GENERAL SERVICES ADMINISTRATION
Washington, DC 20405
ADM 1025.4
December 14, 2020
GSA ORDER
SUBJECT: Sensitive Compartmented Information Facility (SCIF) Use Policy
1. Purpose. The purpose of this Order is to establish policies for accessing, safeguarding, and storing classified information and material, including documents printed and stored within a U.S. General Services Administration (GSA)-controlled SCIF.
2. Background. The authorities below encompass the protection of facilities, personnel, and classified information in GSA-controlled SCIFs. This list of authorities is not all inclusive but represents the primary reference documents:
a. Executive Order (EO) 13526 (Replacing EO 12958), “Classified National Security Information,” December 29, 2009, as amended.
b. EO 12333, “United States Intelligence Activities,” December 4, 1981, as amended.
c. Code of Federal Regulations Title 32, Part 2001 “Classified National Security Information,” June 25, 2010.
d. Intelligence Community Directive (ICD) 700, “Protection of National Intelligence,” June 7, 2012.
e. ICD 701, “Unauthorized Disclosure of Classified Information,” December 22, 2017.
f. ICD 704, “Personnel Security Standards and Procedures Governing Eligibility for Access to Sensitive Compartmented Information and Other Controlled Access Program Information,” October 1, 2008, as amended on June 20, 2018.
g. ICD 705, “Sensitive Compartmented Information Facilities,” May 26, 2010.
3. Scope and Applicability. This Order applies to all GSA personnel and visitors to a GSA-controlled SCIF. This Order does not apply to other agencies that have agreements with GSA to use a GSA-controlled SCIF unless specifically provided for in such agreements.
The provisions of this Order shall not be construed to interfere with, or impede, the legal authorities or independence of the GSA Office of Inspector General or the Civilian Board of Contract Appeals.
4. Policy. GSA-controlled SCIFs are the responsibility of the GSA Office of Mission Assurance (OMA). This Order provides security guidance for the accessing, safeguarding, and storing of classified information and material in GSA-controlled SCIFs. The use, discussions, and storage of classified information and material may only be handled by an individual with an appropriate security clearance, a need to know the information, and within a GSA-controlled SCIF.
5. Responsibilities.
a. Associate Administrator of OMA:
(1) Leads the SCI Security Program direction, management, and oversight consistent with the policies and procedures of the Office of the Director of National Intelligence to protect classified information, intelligence, and intelligence sources and methods.
(2) Is accountable for safeguarding all equipment and systems, and the secure handling of all documents that are printed and stored in GSA-controlled SCIFs.
(3) Designates and appoints, in writing, qualified Special Security Officer(s) and Site Security Manager(s) (SSM) to support each GSA-controlled SCIF nationwide.
(4) Reports and investigates all suspected security incidents or violations within GSA-controlled SCIFs.
(5) Creates, updates and implements SCIF visitor access protocols, as prescribed in Appendix A: Visit Access Protocols.
(6) Manages the GSA Headquarters Emergency Operations Center (EOC), staffed by watch officers who:
(a) Receive/manage/reserve all Central Office SCIF scheduling requests;
(b) Verify through the GSA Personnel Security Office approved SCI accesses for anyone requesting to conduct classified work in the SCIF;
(c) Conduct daily communication readiness checks to ensure classified systems are operational; and
(d) Maintain records to include incoming access logs, Standard Form (SF)- 700, SF-701, and SF-702.
(7) Manages Communications Security:
(a) Operates and maintains all Classified Communications Security (COMSEC) equipment, classified and unclassified computer systems, and intrusion detection systems;
(b) Manages access to the alarm system, and removal of such access;
(c) Maintains appropriate accreditation of all equipment and systems and completion and maintenance of user agreement documentation;
(d) Performs inspections as required; and
(e) Completes and submits all System Access Requests and Public Key Infrastructure for classified accounts to the Defense Information Security Agency.
