30. Facility design considerations. Available resources must he used in the
most efficient manner possible to achieve adequate protection and security of
a classified information processing facility and its contents. All security
measures should be used to complement and supplement each other. A lack of
integration of security measurers may result in a waste of money, equipment,
and manpower. More importantly. the security of a facility may be
jeopardized. Emphasis should be placed on the operational requirements of
the facility to determine the type and extent of physical security measures
needed. The following pertinent factors should be considered, in sequence,
by the facility designer/planner:
The importance of the mission or assignment of the facility to the
The area to be protected, including: the nature and arrangement of the
activity; classification level of information, data, or activities
within the facility; the number of personnel involved; monetary or
strategic value of material and equipment located therein; and existing
Integration of operating and maintenance requirements.
The political, legal, and economic environment.
Feasibility, effectiveness, and desirability of the various methods of
providing adequate physical protection.
Costs of material and equipment to be installed, as well as the
availability of funds to ensure adequate protection for all critical
areas and activities.
40. Security threats. Security threats are acts or conditions that may
result in the loss or compromise of classified information, loss or
destruction of equipment or property, or disruption of the facility's
mission/activities. Before an effective physical security program can be
developed, the threat of interference with facility operations and the
potential for compromise must be determined and evaluated. The recognition
of all risks is essential if adequate security measures are to be designed to
abate or eliminate the facility's vulnerability. The severity of security
threats depends on such variables as the type of facility (SCIF, ADP,
communications center, cryptofacility, etc.), physical layout of the
facility, mission, and construction. In addition, the geographical location,
the capability and possibility of hostile intelligence service exploitation,
and the stability of law and order are also important factors to consider.
Security threats can be categorized into two types - natural and human.
40.1 Natural security threats.
Natural security threats are those threats
Normally not perpetratable by human means.
Normally not preventable by physical security means.
Capable of affecting physical security operations adversely by negating
existing physical security practices (i.e., collapsed perimeter fences/
walls, inoperable protective lighting, poor visibility, power outages,