the multiple return paths (“ground loops”) that would let currents circulate and re-radiate compromising signals. Single-point grounding is a core RED/BLACK installation practice (MIL-HDBK-232 territory).
Sound Group — The IC Tech Spec’s acoustic performance classes for the SCIF perimeter. Sound Group 3 (STC 45): loud speech faintly heard but unintelligible outside — the baseline. Sound Group 4 (STC 50): applied where amplified sound is present. Field verification uses Noise Isolation Class (NIC 40 for SG3, NIC 45 for SG4).
SSO / SSM — The Special Security Officer is the person responsible for the SCI security program of an organization; the Special Security Officer for a contractor is often styled the Contractor Special Security Officer (CSSO), and the day-to-day facility manager is the Special Security Representative or, in SAP usage, the SSM (Special Security/Program Security Officer). In practice the SSO/SSM runs the SCIF: access lists, procedures, the FFC, and liaison with the AO.
STC (Sound Transmission Class) — The single-number laboratory rating of a partition’s airborne-sound transmission loss (ASTM E90/E413). Higher is better; each SCIF Sound Group maps to a minimum STC (SG3 → 45, SG4 → 50). STC is a lab rating; the field counterpart used to verify a built SCIF is NIC.
TEMPEST — The U.S. government cover name for the program, standards, and countermeasures addressing compromising emanations. Not an acronym in origin (though backronyms abound). The TEMPEST family (NSTISSAM/CNSSAM) sets the classified emanation limits and zoning; a SCIF’s TEMPEST posture is set by the CTTA. The public may discuss the physics, never the numbers.
True floor to true ceiling — The requirement that the SCIF perimeter run to the structural slab and deck, not to a raised access floor or a suspended acoustic-tile ceiling. If the wall stopped at the drop ceiling, an intruder could go over it through the plenum; the finished ceiling is a convenience hung inside the box, not the box.
TSCM (Technical Surveillance Countermeasures) — The discipline (and the “sweep” service) of detecting and neutralizing eavesdropping devices and technical-collection vulnerabilities — RF, acoustic, optical, and wired. TSCM inspections support SCIF accreditation and periodic re-inspection and are the operational cousin of the executive/boardroom “bug sweep.”
UL 2050 — The Underwriters Laboratories standard “National Industrial Security Systems for the Protection of Classified Materials,” under which alarm companies are certificated to install and monitor IDS for SCIFs and other classified facilities. A UL 2050 certificate is the accepted evidence that a SCIF’s alarm meets the extent-of-protection and monitoring requirements.
Vault — A construction category above the lettered walls: a room built so the material itself is the security — GSA-approved modular vault (Federal Spec FF-V-2737) or site-built reinforced concrete (min. 8-inch, 2,500-psi, rebar-gridded) or steel-lined, closed by a GSA-approved vault door. Open-storage and the highest-risk SCIFs are frequently vaults.
Waveguide-below-cutoff (WBC) — A hole through an RF shield made deliberately long relative to its diameter so that, below the guide’s cutoff frequency, it attenuates rather than passes RF — a hole that is also a filter. Realized in bulk as honeycomb vent panels (thousands of small WBC cells) for airflow, and as tube penetrations for dielectric/fiber lines. The engineering answer to “how do you get air and non-conductors through a Faraday cage.”
Zoning — In emanation security, relating an equipment’s residual emanation strength to the distance/control an adversary would need to exploit it, so that equipment and facilities can be matched to their inspectable space. The specific zone distances are classified; the concept — trade standoff and control against required suppression — is the CTTA’s stock in trade.
12.2 Acronym index
Table 1 — Acronym index
| Acronym | Expansion |
|---|---|
| ACS | Access Control System |
| ADA | Americans with Disabilities Act (drives door-hardware requirements) |
| AO | Accrediting Official |
| C4I | Command, Control, Communications, Computers, and Intelligence |
| CAA | Cognizant Approving/Accrediting Authority |
| CNSS | Committee on National Security Systems |
| CNSSAM | CNSS Advisory Memorandum (successor to NSTISSAM) |
| CNSSI | CNSS Instruction (e.g., CNSSI 7003, PDS) |
| CSA | Cognizant Security Authority |
| CSP | Construction Security Plan |
| CSSO | Contractor Special Security Officer |
| CTTA | Certified TEMPEST Technical Authority |
| CUA | Co-Utilization Agreement |
| DAA | Designated Accrediting Authority (legacy term for the AO) |
| DCID | Director of Central Intelligence Directive |
| DCSA | Defense Counterintelligence and Security Agency |
| DIA | Defense Intelligence Agency |
| DNI | Director of National Intelligence |
| DoD | Department of Defense |
| EMSEC | Emanation Security |
| FCL | Facility (Security) Clearance |
| FFC | Fixed Facility Checklist |
| FOCI | Foreign Ownership, Control, or Influence |
| GSA | General Services Administration |
| HEMP | High-altitude Electromagnetic Pulse |
| IC | Intelligence Community |
| ICD | Intelligence Community Directive |
| ICS | Intelligence Community Standard |
| IDS | Intrusion Detection System |
| NIC | Noise Isolation Class (field acoustic metric) |
| NISP | National Industrial Security Program |
| NISPOM | National Industrial Security Program Operating Manual (32 CFR Part 117) |
| NSA | National Security Agency |
| NSTISSAM | National Security Telecommunications and Information Systems Security Advisory Memorandum |
| ODNI | Office of the Director of National Intelligence |
| PDS | Protected Distribution System |
| PED | Portable Electronic Device |
| RF | Radio Frequency |
| SAP | Special Access Program |
| SAPF | Special Access Program Facility |
| SCI | Sensitive Compartmented Information |
| SCIF | Sensitive Compartmented Information Facility |
| SE | Shielding Effectiveness |
| SOP | Standard Operating Procedure(s) |
| SSM | Special Security/Program Security Manager (SAP usage) |
| SSO | Special Security Officer |
| STC | Sound Transmission Class (lab acoustic metric) |
| TSCM | Technical Surveillance Countermeasures |
| T-SCIF | Tactical SCIF (deployable/expeditionary) |
| UARC | University Affiliated Research Center |
| UL | Underwriters Laboratories |
| VTC | Video Teleconference |
| WBC | Waveguide-Below-Cutoff |
12.3 Standards and documents index
Table 2 — Standards and documents index
| Document | What it is |
|---|---|
| ICD 705 | Intelligence Community Directive 705, “Sensitive Compartmented Information Facilities” — the DNI’s top-level directive establishing uniform SCIF standards and reciprocity. |
| ICS 705-1 | Intelligence Community Standard 705-1, “Physical and Technical Security Standards for Sensitive Compartmented Information Facilities” — the implementing physical/technical baseline. |
| ICS 705-2 | Intelligence Community Standard 705-2, “Standards for the Accreditation and Reciprocal Use of Sensitive Compartmented Information Facilities” — the accreditation and reciprocity rules. |
| IC Tech Spec for ICD/ICS 705 | ”Technical Specifications for Construction and Management of SCIFs” — the buildable engineering companion (walls A/B/C, Sound Groups, doors, penetrations, RF, IDS, acoustic testing). Current public version 1.5.1, 26 July 2021. |
| DCID 6/9 | Director of Central Intelligence Directive 6/9, “Physical Security Standards for SCIFs” — the pre-2010 governing standard, superseded by ICD 705 and the IC Tech Spec. |
| NISPOM / 32 CFR Part 117 | National Industrial Security Program Operating Manual — the cleared-contractor rulebook (facility clearances, collateral storage). Formerly DoD 5220.22-M; codified as federal regulation in 2020. |
