Framework for Estimating Security Costs

FAS Introduction: The following document provides a rather exhaustive summary of the many categories of security activities involved in protecting classified information. It was developed to provide a framework for reporting secrecy and security-related expenditures in official budget documents. It was prepared by a committee of the Security Policy Board and is supposed to be adopted in Fiscal Year 1997 budget documents.



The intent of this common framework is to establish departmental and agency best resource (FTE and funding) estimates for domestic and overseas security. This is not a budget document.

Counterintelligence resources are not included in the security and safeguards estimates.

If 51% or more of a resource is devoted to security or safeguarding, it should be included in this estimate.


Personnel Security

Physical Security

Information Security

Professional Education, Training and Awareness

Security Management, Oversight and Planning

(Major responsibilities for some departments/ agencies that are not reported in Primary Categories above.)


The following definitions will serve as guidance to aggregate resource estimates for each primary category.

Estimates will be reported at the Category level only. In Section A-- Primary Categories, Departments and Agencies will report an estimate for Personnel Security, Physical Security, etc. The exception to this rule is that under Information Security, separate estimates will be reported for Classification Management, Electronic Security/ Information Technology Systems, and Sensitive Unclassified Information Management. In Section B-- Department/ Agency Unique Categories, estimates will be reported at the Category level as well.

A. Primary Categories:


A series of interlocking and mutually supporting program elements that initially establish a government or contractor employee's eligibility, and ensure suitability for the continued access to classified or sensitive unclassified information.

CLEARANCE PROGRAM: Personnel and activities to determine eligibility and suitability for initial or continuing access to classified or sensitive unclassified information or activities.

INITIAL INVESTIGATIONS: Completing and reviewing Personnel Security Questionnaire, initial screening, filing data in Central Personnel Database, forwarding to appropriate investigative authority and the investigation itself.

NATIONAL AGENCY CHECK: (self explanatory)

ADJUDICATION: Screening and analysis of personnel security cases for determining eligibility for access authorizations and appeals process.

REINVESTIGATIONS: Periodic recurring investigations of government and contractor personnel.

POLYGRAPH: Substantive examinations in security screening process.


That portion of security concerned with physical measures designed to safeguard and protect personnel, facilities, and information, domestic or foreign.

PHYSICAL SECURITY EQUIPMENT: Any item, device, or system that is used primarily for the protection of government property and resources, personnel, installations and facilities, and classified or sensitive unclassified information.

PROTECTIVE FORCES: All personnel and operating costs associated with protective forces to include but not limited to salaries, overtime, benefits, materials and supplies, equipment and facilities, vehicles, helicopters, training, communications equipment, and management.

PHYSICAL SECURITY FOR PERSONNEL (Anti-Terrorism/ Low Intensity Conflict): Physical security equipment and portable security systems which, as defensive measures, may be used to protect personnel or property when deployed to or operating in geographic areas where the threat of violence is high or in which limited politico-military conflict is occurring. It can include, but is not limited to, special equipment such as armored cars, bullet resisting materials, clothing and upgrade of quarters, vehicles and communications equipment for personnel.

PHYSICAL SECURITY ORGANIZATIONS: Those military, civilian, and contractor organizations whose primary mission, domestic or foreign, is the conduct of the physical security function, as compared to criminal counterintelligence investigations. It excludes organizations whose primary mission is outside the scope of physical security protection or performs security duties in addition to normal functions. (Report construction estimates attributable to security requirements.)

INTRUSION DETECTION AND ASSESSMENT: Alarms, sensors, protective lighting and their control systems and the assessment of the reliability, accuracy, timeliness and effectiveness of those systems.

BARRIER/ CONTROLS: Walls, fences, barricades or other fabricated or natural impediments to restrict, limit, delay or deny entry into a designated area.

VITAL COMPONENTS AND TAMPER-SAFE MONITORING: Personnel and operating activities associated with the monitoring of tamper indicating devices for containers, doors, fences, etc. which reveal violations of containment integrity and posting and monitoring of anti-tamper warnings or signs.

ACCESS CONTROLS/ BADGING: Personnel and hardware such as badging systems, card-readers, turnstiles, metal detectors, cipher locks, CCTV and other access control mechanisms to ensure that only authorized persons are allowed to enter or leave a facility and that they do not introduce prohibited articles into or remove Government property from a facility.

VISITOR CONTROL: Personnel and activities associated with administering visitors for classified and unclassified visits as well as assignment by foreign nationals.


(As stated above, estimates for the Information Security Category will be captured at the level of the three main sub-categories, i.e. Classification Management, Electronic Security/ Information Technology Systems, and Sensitive Unclassified Information Management.)

CLASSIFICATION MANAGEMENT: The system of administrative policies and procedures for identifying and controlling from unauthorized disclosure, classified information, the protection of which is authorized by executive order or statute. Classification management encompasses those resources used to identify, control, transfer, transmit, store, retrieve, inventory, archive, declassify or destroy, classified information.

ELECTRONIC SECURITY/ INFORMATION TECHNOLOGY SYSTEMS: Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer or information technology system. It can include, but is not limited to, the provision of all security features needed to provide a system of protection for computer hardware and software, and classified, sensitive unclassified or critical information, material, or processes in automated systems.

COMPROMISING EMANATIONS (TEMPEST): Investigation, study, and control of compromising emanations from telecommunications and automated information systems.

TECHNICAL SURVEILLANCE COUNTERMEASURES (TSCM): Personnel and operating expenses associated with the development, training and application of technical security countermeasures such as non-destructive and destructive searches, electromagnetic energy searches and telephone system searches.

COMMUNICATIONS SECURITY (COMSEC): Measures and controls employed to deny unauthorized persons information derived from telecommunications and ensure the authenticity of such communications planning or scheduling; verification of the acceptability and validity of existing facility approval status; granting facility approval; terminating facility approval, maintenance of facility data and approval records; identification, tracking and closure or findings or deficiencies noted during inspections, pre-surveys, surveys, or assessments; development of reports to identify security program deficiencies, status and corrective actions.

SENSITIVE UNCLASSIFIED INFORMATION MANAGEMENT: The system of administrative policies and procedures for identifying and controlling from unauthorized disclosure, sensitive unclassified information. Sensitive Unclassified Information Management encompasses those resources used to identify, control, transfer, transmit, store, retrieve, inventory, archive, and destroy sensitive unclassified information.

OPERATIONS SECURITY (OPSEC): The process of denying to potential adversaries information about capabilities and/ or intentions by identifying, controlling and protecting evidence of the planning and execution of sensitive activities. It can include, but is not limited to, the process of analyzing friendly actions and activities to (a) identify those actions that can be observed by adversaries; (b) determine indicators adversaries might obtain that could be interpreted or combined in time to be useful to adversaries; and (c) select and execute measures that eliminate the vulnerabilities of National Foreign Intelligence Program programs.


The establishment, maintenance, direction, support and assessment of a security training and awareness program; the certification and approval of the training program, the development, management, and maintenance of training records; the training of personnel to perform tasks associated with their duties, and qualification and/ or certification of personnel before assignment of security responsibilities.


: Development and implementation of plans, procedures and actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational activities and respond to management requests.

RESEARCH, TEST AND EVALUATION: The development, management, and oversight of an acceptance and validation testing and evaluation program, corrective action reports and related documentation that addresses safeguards and security elements. The examination and testing of physical security systems (construction, facilities and equipment) to ensure their effectiveness and operability and compliance with applicable directives.

SURVEYS, REVIEWS, ACCREDITATION AND ASSESSMENTS: Personnel and activities associated with surveys, reviews, accreditations and assessments to determine the status of the security program and to evaluate its effectiveness; development and management of a facility survey and approval program, facility pre-survey, information technology system accreditation.

SPECIAL ACCESS PROGRAM: A program established for a specific class of classified information that imposes safeguarding and access requirements that exceed those normally required for information at the same classification level. (Unless specifically authorized by the President, only the Secretaries of State, Defense, and Energy and the Director of Central Intelligence may create a special access program. Sensitive Compartmented Information (SCI) programs are not included as SAPs for the purpose of these estimates; rather, SCI security costs are integrated and estimated throughout all categories as appropriate.)

SECURITY AND INVESTIGATIVE MATTERS: The investigation of security violations, criminal matters not included in counterintelligence, law enforcement or defensive security programs.

INDUSTRIAL SECURITY (Non-Contractor Costs): Those measures and resources directly identifiable as government activities performed for the protection of classified and sensitive unclassified information to which contractors and their subcontractors, vendors or suppliers have access or possession. Examples of such activities are industrial security reviews, surveys, and granting facility clearances.

FOREIGN OWNERSHIP, CONTROL or INFLUENCE (FOCI): The development and management of a foreign ownership, control or influence program; evaluation of FOCI submissions, the administration and monitoring of FOCI information and development of FOCI notifications.

B. Department/ Agency Unique Categories

(Department/ Agency-specific activities that are not reported in Primary Categories but are nonetheless significant and need to be included.

Note: This is the framework that was approved by the Policy Integration Committee at its 21 April 1995 meeting. It has been transmitted to the Office of Management and Budget for inclusion in the A-11 reporting guidance for FY 1997.

Advanced TSCM Signals Detection and Analysis
TSCM - Sweeping the Spectrum for Eavesdropping Devices

| Home | What is TSCM | Types of Bugs | Warning Signs You're Bugged |
| How To Behave if Bugged | TSCM Threat Levels | How To Engage a TSCM Firm |
| Qualifications | TSCM Protocol | Bug Frequencies | Phone Taps and Bugging |
| Signal Analysis | TDR Analysis | TDR Tutorial | Wiretapping | Training | Tools |
| Equipment | OSC-5000 | Kaiser | Riser Bond | Avcom | Search Rcvrs |
| Outside Links | Recommended TSCM Books | TSCM Reference Library |
| Recommended U.S. TSCM Firms | TSCM-L Mailing List |


Copyright ©2002, Granite Island Group