Sensitive Compartmented Information Facility

From Citizendium, the Citizens' Compendium
Jump to: navigation, search
This article is developing and not approved.
Main Article
Talk
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and not meant to be cited; by editing it you can help to improve it towards a future approved, citable version. These unapproved articles are subject to a disclaimer.

A Sensitive Compartmented Information Facility (SCIF) is a area with extremely high standards of physical, electronic, and information security, such that it meets the criteria for classified information subject to compartmented control systems.[1] Such an area might be a small office with a desk, combination-locked filing cabinet, and a computer used only in that room. A large manufacturing area for building reconnaissance satellites also might have to meet the requirements of a SCIF. They are under the supervision of the special security office of the facility.

Informally, a SCIF may be called a "vault", and it usually has comparable but weaker physical security, but much more security against eavesdropping. Some SCIF workers suggest they are a bit like a prison, except the guards and locks are to keep people out, not in.

While these standards are intended for national security information and resources, there may be civilian applications that need security equivalent to all or part of a SCIF. As an extreme example, there are two laboratories in the world authorized to have a culture of the Variola virus, which causes smallpox. While those laboratories may not need the protection against eavesdropping of an intelligence watch center, they need as stringent physical security, and, in addition, must meet the "hot lab" specifications for a Biological Safety Level 4 laboratory.[2]

Civilian facilities that control the shipping of extremely critical materials, such as bomb-grade nuclear materials, living cultures of agents under the Select Agent Program etc., may need the physical and electronic security needs, because both the shipment information on paper, and transmitted electronically, must be protected to avoid unauthorized access to the shipments.

While SCIF specifications are technically issued by the intelligence community for protection of Sensitive Compartmented Information (SCI), effectively the same requirements exist for military Special Access Programs. The SCIF documentation specifies minimum requirements, although some might be waived, on a case-by-case basis, by a senior officer.

There also may be additional requirements. As a military Special Access Program example, all U.S. nuclear weapons, all information under the Single Integrated Operational Plan (SIOP/ESI) and systems for ordering the use of nuclear weapons, are subject to a "no lone zone" rule: no single person, no matter how highly cleared, is ever left alone with these resources. Another cleared person must also be present.[3] Even more safeguards may be present, as in a LGM-30 Minuteman missile control capsule: the firing keys are physically placed too far apart for one person to turn.

Whenever electronic connections traverse the outside wall of the SCIF, whether they are for telephones, computers, video, or specialized military systems, their entry point must meet appropriate technical specifications such that no "RED" (i.e., containing classified material in human- or machine-undestandable form) signal can unintentionally "leak" around the approved connection.[4] The connection itself either must run through a protected distribution system, be encrypted into "BLACK" information by a communications security system, or both.

References

  1. Physical Security Standards for Sensitive Compartmented Information Facilities, 18 November 2002, Director of Central Intelligence Directive DCID 6/9
  2. Centers for Disease Control (1999), Biosafety in Microbiological and Biomedical Laboratories (BMBL), 4th Edition
  3. Commandant of the Marine Corps, Policy for Safeguarding the Single Integrated Operating Plan (SIOP), Marine Corps Order 5511.18A
  4. U.S. Army Information Systems Engineering and Integration Center (24 October 2000), Military Handbook: RED/BLACK Engineering Installation Guidelines, MIL-HDBK-232A