Secure Facilities And Spaces - Whole Building Design Guide

2y ago
26 Views
2 Downloads
1.60 MB
31 Pages
Last View : 20d ago
Last Download : 2m ago
Upload by : Lee Brooke
Transcription

Secure Facilities and SpacesPresented by: Richard Cofer, P.E.Naval Facilities Engineering Command AtlanticCapital Improvements Business LineEngineering Criteria and ProgramsNovember 2016

Intent The intent of this presentation is to makedesigners aware of:– Types of secure spaces– Terminology associated with secure spaces– Understand some basic physical securityconcepts– Understand baseline requirements– How layout can enhance the security of thesecure spaces.3Unclassified: Secure Facilities and SpacesNovember 2016Secure Facilities and Spaces Secure Facilities and Spaces are designed andoperated to prevent unauthorized access toequipment, installations, material, anddocuments; and to safeguard them againstespionage, sabotage, damage, and theft.4Unclassified: Secure Facilities and SpacesNovember 2016

Secure Facilities and SpacesSecure Facilities and Spaces are typicallyfound in: 5Command HeadquartersOperation CentersAdmin FacilitiesCommunication CentersTraining FacilitiesHangarsUnclassified: Secure Facilities and SpacesNovember 2016Project Development The requirements for a secure facility or spacemust be established during project planning.– Establish an interdisciplinary planning team withlocal considerations to include the following: Planning Supported Command Supported Command’s Security Manager Communications Security: Installation/Region N3 Engineering PM/DM needs to proactively engage SecurityManager to coordinate project requirements anddesign6Unclassified: Secure Facilities and SpacesNovember 2016

Project Development The planning team must:Determine what assets require protectionUnderstand related DoD/Service policy/regulationsUnderstand the objectives of the systemUnderstand the user’s operational requirementsUnderstand the operational and sustainment costDetermine the protective measures and related costsand incorporate them into the project’s scope andbudget.– Determine funding source(s) for electronic securitysystems––––––7Unclassified: Secure Facilities and SpacesNovember 2016So What Generates the Requirement? The asset being protected:– Classified Information Sensitive Compartmented Information (SCI)Special Access Program (SAP) InformationTop SecretSecretConfidential– Classified Communication Systems– Arms, Ammunitions, and Explosives (AA&E) This presentation will focus on the ClassifiedInformation and Communications Systems8Unclassified: Secure Facilities and SpacesNovember 2016

Levels of Classification Top Secret Information:– Top Secret is be applied to information the unauthorizeddisclosure of which reasonably could be expected tocause exceptionally grave damage to the nationalsecurity. Top Secret information must be stored:– In a GSA-approved security container with one of thefollowing supplemental controls: An employee cleared to at least the Secret level shall inspect thesecurity container once every 2 hours. The location that houses the security container is protected by anintrusion detection system (IDS) with personnel responding to thealarm arriving within 15 minutes of the alarm annunciation.9Unclassified: Secure Facilities and SpacesNovember 2016Levels of Classification Top Secret information must be stored (continued):– In an open storage area (also called a secure room)equipped with an IDS with the personnel responding toan alarm within 15 minutes of the alarm annunciation ifthe area has been determined to have security-in-depth,or within 5 minutes of alarm annunciation if it has not– In a vault, or GSA-approved modular vault, meeting therequirements of Federal Standard (FED-STD) 83210Unclassified: Secure Facilities and SpacesNovember 2016

Levels of Classification Secret Information.– Secret is applied to information the unauthorized disclosureof which reasonably could be expected to cause seriousdamage to the national security. Secret information must be stored:– In the same manner Top Secret information– In a GSA-approved security container or vault built to FEDSTD 832 specifications, without supplementary controls– In an open storage, provided the senior agency officialdetermines in writing that security-in-depth exists, and one ofthe following supplemental controls is utilized: An employee cleared to the Secret level shall inspect every 4 hours. An IDS with the personnel responding to the alarm arriving within 30minutes of the alarm annunciation.11Unclassified: Secure Facilities and SpacesNovember 2016Levels of Classification Confidential Information.– Confidential. Confidential is applied to information theunauthorized disclosure of which reasonably could beexpected to cause damage to the national security. Confidential information must be stored– In the same manner asprescribed for Top Secret orSecret information except thatsupplemental controls are notrequired.12Unclassified: Secure Facilities and SpacesNovember 2016

Levels of Classification Sensitive Compartmented Information (SCI).– A SCI is classified Secret or Top Secret information thatis derived from intelligence sources, methods oranalytical processes that is required to be handledwithin formal access control systems established by theDirector of National Intelligence. SCI can only be stored, used, processed, ordiscussed in a Sensitive CompartmentedInformation Facility (SCIF)13Unclassified: Secure Facilities and SpacesNovember 2016Levels of Classification Special Access Program (SAP):– A program established for a specific class ofclassified information that imposes safeguardingand access requirements that exceed thosenormally required for information at the sameclassification level. SAP Information can only be stored, used,processed, or discussed in a Special AccessProgram Facility (SAPF)14Unclassified: Secure Facilities and SpacesNovember 2016

Compartmented Area (CA)Compartmented Area (CA) is a room, a set of rooms, or anarea that provides controlled separation between thecompartments within a SCIF or SAPF.15Unclassified: Secure Facilities and SpacesNovember 2016Unclassified Information Controlled Unclassified Information (CUI).– Unclassified information that requires safeguarding ordissemination controls, pursuant to and consistent withapplicable law, regulations, and Government-wide policies. For Official Use Only (FOUO).– A protective marking to be applied to unclassifiedinformation when disclosure to the public of that particularrecord, or portion thereof, would reasonably be expected tocause a foreseeable harm to an interest protected by one ormore provisions of the Freedom of Information Act (FOIA).16Unclassified: Secure Facilities and SpacesNovember 2016

Protection of FOUO Information During working hours:– Reasonable steps must be taken to minimize the risk ofaccess by unauthorized personnel (e.g., not reading,discussing, or leaving FOUO information unattendedwhere unauthorized personnel are present). After working hours:– FOUO information may be stored in unlockedcontainers, desks, or cabinets if Government orGovernment-contract building security is provided. Ifsuch building security is not provided or is deemedinadequate, the information must be stored in lockeddesks, file cabinets, bookcases, locked rooms, etc.17Unclassified: Secure Facilities and SpacesNovember 2016Terms to Know Classified Information Systems:– CENTRIXS: Combined Enterprise Intelligence ExchangeSystem (Confidential)– SIPRNET: Secret Internet Protocol Router Network– JWICS: Joint Worldwide Intelligence CommunicationsSystem (Top Secret/SCI)18Unclassified: Secure Facilities and SpacesNovember 2016

Terms to Know PDS: Protected Distribution System– A signal distribution system (raceway, conduit or duct)containing unencrypted National Security Information(NSI) which enters an area of lesser classification, anunclassified area or uncontrolled (public) area must beprotected according to the requirements of the currentPDS standard.19Unclassified: Secure Facilities and SpacesNovember 2016Terms to Know Secure Room (Open storage area)– Secure Room. An area constructed in accordance with therequirements of the DoDM 5200.01 Volume 3 Appendix toEnclosure 3 and authorized by the senior agency official for openstorage of classified information. Controlled Access Area (CAA)– A physical area such as a building or room under physical controland where only personnel cleared to the level of the informationbeing processed are authorized unrestricted access. Restricted Access Area (RAA)– A physical area such as a building or room where only personnelcleared to the level of the information being processed areauthorized unrestricted access, but does not meet all of thephysical security requirements of a CAA.20Unclassified: Secure Facilities and SpacesNovember 2016

Terms to Know TEMPEST– TEMPEST refers to the investigation, study, and controlof Compromising Emanations of National SecurityInformation (NSI) from telecommunications andinformation processing systems.– TEMPEST countermeasures are required when thefacility contains equipment that will be processingNational Security Information (NSI). Example: CENTRIXS,SIPRNET or JWICS Certified TEMPEST Technical Authority (CTTA)– The CTTA has responsibility for conducting or validatingTEMPEST reviews and recommending TEMPESTcountermeasures21Unclassified: Secure Facilities and SpacesNovember 2016Terms to Know Inspectable space:– Inspectable Space is the three-dimensional spacesurrounding equipment that processes classifiedand/or sensitive information within which TEMPESTexploitation is not considered practical or wherelegal authority to identify and/or remove a potentialTEMPEST exploitation exists. If required TEMPEST countermeasures areomitted, the facility will not be accredited andthe Supported Command will not be missioncapable.22Unclassified: Secure Facilities and SpacesNovember 2016

