SCIF Contractor Vetting Guide: How to Qualify a Cleared Facility Builder
Selecting the wrong SCIF contractor doesn't just risk construction defects—it can result in a facility that can't be accredited, classified information that can't be processed, and a remediation process that's significantly more disruptive than the original construction. The cleared contractor market is smaller and more specialized than general construction, and the consequences of poor vendor selection are more severe.
This guide provides a framework for qualifying SCIF contractors, including the security clearance requirements, technical qualifications, and specific questions that distinguish experienced specialists from well-intentioned generalists.
What Makes SCIF Construction Different from Commercial Construction
SCIF construction is governed by Intelligence Community Directive 705 (ICD 705) and its associated Technical Specifications, which impose requirements that don't exist in commercial construction: cleared contractor personnel, construction security plans, inspection milestones that must be completed before walls can be closed, and an accreditation process that involves the cognizant security authority rather than a building official.
The construction sequence is also uniquely constrained. Wall construction cannot be closed until the cognizant security authority (typically DCSA or the relevant intelligence community security officer) has inspected in-wall elements. This means construction delays caused by inspection scheduling are a real risk that experienced SCIF contractors plan for—and inexperienced ones don't.
The contractor workforce must hold appropriate security clearances. Workers without clearances cannot be in the facility once classified construction begins. Managing a cleared workforce adds a layer of HR complexity that general contractors rarely have systems for.
Security Clearance Requirements for SCIF Contractors
The facility security officer (FSO) or contracting officer's security representative (COSR) on your project will establish the specific clearance requirements for your SCIF. As a general baseline:
The contractor's facility must hold a Facility Clearance (FCL) at or above the classification level of the information to be handled in the SCIF. For Top Secret/SCI SCIFs, this typically means a Top Secret FCL.
Key personnel—project manager, site superintendent, and typically the foreman—must hold personal security clearances at the appropriate level. Not every worker on the project must be cleared, but access to sensitive construction phases is restricted to cleared personnel.
Subcontractors who will access the facility during sensitive construction phases must also hold appropriate clearances, or their scope must be completed before classified construction begins.
Require proof of current clearance status from all contractors and subcontractors before they access the construction site. Clearances are verified through DISS (Defense Information System for Security) or through the cognizant security authority—not just by asking the contractor.
Technical Qualifications to Require
ICD 705 Experience
ICD 705 was issued in 2010 and has been updated through subsequent Technical Specifications. Contractors who have been building SCIFs since before ICD 705 may have significant experience with the predecessor standard (DCID 6/9)—but the current standard governs current construction. Require documented ICD 705 project experience specifically, and ask how many projects they have completed under the current Technical Specifications.
Cognizant Authority Relationships
Experienced SCIF contractors have established working relationships with DCSA regional offices and with the security officers at specific intelligence community agencies. These relationships materially affect construction schedule—contractors who are known quantities to the inspecting authority get inspections scheduled faster. Ask specifically which DCSA regions and IC agencies they have worked with.
Electromagnetic Shielding Capability
Not all SCIFs require RF shielding, but those that do require specialized construction capability that not all cleared contractors possess. If your SCIF design includes electromagnetic shielding (required by the cognizant authority based on threat assessment), verify that the contractor has specific RF shielding experience—or has a qualified shielding subcontractor in their team.
Acoustic Treatment Experience
ICD 705 Technical Specifications include acoustic requirements—speech intelligibility standards that must be met at the SCIF perimeter. Contractors who have built commercial construction but limited SCIF experience often underestimate acoustic treatment requirements. Ask for specific examples of projects where acoustic testing was performed and results documented.
| Qualification Category | Requirement | Verification Method |
|---|---|---|
| Facility Clearance (FCL) | TS FCL (for TS/SCI SCIFs) | Verify through cognizant security authority |
| Key personnel clearances | Appropriate level for project | DISS verification |
| ICD 705 projects completed | Minimum 5 accredited SCIFs | Project list with accreditation dates |
| DCSA/cognizant authority experience | Documented working relationship | References from cognizant authority contacts |
| RF shielding capability (if required) | In-house or qualified sub | Subcontractor qualifications and test records |
| Insurance | $2M+ GL, workers' comp | Certificate of insurance |
Questions to Ask SCIF Contractor Candidates
"Walk me through your construction security plan process." An experienced SCIF contractor will describe developing a project-specific construction security plan (CSP), reviewing it with the cognizant security authority, and implementing access controls at specific construction milestones. An inexperienced one will give a vague answer about security awareness.
