Federal Building Security — Interagency Security Committee Standards
The Interagency Security Committee (ISC) — chaired by the Secretary of Homeland Security and codified at 40 U.S.C. §§ 8701–8722 — sets legally binding security standards for all non-military federal facilities in the United States. Created by executive order in the aftermath of the 1995 Oklahoma City bombing, the ISC's core tool is the Facility Security Level (FSL) — a five-tier risk rating that determines what perimeter controls, access systems, and personnel security measures each federal building must have. With roughly 9,000+ federal facilities housing over a million civilian employees, ISC standards shape the day-to-day experience of anyone who works in, visits, or contracts at a federal building.
Current Law (2026)
| Parameter | Value |
|---|---|
| Governing law | 40 U.S.C. §§ 8701–8722 (codified from Homeland Security Act § 1706) |
| Founding authority | Executive Order 12977 (1995), signed by President Clinton after Oklahoma City bombing |
| Chair | Secretary of Homeland Security |
| Member agencies | GSA, DOJ, FBI, VA, DOD (civilian facilities), State, Treasury, all major civilian agencies |
| Facility Security Levels | FSL I (lowest risk) through FSL V (highest risk) |
| FSL IV–V minimum setback | 50 feet from vehicle traffic (anti-vehicle bomb standard) |
| HSPD-12 PIV card | Required for all federal employees and contractors for physical and logical access |
| Facility Security Committees | Mandatory for each federal facility; FSL III–V have binding security recommendations |
Legal Authority
- 40 U.S.C. § 8701 — Establishment of the Interagency Security Committee; DHS Secretary chairs; membership includes heads of all agencies with occupied civilian federal facilities; ISC to develop and evaluate security standards for federal facilities
- 40 U.S.C. § 8711 — Authority to develop and evaluate security standards; ISC must issue standards defining the minimum security requirements for each FSL category and update them as threats evolve
- 40 U.S.C. § 8722 — Agency compliance; each federal agency must implement ISC standards for facilities it occupies or manages; failure to implement requires written justification to the ISC chair
How It Works
Every non-military federal facility receives a Facility Security Level (FSL) rating from I through V based on five factors: mission criticality of the agency, symbolism of the building as a government target, population (number of federal employees and daily visitors), building size, and threat and consequence of attack. A rural Social Security Administration field office might rate FSL I or II; a federal courthouse in a major city is typically FSL III or IV; FBI field offices and major agency headquarters rate FSL V. That rating drives every subsequent security investment decision for the facility. FSL I and II facilities — post offices, small field offices — require little more than basic signage and a visitor log. FSL III facilities require ID checks at entry, possibly X-ray screening, access control for non-public areas, and CCTV coverage. FSL IV and V facilities must have blast-resistant construction or retrofits, vehicle barriers (jersey barriers, bollards, or hydraulic wedge systems), standoff distances of at least 50 feet from public vehicle lanes, magnetometers, X-ray for packages, armed guards, and biometric or PIV-card-controlled access to secure zones — all specified in the ISC's Physical Security Criteria for Federal Facilities (2021 unclassified edition).
Each federal facility must establish a Facility Security Committee (FSC) comprising representatives of all tenant agencies, responsible for implementing ISC standards at the building level — making decisions about guard contracts, access control upgrades, and emergency procedures. For FSL III–V facilities, FSC security recommendations are mandatory rather than advisory. The building's primary tenant agency chairs the FSC and coordinates with GSA (the landlord for most civilian facilities) and DHS. This three-party structure — ISC sets standards, GSA owns the building, FSC implements — creates coordination challenges when agencies disagree about spending priorities or when renovation projects must be sequenced around ongoing operations.
Key Numbers / Facts
- The 1995 Oklahoma City bombing of the Alfred P. Murrah Federal Building killed 168 people. The Ryder truck was parked directly in front of the building; the explosion collapsed the northern face of the structure. This single event drove the creation of the ISC and the modern federal building security framework, including the 50-foot vehicle setback standard now required at FSL IV–V.
- HSPD-12 (2004) — Homeland Security Presidential Directive 12 — requires all federal employees and contractors to obtain and use a Personal Identity Verification (PIV) card for physical access to federal buildings and logical access to federal IT systems. PIV implementation has been uneven across agencies; ISC coordinates with the HSPD-12 program.
- The ISC's classified Design Basis Threat (DBT) report defines the specific threats (vehicle bombs, active shooters, chemical/biological agents) that FSL IV–V buildings must be designed to resist. The DBT is updated as intelligence on threats evolves and is not publicly released.
- ISC standards apply to leased buildings as well as GSA-owned facilities. When GSA signs a lease for federal office space in a private building, the solicitation must include ISC security requirements — meaning private landlords must often install security infrastructure to win federal tenancies.
How It Affects You
If you work in a federal building: Your daily security experience — magnetometers, PIV card readers, CCTV, vehicle barriers, guard posts — is shaped by your building's Facility Security Level. If your agency occupies an FSL III facility (most mid-sized federal offices), expect ID screening and controlled access to non-public areas. At FSL IV or V (larger agency headquarters, major courthouses, intelligence facilities), expect full magnetometer screening, X-ray, armed guards, and biometric or PIV-card access to every secure zone. If your building's FSL seems inconsistent with the actual threat environment — either over-secured and burdensome, or under-secured — the Facility Security Committee (FSC) representing your agency in the building is the venue for raising that concern.
If you're a federal contractor or vendor needing building access: ISC standards require that contractor access credentials and visitor management procedures meet the FSL of each facility you enter. For FSL III+ facilities, expect background screening requirements before you're issued an access badge. Plan for credentialing lead times of several weeks for new contract employees — last-minute badge requests for high-security facilities typically don't clear in time. If your company holds multiple federal contracts requiring access to different FSL facilities, track each building's specific access management system; they are not uniform across agencies.
If you're a private building owner or developer seeking federal tenants: GSA lease solicitations for federal space include ISC security requirements that you must meet to win the tenancy. For FSL III+ agencies, this means investing in security infrastructure — vehicle barriers, blast-resistant glazing, controlled access systems, CCTV — that may not exist in a standard commercial building. These investments can be substantial ($500,000 to several million dollars depending on FSL) but are typically reflected in the GSA lease terms. Engage ISC-compliant security consultants during the pre-solicitation phase to understand what physical modifications your building will require.
Recent Developments
The January 6, 2021 Capitol attack highlighted a significant gap in the ISC framework: the U.S. Capitol is not an ISC-governed facility. The Capitol Building and grounds fall under the jurisdiction of the Capitol Police, not DHS or GSA, and are not subject to ISC Facility Security Level standards. The attack exposed coordination failures between executive branch security (ISC-governed) and legislative branch security (Capitol Police-governed) and prompted calls for an ISC-style framework for Congressional facilities — though legislative branch independence has complicated implementation.
The 2025 DOGE office consolidations have created new ISC compliance challenges. When agencies vacate buildings or consolidate into shared spaces, FSL ratings must be recalculated and FSCs restructured. Rapid consolidation of multiple high-FSL agencies into a single building can trigger requirements for upgraded security infrastructure that was not anticipated in the GSA lease or building design. DHS and GSA have been working through a backlog of FSL reassessments generated by the agency footprint reductions.