| UL 2050 | UL “National Industrial Security Systems for the Protection of Classified Materials” — certification standard for installing and monitoring SCIF intrusion-detection systems. |
| FF-L-2740B | Federal Specification “Locks, Combination, Electromechanical” — the high-security combination lock for GSA containers and vault doors (e.g., the Kaba Mas X-10 / S&G 2740B). |
| FF-L-2890 | Federal Specification “Lock Extensions (Pedestrian Door Lock Assembly, Preassembled, Panic and Auxiliary Deadbolt)” — the GSA-approved pedestrian-door hardware paired with an FF-L-2740B lock. |
| AA-D-600 | Federal Specification “Door, Vault, Security” — GSA vault doors by class (Class 5 dominates SCIF practice; Class 6 exists; there is no “Class 8” vault door — the ladder tops at 5/6). |
| FF-V-2737 | Federal Specification “Vault, Modular” — GSA-approved modular (prefabricated) vaults, an alternative to site-built reinforced-concrete or steel-lined vault construction. |
| CNSSI 7003 | CNSS Instruction 7003, “Protected Distribution Systems (PDS)” (September 2015) — design, installation, and inspection rules for hardened/alarmed wireline and fiber carrying unencrypted classified signals. |
| NSTISSAM TEMPEST/1-92 | The national advisory memorandum for compromising-emanations laboratory test requirements/limits — the core of the TEMPEST family. Limits are classified; only its existence and role are public. |
| MIL-STD-188-125 | ”HEMP Protection for Ground-Based C4I Facilities Performing Critical, Time-Urgent Missions” — high-altitude EMP hardening (a related but distinct electromagnetic barrier discipline; includes SE test methods). |
| IEEE Std 299 | ”Standard Method for Measuring the Effectiveness of Electromagnetic Shielding Enclosures” — the public facility shielding-effectiveness test procedure (100 kHz–18 GHz regimes). |
| MIL-HDBK-232 (A) | “RED/BLACK Engineering-Installation Guidelines” — the DoD handbook for separating RED and BLACK signals, grounding, and installation practice for TEMPEST control. |
| ASTM E90 / E413 | The laboratory test method (E90) and single-number rating (E413, STC) behind the Sound Group acoustic requirements; NIC (ASTM E336) is the field counterpart. |
12.4 Construction and penetration cheatsheet
The four protection domains. A SCIF defends against four independent attack surfaces, and a design is only as strong as its weakest one: physical (forced/covert/surreptitious entry), acoustic (speech leaking through the perimeter), visual (line-of-sight into the space — windows, sightlines), and emanation (compromising RF/conducted/optical/acoustic signals). Volumes 6–10 walk each; this card is the compression.
The perimeter rule. The perimeter is a single continuous boundary — all six surfaces, true floor to true ceiling (structural slab to structural deck, past any drop ceiling or raised floor). Every door, duct, pipe, conduit, and cable that crosses it is a controlled penetration and a security event. The wall field is the easy part; the openings are the engineering.
Wall types (IC Tech Spec, Chapter 3).
- Wall A — standard acoustic: three layers 5/8” Type X gypsum (two inside, one outside) on 3-5/8” 16-ga steel studs at 16” o.c., cavity batts, sealant at tracks. Acoustic barrier; not a forced-entry barrier.
- Wall B — enhanced, expanded metal: Wall A plus 3/4” mesh #9 (10-ga) expanded metal welded to studs every 6”. Adds ~5-minute forced-entry resistance; does not improve the acoustic rating.
- Wall C — enhanced, fire-retardant plywood: two gypsum layers plus one 5/8” fire-retardant plywood layer, glued/screwed to studs. Same forced-entry goal as Wall B by a structural-diaphragm route.
- Vault: above the letters — modular (FF-V-2737), or 8” 2,500-psi rebar-gridded reinforced concrete, or 1/4” steel-lined; GSA vault door.
- Alternatives (masonry, concrete, cinderblock) are allowed if they meet the same acoustic and forced-entry performance and the AO approves. Acoustic and forced-entry are largely independent axes.
