Intelligence Community Directive 705 sets the physical and technical security standards for Sensitive Compartmented Information Facilities (SCIFs) across the US Intelligence Community. Achieving and maintaining SCIF accreditation requires meticulous documentation: a Construction Security Plan, Fixed Facility Checklist, TEMPEST checklist, CONOPS, and UL certification — all reviewed by the Accrediting Official before accreditation is granted. This free ICD 705 Fixed Facility Checklist template gives Site Security Managers and construction security teams a structured, trackable way to manage every phase of the SCIF accreditation process — from Concept Approval Request through physical construction requirements, access control, intrusion detection, acoustic and TEMPEST compliance, and post-construction documentation.
Intelligence Community Directive 705 (ICD 705), issued by the Director of National Intelligence, establishes the standards for the construction, accreditation, and management of Sensitive Compartmented Information Facilities (SCIFs) — facilities used to process, discuss, and store Sensitive Compartmented Information (SCI). The implementing technical specification, IC Tech Spec for ICD/ICS 705, provides detailed physical and technical security requirements covering construction materials, acoustic protection, access control, intrusion detection, TEMPEST countermeasures, and the documentation required for the Accrediting Official (AO) to grant accreditation.
The Fixed Facility Checklist (FFC) is one of the primary required documents in the SCIF accreditation package. It documents how the facility meets each applicable ICD 705 physical and technical security requirement and is submitted to the AO for review. The FFC is completed pre-construction (to confirm planned compliance) and updated post-construction (to confirm as-built compliance). It is reviewed alongside the Construction Security Plan (CSP), TEMPEST checklist, CONOPS, and UL certification documentation. Without a complete and accurate FFC, the AO is not required to issue SCIF accreditation.
This checklist covers the six key stages of SCIF accreditation — from pre-construction planning through to the AO submission and ongoing maintenance requirements. It is structured to support both the pre-construction FFC completion and the post-construction accreditation documentation package.
Physical construction requirements are defined in ICD/ICS 705 Technical Specification. Requirements may vary based on AO determination, storage type, and facility classification.
TEMPEST requirements are determined by the CTTA based on the classification of information processed and the facility environment. Not all SCIFs require full RF shielding.
This checklist is available as a free, runnable template in CheckFlow — with tasks assigned to SSMs, CSTs, construction teams, and the AO review process, enforced phase order ensuring construction cannot proceed without approved documentation, and a complete audit trail for the accreditation package.
Use This Template FreeSCIF accreditation under ICD 705 involves several distinct roles. Understanding who is responsible for each part of the process is critical for keeping accreditation on track.
The AO is responsible for reviewing the accreditation package and making the accreditation decision. The AO may impose requirements beyond the minimum ICD 705 standards based on the risk assessment. Without AO approval, a SCIF cannot be accredited regardless of construction quality.
The CSA is the government entity with oversight authority over the SCIF programme. The CSA reviews and approves the Concept Approval Request and may designate the AO. CSAs include the DNI, DoD, and other IC elements depending on the programme.
The SSM is responsible for the day-to-day security management of the SCIF during construction and operation. The SSM oversees construction security compliance, completes the FFC, manages access control, and is the primary point of contact for the AO during the accreditation process.
The CST provides daily on-site oversight during SCIF construction — verifying ICD 705 compliance at each construction phase, maintaining daily inspection logs, and ensuring no ICD 705 requirements are compromised during the build.
The CTTA conducts the TEMPEST assessment and determines what TEMPEST countermeasures are required for the facility. The CTTA must be engaged early in the design phase as TEMPEST requirements can significantly affect construction planning and costs.
For larger projects, a CSO may be designated to oversee the overall construction security programme — managing CSTs, reviewing daily logs, and liaising with the AO and SSM throughout the construction phase.
SCIF accreditation has hard phase dependencies — construction cannot begin without an approved CSP, and the AO cannot accredit without a complete FFC and documentation package. CheckFlow’s enforced task order ensures no phase can be marked complete while predecessor tasks are outstanding — the same discipline the accreditation process demands, built into the checklist itself.
Enforced OrderThe ICD 705 accreditation process spans multiple parties — SSM, CST, construction team, CTTA, and AO — each with distinct responsibilities and deadlines. CheckFlow assigns tasks to the right person, notifies them when their action is due, and gives the SSM a real-time view of where every item stands — without managing the process through email chains and spreadsheets.
