Where ICD 705 Came From, and Why That History Still Shapes Your Project

Most people who work on a SCIF project use ICD 705 as if it dropped from the sky in 2010. They cite it, they reference it, they argue about it. Few of them know where it came from. Knowing changes how you read it.

ICD 705 is the latest layer in a policy stack that goes back to 1947. The National Security Act of that year created the Director of Central Intelligence, and along with the role came a recognition that information about how the country gathered intelligence had to be protected with more rigor than ordinary classified material. Over the decades that followed, individual agencies wrote their own standards for the physical spaces that housed that work. The result was inconsistent. A SCIF accredited by one agency might fail a different agency’s review on details that had nothing to do with the underlying mission.

The Intelligence Reform and Terrorism Prevention Act of 2004 changed that. IRTPA replaced the Director of Central Intelligence with the Office of the Director of National Intelligence (ODNI), and it gave ODNI authority to set standards across the entire Intelligence Community. ICD 705, published in 2010, was the document that finally pulled SCIF construction and accreditation under one roof. It was followed by ICS 705-1 (which governs accreditation) and ICS 705-2 (which governs construction), and underneath those sits the IC Tech Spec, which carries the actual technical detail.

That four-document layered structure is why ICD 705 reads the way it does. The Directive itself is policy. It tells you what has to happen. ICS 705-1 and ICS 705-2 tell you the process. The IC Tech Spec tells you the numbers, the materials, and the test methods. Trying to find a wall thickness requirement in ICD 705 is a category error. The Directive does not work that way.

The most common practical problem this creates: a stakeholder shows up to a planning meeting with a strong opinion built from a previous project. The opinion gets treated as a requirement. The team starts arguing about whether to comply with it. Sometimes the opinion is right. Sometimes it was right for that other project and is not right for this one. Sometimes it was never in the standard at all. Knowing the document structure is how you tell which one you are looking at.

A second piece of history worth carrying: reciprocity. ICD 705 was supposed to end the era where one agency’s accreditation was suspect to another’s. The standard assumes reciprocity. In practice, agencies still vary. A SCIF accredited by one CSA is in theory accreditable by another with the right documentation package, but the actual conversation depends on the specific AOs involved and what they are willing to accept. If you are early in a project and you do not yet know which agency will accredit the space, expect that question to drive more decisions than you would think.

Overseas SCIFs add another layer. Spaces built under the chief of mission environment carry constraints that do not apply inside the United States, and the standard accounts for those constraints with specific language. If your work touches an overseas project, the chief of mission framework is the thing to learn first. Domestic experience does not translate cleanly across the border.

Waivers are also part of the system. The standard allows them. They exist because real projects sometimes have conditions that the baseline requirements were not written for. A waiver is not a workaround. It is a documented acknowledgment that a specific requirement does not apply in a specific situation, signed off by the right authority. Waivers come up most often in renovation work and in spaces with unusual building conditions. Knowing the path exists changes the conversation when a baseline requirement looks unworkable.

Two practical takeaways for project teams. First, when you see a requirement quoted on a project, ask which document it lives in. If someone cannot point to it in ICD 705, ICS 705-1, ICS 705-2, or the IC Tech Spec, treat it as opinion until proven otherwise. Second, the policy structure was built to reduce inconsistency, not to eliminate it. Reciprocity is the goal. The execution still happens between specific people on a specific project, and the people matter.

Understanding the history is the first thing that lets the rest of ICD 705 stop feeling arbitrary. The document was not built to make your project harder. It was built to make every project’s protection equivalent. That goal sits behind every page.

This material is taught at greater depth in Module 1 of the ICD 705 Foundations Series. The full Series is available at here