- Energy Analysis Tools
- Energy Codes and Standards
- Facility Performance Evaluation (FPE)
- Indoor Air Quality and Mold Prevention of the Building Envelope
- Measuring Performance of Sustainable Buildings
UFC/ISC Security Criteria Overview and Comparison
Last updated: 08-22-2014
Within This Page
For facilities located inside the United States, the federal government currently utilizes two primary security standards:
The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard—dated August 2013
The Unified Facilities Criteria (UFC) DoD Minimum Antiterrorism Standards for Buildings (UFC 4-010-01 and UFC 4-010-02, 9 February 2012 with Change 1, 1 October 2013)
The Interagency Security Committee (ISC) Standard was developed for federal civilian government agencies and the UFC Standard was developed for Department of Defense (DoD) facilities. The following excerpts from the two standards clarify the intended application:
Pursuant to the authority of the ISC contained in Executive Order (E.O.) 12977, October 19, 1995, "Interagency Security Committee," as amended by E.O. 13286, March 5, 2003, The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard is applicable to all buildings and facilities in the United States occupied by Federal employees for nonmilitary activities. These include existing buildings, new construction, or major modernizations; facilities owned, to be purchased, or leased; stand-alone facilities, Federal campuses, and where appropriate, individual facilities on Federal campuses; and special-use facilities.
The Unified Facilities Criteria (UFC) system is prescribed by MIL-STD 3007 and provides planning, design, construction, sustainment, restoration, and modernization criteria, and applies to the Military Departments, the Defense Agencies, and the DoD Field Activities in accordance with USD (AT&L) Memorandum dated 29 May 2002. UFC will be used for all DoD projects and work for other customers where appropriate. All construction outside of the United States is also governed by Status of Forces Agreements (SOFA), Host Nation Funded Construction Agreements (HNFA), and in some instances, Bilateral Infrastructure Agreements (BIA.) Therefore, the acquisition team must ensure compliance with the most stringent of the UFC, the SOFA, the HNFA, and the BIA, as applicable.
However, in December 2012, the Deputy Secretary of Defense released a memorandum which stated the security standards established by the Department of Homeland Security's Interagency Security Committee (ISC) in The Risk Management Process for Federal Facilities shall apply to all off-installation leased space managed by DoD and all DoD occupied spaced in buildings owned or operated by the U.S. General Services Administration (GSA).
A. Overview of ISC Standard
The ISC Standard classifies facilities with a facility security level (FSL). The FSL for each facility—and the resulting security requirements—depends upon five factors: mission criticality, symbolism, facility population, facility size, and threat. The ISC Standard provides examples and definitions for the various levels for each of the five factors.
The ISC associates the FSL with a level of risk and a baseline level of protection (LOP). Rating the five categories to determine the FSL and associated level of risk and protection allows ISC requirements to be a somewhat risk-based process. Further, risk-based adjustments can be made on a threat-by-threat basis.
Appendix B: Countermeasures For Official Use Only (FOUO) in the ISC Standard identifies the security measures to be applied as part of the baseline LOP. These are to be considered guidance remembering that implementation of specific countermeasures should be tied to a risk assessment for each of the 31 undesirable events (threats) addressed in the standard to arrive at a customized LOP. The extensive list of countermeasures provided in the ISC Standard are presented in the following six categories:
- Site—including the site perimeter, site access, exterior areas and assets, and parking;
- Structure—including structural hardening, façade, windows, and building systems;
- Facility Entrances—including employee and visitor pedestrian entrances and exits, loading docks, and other openings in the building envelope;
- Interior—including space planning and security of specific interior spaces;
- Security Systems—including intrusion-detection, access control, and CCTV camera systems;
- Security Operations and Administration—including planning, guard force operations, management and decision making, and mail handling and receiving.
B. Overview of UFC Standard
The following excerpts from the UFC Standard describe the responsibilities and approach for application of the standard.
Protecting people in DoD occupied space must start with an understanding of the risk of a terrorist attack. Application of the standards herein should be consistent with the perceived or identified risk. Everyone in DoD is responsible for protecting DoD personnel and other resources.
When the best procedures, proper training, and appropriate equipment fail to deter terrorist attacks, adherence to these standards goes far toward mitigating the possibility of mass casualties from terrorist attacks against DoD personnel in the buildings in which they work and live. Although predicting the specific threat is not possible, proper planning and integration of those plans provide a solid foundation for preventing, and if necessary reacting, when terrorist incidents or other emergencies unfold.
An effective planning process facilitates the necessary decision making, clarifies roles and responsibilities, and ensures support actions generally go as planned. A team consisting of the chain of command and key personnel from all appropriate functional areas who have an interest in the building and its operation executes this planning process.
The team should include, as a minimum, antiterrorism/force protection, intelligence, security, and facility engineering personnel. This team is responsible for identifying requirements for the project, facilitating the development of supporting operational procedures, obtaining adequate resources, and properly supporting all other efforts needed to prudently enhance protection of the occupants of every inhabited DoD building.
This UFC is one of a series of security engineering unified facilities criteria documents that cover minimum standards, planning, preliminary design, and detailed design for security and antiterrorism. The documents in this series are designed to be used sequentially by a diverse audience to facilitate development of projects throughout the design cycle. The manuals in this series include the following as described in the UFC Standard:
DoD Minimum Antiterrorism Standards for Buildings
This UFC and 4-010-02 establish standards that provide minimum levels of protection against terrorist attacks for the occupants of all DoD inhabited buildings. These UFCs are intended to be used by security and antiterrorism personnel and design teams to identify the minimum requirements that must be incorporated into the design of all new construction and major renovations of inhabited DoD buildings. They also include recommendations that should be, but are not required to be incorporated into all such buildings.
