Five Things You Need to Know
Before Starting Security Planning & Programming

Be sure to avoid costly mistakes by downloading this free guide first!

R2: Responsible Recycling

R2 is the short form expression for Responsible Recycling Standards for Electronic Recyclers. This is one of two standards; the other being e-Stewards-Standard for Responsible Recycling and Reuse of Electronic Equipment. However, R2 is the world’s most utilized standard for the disposal and manufacture for used electronics.


The R2 practices were released in 2008 through development cooperation from members within the EPA, state agencies, electronics recyclers, refurbishers, trade associations, customers, other non-government organizations. A few years later in 2011, the Interagency Task Force on Electronics Stewardship developed the National Strategy for Electronics Stewardship. The NSES outlines recommendations for safer design and disposal of electronic devices. The Task Force states that the United States government should lead by example, and this strategy outlines the best practices to be adopted by government agencies.

So…who does this apply to and what is an electronic recycler?

The EPA is encouraging all electronics recyclers (companies that manufacture and sell refurbished electronics or utilize components from used electronics) to become certified (aka r2 certification requirements) by demonstrating to an accredited independent third-party auditor that they meet specific standards to safely recycle and manage electronics. Used electronics should only be considered ‘waste’ if all other options have been evaluated and eliminated.

The EPA is encouraging all electronics recyclers (companies that manufacture and sell refurbished electronics or utilize components from used electronics) to become certified (aka r2 certification requirements) by demonstrating to an accredited independent third-party auditor that they meet specific standards to safely recycle and manage electronics. Used electronics should only be considered ‘waste’ if all other options have been evaluated and eliminated.


The American National Standards Institute National Accreditation Board accredits bodies in the United States. There are currently only six organizations in the country that have received this accreditation. Given our country’s reliance on electronics, it’s safe to assume that the amount of refurbished electronic manufacturers will only increase and with it – the number of accredited organizations.

How does one become R2 certified and what is V3?

The first step is to reach out to an accredited standards development organization. We found a recommended 501(c)(3) organization using the EPA’s website. This organization, SERI, has the sole mission of environmental protection through the safe disposal and recycling of electronic products.


There are various resources available on SERI’s website. You can download the latest version of R2 documents HERE.


The entire process takes anywhere from 8 to 12 months, and organizations are free to complete the education independently or may reach out for a training consultant. Once again, all resources are located on the SERI website.


After completing the education, the organizational standards of procedure may need to be modified. This will require clear documentation of the prior procedures and new and improved processes. Next, the organization must implement these standards. Detailed documentation is key to earning accreditation. Furthermore, most companies will hire a consultant to assist within the implementation phase. You can find a list of consultants here.

Changes have been made, processes have been modified, and every step has been documented. What’s next? Now, you must perform an internal audit.


The last and final step is a certification audit. There are two stages to this audit and it spans one to two months. You can find an approved list of certification companies here. Prior to the initializing of stage two of the audit, you will complete a license application and pay a fee. After passing the certification audit and receiving an R2 certificate, a company is subject to mandatory annual audits and fees to maintain R2 status.


This accreditation is voluntary and encouraged. The government has been instructed to follow guidelines to be a good example to businesses and citizens. For this reason, if there is an option to do business with an accredited organization, a government agency will select this business over others. This offers the U.S. Government to help influence national standards through commerce.


Why would an organization want to use R2 standards? For one, they help to reinforce and advance best management practices relating to OSHA and risk management. These standards add additional value to an organization’s SOPs through assessing environmental and security practices. R2 helps trace and prevent hazardous waste from entering and polluting the environment.


These guidelines were issued in 2011. However, many companies are voluntarily adopting these best practices and becoming certified to quickly make a transition when, in all likelihood, these practices will become mandatory. At the very least, certification will be required for government vendors. Certification is not required for government vendors currently, but government agencies have been instructed to follow these measures whenever possible.


If you have been asked to become compliant with the R2 standards or need to find out pricing to budget for and r2 certified recycler, we’re here to help.

K.L. Security has various options for secure storage of digital and hardcopy documents. We also offer high-quality shredders for the safe destruction of confidential materials. With experience across various industries, we’re ready to help with all of your organization’s security needs.

Call 866-867-0306 or email [email protected]
Sources

https://www.epa.gov/smm-electronics/certified-electronics-recyclers

https://www.epa.gov/sites/production/files/2016-02/documents/u_s_epa_fact_sheet_implementation_study_1.pdf

https://www.epa.gov/sites/production/files/2015-09/documents/national_strategy_for_electronic_stewardship_0.pdf

R2

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.


Written by: Shelley Swearingen with input from KL Security Experts

SmartSafes & Cash in Transit Services (CIT)

Since the dawn of currency as a medium of exchange, theft has been an issue. Obviously, this issue is a key security concern for all retailers. The use of smart safes and cash in transit (CIT) services can help alleviate some of the anxiety associated with the handling of cash.

For example, the Fireking Summit Series line of deposit smart safes validate notes as they are inserted, immediately identifying potential counterfeits.  The Smart Safe automatically counts the currency and stores until collection – an added bonus for loss protection as totals can be tabulated instantly.

Smart Safes significantly reduce the chance of cash discrepancies while simultaneously reducing time and costs as a result of a simplified and efficient cash-handling process.  Easy-to-use configuration and a simple installation process allow you to introduce a secure smart safe solution to any business, large or small, with zero down time.  Near real-time web-based monitoring of cash levels via the Summit Control View  software offers immediate detailed reports, accessible from any PC or mobile device.  Manage employee access and monitor trends over time to better operate and understand your overall cash flow.

For additional security, we are partnered with CIT logistics providers (like Cash Connect) with the ability to provide provisional credit to your choice of financial institution(s), as well as armored car pickup throughout the Country.  Provisional credit is attained through automatic daily ACH transfer, and is bank-agnostic, allowing you to work with your existing banking partner. CIT logistics are fully managed with zero customer involvement. Armored vehicles arrive on a weekly or bi-weekly schedule determined by your cash volume to collect the cash that has already been deposited into your account through the ACH transfer.  Additional services such as change orders can be negotiated and handled through the same logistics partners as well.


Using Cash in Transit Services eliminates risk and exposure to yourself, staff, customers, and general public. It saves time and allows staff to concentrate on core business.


Let us help you reduce opportunities for theft, robbery, and/or diversion.  Call us today to start the conversation!

Call 866-867-0306 or email [email protected]

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

Storage of Monetary Funds: Changes and Updates


The storage requirements of secured monetary funds has been updated and revised in 2018 by the U.S. Department of Defense. These updates and revisions are summarized below and can be found in Department of Defense 7000.14-R Financial Management Regulation Volume 5, Chapter 3. The DoD administrative revisions—hyperlink format and updated policy memo—are not noted below.


In DoD 7000.14-R, a subparagraph has been amended to provide a little more clarification on determining cash requirements than in the previous version. Specifically including “managing foreign government contributions (burdensharing funds)” as a type of disbursement.


In addition to this revision, there have been two additions to DoD 7000.14-R. The first and most significant addition is a section on the establishment of the DoD’s Treasury Account Symbol (TAS) for disbursing officer (DO) cash to a cash/investment account that is outside of the U.S. Treasury. Both the Office of Management and Budget and the Treasury determined that TAS needs to be recorded for non-fiduciary, non-budgetary activities with government/federal sources or funds.


A TAS is created for each DoD component to “document the balance of DO cash held outside the Treasury.” Defense Finance and Accounting Services (DFAS) uses monthly SF 1219 data to report the DO cash to the proper Treasury Account Symbol. Below are the TASs for disbursing officer cash.


  1. 017 X 6950 disbursing officer cash: Department of Navy
  2. 021 X 6951 disbursing officer cash: Department of Army
  3. 057 X 6952 disbursing officer cash: Department of Air Force
  4. 097 X 6953 disbursing officer cash: Defense Agencies
  5. 096 X 6954 disbursing officer cash: Corps. Of Engineers (Civil)

The second addition ties in with the burdensharing revision mentioned above. An example is given at the end of the 7000.14-R for Foreign Currency Cash or Limited Depositary Account (LDA) Balance Requirements. A “Burdensharing Funds (If Applicable)” row has been added to the table.

Monetary Funds Lock and Storage Requirements

The monetary funds lock and storage requirements listed in DoD 7000.14-R remains unchanged from the previous version which are listed below.


  • Funds less than $7,500
    • Lock requirement(s): UL Std 768, Group 1R
    • Storage requirements: Vault (must be fire-resistant for two hours), Burglary resistant safe (if vault isn’t available), Class 5 GSA-approved container
      • Note: If GSA-approved container has been manufactured after 2007, it must have a FF-L-2740 or FF-L-2937 lock
  • Funds greater than $7,500 but less than $50,000
    • Lock requirement(s): UL Std 768, Group 1R
    • Storage requirements: Burglary resistant safe with UL TL-15 rating, Class 5 GSA-approved container
  • Funds greater than $50,000
    •  Lock requirement(s): UL Std 768, Group 1R
    • Storage requirements: Burglary resistant safe with UL TL-30 rating, Vault (must be fire-resistant for two hours)
X-10 Lock for GSA Approved Containers and Safes

Call 866-867-0306 or email [email protected]


Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

Cannabis Initiatives Win 2020 Election

By Shelley Swearingen | November 5, 2020


On November 3rd, millions of Americans spoke loud and clear: they want legal weed. Five states placed marijuana legalization on their ballots this year, and marijuana won approval in all five state elections.


Montana, Arizona, and New Jersey approved the institution of recreational marijuana markets. Mississippi approved the creation of a medical market, and South Dakota approved the legalization for all various forms of use.


The creation of these new markets means millions of dollars in sales to entrepreneurs as well as a massive influx of tax dollars to local governments. The legalization of cannabis within these states could also have an influence on bordering neighbors.  

Projected Sales

Here’s a breakdown of projected sales per state:


StatePopulationProjected 1st year sales
Arizona7,300,000+ $375,000,000
Mississippi2,900,000+ $240,000,000
Montana1,100,000+ $217,000,000
New Jersey8,900,000+ $375,000,000
South Dakota884,659+ $1,500,000

Polls have shown historically that most Americans are in favor of legalizing marijuana for medicinal use, but the country is torn more evenly on the issue of recreational use. The results of these elections show that the country is viewing marijuana more favorably than previously.

Licensing

In Arizona, existing cannabis operators will automatically receive licensure within the recreational market, and an additional 26 licenses will be issued to social equity applicants.


In Mississippi, there is no ceiling on the number of licenses available to cannabis businesses, and these licenses are required to be issued prior to August 15, 2021. That’s a very quick timeline for the creation of a new market.


Montana will require all license holders to be residents, but like Mississippi, there is no limit to the number of licenses to be issued.


New Jersey currently has a robust medical marketplace, and these operators will probably have the first opportunity to apply or be grandfathered in to the new recreational system.


