FEMA 426 / December 2003

Risk Management Series
Reference Manual 
to Mitigate Potential Terrorist Attacks Against 
Buildings
December 2003

FEM


RISK MANAGEMENT SERIES

Reference Manual to 
Mitigate Potential 
Terrorist
Attacks Against Buildings
PROVIDING PROTECTION TO PEOPLE AND BUILDING


www.fema.go


Any opinions, findings, conclusions, or recommendations expressed in this 
publication do not necessarily reflect the views of FEMA. Additionally, neither FEMA 
or any of its employees makes any warrantee, expressed or implied, or assumes any 
legal liability or responsibility for the accuracy, completeness, or usefulness of any 
information, product, or process included in this publication. Users of information 
from this publication assume all liability arising from such use




The creation of the Department of Homeland Security (DHS) is one of the most 
significant transformations in the Federal Government in decades, establishing a 
department whose first priority is to protect the nation against terrorist attacks. 
Within the DHS, the Directorate of Emergency Preparedness and Response (EP&R) is 
focused on ensuring that our nation is prepared for catastrophes, including both 
natural disasters and terrorist assaults.
Central to this mission is the protection of people and the critical infrastructure of 
the built environment. This Reference Manual to Mitigate Potential Terrorist Attacks 
Against Buildings provides guidance to the building science community of architects 
and engineers, to reduce physical damage to buildings, related infrastructure, and 
people caused by terrorist assaults.  
The comprehensive approach to understanding how to improve security in high 
occupancy buildings will better protect the nation from potential threats by 
identifying key actions and design criteria to strengthen our buildings from the 
forces that might be anticipated in a terrorist assault. It is important to note that 
many of the methodologies in this publication have been adapted from other 
government sources and modified to meet the mission of the DHS. This allows for 
the effective transfer of decades of federal and Department of Defense research and 
experience to the broader building science community.
This document was prepared by the Building Sciences and Technology Branch of the 
Mitigation Division, part of EP&R. The DHS would like to thank the following 
agencies for their contribution and input to this publication:
_	General Services Administration
_	Naval Facilities Engineering Service Center
_	Naval Facilities Command (NAVFAC) Criteria Office
_	USACE Protective Design Center
_	Department of Veterans Affairs
_	Centers for Disease Control and Prevention/National Institute for 
Occupational Safety and Health
_	Department of Justice, Office of Domestic Preparedness (DHS - Border and 
Transportation Security)
_	United States Air Force - Civil Engineer Support Agency


Michael D. Brown
Under Secretary
Emergency Preparedness
and Response Directorate
Anthony S. Lowe
Director
Mitigation Division
Emergency Preparedness and Response Directorate




FOREWORD AND ACKNOWLEDGMENT


BACKGROUND
The Federal Emergency Management Agency (FEMA) developed this Reference Manual 
to Mitigate Potential Terrorist Attacks Against Buildings to provide needed information on 
how to mitigate the effects of potential terrorist attacks. The intended audience in-
cludes the building sciences community of architects and engineers working for 
private institutions, and state and local government ofÞcials working in the building 
sciences community. The manual supports FEMAÕs Mission (Lead America to 
prepare for, prevent, respond to, and recover from disasters) and the Strategic PlanÕs 
Goal 3 (Prepare the Nation to address the consequences of terrorism), all of which 
will be done within the all-hazards framework and the needs of Homeland Security.
The building science community, as a result of FEMAÕs efforts, has incorporated 
extensive building science into designing and constructing buildings against natural 
hazards (earthquake, Þre, ßood, and wind). To date, the same level of understanding 
has not been applied to manmade hazards (terrorism/intentional acts) and tech-
nological hazards (accidental events). Since September 11, 2001, terrorism has 
become a dominant domestic concern. Security can no longer be viewed as a 
standalone capability that can be purchased as an afterthought and then put in place. 
Life, safety, and security issues must become a design goal from the beginning. 
OBJECTIVE AND SCOPE 
The objective of this manual is to reduce physical damage to structural and non-
structural components of buildings and related infrastructure, and also to reduce 
resultant casualties during conventional bomb attacks, as well as attacks using 
chemical, biological, and radiological (CBR) agents. Although the process is general 
in nature and applies to most building uses, this manual is most applicable for six 
speciÞc types of facilities:
_   Commercial ofÞce facilities
_   Retail commercial facilities
_   Light industrial and manufacturing facilities
_   Health care facilities
_   Local schools (K-12), and
_   Higher education (university) facilities
The processes and measures may not generally be economical or applicable to lighter 
density occupancies, such as single-family homes. More intense occupancies (e.g., 
industrial facilities) have already been addressed in most cases.
This is one of a series of publications that address security issues in high-population, 
private sector buildings. This document is the foundation of the Building Vulnerability 
Design Against Terrorist Attacks Training Course (FEMA 438).
The purpose of this manual is to provide guidance to the building sciences 
community working for private institutions. It presents tools to help decision-makers 
assess the performance of their buildings against terrorist threats and to rank 
recommendations. It is up to the decision-makers to decide which types of threats 
they wish to protect against and to determine their level of risk to each threat. Those 
decision-makers who consider their buildings to be at high risk can use this 
guidance as necessary.
The information contained in this document is:
_  not mandatory
_  not applicable to all buildings
_  not applicable when it interferes with other hazards such as Þre
This manual presents incremental approaches that can be implemented over time to 
decrease the vulnerability of buildings to terrorist threats. Many of the 
recommendations can be implemented quickly and cost-effectively.
ASSUMPTIONS
The information provided herein builds upon the synergies between the mitigation 
measures for natural hazards and manmade hazards. For example, seismic standards 
for non-structural building components are beneÞcial against the explosive blast of 
conventional bombs. Hurricane window design, especially against ßying debris, 
applies also to explosive blast. Landscaping for mitigation against wildÞres improves 
detection of placed devices. Ventilation system design against airborne biological, 
chemical, and radiological agents also works for similar hazardous material releases, 
whether intentional or accidental. Assessing threat, vulnerability, and risk may be 
complicated when comparing natural against manmade hazards. A natural hazard 
refers to a natural event such as a ßood, wind, or seismic disaster. Historical data have 
been used by FEMA and other agencies/organizations to economically quantify the 
risk for natural hazards. Manmade hazards include technological hazards and 
terrorism and they are distinct from natural hazards primarily in that they originate 
from human activity. Technological hazards are assumed to be accidental and that 