Protection System Concepts SECURITY IN DEPTH (SID)– A combination of layered and complementarysecurity controls sufficient to deter, detect, anddocument unauthorized entry and movement withinthe installation and/or facility and the ability to delayand respond with force. The layers in SID are designed to screen personnel andmaterials to allow access to authorized personnel. The complementary security controls are made up ofdifferent types of procedures, boundaries, ElectronicSecurity System (ESS), and response forces so that theaggressor’s tools and techniques required to bypass onelayer of the system are not the same for successive layers.23Unclassified: Secure Facilities and SpacesNovember 2016Protection System Concepts SID Layers– The first layer of defense is typically an Installation’s perimeterincluding the Access Control Points (ACPs).24Unclassified: Secure Facilities and SpacesNovember 2016

Protection System Concepts SID Layers– To determine protection measures for a specific project,security professionals must assess the SID in place anddetermine if additional layers are required. Here are someexamples of how or where SID can be implemented: On a Military installation or compound with a dedicated response forceof U.S. citizens or U.S. persons. Within a controlled or restricted area. Within a building or fenced compound that employs access control. Within the building away from exterior walls, on an upper floor or in thebasement. In a protected area where the space adjacent to or surrounding theprotected area is controlled and protected by alarm.25Unclassified: Secure Facilities and SpacesNovember 2016Protection System Concepts Zoning– Zoning is the concept of grouping functional areas bysecurity or access levels to enhance security.– Having multiple zones within a facility that requirepersonnel to transition through increasingly secureaccess control layers (zones) can enhance the securityof the higher security zones/areas– Zones may include Public access (public/visitor areas, service areas) Controlled access area, Restricted access area, secret open storage,top secret open storage, SCIF, SAPF and the compartmented areaswithin.26Unclassified: Secure Facilities and SpacesNovember 2016

Protection System ConceptsZoning/SID Layers27Unclassified: Secure Facilities and SpacesNovember 2016Design Considerations Utilize the building layout to enhance security– Understand the various secure spaces within thefacility Understand the security levels and associated constructionrequirements (Secret, Top Secret, SAP, or SCI) Understand the required separations, adjacencies andcompartmented areas Access control procedures and personal storage requirements– Understand visitor access and escort requirements VisitorsForeign NationalsMaintenance personnelCustodial Staff– Know who else is in the building Foreign Nationals28Unclassified: Secure Facilities and SpacesNovember 2016

Design Considerations29November 2016Unclassified: Secure Facilities and SpacesDesign ConsiderationsOPEN SECRET STORAGESCIFSECOND FLOOR SECURE AREALOCATED DIRECTLY OVER THE OSSSPACE/DATA CENTER.30Unclassified: Secure Facilities and SpacesNovember 2016

Design ConsiderationsSECOND FLOOR SECURE AREALOCATED DIRECTLY OVER THE OPENSECRET STORAGE (OSS) SPACE/DATACENTER.31Unclassified: Secure Facilities and SpacesNovember 2016Design Considerations32Unclassified: Secure Facilities and SpacesNovember 2016

When is a SCIF or SAPF needed? A SCIF or SAPF is established when there is aclear operational requirement that is crucial tothe command’s mission. To be operational, a SCIF or SAPF must beAccredited.– Accreditation is the formal approval that a spacemeets the prescribed physical, technical, andoperational standards.If a SCIF or SAPF cannot be accredited, it cannotbe operational and the command is notmission capable!33Unclassified: Secure Facilities and SpacesNovember 2016Information Security for SCIF and SAPF Construction plans and all related documents must be handledand protected in accordance with the Construction SecurityPlan Do not identify SCIF or SAPF locations on planning orconstruction documents With accreditingofficial’s approval,areas may beidentified as“secure area” or“controlled area”34Unclassified: Secure Facilities and SpacesNovember 2016