The licensing guidelines within the proposed legislation in South Dakota are vague and will more than likely cause litigation or require further clarification. One clear rule states that municipalities may not ban medical dispensaries, but may limit the number of operations within its borders.

Cannabis Facility Design & Security

It’s safe to assume these states will look to other states for guidance on the design of new compliance and regulation legislation. KL Security has worked with various cannabis companies nationwide of all sectors: craft growers, secure transporters, large scale grow operators, medicinal pharmacies, recreational dispensaries, etc. We have assisted license applicants in multiple states in their architectural and schematic design concepts and application. Whether you’re in the application process or construction planning phase, we are ready and willing to help make your operation successful by driving revenues while maintaining compliance.

Focus Areas:
  • Security Plans and Intelligent IP Camera Systems
  • Cash Safes and Cash Management
  • Cannabis Vaults & Secure Rooms
  • Transportation cages and security
  • BR Rated Glass Partitions and Display Cases
  • DEA Approved Security Safes

Call 866-867-0306 or email [email protected]

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

SOURCES:

SCIF Container Series | Part 9: Acoustic Protection Detail

The acoustic protection guidelines listed below are designed to protect classified conversations from being overheard outside a SCIF and not intended to protect against purposeful technical interception of audio communications. A SCIF structure and its ability to retain sound within the perimeter is rated using the Sound Transmission Class (STC).


Sound group ratings are divided into two groups: Sound Group 3 and Sound Group 4. All SCIF perimeters are designed and constructed with meeting the standards of Sound Group 3 or better in mind. Acoustic protection and perimeter construction specifications for Wall A, B, and C can be found in previous articles. 


Sound Group 3 has a STC 45 or better. In this sound group, loud speech from within the SCIF can be faintly heard but not understood outside the SCIF. To the unaided ear, normal speech is unintelligible. Sound Group 4 has a STC 50 or better. In this group, loud sounds within the SCIF can be heard with the human ear faintly or not at all outside the SCIF.

Acoustic Testing


Audio tests must be conducted to verify all acoustic protection standards are met. With approval by the AO, these tests may be instrumental or non-instrumental and the test method used must be noted in detail in the CSP. All non-instrumental tests must be approved by the AO. Only qualified personnel with training on audio testing techniques will be allowed to conduct instrumental acoustic tests.


With all doors closed, all SCIF perimeter walls and openings (air returns, doors, windows, etc.) must be tested along several points to ensure that either Sound Group 3 or 4 is met. All audio test sources must have a variable sound level output with the output frequency range including normal speech. Test speakers must be placed six feet from the test wall and four feet off the floor. As noted by Sound Group 3 and 4 respectively, audio gain of the test source must produce “loud or very loud speech”.


Instrumental testing can be performed to Noise Isolation Class (NIC) standards. These results must comply with NIC 40 for Sound Group 3 and NIC 45 for Sound Group 4.

Sound Transmission Mitigations

In most cases, SCIF perimeter construction and acoustic protection should provide the necessary protection for Sound Group 3. However, when Sound Group 3 or 4 can’t be met within the normal SCIF construction standards, there are supplemental mitigations used to protect classified discussions from being overheard.


These mitigations can include (but aren’t limited to):

  1. Structure enhancements can be used to increase the resistance of the perimeter to vibration at audio frequencies.
  2. SCIF design can include a perimeter location or stand-off distance. This prevents non-SCI-indoctrinated person(s) from traversing beyond the point where SCI discussions can be intercepted.
  3. In conjunction with an amplifier and speakers or transducers, sound masking devices can be used to generate and distribute vibrations/noise.
  4. Speakers and transducers must produce sound at a higher level than the voice conversations within the SCIF.
  5. Speakers and transducers must be placed close to or mounted on any paths that allow audio to leave the area including doors, windows, walls, vents, etc.
  6. Wires and transducers must be, to the greatest extent possible, located within the perimeter of the SCIF.
  7. During TSCM evaluations, the sound masking system will be subject to inspection.
  8. A speaker may be installed outside the SCIF if the AO determines the risk to be low and meets the following conditions:
    1. Cable exiting the SCIF must be encased within rigid conduit.
    2. Sound masking system must be subject to review during TSCM evaluations.
  9. For common walls, speakers/transducers must be placed in a location so the sound optimizes the acoustical protection.
  10. For all doors and windows, speakers/transducers must be placed close to the aperture of the window/door. The sound must be projected in a direction facing away from conversations.
  11. Once the speakers/transducers are in an optimal location, the system volume must be set and fixed. Volume level is determined and adjusted by listening to conversations outside the area to be protected. The speaker volume will then be adjusted until conversations are unintelligible from outside the SCIF.
  12. Sound-source generators must be located within the SCIF.
    1. AM/FM receiver cannot be present on sound-source generators.
    2. If the sound-source generator has the capability to record sound, that function must be disabled.
    3. The following are examples of government-owned/sponsored sound-source generators:
      1. Audio amplifier w/ standalone computer (no network connection)
      2. Audio amplifier w/ a cassette tape player, CD player, or digital audio player, or w/ digital audio tape (DAT) playback unit
      3. Integrated amplifier and playback unit incorporating any of the above music sources
      4. A noise generator or shift noise source generator using either white or pink noise

Does your facility require a SCIF? KL Security offers SCIF Container Solutions with panelized modular systems for scalable modular, portable, & mobile requirements.  We assist in the acquisition of modular facilities for DoD & Government Access Control and ICD705 SCIFs or SAPF facilities. We also assist with special access control planning and commercial business security.


Call 866-867-0306 or email [email protected] to see how the experts at KL Security can assist your facility in security needs.

Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
SCIF Container Series | Part 1: Site Evaluation
SCIF Container Series | Part 2: Design Planning Checklist
SCIF Container Series | Part 3: Perimeter Wall Construction – Wall A
SCIF Container Series | Part 4: Perimeter Wall Specifications – Wall B
SCIF Container Series | Part 5: Perimeter Wall Specifications – Wall C
SCIF Container Series | Part 6: Vents and Ducts
SCIF Container Series | Part 7: Modular SCIFs
SCIF Container Series | Part 8.1: Intrusion Detection Systems
SCIF Container Series | Part 8.2: Intrusion Detection Systems

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

SCIF Container Series | Part 8.2: Intrusion Detection Systems

Integrated IDS and Remote Terminal Access


The United States government local area network (LAN) or wide area network (WAN) requires the AO’s CIO to be consulted before connecting an IDS. The IDS hosting system must be issued an Authority to Operate (ATO) by the agency’s CIO, following the FISMA Risk Management Framework that is outlined in NIST SP 800-53.


For IDS that have been already integrated into a networked system (LAN or WAN) the following requirements must be met:

  • System software must be installed on a host device that is logically and physically restricted to corporate/government elements cleared to the SCI level.
    • Host devices must be located in a Physically Protected Space. Protected space is defined as a locked room with walls, floor, and ceiling that form a solid physical boundary to which only SCI-cleared personnel have access to.
    • SCI-cleared personnel must escort any uncleared or personnel with less than SCI-clearance that require access to this space.
    • Door will use Commercial Grade 1 hardware fitted with high security key cylinder(s) in compliance with UL 437.
    • Room must be protected by UL Extent 3 burglar alarm system and access control (unless manned 24 hours).
  • All transmissions of system information over the LAN/WAN must be encrypted using National institute of Standards and Technology (NIST) FIPS 140-2, VPN, or closed and sealed conveyance. FIPS-197 (AES) can be used with AO approval.
  • All host system components and equipment must be isolated in a way that includes (but aren’t limited to):
    • Firewalls
    • Virtual Private Networks (VPNs)
    • Virtual Routing Tables
    • Other Application Level security mechanisms or similar enhancements that allow secure and private data transfers only between the PCU, host computer, remote terminal and monitoring station
  • Any components of the IDS are remotely programmable, continuous network monitoring is needed. Network monitoring includes auditing and reporting of all network intrusion detection and prevention systems.
  • A secondary communication path may be used to augment an existing data communication link to reduce search of data communication failures of less than five minute duration.
    • Supervision for a secondary communication path must be equivalent to that of a primary communication path
    • Secondary communication path can be wireless only if approved by the AO after consulting with the CTTA and/or the appropriate technical authority
  • A unique user ID and password is required for each individual granted access to system host computing devices or remote terminal. Passwords must be a minimum of 12 characters consisting of alpha, numeric, and special characters. The password must be changed every six months or utilize US Government Personal Identity Verification (PIV) Card or Common Access Card (CAC) with two factor certificate authentication.
  • Persons with IDS admin access must immediately notify the AO or designee of any unauthorized modifications.

Remote System terminals:


Remote system terminals must utilize AO approved role-based user permissions (e.g. Super User, SO, Guard). All USG installations must prohibit non SCI cleared personnel from modifying the IDS or ACS. Remote system terminals require an independent user ID and password in addition to the host login requirements. Host systems must log and monitor failed login attempts. All remote sessions must be documented and accessible to the AO upon request.


All host systems and PCUs must be patched and maintained to implement current firmware and security updates. USG systems must be in compliance with Information Assurance Vulnerability Alert (IAVA) guidance.


Requirements for IDS Systems Software Passwords:

  • Passwords must be a minimum of 12 characters consisting of alpha, numeric, and special characters
  • The password must be changed every six months or utilize US Government Personal Identity Verification (PIV) Card or Common Access Card (CAC) with two-factor certificate authentication

IDS Modes of Operation

The IDS must operate in two modes: armed or disarmed. With this system there must not be any remote capability for changing the two modes by a non-SCI cleared personnel. Changing the arming or disarming status must be limited to just SCI-indoctrinated persons.


When the system is in disarmed mode, normal entry into the SCIF, following all security procedures, will not cause an alarm to sound. A record must always be maintained of who is responsible for disarming the IDS. However, tamper circuits and emergency exit door circuits must remain in armed mode. The PCU must have the ability to allow certain alarm points to remain armed while other points are in disarmed status.


The IDS is placed into armed mode when the last person leaves the SCIF. A record must also be kept identifying the person who armed the system. When in armed mode, any unauthorized entry into the SCIF will cause an alarm to be immediately transmitted to the monitoring station.


Each failure of arming or disarming the system must be reported to the SCIF Security Manager. Records of these events will be kept for two years.

Maintenance Requirements and Zone Shunting/Masking Modes

If maintenance is performed on the system, the monitoring station must be notified and a log must be kept. All maintenance periods must be archived in the system. System maintenance can only be done by an SCI cleared IDS administrator of SCIF Security Officer (SO). When a point is shunted or masked for reasons other than system maintenance, it must be displayed as such at the monitoring station throughout the period the condition exists.


Any sensor that has been shunted must be reactivated upon the next change in status from armed to disarmed. A PIN is required, for maintenance purposes, to be established and controlled by the SCI cleared IDS administrator or SCIF SO. All procedures must be documented in the SCIF SOP. PEDs (portable electronic devices) are only allowed attachment to the system equipment for the purpose of system maintenance, repair and reporting. The PED attachment can either be temporary or permanent depending on system needs. The stand-alone PED must meet the following requirements:

  • Must be kept under control of SCI-cleared personnel
  • PED, when not in use, must be maintained in a Physically Protected Space
  • Mass storage devices containing SCIF alarm equipment details, configurations, or event data will be protected at an AO-approved appropriate level.

Capability for remote diagnostics, maintenance, or programming of IDE must be accomplished only by SCI-cleared personnel and must be logged/recorded. In the event of a power failure, the system will automatically transfer emergency electrical power sources without causing alarm activation. 24 hours of uninterrupted backup power is required and must be provided by batteries, an UPS (uninterruptible power supply), generators, or any combination. An audible or visual indicator at the PCU shall provide an indication of the primary or backup power source in use. Equipment at the monitoring station will visibly and audibly indicate a failure in a power source or a change in power source. As directed by the AO, the individual system that failed will be indicated at the PCU or monitoring station.

Monitoring Stations

In accordance with UL 2050, monitoring stations must be government-managed or one of the following:

  • AO-operated monitoring station
  • Government contractor monitoring station
  • National industrial monitoring station
  • Cleared commercial central station

All monitoring station employees must be eligible to hold a U.S. SECRET clearance. Operators must be trained in system theory and operation in order to effectively interpret certain system incidents and take appropriate actions.

Operations and Maintenance of IDS


Alarm Response


All alarm activations must be considered an unauthorized entry until it’s resolved. Response force will take appropriate steps to protect the SCIF, as permitted by a written support agreement, until SCI-indoctrinated individual(s) arrive to take control of the situation. The SCI-indoctrinated individual(s) must arrive in 60 minutes (in accordance with UL 2050) or a response time approved by the AO.


The individual(s), upon arrival, will conduct an internal inspection of the SCIF, attempt to determine the cause of the alarm activation, and reset the IDS prior to the departure of the response force.


System Maintenance


All maintenance and repair personnel that aren’t TOP SECRET-cleared and indoctrinated for SCIF access must be escorted during system repairs/maintenance. Repairs must be initiated by a service tech within four hours of the receipt of a request for service or trouble signal. Until repairs are completed or AO-approved alternate documented procedures are started, the SCIF will be continuously manned on a 24-hour basis by SCI-indoctrinated personnel.


Emergency-power battery maintenance should follow the manufacturer’s periodic maintenance schedule and procedures. Battery maintenance will be documented in the system’s maintenance logs and kept for two years. If a generator is used to provide emergency power, it must also be tested per the manufacturers recommended testing procedures. If the communications path is through a network, the network’s power source must also be tested.


Network Maintenance


The system administrators must maintain configuration control, make sure the latest operating security patches have been applied, and configure the system to provide a high level of security. Inside the United States, all network maintenance personnel within the SCIF shall be a U.S. person and be escorted by cleared SCIF individuals. Outside the U.S., network maintenance personnel must be U.S. TOP SECRET-cleared or U.S. SECRET-cleared and be escorted by SCIF personnel.


Installation and Testing of the IDS


All IDS installation and testing within the U.S must be performed by U.S. companies using U.S. citizens. Outside the U.S., installation and testing must be performed by personnel who are U.S. TOP-SECRET-cleared or U.S. SECRET-cleared and escorted by SCIF personnel. All IDS system components and elements must be installed in accordance with the IDS requirements listed in Part I and Part II, UL 2050, and the manufacturer’s instructions and standards.


Prior to operational use, acceptance testing must be conducted on all systems to provide assurance that they meet all requirements prior to SCIF accreditation. Semi-annual IDS testing must be conducted to ensure continued system performance. All records of testing and test performance must be maintained in accordance with documentation requirements.


All motion detection sensors must be tested to ensure proper activation of the sensor at a minimum of four steps (“trial”) at a rate of one step per second (30 inches ± 3 inches or 760 mm ± 80 mm per second). This test must be conducted by taking a four-step trial, stopping for three to five seconds and then taking another four-step trial. These trials must be repeated throughout the SCIF and from different directions. An alarm must activate at least three out of every four consecutive trials made by moving through the SCIF.


All HSS devices must also be tested to ensure that an alarm signal activates before the non-hinged side of the door opens beyond the thickness of the door. For example, a 1 ¾ inch thick door will activate an alarm signal before the door opens 1 ¾ inches. Each IDS equipment cover will be individually removed or opened to ensure there’s an alarm activation at the PCU or monitoring station in both secure and access modes. Tamper detection devices only need to be tested when installed. However, the AO may require more frequent testing of tamper circuits if needed. 


Does your facility require a SCIF? KL Security offers SCIF Container Solutions with panelized modular systems for scalable modular, portable, & mobile requirements.  We assist in the acquisition of modular facilities for DoD & Government Access Control and ICD705 SCIFs or SAPF facilities. We also assist with special access control planning and commercial business security.


Call 866-867-0306 or email [email protected] to see how the experts at KL Security can assist your facility in security needs.

Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
SCIF Container Series | Part 1: Site Evaluation
SCIF Container Series | Part 2: Design Planning Checklist
SCIF Container Series | Part 3: Perimeter Wall Construction – Wall A
SCIF Container Series | Part 4: Perimeter Wall Specifications – Wall B
SCIF Container Series | Part 5: Perimeter Wall Specifications – Wall C
SCIF Container Series | Part 6: Vents and Ducts
SCIF Container Series | Part 7: Modular SCIFs
SCIF Container Series | Part 8.1: Intrusion Detection Systems


Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

Business Protections Against Fire | Cannabis Facilities

By Shelley Swearingen | September 29, 2020


Coastal Pacific states are currently battling raging wildfires. These western states are no stranger to fire, but the losses don’t always have to be catastrophic. Protecting cannabis dispensaries, pharmacies, growers, producers, and secure transporters from natural disasters is possible; it just takes planning.