their consequences are unintended. There is limited discussion of technological 
hazards in this document. For manmade hazards, the threat and likelihood of 
occurrence are less well deÞned and the associated vulnerabilities have many con-
siderations that impact making good risk management decisions.
ORGANIZATION AND CONTENT OF THE MANUAL
This manual contains many how-to aspects based upon current information 
contained in FEMA, Department of Commerce, Department of Defense (including 
Army, Navy, and Air Force), Department of Justice, General Services Administration, 
Department of Veterans Affairs, Centers for Disease Control and Prevention/National 
Institute for Occupational Safety and Health, and other publications. It is intended to 
provide an understanding of the current methodologies for assessing threat/hazard, 
vulnerability, and risk, and the design considerations needed to improve protection 
of new and existing buildings and the people occupying them. As needed, this 
manual should be supplemented with more extensive technical resources, as well as 
the use of experts when necessary.
_  Chapter 1 presents selected methodologies to integrate threat/hazard, asset value, 
and vulnerability assessment information. This information becomes the input 
for determining relative levels of risk. Higher risk hazards require mitigation 
measures to reduce risk. The chapter also provides an assessment checklist that 
compiles many best practices (based upon current technologies and scientiÞc 
research) to consider during the design of a new building or renovation of an 
existing building. The checklist can also be used to assess the vulnerability of 
existing buildings within the context of the deÞned threats.
_  Chapter 2 discusses architectural and engineering design considerations 
(mitigation measures), starting at the perimeter of the property line, and includes 
the orientation of the building on the site. Therefore, this chapter covers issues 
outside the building envelope.  
_  Chapter 3 provides the same considerations for the building Ð its envelope, systems, 
and interior layout. 
_  Chapter 4 provides a discussion of blast theory to understand the dynamics of the 
blast pressure wave, the response of building components, and a consistent 
approach to deÞne levels of protection.
_  Chapter 5 presents CBR measures that can be taken to mitigate vulnerabilities and 
reduce associated risks for these terrorist tactics or technological hazards.
_  Appendices A, B, and C contain acronyms, general deÞnitions, and CBR 
deÞnitions, respectively.  
_  Appendix D describes electronic security systems and design considerations. 
_  Appendices E and F present a comprehensive bibliography of publications, and the 
associations and organizations capturing the building security guidance needed 
by the building sciences community, respectively.
ACKNOWLEDGMENTS
Principal Authors:
Michael Chipley, UTD, Inc.
Michael Kaminskas, UTD, Inc.
Wesley Lyon, UTD, Inc.
David Beshlin, UTD, Inc.
Mark Hester, UTD, Inc.
Contributors:
Milagros Kennett, FEMA, Project OfÞcer, Risk Management Series Publications
Eric Letvin, Greenhorne & OÕMara, Inc., Consultant 
Project Manager
Eve Hinman, ATC/Hinman Consulting Engineers, Inc.
G. Scott Earnest, CDC/NIOSH
Michael Gressel, CDC/NIOSH
Kenneth Mead, CDC/NIOSH
D. Shawn Fenn, FEMA
Randall Hoffman, UTD, Inc.
Damian Kolbay, UTD, Inc.
Mark Hankewycz, Gage-Babcock, Inc.
Christopher Arnold, Building Systems Development, Inc.
Deb Daly, Greenhorne & OÕMara, Inc.
Wanda Rizer, Greenhorne & OÕMara, Inc.
Julie Liptak, Greenhorne & OÕMara, Inc.
Bob Pendley, Greenhorne & OÕMara, Inc.
Bill Modzeleski, Department of Education
Project Advisory Panel:
Wade Belcher, General Services Administration
Curt Betts, U.S. Army Corps of Engineers
Jim Caulder, U.S. Air Force Ð Civil Engineer Support Agency
Marcelle Habibion, Department of Veterans Affairs
Joseph Hartman, U.S. Army Corps of Engineers
David Hattis, Building TechnoIogy, Inc.
Rick Jones, Naval Facilities Engineering Service Center
Kurt Knight, Department of Veterans Affairs
Frederick Krimgold, Virginia Tech
John Lynch, Naval Facilities Command (NAVFAC) Criteria OfÞce
Terry Pruitt, Department of Homeland Security
Chris Rojahn, Applied Technology Council
Lloyd Siegel, Department of Veterans Affairs
William Whiddon, Building Technology, Inc. 
This manual was prepared under contract to FEMA. It will be revised periodically, and 
comments and feedback to improve future editions are welcome. Please send 
comments and feedback by e-mail to riskmanagementseriespubs@dhs.go 




