What Is A SCIF?

What is a SCIF? Short for Sensitive Compartmented Information Facility, a SCIF is a specially constructed building, or specially constructed rooms within a larger facility that are designed to allow the handling of sensitive information, hardware, and other materials without exposure to the outside world.

These facilities are designed to be as self-contained as possible, with all heating, air conditioning, security systems, computer networks, and much more all dedicated to and contained within the SCIF.

Such structures are designed not only to prevent the transmission of sound, electronic data, etc. outside the secure area. This may involve technology such as a Faraday cage (designed to prevent outside interception of sound, email traffic, etc.) or other measures.

Some Americans were exposed to the concept of a SCIF for the first time during the 2019 impeachment hearings involving President Donald J. Trump.

The New York Post published an article in October 2019 titled, “What Is A SCIF?” which explained that closed-door impeachment hearings in that case were held in such a facility.

This was presumably to insure that classified information related to the impeachment–the President’s dealings with foreign governments were under scrutiny, requiring the review of classified information or processes–remained unavailable to outsiders, especially via electronic eavesdropping and other measures. SCIF sites can be temporary or permanent, but the permanent facilities require scrutiny to insure they are truly secure and meet federal specifications.

SCIF Specifications

Building a SCIF means working to a specific standard to prevent outside interception of information or activities happening within the facility. There are physical standards which include a requirement that there be only a single primary door to the facility, plus physical barriers must be constructed in such a way as to reveal any tampering, alteration, damage, unauthorized access etc.

There are other technical requirements including the installation of RF (radio frequency) protection in cases where the work in the SCIF requires “electronic processing and does not provide adequate RF attenuation at the inspectable space boundary.”

These are just some of the most basic technical requirements but as you can see, a great amount of planning and anticipation of contingencies is at work.

A Sensitive Compartmented Information Facility may be required by the federal government at a new or existing location, but that does not necessarily mean that such a facility would be built using military work crews or even DoD employees.

Such facilities may be contracted for construction and/or modification with private defense industry contractors. Regardless of who actually does the work, it is “primarily” government agencies and “government-related contractors” who require such facilities.

A SCIF isn’t always required depending on the nature of the work to be done, other facilities can be built or modified including “Special Access Program Facilities”  and “Closed Areas.” When a SCIF is required, there are a basic set of standards which must be followed in order to be considered truly secure.

SCIF Security

All of the hardware and physical security requirements of the SCIF aren’t the whole story–much depends on the people who work in the facility. It isn’t enough to trust the employees to keep classified and sensitive material inside the four walls of the building and maintain good operational security or OPSEC.

There are specific rules and regulations in most SCIFs pertaining to what personal devices you can and cannot bring into the building.

Employees may be advised that no cell phones or personal mobile devices of any kind may be taken from the outside of the secure area. No recordable media may be allowed–no thumb drives, data sticks, memory cards, USB hard drives or other portable storage is permitted.

And the rules for access are subject to frequent change, too–employees may be required to get new swipe cards, change passwords, and do other measures more frequently than when working in a non-secured area. These are considered hassles by some, but the frequent changes in security are a proactive and effective way to control access to the area.

SCIF Accreditation Standards

A SCIF isn’t really a SCIF until it has been accredited. Earning that accreditation requires the facility to comply with “uniform security requirements” and the Deputy Director of National Intelligence for Policy, Plans, and Requirements (DDNUPPR) is responsible for setting and enforcing “risk mitigation factors” as well as “specific categories and uses of SCIFs”.

Official sources acknowledge that the DDNUPPR “may accredit, re-accredit, and de-accredit SCIFs”. When the facility is built, it must meet certain federal requirements and is reviewed to insure that it has.

Joe Wallace is a 13-year veteran of the United States Air Force and a former reporter for Air Force Television News