Records Protection


Most states have laws requiring the digital tracking of product from seed to sale. Many states also require customer databases be kept & maintained to abide by quantity limits. This data is pertinent to stay within compliance and safeguards must be in place to protect this data. It’s also important to select servers that protect against fire AND water. A unit should be able to withstand the fire and the efforts to put out the fire.  



The ioSafe protects data from fire and water. It can withstand temperatures up to 1550°F for 30 minutes, and water submersion at 10 ft for up to 72 hours.  The internal capacity maxes out at 16TB, and it it’s compact in size: 12 inches high and weighs less than 30lbs.


Businesses, no matter how tech savvy they may be, will always need to store some hardcopies. For this reason, a traditional fire-safe file cabinet should be procured.


FireKing manufactures the best fireproof filing options available. Other brand names only offer half the fire safe protection. These cabinets are available in legal or letter size and multiple drawer options.

Chemical Storage

The cannabis industry is highly regulated. Growers & producers must abide by traditional guidelines for the safe storage of insecticides, pesticides, and other chemicals as well as cannabis specific regulations just to stay in compliance. 

Fire or other natural disasters can cause hazardous chemicals to turn deadly. If not stored properly, fire could cause ignition and explosion. The acquisition of proper storage can prevent against additional damage.

The AG400 is the best choice for the storage & safe handling of chemicals. This unit is rated to meet OSHA requirements and withstand up to 4 hours of fire.

Product Storage

Cannabis regulators are primarily concerned with safeguarding citizens against the proliferation of marijuana on the black market. For this reason, many businesses will implement security provisions that prevent surreptitious entry but may not prevent against mother nature.


There are various safes and vaults that can be manufactured to tailor to the specific needs of your business. Protect product from natural forces as well as theft.


Vault doors protect cash and product from diversion as well as natural disasters. Fallen trees could compromise the integrity of a traditional locked door thus enticing those that may wish to profit from your misfortune.  

For smaller quantities of product, a high security safe may suffice. This featured safe is manufactured with narcotic storage in mind – sure to pass compliance inspections. It’s also fire tested to 1850°.

No matter the scale or size of your operation…

KL Security can help facilitate compliance and protection. We’ve helped numerous cannabis facilities nationwide assemble license applications, maintain compliance standards, protect against diversion, and drive revenue. Our consultants are knowledgeable, experienced, and ready to assist.

Call 866-867-0306 or email [email protected]

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

SCIF Container Series | Part 8.1: Intrusion Detection Systems


SCIFs, when not occupied, must be protected by Intrusion Detection Systems (IDS). This includes walls that are not at the SCI level. The AO will ultimately determine what security programs will be needed to protect these areas of a SCIF from unauthorized entry and movement. Doors that don’t have access control systems and/or not under visual surveillance must be monitored by the IDS. In the event of a power failure or other event that makes the IDS inoperable, SCI-indoctrinated personnel must occupy areas of the SCIF until the IDS system resumes normal operation. The SCIF emergency plan will address IDS failures.


All system plans must be approved by the AO. As a part of the SCIF accreditation package, a final system acceptance testing will be conducted.

IDS System Requirements


All IDS installation of monitoring stations and related components must comply with:

  • Underwriters Laboratories (UL) Standard for National Industrial Security Systems for the Protection of Classified Materials, UL 2050
    • Installation must comply with Extent 3 installation noted in UL 2050. This includes systems developed and used by the USG. These systems don’t need UL certification but should comply with Extent 3 installation.

Areas, as mentioned above, that do not need protection at the SCI level will be protected by IDS that includes UL 639 listed motion sensors and UL 634 listed High Security Switches (HSS) that meet UL Level II requirements and/or other AO-approved sensors. New SCIF accreditations must use UL Level II HSS. Until IDS modifications and upgrades are made, existing UL Level I HSS are authorized.


All cabling that extends beyond the SCIF perimeter must use Encrypted Line Security or be installed in a closed sealed metal conveyance (pipe, tube, or something constructed of Electrical Metallic Tubing (EMT), pipe conduit or rigid sheet metal ducting). All joints and connections on the closed metal conveyance must be permanently sealed around all surfaced by welding, epoxy, fusion, etc. Set screws cannot be used to seal the surface. This seal will provide a continuous bond between all components of the conveyance. If a service or pull box must be used, it must be approved with GSA approved combination padlock or an AO approved key lock.


SCIFs that share a common perimeter or have an established Co-Use Agreement (CUA) and support the same IC Element, may have the PCU (Premise Control Unit) programmed into multiple units or partitions. This allows each SCIF to function as individual control units for the IDS installed in several different areas or rooms that are independent of one another. Compliance conditions apply to the PCU, IDS, and partitions of the PCU equally. However, the PCU must be independent of IDS safeguarding non-UL 2050 certified areas.


For a monitoring station that is in charge of more than one IDS, there must be both audible and visible annunciation for each IDS. Fire, smoke, radon, water, and other systems must be independent of the IDS. If IDS incorporates an access control system (ACS), the ACS notifications must be subordinate in priority to IDS alarms. Without the application of specific countermeasures and the approval of the AO, systems cannot include audio or video monitoring. If monitoring systems contain auto-reset features, those features must be disabled.