Specific Design Strategy DESIGNERS MUST TAKE A SIX-SIDEDAPPROACH WHEN DEVELOPINGDESIGNS.– The perimeter includesall walls , floors,ceilings, doors,windows andpenetrations in theperimeter such asductwork and pipes.and conduit.35Unclassified: Secure Facilities and SpacesNovember 2016Specific Design Strategy PERIMETER CONSTRUCTION.– The SCIF, SAPF and Compartmented Area perimeters and thepenetrations to those perimeters are the primary focus of afacility design.– Mitigation against forcedentry, covert entry, visualsurveillance, acousticeavesdropping, andelectronic emanations willdrive the design of theperimeter.36Unclassified: Secure Facilities and SpacesNovember 2016

Specific Design Strategy Acoustic Protection– The amount of sound energy reduction may varyaccording to individual facility requirements. However,Sound Group ratings must be used to describe theeffectiveness of acoustical security measures affordedby various wall materials and other buildingcomponents. Perimeter must meet Sound Group 3, unless additional protectionis required for amplified sound. Compartmented Area Walls: The dividing office walls must meetSound Group 3, unless additional protection is required foramplified sound.– ASTM E-90, Standard Method for Laboratory Measurement ofAirborne Sound Transmission.37Unclassified: Secure Facilities and SpacesNovember 2016Specific Design Strategy Walls:– Perimeter walls, floor andceiling must be permanentlyand solidly constructed andattached to each other. Wallsmust go from true floor to trueceiling.– Seal partition continuouslywith acoustical foam or sealant(both sides) and finished tomatch wall wherever it abutsanother element such as thefloor, ceiling, wall, column, ormullion.– Uniformly finish wall from truefloor to true ceiling.38Unclassified: Secure Facilities and SpacesNovember 2016

Specific Design Strategy Seal wall penetrations on both sides withacoustical foam or sealant finished to match wall.– Note: Through Penetration Fire Stop System mayberequired for fire rated wall assemblies.39Unclassified: Secure Facilities and SpacesNovember 2016Specific Design Strategy40Unclassified: Secure Facilities and SpacesNovember 2016

Specific Design Strategy Wall A (Standard Wall) - Sound Group 3(STC 45 or better)– 3-5/8” 16 gauge metal or 2 x 4 wood studs– 16 gauge continuous track (top & bottom) w/anchors at 32” o.c. maximum) – bed incontinuous bead of acoustical sealant.– Three layers ⅝ inch-thick gypsum wallboard(GWB), one layer on the uncontrolled side ofthe SCIF and two on the controlled side ofthe SCIF. The interior two layers ofwallboard shall be mounted so that theseams do not align (i.e., stagger joints).– Acoustic fill 3 ½ “ (89mm) sound attenuationmaterial, fastened to prevent sliding downand leaving void at the top.41Unclassified: Secure Facilities and SpacesNovember 2016Specific Design Strategy Wall B (Enhanced Wall)Expanded Metal SoundGroup 3 (STC 45 or better):– Same as Wall A except: ¾” mesh, # 9 (10 gauge)expanded metal shall be affixedto the interior side of perimeterwall studs. Expanded metal shall be spotwelded to the studs every sixinches along the length of eachvertical stud and at the ceilingand floor.42Unclassified: Secure Facilities and SpacesNovember 2016

Specific Design Strategy Wall C (Enhanced Wall) Perimeterwalls with Fire Rated Plywood:– Wall assembly the same as Wall Bexcept:– 1/2" Fire Retardant Plywood affixed 8’vertical by 4’ horizontal to 16 gauge studsusing glue and #10 steel tapping screwsat 12 on center (o.c.)– GWB shall be mounted to plywood withscrews avoiding contact with studs tomitigate any possible acoustic flankingpath.43Unclassified: Secure Facilities and SpacesNovember 2016Specific Design Strategy Minimum requirements for Vaultwalls:– Reinforced Concrete Construction Walls, floor, and ceiling will be a minimumthickness of eight inches of reinforced concrete.– GSA-approved modular vaults Federal Specification FF-V-2737– Steel-lined Construction Where unique structural circumstances do notpermit construction of a concrete vault Minimum requirements for doors– GSA-approved Class 5 or Class 8 vault door– Within the US, a Class 6 vault door isacceptable44Unclassified: Secure Facilities and SpacesNovember 2016