TABLE OF CONTENT



FOREWORD AND ACKNOWLEDGMENTSi
Backgroundi
Objective and Scopei
Assumptionsiii
Organization and Content of the Manualiii
Acknowledgmentsv
CHAPTER 1 Ð ASSET VALUE, THREAT/HAZARD, VULNERABILITY, AND RISK1-
1
1.1  Asset Value Assessment1-10
1.1.1  Identifying Building Core Functions1-11
1.1.2  Identifying Building Infrastructure1-11
1.1.3  Quantifying Asset Value1-12
1.2 Threat/Hazard Assessment1-14
1.2.1  Threat/Hazard Identification1-14
1.2.2  Threat Definition of Physical Attack  on a Building1-21
1.3 Vulnerability Assessment1-24
1.4  Risk Assessment1-35
1.5  Risk Management1-42
1.6  Building Vulnerabilty Assessment Checklist 1-45
CHAPTER 2 Ð SITE AND LAYOUT DESIGN GUIDANCE2-1
2.1  Land Use Considerations2-2
2.2  Site Planning2-6
2.2.1  Site Design2-6
2.2.2  Layout and Form2-6
2.2.3  Vehicular and Pedestrian Circulation2-11
2.2.4  Infrastructures and Lifelines2-13
2.2.5  Landscape and Urban Design2-14
2.3  Stand-off Distance2-22
2.4  Controlled Access Zones2-25
2.4.1  Physical Protective Barriers2-27
2.4.2  Other Perimeter Barriers2-30
2.4.3  Anti-ram Vehicle Barriers2-32
2.5  Entry Control and Vehicular Access2-36
2.6  Signage2-40
2.7  Parking2-42
2.8  Loading Docks and Service Access2-44
2.9  Physical Security Lighting2-45
2.10  Site Utilities2-47
2.11  Summary of Site Mitigation Measures2-51
2.12  Crime Prevention Through Environmental  Design (CPTED)2-59
CHAPTER 3 Ð BUILDING DESIGN GUIDANCE3-1
3.1  Architectural3-3
3.1.1  Building Configuration3-3
3.1.2  Space Design3-6
3.1.3  Other Design Considerations3-8
3.2  Building Structural and Nonstructural Systems3-10
3.2.1  Building Design to Achieve a Desired  Protection Level3-10
3.2.2  Progressive Collapse3-10
3.2.3  Loads and Stresses3-13
3.2.4 Good Engineering Practice Guidelines3-14
3.2.5  Building Materials3-16
3.2.6  Methods and References3-16
3.3  Building Envelope3-17
3.3.1  Building Exterior3-17
3.3.2  Exterior Wall Design3-18
3.3.3  Window Design3-20
3.3.4  Doors3-31
3.3.5  Roof System Design3-32
3.4  Mechanical Systems3-33
3.5  Electrical Systems3-44
3.6  Fire Protection Systems3-45
3.7  Communications Systems3-45
3.8  Electronic Security Systems3-46
3.9 Entry-control Stations3-48
3.10 Physical Security Systems3-50
3.11  Summary of Building Envelope Mitigation Measures3-50
CHAPTER 4 Ð EXPLOSIVE BLAST4-1
4.1  Blast Effects4-1
4.1.1  Building Damage4-6
4.1.2  Injuries4-8
4.1.3  Levels of Protection4-8
4.2  Stand-off Distance and the Effects of Blast4-13
4.3  Predicting Blast Effects4-16
4.3.1  Blast Load Predictions4-16
4.3.2  Blast Effects Predictions4-18
CHAPTER 5 Ð CHEMICAL, BIOLOGICAL, AND RADIOLOGICAL MEASURES5-1
5.1  Evacuation5-2
5.2  Sheltering in Place5-2
5.3  Personal Protective Equipment5-5
5.4  Air Filtration and Pressurization5-7
5.4.1  Air Filtration and Cleaning Principles5-8
5.4.2  Applying External Filtration5-20
5.4.3  Applying Internal Filtration  (Recirculation Filter Units)5-24
5.4.4  Radiological Hazards5-25
5.5  Exhausting and Purging5-26
5.6  CBR Detection5-26
5.7  Indications of CBR Contamination5-31
APPENDIX A Ð  Acronyms
APPENDIX B Ð  General Glossary 
APPENDIX C Ð  Chemical, Biological, and Radiological  Terms Glossary 
APPENDIX D Ð  Electronic Security Systems
APPENDIX E Ð  Bibliography
APPENDIX F Ð Associations and Organization


TABLES
Chapter 1
Table 1-1  Asset Value Scale1-13
Table 1-2  Nominal Building Asset Value Assessment1-14
Table 1-3  Event Profiles for Terrorism and  Technological Hazards1-17
Table 1-4  Homeland Security Threat Conditions1-24
Table 1-5  Site/Building Inherent Vulnerability  Assessment Matrix (Partial Risk 
Assessment)1-25
Table 1-6  Classification Table Extracts1-26
Table 1-7  Selected Extracts -- Recommended  Standards Chart1-27
Table 1-8  Level of Visibility1-29
Table 1-9  Criticality of Target Site1-30
Table 1-10  Target Value to Potential Threat Element1-30
Table 1-11  Aggressor Access to Target1-31
Table 1-12  Target Threat of Hazard (WMD Materials)1-31
Table 1-13  Site Population Capacity1-32
Table 1-14  Potential for Collateral Damage  (Mass Casualties)1-32
Table 1-15  Building Summary Sheet1-33
Table 1-16  Building Ranking1-33
Table 1-17  Simplified Building Ranking Matrix1-34
Table 1-18  Risk Factors Definitions1-38
Table 1-19  Total Risk Color Code1-38
Table 1-20  Site Functional Pre-Assessment  Screening Matrix1-38
Table 1-21  Site Infrastructure Systems  Pre-Assessment Screening Matrix1-39
Table 1-22 Building Vulnerablilty Assessment  Checklist1-46
Chapter 2
Table 2-1 Correlation of Mitigation Measures  to Threats2-54
Chapter 3
Table 3-1 Glazing Protection Levels Based on  Fragment Impact Locations3-21
Table 3-2  Correlation of GSA Glazing Performance  Conditions and DoD Levels of 
Protection  for New Buildings3-22
Chapter 4
Table 4-1 DoD Minimum Antiterrorism (AT)  Standards for New Buildings4-9
Table 4-2  Correlation of DoD Level of Protection  to Incident Pressure4-10
Table 4-3  Damage Approximations4-19
Chapter 5
Table 5-1 Comparison of ASHRAE Standards  52.1 and 52.25-12
Table 5-2  Indicators of a Possible Chemical  Incident5-34
Table 5-3  Indicators of a Possible Biological  Incident5-35
Table 5-4  Indicators of a Possible Radiological  Incident5-36

