The situation
A prime contractor constructing a new Special Access Program Facility needed to support three classified network enclaves within a single facility envelope — JWICS, SIPRNet, and a Space Force network operating at the TS/SI/SAR level. The facility was being built in support of active Space Force mission operations. The customer’s program office required accreditation-ready documentation aligned to ICD 705, CNSSI 1253, NISPOM, and the Risk Management Framework.
The prime had strong program management and facility-engineering capability but needed specialized technical advisory for multi-enclave classified network architecture and the accreditation documentation set that goes with it. The engagement was structured as a fixed-price advisory, with Fortinetics serving as lead technical advisor for decision-making activities concerning SCIF network design, secure facility requirements, and U.S. Government accreditation standards.
The constraints
Three factors shaped the engagement approach:
Sponsor-driven timing. Final approval for each enclave rested with the customer’s Authorizing Official, whose review cadence and requirements could shift during the engagement. Our phased approach was designed to maintain flexibility — deliverables and sequencing could adjust as sponsor direction evolved.
Classified information boundary. Our role was strictly advisory. Fortinetics personnel did not handle, process, store, or access classified information under the engagement. All classified design activities were performed by appropriately cleared client personnel; our inputs were unclassified architectural and compliance guidance.
GFE/CFE integration uncertainty. The split between government-furnished and contractor-furnished equipment was evolving as the program matured. Long-lead equipment procurement had to be guided without certainty on some items. We provided early sourcing guidance on likely GFE, documented assumptions for CFE, and supported the prime’s coordination with the program office to resolve uncertainty as the engagement progressed.
The approach
The engagement followed a four-phase framework: requirements and planning, design and engineering input, compliance documentation support, and advisory accreditation support.
In the requirements and planning phase, we conducted a kickoff with the prime’s Facility Security Officer and technical leads, reviewed existing drawings and network requirements, and clarified assumptions around equipment sourcing and classified-network transport options.
In the design and engineering phase, we contributed to network architecture and separation strategies across the three enclaves. Specific attention to physical separation, electromagnetic emanation considerations, cabling pathway segregation, and power and grounding. Rack layouts were developed to support operational needs while maintaining ICD 705 separation requirements.
In the compliance documentation phase, we produced accreditation documentation — mapping design decisions to ICD 705, CNSSI 1253, and related frameworks, drafting control narratives, and producing crosswalks between the design and the applicable RMF control set. The documentation was structured to support the prime’s submission to the Space Force Authorizing Official.
The final phase — advisory accreditation support — engaged with the AO’s review process, providing clarifications, advisory adjustments, and supplemental inputs as requested.
What made this engagement fit
Three factors made this the right engagement for Fortinetics’ model:
Multi-enclave experience. The design challenges of operating three classified networks at different classification levels within a single SAPF are non-trivial. The prime needed a team that had seen this pattern before and could identify the subtle separation and operational considerations that are easy to miss on a first build.
Framework depth across ICD 705, CNSSI 1253, NISPOM, and RMF. The accreditation package spanned multiple frameworks, and the control crosswalks needed to be accurate. Fortinetics’ team includes practitioners with hands-on experience across all four frameworks — including, importantly, direct work on CMMC itself at the Department of Defense in 2019, which informed our approach to framework-crosswalk authorship.
Advisory model alignment. The prime had capable program management and wanted focused technical advisory, not a full-scope implementation subcontract. Fortinetics’ advisory-only posture, with clear exclusion of classified information handling, fit the program’s needs precisely.
Commercial structure
The engagement was structured as a firm fixed-price advisory contract over nine months, with an initial retainer at execution and the remainder invoiced in equal monthly installments. The engagement covered Fortinetics’ advisory support across architecture and design, procurement guidance and Bill of Materials development, compliance and accreditation documentation, implementation and integration advisory, and accreditation and AO engagement support.
Outcome
The engagement completed on schedule with the full advisory scope delivered. The three-enclave network architecture — spanning JWICS, SIPRNet, and the Space Force network — was designed, documented, and accepted by the prime. The Bill of Materials was finalized and equipment procurement guidance issued. The accreditation documentation package, covering ICD 705, CNSSI 1253, NISPOM, and RMF mappings, was submitted to the Authorizing Official and closed out successfully.
Fortinetics’ advisory role concluded as planned. The prime continues operations under its accredited facility with an architecture that supports the three concurrent classified enclaves as designed.
Related reading
- Service: Classified networks & SCIF — multi-enclave architecture and AO engagement
- Framework: SCIF / SAPF accreditation — what ICD 705, CNSSI 1253, and NISPOM require
- SCIF / SAPF accreditation playbook — the full design-through-accreditation arc
- SCIF vs SAPF — the difference — what SAP adds on top of SCI
- First SCIF for a venture-backed startup — the same problem at smaller scale
- Companion case study: Government-direct SCIF network integration — the program-office side of the same world
If you’re a prime building a multi-enclave SAPF and need lead technical advisory across architecture and accreditation, book a scoping call — we’ll talk through the program directly.