SCIF and SAPF Design and Engineering Training Course | Sensitive Compartmented Information Facility (SCIF) and Special Access Program Facility (SAPF)

SCIF and SAPF Design and Engineering Training Course | Sensitive Compartmented Information Facility (SCIF) and Special Access Program Facility (SAPF) Training by Tonex

This 2-day intensive course provides a comprehensive understanding of the development, accreditation, and maintenance of Sensitive Compartmented Information Facilities (SCIFs) and Special Access Program Facilities (SAPFs). Participants will learn about the key requirements, roles, responsibilities, and best practices for developing and accrediting secure facilities.

Participants will learn about planning, design, engineering, and testing of Sensitive Compartmented Information Facilities (SCIFs) and Special Access Program Facilities (SAPFs). Participants will also gain knowledge of the regulatory requirements, best practices, and practical considerations necessary to develop secure and compliant facilities.

A Sensitive Compartmented Information Facility (SCIF) is a secure area within a building or standalone structure designed to process, store, and discuss sensitive classified information, specifically Sensitive Compartmented Information (SCI). SCI encompasses highly classified intelligence sources and methods that require stringent access controls and security measures.

Purpose:

The primary purpose of SCIF is to protect SCI from unauthorized access and eavesdropping, ensuring that sensitive information remains secure from both physical and electronic threats.

Key Characteristics:

• Physical Security: SCIFs are built with enhanced physical security measures, including reinforced walls, secure doors, and limited access points. Entry and exit are controlled to prevent unauthorized access.
• Electronic Security: SCIFs incorporate electronic security measures such as alarms, surveillance systems, and access control systems to monitor and secure the facility.
• Acoustic Security: Soundproofing and acoustic masking technologies are used to prevent eavesdropping and ensure that conversations cannot be overheard.
• TEMPEST Standards: SCIFs must comply with TEMPEST standards to protect against electronic eavesdropping by containing electromagnetic emissions.

A Special Access Program Facility (SAPF) is a secure facility specifically designed to handle Special Access Programs (SAPs). SAPs are highly classified projects or programs with enhanced security measures that exceed those of regular classified information. These programs often involve critical national security information and sensitive defense-related projects.

Purpose:

The purpose of a SAPF is to safeguard SAP information, which often involves cutting-edge technology, advanced research, and strategic defense initiatives. SAPFs ensure that access to this information is strictly controlled and limited to authorized personnel only.

Key Characteristics:

• Enhanced Security Measures: SAPFs are built with even more stringent security measures than SCIFs, including additional layers of physical and electronic security.
• Access Control: Access to SAPFs is limited to individuals with specific clearances and a need-to-know basis. Access lists are tightly controlled and regularly updated.
• Compartmentalization: Information within SAPFs is compartmentalized to ensure that only individuals directly involved in a specific aspect of the program have access to related information.
• Continuous Monitoring: SAPFs are subject to continuous monitoring and auditing to detect and prevent unauthorized access or breaches.

Course Objectives:

• Understand the regulatory framework and standards for SCIFs and SAPFs.
• Learn the principles of planning, designing, and engineering secure facilities.
• Explore the processes involved in testing and validating SCIF and SAPF security features.
• Develop the skills to implement best practices in the construction and maintenance of secure facilities.

Learning Objectives:

• Understand the purpose, scope, and key components of SCIFs and SAPFs.
• Identify the roles and responsibilities of various stakeholders in SCIF/SAPF development.
• Learn the process of risk analysis and Security in Depth (SID).
• Develop skills to create and implement a Construction Security Plan (CSP).
• Understand TEMPEST, acoustic testing, and perimeter requirements.
• Understand the regulatory framework and standards for SCIFs and SAPFs.
• Learn the principles of planning, designing, and engineering secure facilities.
• Explore the processes involved in testing and validating SCIF and SAPF security features.
• Develop the skills to implement best practices in the construction and maintenance of secure facilities.
• Explore the accreditation process and project delivery methods.

Target Audience:

• Facility Security Officers (FSOs)
• Security Managers
• Construction Project Managers
• Information Assurance Professionals
• Government Contractors
• Defense and Intelligence Community Personnel

______________

Day 1: Introduction and Facility Requirements

Session 1: What is a SCIF | SAPF? – Overview

• Definition and purpose of SCIFs and SAPFs
• Principles behind Sensitive Compartmented Information Facility (SCIF)
• Key concepts behind Special Access Program Facility (SAPF)
• Differences and similarities between SCIFs and SAPFs
• Overview of regulatory requirements
• Director of National Intelligence (DNI) Intelligence Community Directive (ICD) 705
• Intelligence Community Standards 705-1 and 705-2
• DoD 0-5205.07, Vol. 3.
• Key stakeholders and their roles
• Responsibilities of FSOs, security managers, and contractors
• Coordination and communication best practices
• SCIF and SAPF Planning, Design, Engineering, and Testing
• Risk Analysis and Security in Depth (SID)
• Technical Requirements and Considerations
• Conducting a risk analysis for SCIF/SAPF projects
• Principles of Security in Depth (SID)
• Layered security approach

Session 2: Principles of Construction Security Plan (CSP) and Construction Security

• Components of a Construction Security Plan (CSP)
• Best practices for implementing construction security
• Case studies and examples

Session 3: Concept Development, Budget and Acoustic Testing

• Developing a concept and budget for SCIF/SAPF projects
• Facility Design Principles
• Architectural considerations
• Layout and space planning
• Access control and egress routes
• Integration of security systems (alarms, CCTV, etc.)
• Acoustic testing requirements and techniques
• Ensuring sound masking and acoustic security

Session 4: Overview of TEMPEST Requirements

• Introduction to TEMPEST requirements
• Implementing TEMPEST controls
• Electromagnetic Shielding for Emission Security (EMSEC or Emanations Security)
• Overview of EMI/RFI Data Security
• Tools and Methods to Mitigate Against EMSEC Issues
• TEMPEST Shielding
• Electromagnetic Emissions Testing
• Case studies of TEMPEST implementations

Session 5: SCIF Perimeter Requirements and Doors and Hardware

• Establishing secure perimeters for SCIFs
• Selecting and installing secure doors and hardware
• Best practices for perimeter security
• Designing and implementing CCTV systems
• Integration of CCTV and sound masking in SCIF/SAPF environments

Session 6: Engineering Considerations

• Structural requirements and hardening
• Electrical and power considerations
• HVAC and environmental controls
• Fire protection and life safety systems
• Mechanical, Electrical & Plumbing (MEP)
• MEP considerations in SCIF/SAPF development
• Best practices for integrating MEP systems
• Case studies and examples

Session 7: Access Control Systems (ACS) and Intrusion Detection Systems (IDS)

• Designing and implementing ACS
• Integrating IDS for enhanced security
• Case studies of ACS and IDS implementations

Session 8: Security Impact and Critical Questions to Remember

• Assessing the security impact of design choices
• Key questions to consider during SCIF/SAPF development
• Ensuring comprehensive security coverage

Session 9: Accreditation Process and Project Delivery Methods

• Steps in the accreditation process
• Preparing for inspections and audits
• Overview of project delivery methods and their impact on SCIF/SAPF projects

Workshop 1:  SCIFs and SAPFs Planning and Design

• Review of a real-world SCIF/SAPF project
• Group exercise: Develop a preliminary design plan for a hypothetical SCIF/SAPF
  • TEMPEST, physical security, and acoustic security requirements
  • ICD 705 and related directives
  • Compliance and certification processes
  • Planning and Site Selection
  • Assessing site suitability
  • Threat and vulnerability assessment
  • Site selection criteria
  • Coordination with stakeholders and agencies
  • Engineering and Testing
  • Advanced Engineering Concepts
  • Shielding and electromagnetic protection
  • Acoustic protection and sound masking
  • IT and communication infrastructure
  • Secure networking and data protection

Construction and Project Management

• Phases of construction
• Managing construction teams and subcontractors
• Quality control and assurance
• Documentation and record-keeping

Workshop 2:  Testing and Validation

Testing and Validation

• Pre-construction testing (e.g., TEMPEST testing)
• Construction phase testing (e.g., penetration testing)
• Final acceptance testing and certification
• Continuous monitoring and periodic re-testing
• Interpreting test results
• Developing mitigation strategies for identified vulnerabilities

Maintenance and Upgrades

• Ongoing maintenance requirements
• Upgrading and retrofitting existing facilities
• Handling changes in regulatory requirements
• Best practices for maintaining compliance