201509.23
0

Co-utilization of Sensitive Compartmented Information Facilities

SCIFDespite laudable efforts to promote the co-utilization of Sensitive Compartmented Information Facilities (SCIFs) across the Intelligence Community (IC), significant challenges persist. Understanding the process from your customer’s perspective is the first step towards achieving Co-use approval. And you can help your case by being proactive.

In SCIF co-use, a sponsoring element that has previously accredited a SCIF (the “host”) allows for a non-sponsoring element (the “tenant” or “gaining” element) to use a SCIF for its own mission. The details are negotiated, agreed to, and memorialized in a Co-use Agreement.

SCIF co-use promotes efficiency and increases competition. It leverages an existing IC asset to increase total mission capacity, and it increases the pool of eligible competitors for a given program. It allows small, innovative, companies to compete for work they would otherwise be foreclosed from chasing. Naturally, small businesses are eager to promote SCIF co-use.

And so is the Director of National Intelligence (DNI). In 2010, the DNI issued Intelligence Community Directive (ICD) 705, which sought to promulgate uniform IC physical and technical security requirements (“uniform security requirements”) applicable to all SCIFs. The stated goal was to “foster efficient, consistent, and reciprocal use of SCIFs in the IC.” ICD 705(B)(1). The mandate sought to ensure that, from that point forward, all SCIFs would be constructed, operated, and maintained for reciprocal use by all IC elements. See, ICD 705(D)(7).

But there was a catch. Despite the DNI’s best intentions, SCIFs—like suits—are not “one-size fits all.” A little tailoring is always required. As recently explained to me by a sympathetic IC program manager, “we each have different requirements due to the work being conducted.” So the original ICD provided for a narrow exception: In the presence of undefined “exceptional circumstances”, the uniform security requirements can be waived. In short order, the diversity and complexity of the IC’s various programs gave rise to a proliferation of waivers. Soon, the exception would swallow the rule.

Today, depending on mission requirements, waivers are available both where the uniform security requirements can’t be met and when they need to be exceeded. See, generally, ICS 705-1(H)(a)—(b). So today’s accredited SCIFs vary significantly as to conformity with the “uniform” requirements; some meet them, some exceed them, and some fall short.

The result is that IC program managers and industry security professionals are constantly working to reconcile a tension: a policy environment that promotes the development and approval of a Co-use Agreement, on the one hand; and, a practical need to reconcile waivers, on the other. A would-be-tenant and a would-be-host agree on the goal; however, the tenant must ensure that its unique mission requirements can be met by the terms of the host’s accreditation, together with any waivers that the host element has allowed to the uniform security requirements.

And all of this takes time. Co-Use agreements are typically coordinated between the security office of the element that has sponsored the host SCIF and the security office of the gaining or tenant element. For example, if a company has a SCIF accredited by the NRO but wants the SCIF to support an NGA program, the NGA security office works with the NRO security office to ensure that all NGA regulations for the subject SCIF are met. Following an extensive review, including reconciliation of any waivers, the NGA security office will authorize the NGA work to be performed in the NRO-accredited SCIF pursuant to the terms of a definitized Co-use Agreement.

You should make purposeful contact with the security offices of both the host and gaining elements as soon as program-specific security requirements can be determined. Depending on the existence and type of waivers, the process may be lengthy and complex. Early and constant coordination will marginally but meaningfully increase the likelihood of SCIF co-use.



Copyright © 2015 c2LegalSolutions, PLLC, All rights reserved.

We hope you liked this article. Subscribe to c2 Legal Briefs. (You can unsubscribe at any time.)


TESTIMONIALS AND CASE RESULTS DEPEND UPON A VARIETY OF FACTORS UNIQUE TO EACH CASE. TESTIMONIALS AND CASE RESULTS DO NOT GUARANTEE OR PREDICT A SIMILAR RESULT IN ANY FUTURE CASE UNDERTAKEN BY THE ATTORNEY. JAMES K. LAY IS THE ATTORNEY RESPONSIBLE FOR THIS ADVERTISEMENT, WHICH IS INTENDED FOR GENERAL EDUCATIONAL PURPOSES AND NOT INTENDED TO CONSTITUTE LEGAL ADVICE. THE VIEWS EXPRESSED ARE SOLELY THOSE OF THE AUTHOR, AND NOT NECESSARILY THOSE OF THE FIRM.