Possible TEMPEST Countermeasures RF mitigation shall be provided at the direction of the CTTA when thefacility utilizes electronic processing and does not provide adequateRF attenuation at the inspectable space boundary.– The use of R-foil or aluminum foilbacked gypsum is required if thefacility does not provide adequateRF attenuation at the inspectablespace boundary and recommendedfor all other applications.– When R-foil is employed it shall beplaced inside the space betweenthe first and second layer ofgypsum board.– Don’t forget ceiling, floor, penetrations, and connections45Unclassified: Secure Facilities and SpacesNovember 2016Possible TEMPEST Countermeasures Physical separation– All equipment, wirelines, components, and systems that processNSI are considered RED.– All equipment, wirelines, components, and systems that processencrypted NSI and non-NSI are considered BLACK.– The RED/BLACK concept is utilized to establish minimumguidance for physical separation to decrease the probability thatelectromagnetic emissions from RED devices might couple toBLACK systems.– Red/Black line separation guidelines 4639 inches if neither line is in ferrous conduit9 inches if one line is in ferrous conduit3 inches if both lines are in ferrous conduit0 inches if one line is optical fiberUnclassified: Secure Facilities and SpacesNovember 2016

Specific Design Strategy Utilities such as power, Telecommunications, signal, orplumbing on the interior of a perimeter/compartmentedwall treated for ac

3 Unclassified: Secure Facilities and Spaces November 2016 Intent The intent of this presentation is to make designers aware of: – Types of secure spaces – Terminology associated with secure spaces – Understand some basic physical security concepts – Understand baseline requirements – How layout can enhance the security of the secure s

Related Documents:

Appendix A:Sample Parking Garage Operations Manual: Page A-4 1.4 Parking Facility Statistics Total Capacity: 2,725 Spaces Total Compact: 464 Spaces (17%) Total Full Size: 2,222 Spaces Total Handicapped Spaces: 39 Spaces Total Reserved Spaces: 559 Spaces Total Bank of America Spaces: 2,166 Spaces Total Boulevard Reserved

B. Pipe and pipe fitting materials are specified in Division 15 piping system Sections. 1.3 DEFINITIONS A. Finished Spaces: Spaces other than mechanical and electrical equipment rooms, furred spaces, pipe and duct shafts, unheated spaces immediately below roof, spaces above ceilings, unexcavated spaces, crawl spaces, and tunnels.

Confined spaces are generally classified in one of two ways: permit required confined spaces and non-permit required confined spaces. Spaces classified as non-permit confined spaces do not have the potential to contain serious hazards and no special procedures are required to enter them. Permit required confined spaces have the .

21 Nuclear Locally Convex Spaces 21.1 Locally Convex -Spaces 478 21.2 Generalities on Nuclear Spaces 482 21.3 Further Characterizations by Tensor Products 486 21.4 Nuclear Spaces and Choquet Simplexes 489 21.5 On Co-Nuclear Spaces 491 21.6 Examples of Nuclear Spaces 496 21.7 A

a speci c, commonly used, case of secure computation. To implement secure computation and secure key storage on mobile platforms hardware solutions were invented. One commonly used solution for secure computation and secure key storage is the Secure Element [28]. This is a smart card like tamper resistant

IDENTIFYING CONFINED SPACES Document the process : Complete a Confined Space Hazard Analysis Form for each suspected space. All spaces that are considered confined spaces are then transferred to the confined space log. Create a separate log for permit and non-permit confined spaces. Have the spaces marked with an appropriate sign.

Spaces in a residential home may be considered confined spaces or permit-required confined spaces during the construction or remodeling process. However, the vast majority of the standard's requirements only apply to permit-required confined spaces, and attics, basements, and crawl spaces in a residential home — three common spaces - will .

MOSARIM No.248231 2012-12-21 File: D.6.1.1.final_report_final.doc 8/21 from Frost&Sullivan, ABI research and Techno Systems Research overall market penetration and percentage of newly radar equipped vehicles per year were forecasted until 2020, as shown in Figure 7. It has to be noted that the given numbers are not necessarily in agreement