Quiz/Survey

Secure Facilities: Lessons from the SCIFs

A government rule called The Director of Central Intelligence Directive 6/9 details the physical requirements for Sensitive Compartmented Information Facilities (SCIFs)

By Katherine Walsh

Page 4

Walter says that it is essential for companies working on buildings with SCIF-level features to work with a contractor who can see the reasons behind extra precautions: â¬SOtherwise you may end up with a nice-looking facility that leaks like a sieve because the people building it did not understand the reasoning behind the plans.⬝

THINK IN LAYERS

Secure facilities experts like Shaw, Creaney and Tabetha Chandler, president of consultancy and SCIF builder FSO To Go, spend a lot of time studying government specifications for constructing secure facilities. The reasons for this range from the different rules that authorities have set out for what makes a secure building (see â¬SBy the Book,⬝ this page) to the fact that they say more government programs require secure facilities since the September 11 terror attacks. They deliver a clear message from this experience as bureaucratic interpreters: Know how your facility and staff need to work so you can secure assets needing protection. And be ready to do it for a long time. â¬SItâ¬"s unfortunate that people build things and then become complacentâ¬when itâ¬"s time to enact that level of security they donâ¬"t posture their business or train their staff to fully understand the requirements,⬝ says Chandler. For that reason, these experts say you should think about secure facilities as not one entity, but many. Some examples:

Physical security. Chandler says that security officers need to understand their buildingâ¬"s surroundings and environment. â¬SPhysical security is always the center point of securing classified information,⬝ she says. â¬SLook at who is 200 meters around you; donâ¬"t just center on your office suite or headquarters.⬝ At the minimum, says Walter, the facility should have one access point or door devoid of any gaps, and ductwork openings that are secure.

Information security. Phones should have filters that prevent wiretapping, says Walter, and encryption is vital. â¬SIt tends to be transparent to the user, and it can be easily installed and upgraded.⬝ Controlling electronic transmissions can be accomplished with shielding, filters, grounding and devices limiting radio frequency (RF) emissions. Shielding the walls of the SCIF with foil and other conductive materials will help ground electronic signals generated within the SCIF, says Walter.

Employee security. Last but most important is the human factor. â¬SThe best security systems, even ones built by the CIA, can be and have been compromised by employees,⬝ Walter notes. A select number of designated employees should be assigned responsibility for certain facets of security, such as inventory of data and documents, says Walter. If employees violate policies and procedures, they must be held accountable, he adds. Itâ¬"s also important to have an efficient way to identify employees who donâ¬"t follow security measures and resolve the situation immediately, he says. Even if your company doesnâ¬"t require a security clearance, you should know who has access to the data. And, of course, vetting everyone on the secure site through background checks is a must.

SCIF

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors