Top 5 Mistakes in SCIF Design From an ICD 705 Expert

Experts can provide guidance to ensure that you don’t make the kinds of costly SCIF design mistakes that can delay your project and threaten its accreditation.

Sensitive Compartmented Information Facilities (SCIFs) are very different from typical construction projects, which means designing and fabricating them can get tricky.

Luckily, most of the mistakes that arise when SCIF construction requirements are overlooked can be avoided when subject matter experts are brought in to guide the process. This knowledge is particularly valuable during the initial design phase, when experts’ understanding of Intelligence Community Directive (ICD) 705 design requirements can help clients avoid costly errors.

Generally speaking, knowing what your facility’s technical needs are and practicing good communication will help you meet all SCIF design requirements. But it’s also beneficial to be aware of the common mistakes made along the way—and to learn how to avoid them.

These are the top five mistakes made in SCIF design, according to ICD 705 expert Daniel Garcia.

SCIF Design Mistake 1: Lack of Detail

Before the design process can begin, a client must be assigned an Accrediting Official (AO), who will provide them with their facility’s SCIF design requirements. These requirements, which are spelled out in the ICD 705, can vary from one project to the next and thus must be obtained prior to the design phase.

The ICD 705 design requirements range from alarm systems and other basic security needs to more complex essentials, such as acoustic protection and radio frequency (RF) shielding levels. Because these requirements will need to be built into the facility, they must be reflected in the SCIF design plans.

Garcia, a managing partner at Precision Security Consulting, said a lack of information is the top mistake he sees in the SCIF design process.

“Make sure that there’s enough detail, particularly for the ICD 705 features of work,” he advised. For example, every single wall penetration detail needs to be incorporated in the design and show the necessary detail that it complies with the physical hardening, acoustic, and TEMPEST requirements so that the penetrations are constructed and installed for optimal performance.  

SCIF Design Mistake 2: Overlooking AO, CTTA Requirements

Part of the SCIF design process involves creating a TEMPEST Checklist (TEMPEST refers to the investigation, research, and control of potentially compromising emanations from electronic devices), a Transportation Security Plan (TSP), and a Construction Security Plan (CSP). All three elements must be reviewed and approved by the AO and the Certified TEMPEST Technical Authority (CTTA).

Sometimes, the AO or CTTA will have feedback that must be incorporated. Forgetting to ask for or implement this feedback is another big mistake that Garcia sees when he is brought in as an ICD 705 expert. Though this is not a design mistake per se, it occurs often during the design phase.

The SCIF “may not be accredited if you don’t include the AO’s and the CTTA’s specific SCIF design requirements,” he warned.

SCIF Design Mistake 3: SCIF Identification on Design Documents

Another “pretty common” mistake Garcia sees during the design process is identifying the facility’s intended location and labeling it as a SCIF. “That’s a big no-no,” he said.

Since these facilities are built for the handling or storage of sensitive information, including this kind of location information in the design or construction documents can pose a threat to the space’s security.

“I see it happen all the time where, somewhere on the design, somebody says ‘SCIF room’ or ‘waveguide for the SCIF,’” Garcia said. “You’re not supposed to have anywhere in the construction documents that says it’s a SCIF.”

Instead, you could use a term such as “Controlled Area” or create a designated term that you use internally, such as “Green Room.” 

SCIF Design Mistake 4: Forgoing Subject Matter Experts

Neglecting to lean on subject matter experts while assessing your SCIF construction requirements can also pose a threat to accreditation later.

“There have been times when I’ve been brought in after design, where the design did not utilize subject matter experts,” Garcia said. “When I reviewed the design documents, I saw all kinds of problems with it.” If not done correctly the first time, fixing these mistakes to meet all the SCIF design requirements will cost you time and money, he added.

Though it may seem like an obvious move to request expert advice prior to the design phase, this mistake is actually quite common due to how relatively rare SCIF construction is. “A lot of design companies, general contractors—they approach these projects as if they are just typical commercial construction projects,” Garcia said. But from a SCIF’s RF shielding requirements to its acoustic protection needs and more, “ICD 705 has some unique features and unique requirements.”

If a client relies solely on design and construction professionals who don’t have experience with SCIFs, the facility’s resulting design plan may not include all of its specified SCIF design requirements. Even if it does, subject matter experts are essential to ensuring that all of those unique elements “actually perform in the real world once they’re installed,” Garcia said.

SCIF Design Mistake 5: Forgetting to Factor in the AO’s Review Process

The AO must review the design team’s plans—and all revisions to those plans—to make sure that all SCIF design requirements are met before fabrication or construction can begin. But there is no guarantee that your AO will be able to provide feedback right away—and depending on how large their workload is, it could take months to receive their feedback.

“Sometimes that review period is much longer than anticipated,” Garcia warned.

Forgetting to submit design plans to the AO or neglecting to account for possible delays while waiting for the AO’s approval are mistakes that can throw off the timeline for your SCIF’s build. While the AO must be involved in the process to review all design milestones, the most important one they must approve before fabrication can begin is the final design plan.

“During the design phase scheduling, the project delivery team needs to try to schedule in the AO’s review period so that it can account for their time involved in reviewing it, so that the overall schedule isn’t impacted,” Garcia said.

Clients “would do themselves a favor if they tried to anticipate some of that review period time by the AO.”

Ready to start the SCIF design process? Contact UMI, who uses over 30 years of ICD 705 experience to design your modular SCIF right from the beginning.