Skip to Main Content
us forest service facilities toolbox

All Forest Service buildings and sites must provide some level of security for employees and the materials, equipment, and supplies they work with. Anyone who has visited more than one Forest Service site realizes that the same level of security isn't appropriate everywhere. As a result, there's no one "right answer" to Forest Service security.

This section of the toolbox provides information to help you determine what level of security is needed and how that level of security can be achieved.

Security Topics

Back | Next


  • It's important to provide the right
    level of security at all Forest Service
    sites, including the historic Ninemile
    Ranger Station in rural Montana.

    Forest: Lolo
    District: Ninemile
    Region: 1


    Click the mailbox icon to contact us for a direct reply OR

    Click the green button below to send an anonymous feedback form.

    • Did we answer your questions?
    • Should we include additional information in this toolbox section?
    • Should we make corrections or additions to this toolbox section?
    • Please let us know. Click on the icon to send us your message.

  • What is the appropriate level of
    security in Harrisonburg, Virginia?

    Forest: George Washington and Jefferson

    District: North River

    Region:8

    All Forest Service facilities face security risks, but not the same risks. Forest Service buildings and sites vary from log cabins accessible only by trail to District offices in small towns to research laboratories in urban areas. Possible threats range from tornadoes (natural events) to chemical releases (accidents) to theft of snowmobiles by joy-riding teenagers or even arson by ecoterrorists (intentional acts).

    Your Region or Forest may have already established security standards that you must follow. Check with your Regional or Forest facilities engineer to find out whether there are standards and what the standards are.

    The threats (Web site available only to FS and BLM employees) faced at each location are different, so the required security measures also differ.

    The first step in addressing physical security requirements is to figure out what threats affect the site and how vulnerable the site is to those threats. The Threat and Vulnerability Assessments (Web site available only to FS and BLM employees) section of the Physical Security Toolbox developed by MTDC explains threats and vulnerability assessments. The Physical Security Planning (Web site available only to FS and BLM employees) section explains how to conduct a vulnerability assessment. A good starting point for a Forest Service vulnerability assessment is the report that should have been done on each unit in 1995 of building risk level and whether each structure meets the minimum security standards for that risk level.

    Vulnerability assessment guidance is included in chapter 6 of the USDA Integrated Physical Security Standards & Procedures Handbook (Web site available only to USDA employees). Self-assessment checklists for offices, aviation facilities, cyber resources, and laboratories are also included in Chapter 6.

    Vulnerability assessment tools are available from many sources, including FEMA 452—Methodology for Preparing Threat Assessments for Commercial Buildings and the North Carolina Department of Agriculture & Consumer Services Terrorism Threat Vulnerability Self Assessment Tool. The PhysicalSecurity Planning (Web site available only to FS and BLM employees) section of the Physical Security Toolbox explains how to use assessment tools developed by others. Physical security assessments and design reviews are also available through the USDA Protective Operations Division.

    Once risk and vulnerability assessments are complete, the devices and methods that will provide security for a particular building or site can be chosen.

  • Providing security for a visitor center built by the civilian conservation corps in 1938 can be a challenge.

    Forest: Six Rivers

    District: Gasquet

    Region: 5

    Use the information in the risk and vulnerability assessment to choose appropriate devices and methods to provide security for the particular building or site.

    There are three general methods of accomplishing physical security. Each works best when integrated with the other two.

    Operational security measures are policies and actions taken by observant, trained employees.

    Passive security is accomplished through careful building and site location and design.

    Active security measures are the ones most people think of first—security devices such as locks, video monitors, and lighting. One active security measure that will affect all Forest Service employees is the Federal Government's standard identity and access control smartcard. Smartcards are already being issued. The current implementation schedule shows issuance completed and smartcards in use throughout the Federal Government by 2009.

  • The Forest Service, Park Service, and Northwest Interpretive Association share responsibility for this information station in the REI flagship store in Seattle, Washington. The location provides better security than if the desk was in a separate building.

    Forest: Mt. Baker-Snoqualmie

    Region: 6

    Operational security protection is usually provided by supervisors and employees. Employees who are aware of and take ownership in their surroundings and are trained and willing to report or deal with anything unusual are the first line of operational security. Cracks in walls, funny smells, or people who don't belong in an area can lead to serious problems, but can usually be taken care of easily if detitle with promptly and appropriately.

    Most Forest Service units already have a sense of cohesion and ownership in their facilities. This can be enhanced by encouraging social interaction such as lunchtime potlucks and by rewarding behaviors that exhibit a sense of ownership of the facility. Supervisors should encourage employees who take initiative in small actions, such as picking up litter or mentioning when maintenance is needed or unknown people are in the area.

    The Forest Service routinely offers security training covering a wide range of issues. Self-study training materials are also available, including those AgLearn (available only to USDA employees).

    Other operational security measures depend mostly on how employees and facilities are managed. In some areas, it is important that an employee isn't alone in a space such as a reception area where odd people may wander in off the street and harass or threaten the employee. In these cases, supervisors must assure that work is scheduled so two or more employees always occupy the space.

    If a public area in a building that conducts sensitive business is often occupied by large groups of people, it may be wise to assure that the receptionist or security guard does not have other duties that would distract him or her from observing the visitors. Constant observation tends to deter visitors from making unauthorized procurements of government property or slipping unnoticed into areas where they don't belong.

    Operational security measures may be as simple as visitor sign-in sheets or assuring that keys are not left in motorized equipment. Site-appropriate operational security measures can be determined by site-specific risk evaluation.

  • Active security protection is provided by devices such as alarm systems, sensors, video surveillance, and access control systems. Devices are most effective when combined with operational and passive security measures. Information about devices is available in the Locks (Web site available only to FS and BLM employees), Alarm Systems & Sensors (Web site available only to FS and BLM employees), and Video & Access Control Systems (Web site available only to FS and BLM employees) sections of the Physical Security Toolbox.

    The security devices needed at some locations will be very simple while other locations may need very complex security systems including 24-hour monitoring of closed circuit TV cameras and biometric access control devices. Be sure the devices meet the actual need and comply with the requirements associated with Homeland Security Presidential Directive 12. More information on Homeland Security Presidential Directive 12 is available in the section on Smartcard Employee Identification and Access Cards.

  • All Forest Service access control systems must comply with Homeland Security Presidential Directive 12 (HSPD-12), which requires a common identification standard for Federal employees and contractors. Since 2008, all Forest Service employees and long-term contractors have been issued Federal Government standard smartcard identification and access control cards. Within USDA, these cards are known as "LincPass" in honor of President Abraham Lincoln, who created the UDSA.

    Fingerprint and background checks must be completed before the cards are issued to new employees. The card is used both for physical and computer system access. It has a programmable chip with both contact and wireless interfaces, and will support four levels of security. It uses cryptographic tools for higher levels of security and contains an electronic photo and biometric (fingerprint) data to verify identity. A printed photo appears on the card. The cards also can include a magnetic stripe and a bar code.

    The physical specifications for the HSPD-12 standard are outlined in National Institute of Standards and Technology Special Publication 800-73.

    A separate document, National Institute of Standards and Technology Special Publication 800-76, has biometric data specifications for HSPD-12 personal identification verification cards. It specifies technical acquisition and formatting requirements for biometric credentials.

    More information on HSPD-12 security requirements are available at http://lincpass.usda.gov (available only to USDA employees) and in the USDA Integrated Physical Security Standards & Procedures Handbook (Web site available only to USDA employees). See chapter I—Physical Security, Part III—Issuing and Controlling Identification Badges (starting on page 13).

    Information on specifying and installing Forest Service access control systems that are operable using a LincPass is available to Forest Service employees.

  • This section of the Facilities Toolbox addresses the most common physical security questions. If you want more in-depth information, try exploring the web resources below.

    Reminders:

    • If your site has a perimeter fence and the fire department will respond to an emergency at your site, you may need to make sure they have a master key to allow them entry to the site. Check with your local fire service to learn their requirements.
    • Any new key card entry system must be Lenel. Not all sites need key card entry systems. Check your Regional policy. If it doesn't include guidance on appropriate security measures, including which sites need key card entry systems, you may need to perform a Threat and Vulnerability Assessment.

    American Society of Civil Engineers: Water Infrastructure Security

    Department of Justice: Standards for Protection of Federal Facilities

    Federal Emergency Management Agency: Methodology for Preparing Threat Assessments for Commercial Buildings (FEMA 452)

    Federal Identity Management Handbook

    Forest Service Web site: Facilities—Building Security (Web site available only to FS and BLM employees)

    Forest Service Web site: Facilities—Building Security—Crime Prevention Through Environmental Design (CPTED) (Web site available only to FS and BLM employees)

    Forest Service Web site: Physical Security Toolbox (Web site available only to FS and BLM employees)

    General Service Administration: Facility Standards for the Public Buildings Service (PBS-P100)

    Interagency Security Committee: Risk Management Process

    Interagency Security Committee: Security Design Criteria (Web site available only to FS and BLM employees)

    Homeland Security Presidential Directive No. 7

    Homeland Security Presidential Directive 12

    National Institute of Standards and Technology: Special Publication 800-73 Interfaces for Personal Identity Verification

    National Institute of Standards and Technology: Special Publication 800-76 Biometric Data Specification for Personal Identity Verification

    USDA Integrated Physical Security Standards & Procedures Handbook (Web site available only to USDA employees)

    USDA Physical Security Program: Points of Contact

    USDA Physical Security Program: Internal Library

    Whole Building Design Guide—Safe and Secure Buildings

  • Richard.Holman@usda.gov
    12/31/2007 12:25 PM
    Re: USDA Assistance for Physical Security Assessments and Reviews for FY08

    As the New Year begins in the USDA, it is time to plan and coordinate the initiation of physical security assessments and reviews. The Office of Security Services (OSS), Physical Security Division is available to provide assistance with physical security assessments of existing facilities and design reviews for new facility projects.  This work is conducted in accordance with the GAO approved "Risk Based" assessment methodology, the Federal Interagency Security Committee (ISC) design criteria and within approved standards as published by the Office of the Chief, Architect for GSA.

    Again, these assessment and design reviews apply to existing and planned facilities.  We also have a review processes for pre-lease agreements. All work is done by a trained Physical Security Specialist (GS-0080 series).

    Physical Security authority and requirements come from several sources to ensure USDA assets and personnel are properly protected from identified threats.

    1. HSPD-7 (Homeland Security Presidential Directive No. 7): This Directive was issued by President Bush in December, 2003 to update policies intended to protect the country from terrorist attacks.  This directive supersedes the earlier PDD-63 (Presidential Decision Directive No. 63), which was issued by President Clinton in May of 1998.  Under HSPD-7, federal departments and agencies are required to develop methods and technologies to protect all critical infrastructures and key resources of the government and economic sector.  Within USDA we have approximately 204 Mission Critical Facilities that are considered critical infrastructure

    2. HSPD-9 (Homeland Security Presidential Directive No. 9): This Directive establishes a national policy to defend the agriculture and food system against terrorist attacks, major disasters, and other emergencies. It was issued by President Bush in August 2004.  Under mitigation of strategies within this Directive it is required that USDA Mission Critical Facilities be assessed every two years.

    3. HSPD-12 (Homeland Security Presidential Directive No. 12): This Directive provides for a Common Identification Standard for Federal Employees and Contractors that can be rapidly authenticated electronically. This type of authentication will be completed through the OSS enterprise Physical Access Control System (ePACS).  IAW OMB guidance, all PACS must be HSPD-12 compliant with NIST Federal Information Processing Standards (FIPS) 201-1 by October 2011.

    4. HSPD-20 (Homeland Security Presidential Directive No. 20): This Directive establishes a comprehensive national policy on the continuity of Federal Government structures and operations.  This directive supersedes the earlier PDD-67 (Presidential Decision Directive No. 67), which was issued by President Clinton in October of 1998. Continuity requirements under this directive require that vital resources, facilities, and records be safeguarded, and official access to them be provided.

    To ensure USDA complies with the stated requirements above, it is important to conduct these physical security assessments and reviews. Because improved security technologies are constantly being developed to ensure that existing threats are countered sufficiently to protect USDA assets and employees it is necessary to relook at facility security on a periodic basis.

    If the Office of Security Services can be of any assistance regarding physical security assessments, design reviews or security protection schemes, please let us know.  All work requested will be initiated through a reimbursable agreement.  A geographical scheduling scheme will be used to ensure the maximum number of site visits can be made while in one geographical area.  As an example, a North Dakota visit could encompass many site visits, thus sharing the cost of the assessment or review among the different agencies.

    Sincerely,

    Richard C. Holman
    Chief, Physical Security Division
    USDA/DA/OSS
    (202) 720-3901
  • A building security plan isn't required but is a good way to organize and document the procedures that are required and will make the building safe for employees and visitors.

    A 1995 presidential directive requires minimum security standards for each of the five building risk levels for Federal buildings. Homeland Security Presidential Directive No. 7 includes a requirement that all Federal agencies develop plans for protecting critical physical infrastructure. The USDA Integrated Physical Security Standards & Procedures Handbook (Web site available only to USDA employees) explains how this is to be accomplished. Each building security plan will be different, depending on the building risk level, minimum security standards for the building, and what issues were discovered during the threat and vulnerability assessment for the building.

    The unit leadership team members must be involved in decisions about security measures and should sign the completed plan. Any unit with employees who are covered by the Master Agreement between the Forest Service and the National Federation of Federal Employees or another union agreement must notify the local of its intent to develop a security plan, and be prepared to include union representatives in partnership negotiations or other bargaining methods specified in the Union agreement.

    Each building security plan should identify all the security measures at the building and explain how the security measures will be accomplished, who is responsible for implementing them, what (if any) reporting and records are required, and may identify consequences if the procedures aren't followed. The Forest Service law enforcement officers serving the unit can provide valuable expertise that should be considered in assembling the security plan. Most Forest Service buildings have relatively low risk levels and are located with a group of other low risk buildings at stations or compounds. It may make sense to assemble a security plan for an entire station or compound in many cases. Isolated buildings with the lowest risk levels probably don't really need a building security plan and can be covered under general security plans for the entire unit.

  • Name and address of facility
    Date of plan
    Signatures

    Background information:

    Security Plan

    • Identify all the security measures to be implemented at the building
    • Explain how the security measures will be accomplished
    • Explain who is responsible for implementing which security measure
    • Identify what (if any) reporting and records are required
    • Identify consequences (if any) to employees who don't follow procedures

    Examples of things that may be included in the security plan:

    • Building and grounds security improvements
      • Lighting
        • Modify exterior lighting to provide uniform building and wareyard illumination, without glare or dark spots
        • Switch to full cutoff exterior lights or add shields to existing lights to eliminate glare and light trespass
        • Switch to motion activation of exterior lights after ______ pm
      • Vegetation
        • Trim or remove vegetation that hinders visibility, could act as ladder fuel to ignite building, or allows access to upper floors
      • Entrances/windows
        • Install shatter resistant glass or film
        • Add security cameras
      • Parking/roadways/barriers
        • Add physical barriers to prevent unauthorized vehicle approach to building
        • Add lighting for employee parking and path to parking lot
      • Fencing

    • Lock system use
      • Do not prop open “employee entrance only” doors because they are closed to the public and must remain locked at all times.
      • Keep all doors locked when working alone in the office
      • Identify who gets to have keys or key cards and when they'll be issued
        • PFTs who have passed their security checks
        • Seasonals, temporary employees, contractors, employees of other agencies
      • Identify which positions have access to specific areas or the factors that are required for access to be granted to those areas
      • Procedure to retrieve key cards or electronically cancel them when employees/contractors leave
      • Identify the person in charge of issuing and receiving returned/canceled cards
      • Identify how to handle public entrance after hours to use the meeting rooms.
      • Identify who is in charge of recording the person responsible for admittance/lock-up
      • Identify under what circumstance (if any) unit will allow loan of cards that only allow access to meeting rooms to the public
      • Identify what hours wareyard gates will remain unlocked for easy access (if any)

    • Employee Identification
      • Employees/contractors must wear their Government ID/key cards/LincPasses when they're in the building

    • Reception area
      • Come to the reception area, without delay, when personally paged
      • Identify who the front desk person can call for backup if a visitor is unruly or intimidating
      • Ensure that communications equipment is operating properly
      • Security improvements to the reception area
        • Install a call button to the LE office and/or another employee who's usually in the building and can handle "issues"
        • Equip public entrance door with an audible signal when it is opened.
        • Have a physical barrier in the reception area between the employee and visitor.
        • Provide a safe area, behind closed doors, where employee can retreat from reception area.
      • Visitors
        • Have all visitors check in at the front desk (may not need check-in for visitors who don't leave the reception area)
        • Identify what info must be on the sign-in sheet (name, where they're going/who they're visiting, time checked in, time checked out, etc.)
        • Visitors will be issued a temporary pass on a lanyard to wear while in the building (temp pass will NOT include key card, just say "visitor")
        • Post the main entrance as a public entrance; post “employee entrance only” signs on other doors
        • Post normal business hours
        • Post signs on entrances indicating that concealed weapons are prohibited and are a Federal Offense
        • Escort visitors to and from reception and staff areas.
        • Inquire about and report any suspicious or wandering persons to _________
        • Do not allow guests to use the back doors unless escorted by an employee
      • Communications/computer systems
        • This section may contain specifics or may reference other security documents
        • Identify required training
      • Emergency/incident procedures
        • This section may reference separate Occupant Emergency Procedure Guide
        • This section may contain specifics such as:
          • Emergency phone numbers, location of copies of this emergency plan
          • Occupant emergency team responsibilities and contact info (team leader, medical coordinator, floor/door monitors, monitor for persons with disabilities, technical advisors for law enforcement/security, safety, transportation, high hazard areas such as laboratories or shops)
          • Fire
          • Medical emergency, first aid
          • Power outage
          • Evacuation
          • In-place sheltering
          • Burglary, theft, robbery
          • Earthquake, natural disasters
          • Office closure due to influenza, epidemic, furlough, unplanned event
          • Verbal threats, physical violence, property damage
          • Hostage
          • Chemical or biological threats or hazards, HazMat release
          • Bomb threat (package, phone call, device)
          • Emergency locator maps
  • A good security plan is usually constructed by a team that includes law enforcement, the facilities engineer, a union representative, frontline employees, and the unit's leadership. It can take several months to assemble information and make quality decisions.

    Unit leadership must be involved in decisions about security measures and the line officer should sign the completed plan. Some decisions seem minor, but can have large consequences, so it's important to make sure the line officer or a designee is involved.

    Important decisions include:

    • Who gets to have key cards and how will they be issued?
      • For most units, all PFTs get cards as soon as they pass their security checks.
      • Most units issue cards to seasonal employees with continuing appointments (18/8s that have permanent appointments but don't work year round), employees of other agencies who work in the building, and contractors who pass the LincPass security check and have contracts that last more than a couple months.
      • Most units don't give temporary employees a card unless there's a compelling reason to do so - they make the supervisor responsible for assuring temporary employees can get in.

    • What is the procedure to retrieve key cards or electronically cancel them when employees and contractors leave the FS? Will seasonal employees keep their key cards during their off season?

    • Do employees need to wear their key cards/LincPasses when they're in the building?
      • Many units issue lanyards with plastic sleeves to hold key cards/LincPasses and require all employees to have them on when they're in the building. This is more often done in large offices where employees are not likely to know every other employee by name, or where there are more security issues, such as in large cities.

    • Must visitors who sign in at the front desk be issued a temporary pass on a lanyard to wear while in the building?
      • Most units don't make people sign in unless they leave the lobby/reception area and go into the employee work areas.
      • Making visitors sign in allows the front desk to know that all visitors have left the building at the end of the day (because they have to turn the pass in & sign out), and (especially if a visitor hasn't yet left by the end of the day) what employee is responsible for which visitor.
      • The temporary pass should NOT include key card access.

    • What information must be on the visitor sign-in sheet (name, where they're going/who they're visiting, time checked in, time checked out, etc.)?
      • If you have a visitor check-in system for a leased building or a GSA building, will the building owner, janitor, and people the owner hires to service or repair the building equipment be required to sign in or will they be issued key cards?

    • What is the procedure for reporting unescorted strangers in the building?

    • Who can the front desk person call for backup if a visitor is unruly or intimidating?
      • Will there be a call button to the LE office and/or some other person who's usually in the building and can handle "issues"?

    • If the key card system allows different people to access different areas, which positions will have access to which areas or which factors will influence whether access is granted to specific areas?

    • How will access for the public be provided to use the meeting rooms after business hours?
      • Most units don't allow public use without a FS employee to let people in and make sure things are secured after they leave.
      • Some units are able to make cards that only allow access to certain parts of the building and are willing to trust certain members of the public to use those cards without a FS person being there. This is not a generally recommended procedure.

    • What hours will the wareyard gates remain unlocked for easy access (if any)?

    • What is the range of consequences for supervisors or employees who don't follow the procedures?
Contact Us