All system key items and passwords must be protected and restricted to U.S. SCI-indoctrinated personnel. Alarm activations must be displayed locally until cleared by an authorized SCI-cleared individual. Determined by the AO, all IDS technical drawings, installation instructions, specifications, etc. will be restricted and documented in the CSP.

IDS False Alarms


An IDS false alarm is defined as any alarm signal transmitted in the absence of a confirmed intrusion that is caused by changes in the environment, equipment malfunction, or electrical disturbances. If false alarms exceed this requirement, a technical evaluation of the system must be conducted to determine the cause. Once evaluation is complete and the system is repaired or resolved, it must be documented. False alarms cannot exceed one alarm per 30-day period per IDS partition.

System Components


Sensors

  • All system sensors must be located within the SCIF
    • Exception: The AO can approve external sensors on the SCIF perimeter so long as they are installed in a closed sealed metal conveyance (pipe, tube, or something constructed of Electrical Metallic Tubing (EMT), pipe conduit or rigid sheet metal ducting). All joints and connections on the closed metal conveyance must be permanently sealed around all surfaced by welding, epoxy, fusion, etc. Set screws cannot be used to seal the surface. If a service or pull box must be used, it must be approved with GSA approved combination padlock or an AO approved key lock.
  • SCIF perimeter doors must be protected by an HSS and a motion detection sensor
  • Emergency exit doors will be alarmed and monitored 24 hours per day
  • When primary entrance door has a delay to allow changing the system mode of access, this delay must not exceed 30 seconds
  • Dual technology sensors are authorized when each technology transmits alarm conditions that are independent of the other technology.
  • Areas not protected at the SCI level will have a sufficient number of motion detection sensors or be approved by the AO. Sensors will consist of UL 639 listed motion sensors and UL 634 listed HSS that meet UL Level II requirements and/or other AO-approved equivalent sensors.
    • Note: For facilities outside the U.S. and in Category I and II countries, motion detection sensors above false ceilings or below false floors may be required by the AO.
  • Failed sensors will cause immediate and continuous alarm activation until this failure is investigated and corrected following procedures documented in the SCIF SOP/Emergency Action Plan.

Premise Control Units (PCUs)


Premise control Units (PCUs) must be located within a SCIF and access modes can only be started by SCIF personnel only. The access/secure switch will be restricted by a device or procedure that confirms authorized use. Within the SCIF, the cabling between sensors and the PCU must be dedicated to the system and comply with both national and local electrical codes and Committee for National Security Systems (CNSS) standards. However if the wiring can’t be contained within the SCIF, the wiring must meet the requirements in the External Transmissions Line Security section below.


At the PCU and/or monitoring station, alarm status must be continuously displayed with an alphanumeric display. Every effort must be made to install the alarm-monitoring panel in a location that prevents observation by unauthorized personnel. The PCU/monitoring station must identify and display all activated sensors. A change in power status (AC or backup) will also be indicated locally and at the monitoring station/PCU. All auto-alarm reset features of the IDS must be disabled.


Alarm notifications must be immediate and continuous for the following situations:

  • Intrusion Detection
  • Failed Sensor
  • Tamper Detection
  • Maintenance Mode
  • IDS Sensor Points masked or shunted during maintenance mode

In the events noted above, only SCI-indoctrinated personnel can reset the PCU and only after inspection and determination for the cause of the alarm. IDS transmission lines going from the SCIF to the monitoring station must meet the National Institute of Standards and Technology, Federal Information Processing Standards (FIPS) for certified encrypted lines. The FIPS standards employed must be noted in the UL 2050/CRZH Certificate or other certificate. PCUs that are certified under UL 1610 have to meet FIPS 197 or FIPS 140-2 encryption certification and method.


For PCUs certified under UL1076, only FIPS 140-2 will be the accepted encryption certification and method. The AO can approve alternative methods but must be noted in the IDS Certificate. IDS Admin that are SCI cleared must maintain and change all default profiles, PINs, or passcodes to a unique PIN/passcode.


More IDS specifications will be explored in the next installment: Part 8.2.


Does your facility require a SCIF? KL Security offers SCIF Container Solutions with panelized modular systems for scalable modular, portable, & mobile requirements.  We assist in the acquisition of modular facilities for DoD & Government Access Control and ICD705 SCIFs or SAPF facilities. We also assist with special access control planning and commercial business security.


Call 866-867-0306 or email [email protected] to see how the experts at KL Security can assist your facility in security needs.

Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
SCIF Container Series | Part 1: Site Evaluation
SCIF Container Series | Part 2: Design Planning Checklist
SCIF Container Series | Part 3: Perimeter Wall Construction – Wall A
SCIF Container Series | Part 4: Perimeter Wall Specifications – Wall B
SCIF Container Series | Part 5: Perimeter Wall Specifications – Wall C
SCIF Container Series | Part 6: Vents and Ducts
SCIF Container Series | Part 7: Modular SCIFs

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.


SCIF Container Series | Part 7: Modular SCIFs


Modular SCIFs include ground-based temporary SCIFs (T-SCIFs) and include those on mobile platforms such as trucks and trailers/containers, and SCIFs aboard aircrafts and on surface/subsurface vessels. Modular SCIFs are the most durable and cost effective SCIF in both design and manufacturing. These versatile SCIFs require less construction time than a regular SCIF and can be permanent or relocatable depending on your needs.


Modular SCIFs are constructed off-site and arrive at their destination wired and ready for use. Container SCIFs can be entirely customizable from height to interior details to meet your specialized needs. There’s no limit on size! The interior customization can include pre-wired workstations, conference areas, and secure server rooms.