"How many pre-close inspections have you managed with DCSA, and what's your typical scheduling lead time?" Inspection scheduling is a real project management challenge. Experienced contractors know the current DCSA regional office workloads and plan accordingly. This question reveals whether the contractor's schedule is built around real inspection lead times.
"What causes SCIF accreditation to fail, and have you ever had a facility fail accreditation?" Common causes of accreditation failure include acoustic deficiencies, penetration documentation gaps, and physical security elements that don't meet current spec. An experienced contractor can speak to these specifically. Any answer claiming they've never had any issues should be probed further.
"Who is your cognizant authority point of contact for this project, and have you worked with them before?" If the contractor doesn't know who the cognizant authority is for your project, or has never worked with them, that's meaningful information about the relationship risk.
How to Evaluate SCIF Contractor Proposals
SCIF contractor proposals should be evaluated on several dimensions beyond price. Construction quality that fails to achieve accreditation has a negative value regardless of how low the price was.
Evaluate schedule realism first. A schedule that doesn't include realistic time for pre-close inspections, accreditation processing, and potential iteration with the cognizant authority is a schedule that will fail. Ask contractors to explain their inspection scheduling assumptions.
Evaluate the construction security plan outline included in the proposal. A detailed, project-specific CSP outline indicates a contractor who understands the requirements; a generic statement about security demonstrates the opposite.
Evaluate subcontractor qualifications. A SCIF prime contractor who cannot name their cleared subcontractors and verify their clearance status has not yet organized the project adequately to price it accurately.
Red Flags in SCIF Contractor Vetting
Inability to provide DISS-verified clearance documentation for key personnel. Any cleared contractor operating in this market has documented clearances and can verify them.
A project list with SCIF projects but no accreditation confirmation. A SCIF that was built but never accredited is a construction project, not a SCIF. Require confirmation of accreditation for all reference projects.
Proposals that don't reference ICD 705 or its Technical Specifications. A contractor bidding SCIF construction who doesn't explicitly reference the governing standard in their proposal has not based their price on that standard.
Schedule that doesn't include time for pre-close inspection. This is a fundamental SCIF construction requirement. Omitting it means the contractor has either not read the standard or is building in assumptions that inspections won't happen.
Frequently Asked Questions About SCIF Contractor Vetting
What are the clearance requirements for a SCIF contractor?
The contractor's facility must hold a Facility Clearance (FCL) at the appropriate level for the classified information to be handled. For TS/SCI SCIFs, this typically means a Top Secret FCL. Key personnel must hold individual clearances. Clearance verification should be done through DISS or the cognizant security authority, not self-reported.
How do I find a qualified SCIF contractor?
Start with your cognizant security authority or contracting officer's security representative—they often maintain lists of cleared contractors who have worked on similar facilities. Professional organizations like the National Classification Management Society and NCMS (formerly the Society of Industrial Security Professionals) can also provide referrals.
What qualifications should a SCIF contractor have?
At minimum: appropriate Facility Clearance, key personnel clearances verified through DISS, documented ICD 705 project experience with accreditation confirmation, established relationships with DCSA or the relevant cognizant authority, and experience with the specific construction elements required (RF shielding, acoustic treatment, physical security).
How do I hire a SCIF contractor?
Issue a qualified contractor list requirement before RFP—require FCL documentation and ICD 705 experience as pass/fail criteria. Evaluate proposals on schedule realism, construction security plan quality, and subcontractor qualifications, not price alone. Involve your facility security officer or contracting officer's security representative throughout the selection process.
What does SCIF construction involve?
SCIF construction involves physical security elements (reinforced walls, doors, and access control), acoustic treatment to prevent sound transmission outside the perimeter, electromagnetic shielding if required by the cognizant authority, construction security controls limiting access to cleared personnel, and mandatory inspection milestones before wall closure.
How long does it take to build a SCIF?
A standard SCIF typically takes six to eighteen months from design approval to accreditation, depending on size, complexity, and cognizant authority availability for inspections. The accreditation process itself—after construction is complete—can take two to six months.
What causes SCIF accreditation to fail?
Common causes of accreditation failure include acoustic performance that doesn't meet ICD 705 speech intelligibility standards, penetration documentation gaps, physical security elements that don't meet current Technical Specification requirements, and construction security plan violations. Experienced SCIF contractors plan and inspect for these issues before requesting accreditation.