When designing electronic security for a SCIF facility please keep in mind the parameters set in the ICD 705 tech Specs and the Unified Facilities Criteria for the Planning, Design and Construction of SCIFs. The ICD705 Tech Specs went into effect November 2012. There are some differences from the DCID 6/9.
Unlike the DCID 6/9, you are now required to file a Fixed Facility Checklist, Construction Drawings, Security Drawings and Construction Security Management Plan to the Accrediting Official (AO) prior to the commencement of construction. These approved documents and a DD-254 need to be issued prior to construction.
Another difference is that the SCIF entry doors most have a filed rating of STC 45 which means they need to be lab rated at least to STC 50. Another device may be added which will enhance your SCIF security and make it conform to the new NFPA 101 law for exit accesses. This is a Lockmaster LKM7003 deadlock with a built in XO9 combination lock. It is the only lock on the market that meets both DoD and NFPA 101 code requirements. The lock can be monitored by the IDS system to insure that the IDS system will not arm until the deadlock bolt is fully seated.
The Intrusion Detection System or IDS is comprised of 3 parts; intrusion detection devices, PCU and alarm response. These three areas cover the detection and alarm reporting phase so that an alarm assessment and response to a SCIF intruder alarm can be made.
The physical areas that need to be covered with intrusion devices are: the door entering the SCIF, doors leaving the SCIF if different from the entry door and motion within the SCIF. The new requirement by the ICD 705 to monitor a SCIF door is a level II door contact. The Potter PS2-001 door contacts with outputs for alarm and tamper are the only door contacts on the market that fulfill this requirement. A good device to use as a motion detector is an Optex FX-360, a 360 degree ceiling mounted motion detector. This motion detector works from 25’ to 40’ depending if the ceiling height is 8’-12’. If you have a SCIF ceiling that is up to 16’ high, you will need an Optex SX-360Z long range 360 degree ceiling mounted motion detector that offers a range of 60’.
In many cases, an electronic access control system is utilized to unlock the SCIF door once the XO9 portion is spun opened. The PC containing the access control software must be located within the SCIF. There is a two tier access control that requires the personal presence and unique personal identification number (PIN) to enter the SCIF. This can be accomplished many ways. The most common is the have a prox/pin card reader which requires a proximity card as well as a PIN number. Others that are acceptable are prox cards with biometric readers such as fingerprint, retinal scan or hand topography. The actual biometric information is stored on the prox card itself which then compares that info to what you present to the reader such as a fingerprint. The same prox card can be used to activate the keypad for the IDS. Once the card is presented a PIN number must be entered to turn off the IDS.
The PCU or Premise Control Unit controls the intrusion devices to insure that only SCIF personnel can initiate the change in the SCIF IDS from armed to disarm. A UL2050 rated keypad located inside the SCIF will arm or disarm the system by using a prox card with PIN. All these devices including the PCU panel are required to have a tamper switch monitored as a separate zone. All connectivity between the devices and the PCU should not extend beyond the perimeter of the SCIF.
The network standard communications encryption between the PCU and the monitoring station requires a 128bit encryption rate. The DMP XR500E panel has 128bit encrypted communications allowing protected communications to and from the panel. The DMP panel requires a DMP decryption unit at the central monitoring station. This is called a central station receiver. Generally, the PCU device such as a DMP XR500EA-G intrusion detection alarm panel is connected to a LAN and then a WAN to reach the central monitoring station. Several AO’s are now allowing an encrypted cellular backup monitoring system made by DMP.
In certain instances, multiple SCIF rooms can be connected through one PCU to be monitored. Each separate room would have its own keypad to arm/disarm the IDS for that room. The cable for those devices must be carried back to the PCU via conduit to prevent tampering and disconnection. If a device loses it’s connectivity an alarm is immediately generated to the central monitoring station. In cases where multiple rooms are monitored together, please refer to your Accrediting Official (AO) for guidance.
Questions and Answers
Q- Who may install a SCIF intrusion detection system?
A- A UL accreditation and licensed and accredited UL2050 certified installer.
Q – What type of intrusion detection system can you use in a SCIF?
A- Any UL accredited intrusion system with 128bit encrypted communications to the central monitoring station. I recommend DMP.
Q- May multiple SCIF rooms be run off the same IDS panel?
A- Yes. But you may want to have each room armed/disarmed by a separate keypad. Also, if the room containing the IDS panel is declassified, you will have to move the panel to a SCIF room.
Q- What form do you use to apply for SCIF certification?
A- An Underwriters Laboratories Alarm System Certificate Request. This should be supplied by your IDS security installer.
Q- Who determines when and if your SCIF is accredited?
A- Once your SCIF is inspected, tested and received alarm signals, you can issue the UL2050 certificate. This is required prior to the SCIF accreditation inspection. The AO determines when the inspection will occur.
Q- What must you do yearly to maintain your SCIF certification?
A – You must renew your UL certification.
Q- How many times a year does your SCIF need to be inspected and tested?
A – Semi-annually.
Q- What other items are required for your SCIF certification?
A – Guard response as well as a maintenance contract with 4 hour response time.
Trackback from your site.