Auto-AssignmentsEvery completed task in CheckFlow is logged with a timestamp and the name of the person who completed it. Construction inspection logs, testing results, and documentation sign-offs accumulate in the checklist throughout the process — forming the structured evidence trail the AO needs to review, rather than having to reconstruct it at the end.
Audit TrailA complete SCIF accreditation package typically includes the following documents. All must be complete and accurate before the AO can issue accreditation.
Documents how the facility meets each applicable ICD 705 physical and technical security requirement. Completed pre-construction based on design plans and updated post-construction to reflect as-built conditions.
Documents the security measures implemented during construction to protect the facility from technical surveillance and unauthorised access. Must be approved by the AO before construction begins.
Defines how the SCIF will operate — access procedures, visitor control, IDS operation, storage procedures, and emergency protocols. Demonstrates to the AO that operational security procedures are in place.
Documents TEMPEST assessment findings and countermeasures. Completed in coordination with the CTTA. Required for all SCIFs processing classified electronic information.
Underwriters Laboratories certification for the Intrusion Detection System installation. Required to confirm the IDS meets the standards specified by ICD 705 and the AO.
Detailed as-built floor plans showing the SCIF perimeter, all penetrations, door locations, IDS coverage, and relevant construction details. Submitted with the accreditation package for AO review.
CheckFlow’s FFC template tracks completion of each required document as a separate assigned task — ensuring no accreditation document is missing when the package is submitted to the AO.
A Sensitive Compartmented Information Facility (SCIF) is an accredited space used to store, process, or discuss Sensitive Compartmented Information (SCI) — the most sensitive category of classified US government intelligence. SCIFs are required by government agencies, defence contractors, and any organisation that handles SCI as part of their work with the Intelligence Community or Department of Defense. All SCIFs must be designed, constructed, and accredited in accordance with ICD 705 and its implementing technical specification, and periodically re-inspected to maintain accreditation.
The Fixed Facility Checklist (FFC) is a required accreditation document that records how a SCIF meets the physical and technical security requirements of ICD 705. It is completed in two stages: pre-construction (based on design plans) to confirm planned compliance, and post-construction (based on as-built conditions) to confirm actual compliance. The completed FFC is submitted to the Accrediting Official (AO) as part of the accreditation package alongside the Construction Security Plan, TEMPEST checklist, CONOPS, UL certification, and floor plans. Without a complete FFC, the AO is not required to issue accreditation.
The Construction Security Plan (CSP) documents the security measures that will be in place during the construction of the SCIF — including access control to the construction site, vetting of construction personnel, daily inspection procedures, and how classified areas will be protected during the build. The CSP must be reviewed and approved by the AO before construction begins because construction security failures — such as uncontrolled access or unsupervised work periods — can introduce technical vulnerabilities that compromise the facility before it is ever used. A CSP that is submitted after construction has started cannot retroactively address those risks.
TEMPEST refers to the investigation, research, and control of unintentional electronic emissions from equipment that could be intercepted and exploited to reconstruct classified information. Not every SCIF requires full RF shielding — TEMPEST requirements are determined by the TEMPEST Certified Technical Authority (CTTA) based on the classification level of information processed, the equipment used, and the physical environment of the facility. The CTTA assessment drives the TEMPEST checklist, which documents what countermeasures are required and how they have been implemented.
ICD 705 requires that SCIFs prevent speech intelligibility outside the facility perimeter. The technical specification sets Sound Transmission Class (STC) requirements — generally STC 45 to prevent normal speech from being intelligible outside the SCIF, and STC 50 for amplified audio where applicable. STC performance must be tested and documented using approved test methods. Where construction cannot achieve the required STC rating, a sound masking (white noise) system may be required by the AO as a countermeasure.
Accredited SCIFs are subject to periodic re-inspections by the CSA or AO to verify ongoing compliance with ICD 705. Re-inspection frequency varies based on the programme, classification level, and CSA requirements. Any significant modification to the SCIF — changes to walls, doors, access control systems, IDS, or penetrations — must be reported to the AO and may require re-accreditation before the modified facility can resume operations. A recurring CheckFlow checklist can schedule periodic self-inspections and maintenance reviews to ensure the facility remains compliant between formal AO inspections.
You can start a free 14-day trial with no credit card required, giving you full access to all features including this template. The Business plan is $10 per user per month after the trial. Full details at checkflow.io/pricing.