T-SCIFs, depending on its design, can also be adjusted for future expansion to increase the longevity of your SCIF. For construction, modular SCIFs must adhere to the Fixed Facility checklist outlined in ICD 705. This includes acoustic, visual, and concealed entry protection. Cables and wires, as with all SCIFs, must be protected. Ground-based structures must be secured with GSA-approved locking devices and tamper-evident seals.


Depending on your needs, TEMPEST countermeasures, Intrusion Detection System (IDS), and Access Control System (ACS) are optional features that can be included in T-SCIFs. It is ultimately up to the CTTA to decide if TEMPEST countermeasures are needed with your T-SCIF. The AO and CTTA will collaborate to provide red/black separation and protected distribution guidance for field installation in accordance with NSTISSAM TEMPEST 2/95 and 2/95A, and CNSSI 7003.

Storage and Site Security


Like other SCIFs, T-SCIFs have specific requirements for overall security and storage of materials. Aircrafts and surface/subsurface vessels require more security measures than ground-based T-SCIFs. Secure materials used inside a container SCIF must be limited to what is needed for operation. These materials must be stored in GSA-approved containers. The AO may approve exceptions to the storage of secure material in GSA-approved containers for a period of time.


When this secure material is no longer needed, it must be destroyed by a means approved by the AO. Once a T-SCIF is no longer in use, a SCI security official will inspect the facility to ensure all secure material has been removed.


It’s the AO’s responsibility to evaluate and assess operational risks associated with the location of the T-SCIF, specifically if it’s located in an area that is not U.S.-controlled. The AO will determine what area offers the greatest degree of protection against forced entry.


The T-SCIF will have only one entrance that will be controlled and monitored during the T-SCIF’s hours of operation by SCI-indoctrinated persons via access roster. When in operation, the perimeter will be guarded by guards with a U.S. SECRET clearance. Hardened T-SCIFs with no open storage of secure material can be monitored by a U.S. SECRET-cleared individual.


Does your facility require a SCIF? KL Security offers SCIF Container Solutions with panelized modular systems for scalable modular, portable, & mobile requirements.  We assist in the acquisition of modular facilities for DoD & Government Access Control and ICD705 SCIFs or SAPF facilities. We also assist with special access control planning and commercial business security.

Call 866-867-0306 or email [email protected] to see how the experts at KL Security can assist your facility in security needs.

Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
SCIF Container Series | Part 1: Site Evaluation
SCIF Container Series | Part 2: Design Planning Checklist
SCIF Container Series | Part 3: Perimeter Wall Construction – Wall A
SCIF Container Series | Part 4: Perimeter Wall Specifications – Wall B
SCIF Container Series | Part 5: Perimeter Wall Specifications – Wall C
SCIF Container Series | Part 6: Vents and Ducts


Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.

SCIF Container Series | Part 6: Vents and Ducts

Vents and ducts construction for a fixed facility SCIF have a short list of specifications that must be adhered to during construction.

All vents and ducts have to be protected to meet the acoustic and security requirements of the SCIF. The walls that surround the duct penetrations have to be finished to eliminate any opening between the duct(s) and the wall(s).


If vent or duct openings penetrate the SCIF perimeter walls and exceed 96 square inches, the vents/ducts must be protected with permanently attached bars or grills. Listed below are the detailed requirements for bars and grills.


  • Bars or grills are not required if one dimension of penetration measures less than six inches
  • If metal sound baffles or wave forms are permanently installed and set no farther apart than six inches in one dimension, then bars or grills are not required

If bars are used:


  • Bars must be a minimum of ½ inch diameter steel, welded vertically and horizontally six inches o.c.
    • Deviation of ½ inch in vertical and/or horizontal spacing is permissible

If grills are used, they must be made of:


  • ¾ inch-mesh, #9 (10 gauge), case-hardened, expanded metal; OR
  • Expanded metal diamond mesh, 1 ½ inch #10 (1 ⅜ inch by 3 inch openings, 0.093 inch thickness, with at least 80% open design) tamperproof; OR
  • Welded wire fabric (WWF) 4×4 W2.9xW2.9 (6 gauge smooth steel wire welded vertically and horizontally 4 inches o.c.)

If bars, grills, or metal baffles/waveforms are required for your SCIF, an access port will have to be installed inside the secure SCIF perimeter. This access port will allow visual inspection of all the bars, grills, or metal baffles/waveforms for signs of security risks.


If the area outside the SCIF is controlled (SECRET or equivalent space), the access port can be installed outside the perimeter. However, the port must be secured with an AO-approved high-security lock and must be noted in the FFC. 


Does your facility require a SCIF? KL Security offers SCIF Container Solutions with panelized modular systems for scalable modular, portable, & mobile requirements.  We assist in the acquisition of modular facilities for DoD & Government Access Control and ICD705 SCIFs or SAPF facilities. We also assist with special access control planning and commercial business security.


Call 866-867-0306 or email [email protected] to see how the experts at KL Security can assist your facility in security needs.

Technical Specifications for Construction and Management of Sensitive Compartmented Information Facilities
SCIF Container Series | Part 1: Site Evaluation
SCIF Container Series | Part 2: Design Planning Checklist
SCIF Container Series | Part 3: Perimeter Wall Construction – Wall A
SCIF Container Series | Part 4: Perimeter Wall Specifications – Wall B
SCIF Container Series | Part 5: Perimeter Wall Specifications – Wall C

Information has been gathered from sources deemed reliable but not guaranteed and is subject to change without notice. The information contained in this site is provided for informational purposes only.