SCIFs can be either permanent or temporary and can be set up in official government buildings (such as the Situation Room in the White House), onboard ships, in private residences of officials, or in hotel rooms and other places of necessity for officials when traveling.[1] Portable SCIFs can also be quickly set up when needed during emergency situations.[2][3]
Because of the operational security (OPSEC) risk they pose, personal cell phones, smart watches, computer flash drives (aka, "thumb drives"), or any other sort of personal electronic device (PED), cameras (analog or digital) other than those that are U.S. Government property and which are used only under strict guidelines, and/or any other sort of recording or transmitting devices (analog or digital) are expressly prohibited in SCIFs.[4][5]
Access
Access to SCIFs is normally limited to those individuals with appropriate security clearances.[6] Non-cleared personnel in SCIFs must be under the constant oversight of cleared personnel and all classified information and material removed from view to prevent unauthorized access.[7] As part of this process, non-cleared personnel are also typically required to surrender all recording, photographic and other electronic media devices. All of the activity and conversation inside is presumed restricted from public disclosure.[1][8]
Construction
Some entire buildings are SCIFs where all but the front foyer is secure. A SCIF can also be located in an air, ground or maritime vehicle, or can be established temporarily at a specific site.[1] The physical construction, access control, and alarming of the facility has been defined by various directives, including Director of Central Intelligence Directives (DCIDs) 1/21 and 6/9, and most recently (2011) by Intelligence Community Directive (ICD) 705, signed by the Director of National Intelligence. ICD 705 is a three-page capstone document that implements Intelligence Community Standard (ICS) 705-1, ICS 705-2 and the Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities or "Tech Specs." The latest version of the Tech Specs was published in March 2020 (Version 1.5).[9]
Computers operating within such a facility must conform to rules established by ICD 503. Computers and telecommunication equipment within must conform to TEMPEST emanations specification as directed by a Certified TEMPEST Technical Authority (CTTA).
Officials documented to have had a SCIF set up in their private residences include: