What is Permitted Within a SCIF or SAPF?
An overview of what is and isn’t permitted within a SCIF and consequences for violations
When working in a SCIF or SAPF, there are strict requirements for what is and isn’t allowed within the facility. This is a key security precaution, making sure that nothing that can compromise the mission is allowed into the facility. Personnel working in a SCIF will have to check any banned items before entering the facility or they risk facing disciplinary action. Because of this and the security concerns involved with restricted items, it’s crucial any SCIF personnel know these rules going in.
What is not Permitted Within a SCIF or SAPF?
There are a few reasons something may not be permitted within a SCIF. One is for TEMPEST concerns. TEMPEST is the study, investigation and mitigation of unintentional and potentially compromising emanations, or the signals that electronic devices give off that could be picked up and used to access safeguarded information. Every electronic device that processes information has a TEMPEST footprint, and the footprint of facility equipment is considered in the construction of an ICD 705 facility. Bluetooth devices, like earbuds or speakers, can be a TEMPEST concern and are therefore not allowed within the facility.
Anything that can be used to capture or store safeguarded information is similarly not allowed. This includes anything with a camera, CD-ROMs or any USB devices. Some tech, like cell phones or smart watches, are both a security and TEMPEST concern.
There are some items that may require special permission to be able to bring into a facility, because they may be a security concern that is necessary for a worker to be able to work. For example, security officials would need to approve Bluetooth-enabled medical devices, like a Bluetooth insulin pump, prior to the employee bringing them into the space.
Consequences for Bringing in Banned Items
Consequences for a security infraction like bringing in a banned item are typically fairly light for a first offense. Someone may not realize the headphones they brought into the facility pose a security concern, or they forget to take off their fitness tracker when entering the space. Typically, your security officer will report this so it’s on the record and may have a conversation with you to refresh you on the rules around what is and isn’t permitted.
Repeated offenses will result in more serious punishments, including a potential loss of clearance if the employee is unable to follow security protocols. While mistakes happen, the security team must take any security violation seriously, as it can always be a red flag indicator of something more serious going on. For example, in the case of the Discord leaker Jack Teixiera, seemingly smaller violations went unreported and he was able to share Classified information online. It’s the job of every cleared employee to safeguard Classified information and report anything they see wrong.
A properly constructed SCIF will help address the facility’s TEMPEST concerns, and there’s an increasing focus on making sure facilities are built to address these concerns. If you’re building a SCIF, make sure you’re meeting your RF shielding and acoustic protection requirements with SSU’s specialized testing services. Our expert technicians uses top-of-the-line equipment to give you accurate results on the success of your mitigations so you can move forward in your accreditation process with confidence. Contact us today to learn more.