Quiz/Survey

Secure Facilities: Lessons from the SCIFs

A government rule called The Director of Central Intelligence Directive 6/9 details the physical requirements for Sensitive Compartmented Information Facilities (SCIFs)

By Katherine Walsh

Page 2

The key is to know what information is sensitive enough to require many of the same methods the government uses to guard its secrets.

ASSESS WHAT YOU NEED TO PROTECT

For the past five-plus decadesâ¬think history of the Cold Warâ¬the government has maintained a hierarchy of classified information, determined by the level of threat its exposure would bring to the United States. Top Secret owns the list: Its public knowledge would pose grave danger to national security. Weapons design specs and sensitive intelligence fall within this category.

Secret (the level that most classified information in this country is assigned) means if this information was leaked, it would cause serious damage. Confidential information would harm national security if it were made public; while itâ¬"s the lowest level, it is still information that the government does not want made available.

Sensitive Compartmented Information (SCI) refers to the security wrapped around access to this classified informationâ¬not the information itself. SCI is often loosely applied to describe all sensitive materials, and thatâ¬"s not correct, says Ben Shaw, facilities security officer (FSO) at advisory Morgan Franklin. â¬SPeople use it as a blanket term,⬝ he says, when in fact, itâ¬"s more like an extra layer of security, usually applied to special access programs or special government projects.

For example, the Department of Defense may want to limit access to sensitive information about a particular project so only people working on the project have access. Thus even an individual possessing a Top Secret security clearance would need specially granted access to that information (which would be maintained within a SCIF). There is no universal SCI clearance (as there is for Top Secret clearances) because an SCI access authorization is related to specific programs or information. Mattice says that before you even go through the clearance process, a contract sponsor from the government will certify that you â¬Sneed to know⬝ SCI level information. â¬SMost SCI access authorizations require one of the most in-depth background investigations the government runs,⬝ says Mattice. Such a clearance may also require a polygraph exam and periodic reexaminations, says Mattice.

For the purposes of this article, substitute other business-critical words for â¬Snational security⬝ when thinking about secure facilities. Walter thinks that companies would be most driven to protect matters that could be embarrassing or costly or would give advantages to a competitor. Mergers and acquisitions are good examples. â¬SIf my company was up for a merger, or I was going to discuss a takeover, controlling leaks would be critical. A company needs an area where people in upper management can securely discuss things or look at documents,⬝ says Walter. Data such as customer account information, health records and Social Security numbers would also be considered highly sensitive. And internal company information, such as business plans, should be protected as such.

SCIF

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors