Construction Surveillance Technician (CST) Certification Training
Securing SCIF/SAPF Construction Against Espionage & Technical Compromise
- Program Description
The Tonex Construction Surveillance Technician (CST) Certification Training is a specialized security program designed to prepare professionals to plan, monitor, secure, and audit the construction or renovation of classified facilities, including:
- SCIFs (Sensitive Compartmented Information Facilities)
- SAPFs (Special Access Program Facilities)
These facilities are critical to intelligence, defense, and national security operations and must comply with stringent standards such as ICD 705, DoD 5205.07, and NISPOM.
The CST certification focuses on construction-phase security, where facilities are most vulnerable to:
- Covert technical surveillance device implantation
- Supply chain compromise
- Insider threats
- Structural and electromagnetic vulnerabilities
Participants will gain hands-on skills to detect, prevent, document, and respond to security risks during construction activities.
The Tonex CST Certification Training equips professionals with the practical skills and operational knowledge needed to secure classified facilities during their most vulnerable phase—construction.
It ensures that SCIFs and SAPFs are built free from:
- Hidden surveillance devices
- Structural vulnerabilities
- Insider and supply chain threats
Typical environments include:
- Intelligence Community facilities
- Defense contractor SCIFs
- Military command centers
- Special Access Program (SAP) buildings
- Secure data centers for classified systems
- Learning Objectives
By the end of this training, participants will be able to:
- Understand SCIF/SAPF construction security requirements
- Apply ICD 705 and SAPF standards during construction phases
- Plan and execute construction surveillance operations
- Monitor contractor activities for security compliance
- Detect indicators of technical surveillance threats
- Identify risks in materials, supply chains, and installation processes
- Maintain surveillance logs and incident reports
- Support inspection and accreditation readiness
- Conduct security audits during construction
- Coordinate with FSOs, SSMs, and Accrediting Officials
- Target Audience
This course is ideal for:
- Construction Surveillance Technicians (CSTs)
- Facility Security Officers (FSOs)
- Site Security Managers (SSMs)
- Government security personnel
- Defense contractor security teams
- Counterintelligence support staff
- SCIF/SAPF project managers
- Inspectors and compliance auditors
- Prerequisites
- None
- Course Format
- Duration: 2 Days (Intensive)
- Delivery: Instructor-led (onsite or virtual)
- Method: Lectures, case studies, exercises, simulations
- Assessment: Certification exam + scenario-based evaluation
- Course Modules
Module 1: SCIF/SAPF Fundamentals & Threat Environment
- Overview of SCIFs and SAPFs
- Role of construction surveillance in national security
- Threat actors (nation-state, insider, contractor)
- Common attack vectors during construction
- Lifecycle of secure facility development
Module 2: Standards & Compliance Requirements
- ICD 705 construction requirements
- DoD 5205.07 SAPF guidance
- NISPOM construction security requirements
- TEMPEST/EMSEC fundamentals
- Roles of Accrediting Officials and oversight bodies
Module 3: Construction Surveillance Planning
- Developing a Construction Surveillance Plan (CSP)
- Risk-based surveillance strategies
- Resource allocation and prioritization
- Identifying critical construction phases
- Coordination with project stakeholders
Module 4: On-Site Monitoring & Surveillance Operations
- Daily monitoring procedures
- Contractor oversight techniques
- Material inspection protocols
- Installation verification (walls, ceilings, ducts, wiring)
- Surveillance documentation and logs
Module 5: Technical Surveillance Threat Awareness
- Types of covert surveillance devices
- Audio, RF, optical, and data exfiltration threats
- Indicators of hidden devices
- Introduction to TSCM concepts
- Red/Black separation awareness
Module 6: Supply Chain & Insider Threat Mitigation
- Secure sourcing of materials
- Vendor and contractor vetting
- Insider threat indicators
- Chain-of-custody controls
- Secure handling of sensitive components
Module 7: Cyber-Physical Security Considerations
- Risks in building systems (HVAC, BMS, IoT)
- Network cabling vulnerabilities
- Securing IT infrastructure installation
- Protecting design documents and plans
- Contractor IT access control
Module 8: Inspection, Testing & Accreditation Support
- Pre-accreditation inspection checklist
- Physical and technical verification
- Documentation requirements
- Working with Accrediting Officials
- Remediation of deficiencies
Module 9: Security Auditing & Incident Response
- Conducting construction security audits
- Identifying and documenting non-compliance
- Incident detection and escalation
- Evidence handling procedures
- Reporting and corrective actions
Module 10: Case Studies & Lessons Learned
- Real-world SCIF compromise scenarios
- Construction-phase vulnerabilities
- Insider threat case analysis
- Best practices and mitigation strategies
- Hands-On Exercises
Participants will complete:
Exercise 1: Surveillance Plan Development
- Build a Construction Surveillance Plan (CSP)
Exercise 2: Site Monitoring Simulation
- Analyze construction activity logs and identify risks
Exercise 3: Threat Identification
- Detect hidden vulnerabilities in a mock SCIF design
Exercise 4: Incident Response Drill
- Respond to a suspected surveillance device discovery
Exercise 5: Compliance Audit
- Perform a mock construction security audit
- Certification Exam
Format
- 60–75 multiple-choice questions
- Scenario-based problem solving
Domains & Weights
| Domain | Weight |
| SCIF/SAPF Fundamentals | 10% |
| Standards & Compliance | 15% |
| Surveillance Planning | 15% |
| Monitoring Operations | 20% |
| Technical Threat Awareness | 10% |
| Supply Chain & Insider Threats | 10% |
| Cyber-Physical Security | 10% |
| Auditing & Incident Response | 10% |
Passing Score
- 70%
- Key Deliverables
Participants receive:
- Tonex CST™ Certification
- Construction Surveillance Plan (CSP) template
- Surveillance log templates
- SCIF/SAPF compliance checklist
- Audit checklist toolkit
- Incident reporting templates
- Skills & Competencies Gained
Graduates will be able to:
- Plan and execute construction surveillance
- Monitor and secure SCIF/SAPF construction sites
- Detect technical and physical threats
- Enforce compliance with security standards
- Conduct audits and inspections
- Respond effectively to security incidents
- Support facility accreditation
- Career Roles
- Construction Surveillance Technician (CST)
- Facility Security Officer (FSO)
- Site Security Manager (SSM)
- SCIF/SAPF Security Specialist
- Government Security Inspector
- Defense Contractor Security Lead
- Tonex Differentiators
- Focused on real-world construction-phase threats
- Combines physical security, TSCM awareness, and cyber risk
- Hands-on simulation-based learning
- Aligned with ICD 705 and DoD standards
- Designed for immediate operational readiness
Why Construction Surveillance is Critical
Secure facilities can be compromised during construction before the building becomes operational.
Threats include:
Espionage Risks
- Hidden microphones or transmitters
- Embedded RF transmitters
- Optical surveillance devices
- Data taps inside cabling or walls
Supply Chain Threats
- Tampered materials
- Malicious hardware in electronics
- Compromised building components
Cyber-Physical Threats
- Compromised building management systems
- Network infiltration through infrastructure
- Unauthorized contractor access
Construction surveillance ensures these threats are identified before facility accreditation.
Key Standards and Regulatory Frameworks Covered
The course emphasizes compliance with major security directives.
Important standards include:
Intelligence Community Directives
- ICD 705
- Physical and technical standards for SCIF construction
- Accreditation requirements
DoD Standards
- DoD 5205.07 (SAPF security)
Other Security Requirements
- TEMPEST protection standards
- National Industrial Security Program (NISPOM)
- SCIF accreditation procedures
These regulations define requirements for:
- walls, ceilings, floors
- ventilation ducts
- windows and doors
- RF shielding
- access control systems
Relationship to Other Secure Construction Roles
Secure facility construction usually involves several roles.
| Role | Responsibility |
| Construction Surveillance Technician (CST) | Monitors construction activities |
| Site Security Manager (SSM) | Manages overall site security |
| Accrediting Official (AO) | Approves facility accreditation |
| TEMPEST Authority | Ensures electromagnetic security |
Operational Example Scenario
Example mission for a CST:
- A defense contractor builds a SCIF for satellite intelligence analysis.
- The technician monitors:
- materials entering the site
- wall and ceiling installation
- electrical wiring and ducts
- Suspicious device found inside ventilation duct.
- Technician:
- halts work
- documents evidence
- reports to the Site Security Manager
- Counterintelligence team investigates.
Without surveillance, the device could remain undetected for years.
Importance for National Security
Construction surveillance protects against:
- espionage
- insider threats
- foreign intelligence services
- cyber-physical attacks
- supply chain sabotage
Because once a secure facility is operational, hidden vulnerabilities become extremely difficult to detect or remove.