(8) Responds to requests/inquiries pertaining to physical changes to communications equipment and/or modifications to the equipment in GSA-controlled SCIFs; and
(9) Maintains a list of items prohibited in GSA-controlled SCIFs, in accordance with ICD 705. The list of prohibited items will be maintained in a Standard Operating Procedure for each GSA-controlled SCIF.
b. Only GSA employees who are SCI briefed are authorized unescorted access to GSA-controlled SCIFs, and must:
(1) Comply with the provisions of this Order and the individual SCIF Standard Operating Procedures, as appropriate, and the provisions of the approved SCIF Emergency Action Plan;
(2) Complete the annual requirement of the SCI Refresher Training and the bi-annual Derivative Classification Refresher Training;
(3) Report to SSM and supervisor any information that could affect their eligibility, or that of other individuals to retain SCI access; and
(4) Immediately report an actual or potential security violation/incident to the SSM appointed to support the GSA-controlled SCIF where the security violation/incident occurred (i.e., regional or Central Office location).
6. Signature.
_____________________
EMILY W. MURPHY
Administrator
Appendix A: Visit Access Protocols
Appendix B: Terms and Definitions
Appendix A: Visit Access Protocols
All visitors must remain outside the SCIF entrance area until their clearances have been verified by the GSA EOC or the SSM through the GSA SCI Access List, or the GSA Personnel Security Office (for individuals who are not SCI briefed). The SSM is the only official channel and point of contact for sending passing/receiving SCI access verifications for non-GSA employee visitors. The SSM will verify eligibility through a Visit Access Request Form. The following access control procedures must be followed.
- SCI Briefed Visitors must:
- Fill out the Visit Access Request Form and receive approval at least 48 hours prior to arrival from the OMA Personnel Security Director.
- Have a host/escort official who does the following:
- Meets the visitor at the SCIF entrance and provides escort duties.
- Possesses the proper SCI briefing authorization for the particular classified material being viewed, used, discussed, or stored within the SCIF at the time of the visit (or identifies a properly authorized escort prior to receiving approval for the meeting).
- Announces the arrival of the visitor and their level of clearance to all personnel inside the SCIF.
- Sign the SCIF Access Log and receive a visitor badge upon arrival.
- Sign out on the SCIF Access Log and return the visitor badge to the GSA EOC Watch Officer.
Note: If the visitor is an SCI briefed non-GSA employee, the visitor must be under constant, visual surveillance by the host/escort for the duration of the visit. Any incidents involving improper escorting during a visitor’s entrance into the SCIF must be immediately reported to the SSM.
- Uncleared Visitors (those who are not SCI Briefed) must:
- Complete items 1a-1d listed above plus:
- Have a host/escort official who does the following:
- Continuously observes the visitor while inside the SCIF.
- Ensures all classified materials are secured and not visual prior to visitor admittance.
- Ensures all classified operations (including discussions) cease whenever an uncleared visitor is in the SCIF.
Appendix B: Terms and Definitions
Classified Information - Information that an original classification authority determines the unauthorized disclosure of which reasonably could be expected to result in damage to the national security, which includes defense against transnational terrorism, and the original classification authority is able to identify or describe the damage. Classified information may be protected at one of three classification levels: Top Secret, Secret, or Confidential.
Communications Security (COMSEC) - Measures designed to deny unauthorized persons information of value that might be derived from the possession and study of telecommunications, or to mislead unauthorized persons in their interpretation of the results of such possession and study. This includes cryptosecurity, transmission security, emission security, and physical security of communication security materials and information.
GSA-Controlled Sensitive Compartmented Information Facility (SCIF) – Any SCIF that GSA occupies and/or manages.
SCI Briefed - The initial instructions concerning the unique nature of SCI, its unusual sensitivity, and the special security regulations and practices for its handling which are given to each individual who has been approved for access prior to his/her exposure.
Sensitive Compartmented Information (SCI) - All information and materials bearing special community controls indicating restricted handling within present and future community intelligence collection programs and their end products for which community systems of compartmentation have been or will be formally established.
Sensitive Compartmented Information Facility (SCIF) - An accredited area, room, group of rooms, or installation where sensitive compartmented information may be stored, used, discussed, and/or electronically processed, where procedural and physical measures prevent the free access of persons unless they have been formally briefed for the particular sensitive compartmented information authorized for use or storage within the sensitive compartmented information facility.
Visitors - Any non-SCI briefed individual or any SCI briefed non-GSA employee.
Visit Access Request - An authorization letter/request that must be submitted to the Personnel Security Office to verify an individual’s clearance level and/or if they are briefed into SCI before classified information can be shared with them.
U.S. General Services Administration