The History of SCIF Construction – From War Rooms to ICD 705

Before Sensitive Compartmented Information Facilities (SCIFs) existed as we know them—before ICD 705 or DCIDs—there were simply secure rooms. Locked doors, armed guards, and a growing sense of what “secure” meant protected these spaces. Today’s SCIFs are the latest in a long line of efforts to safeguard our most sensitive national security information. While modern standards emerged later, the idea of compartmented spaces traces back to World War II and the dawn of the U.S. intelligence community.

In this post, we’ll explore how SCIF standards evolved—from ad hoc agency rules to unified directives—and why ICD 705 became a game-changer for high-security facilities.

Before DCIDs: The Early Days of Secure Facility Design

Long before “SCIF” was a formal term, the need for protected spaces was obvious. During World War II, classified military communications and intelligence analysis happened in physically secured rooms—often within military headquarters or embassies—watched over by armed guards.

In the decades that followed, key events shaped early secure facility practices:

• The National Security Act of 1947 created the CIA and formalized the U.S. intelligence structure.

• Executive Orders like E.O. 10501 (1953) and E.O. 12356 (1982) set rules for classifying and protecting national security information.

• The NSA, focused on technical security, began addressing electromagnetic leaks—what we now call TEMPEST—with early guidance like NACSIM 5000 in 1982 (Source 6).

Back then, each agency operated independently, crafting its own policies for secure spaces. This silo approach worked within agencies but caused chaos: no two followed the same playbook.

The DCID Era: A First Attempt at Standardization

Initially, the Director of Central Intelligence issued memos to guide agency security practices. By the 1960s and ‘70s, these evolved into Director of Central Intelligence Directives (DCIDs)—formal policies with a standardized numbering system, applied across the intelligence community. Key directives for SCIF construction included:

• DCID 1/21 – Physical security standards for SCI facilities

• DCID 6/9 – The main guide for designing and accrediting SCIFs

These were a leap forward, but they left room for interpretation. Agencies tailored DCIDs to fit their own cultures or missions, while some, like the DoD, used separate frameworks—such as JAFAN 6/9 for Special Access Program (SAP) facilities (Source 2). The result? A fragmented system where reciprocity—accepting another agency’s SCIF accreditation—was rare. Facilities built to one accreditor’s standards often failed another’s review.

The Post-9/11 Mandate: Creating ICD 705

The September 11, 2001 attacks exposed the intelligence community’s coordination failures, prompting Congress to establish the Office of the Director of National Intelligence (ODNI) in 2004. Tasked with unifying the 16—now 17—IC agencies, ODNI tackled the broken SCIF accreditation model.

Enter ICD 705, released in May 2010 (Source 1). It brought:

1. A single policy for SCIF physical and technical security

2. A formal process for reciprocity and accreditation

3. A shift to risk-based decision-making, ditching rigid, one-size-fits-all rules

Replacing DCID 6/9, ICD 705 laid the groundwork for a cohesive approach to secure facility design.

ICS 705-1 and 705-2: Turning Policy into Practice

To make ICD 705 actionable, ODNI issued two companion standards:

• ICS 705-1: Physical and Technical Security Standards for SCIFs

• ICS 705-2: Standards for Accreditation and Reciprocal Use

These detailed requirements for construction, layout, access control, intrusion detection, and more. They also defined roles—like the Accrediting Official (AO) and Cognizant Security Authority (CSA)—and stressed coordination during design and construction (Source 3).

The Tech Spec: Building to Standard

Policy is one thing; construction is another. The IC Technical Specification for ICD/ICS 705—known as “the Tech Spec”—bridges that gap, detailing walls, ceilings, ducts, doors, conduit, locks, and beyond. Since its debut, it’s seen revisions:

• Version 1.2

• Version 1.4 (2017)

• Version 1.5 (2020)

• Version 1.5.1 (2021) (Source 4)

Each update reduced ambiguity. For instance, early versions offered lock hardware options; later ones mandated GSA-approved locks, streamlining accreditation.

The Impact of ICD 705

ICD 705 and its supporting documents did more than tidy up paperwork—they transformed SCIF construction culture:

• Common standards gave contractors and agencies a shared playbook.

• Reciprocity became practical, cutting time and costs.

• Risk management joined the design toolkit.

• Construction security—like cleared escorts and material control—became mandatory in some cases.

Though some inconsistencies linger in how agencies or AOs interpret the rules, ICD 705 is the most significant standardization effort in SCIF history.

Coming Up Next: The Evolution of TEMPEST

With physical standards in place, TEMPEST remains a challenge—and a mystery to many. In our next post, we’ll dive into its origins, why it’s misunderstood, and its role in secure facilities amid IoT and wireless tech.

Enjoying this series? Have questions or experiences to share? I’d love to hear from you.

Sources

1. ODNI – ICD 705: Sensitive Compartmented Information Facilities, May 2010

2. Adamo Security – Why Reciprocity Matters for SCIF Construction, Sept 2021

3. ODNI/NCSC – ICS 705-1 & ICS 705-2, Nov 2010

4. ODNI/NCSC – Tech Spec for ICD/ICS 705, Version 1.5.1, July 2021

5. NSA/NCSC – IC Tech Spec Updates: Version Highlights, internal reference (industry summary)

6. NSA – NACSIM 5000: TEMPEST Fundamentals, Feb 1982 (Declassified version)

7. National Security Act of 1947 & Executive Orders (E.O. 10501, E.O. 12356) – public federal archives