Acoustic. Sound Group 3 = STC 45 (normal speech unintelligible at the perimeter) is the baseline; Sound Group 4 = STC 50 where amplified sound is present (SG4 typically wants a fourth gypsum layer plus a special acoustic door or vestibule). Verify in the field with NIC (40 for SG3, 45 for SG4). Where mass can’t get there, add sound masking outside the perimeter as a supplement — never as a license to build a leaky wall.
The door. One primary entrance only, where visitor control happens. Highest risk → GSA vault door (AA-D-600, Class 5): rated 20 man-hours surreptitious / 30 man-minutes covert / 10 man-minutes forced entry. Combination lock to FF-L-2740B (e.g., Kaba Mas X-10); pedestrian-door hardware to FF-L-2890. A day gate lets the heavy door stand open under control during the day. Lighter personnel doors are accreditable where walls/alarms/procedures carry the risk. The forced-entry figure (10 man-minutes) is exactly what the alarm response time must beat.
HVAC and ductwork. Ducts must satisfy three constraints at once: man-passage (openings over ~96 sq in hardened with welded bars/grille so a duct can’t be a doorway), acoustic (duct silencers/baffles and Z-shaped offsets so speech doesn’t ride the airstream out), and, where required, RF (waveguide-below-cutoff honeycomb over the shield penetration). Surface-mount, never recess, electrical boxes in the perimeter.
Penetration principles (the heart of the series).
- Minimize — fewest possible penetrations; every one is a liability across all four domains.
- Single-point entry — concentrate service entries so they can be inspected and controlled, not scattered around the perimeter.
- Filter every conductor — every metallic line crossing an RF boundary gets a power-line or signal filter at the boundary; an unfiltered wire is an antenna through the shield.
- Prefer fiber/dielectric — a non-conductor carries no conducted emanation and can pass through a WBC tube; optical fiber is the clean way through a Faraday wall.
- PDS-or-encrypt for RED — unencrypted classified (RED) lines that leave controlled space run in a PDS (CNSSI 7003) or are encrypted before they go; keep RED and BLACK separated and single-point grounded (MIL-HDBK-232).
- Waveguide-below-cutoff for air — airflow and other non-conductive passages cross the shield through honeycomb WBC panels — holes engineered to attenuate RF while passing air.
Alarms, access, locks. IDS (balanced door contacts + volumetric sensors + tamper), installed and monitored under UL 2050, sized so response beats the door’s forced-entry delay. ACS for authorized entry; PEDs prohibited inside. After-hours security is closed storage (GSA containers) or open storage (harder perimeter/vault).
The accreditation sequence. Concept approval (AO signs off on location/mission/concept) → CSP (Construction Security Plan: cleared labor, escorting, material control) → build (to ICD 705 / IC Tech Spec; controlled or inspected construction) → FFC (Fixed Facility Checklist documents what was built) → inspection (physical + acoustic (NIC) + TSCM) → CTTA TEMPEST review (countermeasure determination against the inspectable space) → accreditation (AO authorizes SCI operations) → reciprocity / periodic re-inspection (other IC elements accept it; changes trigger re-accreditation). Build before concept approval and you may build a room no one will accredit.
Sources
- Office of the Director of National Intelligence, Intelligence Community Directive 705, “Sensitive Compartmented Information Facilities” (26 May 2010). https://www.dni.gov/files/documents/ICD/ICD_705_SCIFs.pdf ; https://www.intelligence.gov/assets/documents/intelligence-community-directives/ICD_705.pdf
- ODNI, Intelligence Community Standard 705-1, “Physical and Technical Security Standards for Sensitive Compartmented Information Facilities.” https://exwc.navfac.navy.mil/Portals/88/Documents/EXWC/DoD_Locks/PDFs/ICS-705-1.pdf
- ODNI, Intelligence Community Standard 705-2, “Standards for the Accreditation and Reciprocal Use of Sensitive Compartmented Information Facilities.” (Public mirror via the U.S. Army SSO / FAS IRP document sets.)
- ODNI / National Counterintelligence and Security Center, IC Tech Spec for ICD/ICS 705 — Technical Specifications for Construction and Management of SCIFs, Version 1.5.1 (26 July 2021). https://www.dni.gov/files/Governance/IC-Tech-Specs-for-Const-and-Mgmt-of-SCIFs-v15.pdf ; U.S. Navy EXWC mirror: https://exwc.navfac.navy.mil/Portals/88/Documents/EXWC/DoD_Locks/PDFs/ICD-ICS-705_Tech_Spec.pdf
- Director of Central Intelligence, DCID 6/9, “Physical Security Standards for Sensitive Compartmented Information Facilities” (superseded). Public copy: https://irp.fas.org/offdocs/dcid6-9.htm
- 32 CFR Part 117, National Industrial Security Program Operating Manual (NISPOM Rule, 2020). https://www.ecfr.gov/current/title-32/subtitle-A/chapter-I/subchapter-M/part-117
- UL 2050, “National Industrial Security Systems for the Protection of Classified Materials.” UL Standards catalog: https://www.shopulstandards.com/ProductDetail.aspx?productId=UL2050
- Federal Specification FF-L-2740B, “Locks, Combination, Electromechanical.” https://exwc.navfac.navy.mil/Portals/88/Documents/EXWC/DoD_Locks/PDFs/FF-L-2740.pdf ; https://everyspec.com/FED_SPECS/F/FF-L-2740B_35912/
- Federal Specification FF-L-2890, “Lock Extensions (Pedestrian Door Lock Assembly, Preassembled, Panic and Auxiliary Deadbolt).” https://exwc.navfac.navy.mil/Portals/88/Documents/EXWC/DoD_Locks/PDFs/FF-L-2890C.pdf
- Federal Specification AA-D-600, “Door, Vault, Security” (GSA vault doors, Classes 5/6). Reference via GSA/DoD Lock Program and everyspec.com.
- Federal Specification FF-V-2737, “Vault, Modular” (GSA-approved modular vaults).
- CNSSI No. 7003, “Protected Distribution Systems (PDS)” (September 2015). https://www.dcsa.mil/Portals/91/documents/ctp/nao/CNSSI_7003_PDS_September_2015.pdf
- NSTISSAM TEMPEST/1-92 (compromising-emanations test requirements — limits classified). Existence/role documented via CNSS and NSA public materials: https://www.nsa.gov/
- MIL-STD-188-125-1, “High-Altitude Electromagnetic Pulse (HEMP) Protection for Ground-Based C4I Facilities.” https://www.volta.it/wp-content/uploads/2017/09/MIL-STD-188-125-1.pdf
- IEEE Std 299, “Standard Method for Measuring the Effectiveness of Electromagnetic Shielding Enclosures.” https://standards.ieee.org/ieee/299/1728/
- MIL-HDBK-232A, “RED/BLACK Engineering-Installation Guidelines.” https://www.wbdg.org/FFC/NAVFAC/DMMHNAV/hdbk232a.pdf
- National Security Agency, TEMPEST: A Signal Problem (declassified 2007) — origin of compromising emanations. https://www.nsa.gov/portals/75/documents/news-features/declassified-documents/cryptologic-spectrum/tempest.pdf
- Wim van Eck, “Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?”, Computers & Security 4 (1985): 269–286. https://en.wikipedia.org/wiki/Van_Eck_phreaking
- Markus G. Kuhn, “Compromising Emanations” (University of Cambridge Computer Laboratory, emsec research pages). https://www.cl.cam.ac.uk/~mgk25/emsec/
- Henry W. Ott, Electromagnetic Compatibility Engineering (Wiley, 2009) — shielding effectiveness (SE = R + A + B), skin depth, aperture leakage.
- Defense Counterintelligence and Security Agency (DCSA) and the Center for Development of Security Excellence (CDSE), SCIF, PDS, and physical-security training materials. https://www.cdse.edu/ ; https://www.dcsa.mil/
Comments (0)