Life Safety- Whats more important than getting out? __~NOTHING

UL2050 INTEGRATED ELECTRONIC SECURITY

When designing electronic security for a SCIF facility please keep in mind the parameters set in the National Industrial Security program Operator’s Manual (NISPOM) and the Director of Central Intelligence Directive (DCID) 6/9, Annex B – Intrusion Detection Systems which will soon be replaced by the Intelligence Community Policy Guidance Number 705.7 (ICPG 705.7).

The electronics security system or IDS is comprised of 3 parts; intrusion detection devices, PCU and monitoring station. These three areas cover the detection and alarm reporting phase so that an alarm assessment and response to a SCIF intruder alarm can be made.

The physical areas that need to be covered with intrusion devices are: the door entering the SCIF, doors leaving the SCIF if different from the entry door and motion within the SCIF. The new requirement by the ICPG 705.7 to monitor a SCIF door is a level II door contact. Harko Magnesphere HSD door contacts with outputs for alarm and tamper are the only door contacts on the market6 that fulfill this requirement. A good device to use as a motion detector is an Optex FX-360 360 degree ceiling mounted motion detector. This motion detector works from 25’ to 40’ depending if the ceiling height is 8’-12’. If you have a SCIF ceiling that is up to 16’ high, you will need an Optex SX-360Z long range 360 degree ceiling mounted motion detector that offers a range of 60’.

Another device may be added which will enhance your SCIF security and make it conform to the new NFPA 101 law for exit accesses. This is a Lockmaster LKM7003 deadlock with a built in XO9 combination lock. It is the only lock on the market that meets both DoD and BOCA code requirements. The lock can be monitored by the IDS system to insure that the IDS system will not arm until the deadlock bolt is fully seated. When combined with an XO9, in the case of the Lockmaster 7003/XO9 SCIF lock, the status of the XO9 also can be monitored as spun opened or spun closed.

The PCU or Premise Control Unit controls the intrusion devices to insure that only SCIF personnel can initiate the change in the SCIF IDS from armed to disarm. A UL2050 rated keypad located inside the SCIF will arm or disarm the system by using a prox card with PIN or PIN alone. All these devices including the PCU panel are required to have a tamper switch monitored as a separate zone. All connectivity between the devices and the PCU should not extend beyond the perimeter of the SCIF (DCID 6/9 3.1.1).

The new standard communications encryption between the PCU and the monitoring station requires a 128bit encryption rate. The DMP XR500EA-G panel has an encrypted 128bit output allowing protected communications to and from the panel. The DMP panel requires a DMP decryption unit at the central monitoring station. This is called a central station receiver. Generally, the PCU device such as a DMP XR500EA-G intrusion detection alarm panel is connected to a LAN and then a WAN to reach the central monitoring station.

In many cases, an access control system is utilized to unlock the SCIF door once the XO9 is spun opened. The PC containing the access control software must be located within the SCIF. There is a two tier access control that requires the personal presence and unique personal identification number (PIN) to enter the SCIF. This can be accomplished many ways. The most common is the have a prox/pin card reader which requires a proximity card as well as a PIN number. Others that are acceptable are prox cards with biometric readers such as fingerprint, retinal scan or hand topography. The actual biometric information is stored on the prox card itself which then compares that info to what you present to the reader such as a fingerprint. The same prox card can be used to activate the keypad for the IDS. Once the card is presented a PIN number must be entered to turn off the IDS.

In certain instances, multiple SCIF rooms can be connected through one PCU to be monitored. Each separate room would have its own keypad to arm/disarm the IDS for that room. The cable for those devices must be carried back to the PCU via conduit to prevent tampering and disconnection. If a device loses it’s connectivity an alarm is immediately generated to the central monitoring station. In cases where multiple rooms are monitored together, please refer to your Cognizant Security Agency (CSA) for guidance.

For more information concerning electronic security for your SCIF, please contact Mark Jones at mark@mdindsec.com. You can also reach him at 410-897-2403.

Questions and Answers

Q- Who may install a SCIF intrusion detection system?
A- Any licensed alarm installer can. But in order to receive a UL accreditation for your CSA you need to have a UL2050 certified installer and central monitoring station.

Q – What type of intrusion detection system can you use in a SCIF?
A- Any UL accredited intrusion system with 128bit encrypted communications to the central monitoring station.

Q- May multiple SCIF rooms be run off the same IDS panel?
A- Yes. But you may want to have each room armed/disarmed by a separate keypad. Also, if the room containing the IDS panel is declassified, you will have to redo the security for all the other rooms.

Q- What form do you use to apply for SCIF certification?
A- An Underwriters Laboratories Alarm System Certificate Request. This should be supplied by your IDS security installer.

Q- Who determines when and if your SCIF is certified?
A- Once your SCIF is inspected by your CSA and has filled out their portion of the certificate request and mailed, it takes about a week to get your UL certificate.

Q- What must you do yearly to maintain your SCIF certification?
A – You must renew your UL certification.

Q- How many times a year does your SCIF need to be inspected and tested?
A – Semi- annually.

Q- What other items are required for your SCIF certification?
A – Guard response as well as a maintenance contract with 4 hour response time.