Security Engineering Facilities Planning Manual
UFC 4-020-01 presents processes for developing the design criteria necessary to incorporate security and antiterrorism into DoD facilities and for identifying the cost implications of applying those design criteria. Those design criteria may be limited to the requirements of the minimum standards, or they may include protection of assets other than those addressed in the minimum standards (people), aggressor tactics that are not addressed in the minimum standards or levels of protection beyond those required by the minimum standards. The cost implications for security and antiterrorism are addressed as cost increases over conventional construction for common construction types. The changes in construction represented by those cost increases are tabulated for reference, but they represent only representative construction that will meet the requirements of the design criteria. The manual also addresses the tradeoffs between cost and risk. The Security Engineering Facilities Planning Manual is intended to be used by planners as well as security and antiterrorism personnel with support from planning team members.
Security Engineering Facilities Design Manuals
UFC 4-020-02FA Security Engineering: Concept Design provides interdisciplinary design guidance for developing preliminary systems of protective measures to implement the design criteria established using UFC 4-020-01. Those protective measures include building and site elements, equipment, and the supporting manpower and procedures necessary to make them all work as a system. The information in UFC 4-020-02FA is in sufficient detail to support concept level project development, and as such can provide a good basis for a more detailed design. The manual also provides a process for assessing the impact of protective measures on risk. The primary audience for the Security Engineering Design Manual is the design team, but it can also be used by security and antiterrorism personnel.
UFC 4-020-03FA Security Engineering: Final Design guides users through the process of finalizing a facility security design. The manual focuses on design information related to the threats and tactics described in UFC 4-020-01. Information is presented on common tools, weapons, and explosives; along with analysis techniques and construction methods capable of defeating those tactics. The document is organized by building element categories.
Security Engineering Support Manuals
In addition to the standards, planning, and design UFCs mentioned above, there is a series of additional UFCs that provide detailed design guidance for developing final designs based on the preliminary designs developed using UFC 4-020-02. These support manuals provide specialized, discipline specific design guidance. Some address specific tactics such as direct fire weapons, forced entry, or airborne contamination. Others address limited aspects of design such as resistance to progressive collapse or design of portions of buildings such as mail rooms. Still others address details of designs for specific protective measures such as vehicle barriers or fences. The Security Engineering Support Manuals are intended to be used by the design team during the development of final design packages.
The major design strategies associated with the UFC Standard are:
- Maximize Standoff Distance
- Outer secure boundary around base/campus
- Separation between building and on-site parking/roadways/concealments
- Prevent Building Collapse
- Minimize Hazardous Flying Debris
- Provide Effective Building Layout
- Limit Airborne Contamination
- Provide Mass Notification
The ISC Standard and the UFC Standard are two distinctly different security standards. The ISC Standard is more directed at physical and electronic security and operational countermeasures to address a series of identified threats in a risk-based fashion. While there is some limited guidance with respect to structural upgrades, these are general in nature and do not provide detailed design guidance. Structural security is addressed by defining the design basis threat and requiring the user to design the facility to provide a general level of protection identified for the specific FSL.
UFC 4-010-01 is focused on facility design to resist specific baseline threats. The UFC does recommend operational measures to support facility protection, but does not include the detailed discussion of risk and countermeasures identified in the ISC Standard. Since the UFC Standard is primarily for facilities on controlled military property, the military already has specific operational procedures for protecting their assets. Other UFC documents are available that cover risk-based security processes. However, the implementation of such processes are at the discretion of the base commander and do not represent a national standard.
RELEVANT CODES AND STANDARDS
- Executive Order 12977, "Interagency Security Committee"
- MIL STD 3007—Standard Practice for DoD Unified Facilities Criteria and Unified Facilities Guide Specifications.
- The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard—dated August 2013—Defines threat/risk classifications and resultant federal protective design requirements (For Official Use Only)
- ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects: Part I by The Interagency Security Committee. 29 September 2004. For Official Use Only.
- ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects: Part II: Tables, Design Tactics, and Additional Risk Guidelines by The Interagency Security Committee. 29 September 2004. For Official Use Only.
- ISC Security Standards for Leased Space by The Interagency Security Committee. 29 September 2004. For Official Use Only.
- Unified Facilities Criteria (UFC)
- UFC 3-340-01 Design and Analysis of Hardened Structures to Conventional Weapons Effects (FOUO)
- 4-xxx security engineering series—DoD's criteria for the protection of its facilities and troops in the field:
- UFC 4-010-01 DoD Minimum Antiterrorism Standards for Buildings—Establishes minimum prescriptive procedures for security design criteria for DoD facilities.
- UFC 4-010-02 DoD Minimum Standoff Distances for Buildings (FOUO)
- UFC 4-020-01 DoD Security Engineering Facilities Planning Manual
- UFC 4-020-02FA Security Engineering: Concept Design (FOUO)
- UFC 4-020-03FA Security Engineering: Final Design (FOUO)
- UFC 4-020-04FA Electronic Security Systems: Security Engineering
- UFC 4-021-01 Design and O&M: Mass Notification Systems
- UFC 4-022-01 Security Engineering: Entry Control Facilities/Access Control Points
- UFC 4-023-03 Design of Buildings to Resist Progressive Collapse
Building / Space Types
Products and Systems
- Department of Defense
- General Services Administration (GSA)
- GSA's Building Security Technology Program (BSTP)—GSA's BSTP team is responsible for developing the policy and requirements for building security used in the design and construction of GSA buildings. The BSTP team performs explosive testing, develops design tools, and provides technical assistance to project managers. This program supports the mission of GSA as well as other federal agencies and departments.
Organizations and Associations