FIGURES
Chapter 1
Figure 1-1    Recent acts of terrorism1-2
Figure 1-2   Total facilities struck by international  terrorist attacks in 1997-2002 and  
total facilities attacked in 20021-3
Figure 1-3 The assessment process model1-5
Figure 1-4  Satellite imagery/GIS tool1-7
Figure 1-5  Satellite imagery/GIS tool1-8
Figure 1-6 Aggressor weapons1-15
Figure 1-7  Estimated plume from a 1-ton chlorine  spill in Washington, DC1-16
Figure 1-8  Facility system interactions1-23
Figure 1-9  Common system vulnerabilities1-35
Figure 1-10  Non-redundant critical functions  collocated near loading dock1-41
Figure 1-11  Vulnerability examples1-42
Figure 1-12  Typical building design and  construction process1-43
Figure 1-13  Risk management choices1-44
Chapter 2
Figure 2-1 An example of using GIS to identify  adjacent hazards2-5
Figure 2-2 Clustered versus dispersed site layouts2-8
Figure 2-3  Clustering to enhance surveillance opportunities while minimizing views 
into the buildings2-8
Figure 2-4 Streetscape security elements2-17
Figure 2-5 Blocking of sight lines2-20
Figure 2-6 Improper building siting and view  relationships2-21
Figure 2-7 Clear zone with unobstructed views2-21
Figure 2-8 Concept of stand-off distance2-22
Figure 2-9 Stand-off distance and building separation2-23
Figure 2-10 Exclusive and non-exclusive zones2-26
Figure 2-11 Application of perimeter barrier elements2-28
Figure 2-12  Using street closing to create a controlled  access area2-31
Figure 2-13 Sample bollard applications2-33
Figure 2-14 Examples of active and passive vehicle barriers2-35
Figure 2-15 Combined multi-user gate2-37
Figure 2-16 Summary of site mitigation measures2-53
Chapter 3
Figure 3-1 Glazed areas perpendicularly oriented  away from streets3-5
Figure 3-2 Re-entrant corners in a floor plan3-6
Figure 3-3 Offset doors through foyer3-7
Figure 3-4 Side view of a test structure illustrating  performance conditions of Table 3-
23-22
Figure 3-5 An unprotected window subject to a  large explosion3-23
Figure 3-6 Narrow and recessed windows  with sloped sills3-29
Figure 3-7 Sacrificial roof3-33
Figure 3-8 Example of protecting outdoor air intakes3-36
Figure 3-9 Example of elevated air intake3-36
Figure 3-10 Another example of protecting outdoor  air intakes3-37
Figure 3-11 Example of enclosing an existing  vulnerable air intake3-38
Figure 3-12 Physical security devices3-48
Chapter 4
Figure 4-1 Typical pressure-time history4-2
Figure 4-2 Reflected pressure coefficient vs. angle  of incidence4-3
Figure 4-3 Typical impulse waveform4-4
Figure 4-4 Blast pressure effects on a structure4-7
Figure 4-5 Explosives environments - blast range  to effects4-11
Figure 4- 6 Blast analysis of a building for a typical car  bomb detonated in the 
buildingÕs parking lot4-12
Figure 4-7 Blast analysis of a building for a typical  large truck bomb detonated in the  
buildingÕs parking lot4-12
Figure 4-8 Relationship of cost to stand-off distance4-13
Figure 4-9 Stand-off distance and its relationship  to blast impact as modeled on the  
Khobar Towers site4-15
Figure 4-10 Incident overpressure measured in  pounds per square inch, as a function 
of  stand-off distance and net explosive weight  (pounds-TNT)4-17
Chapter 5
Figure 5-1 Universal-fit escape hood5-6
Figure 5-2 Scanning electron microscope image of  a polyester-glass fiber filter5-8
Figure 5-3 Four primary filter collection mechanisms5-9
Figure 5-4 Classic collection efficiency curve5-10
Figure 5-5   A bag filter and HEPA filter5-12
Figure 5-6 Comparison of filter collection efficiency  based on particle size5-13
Figure 5-7 Typical performance of a HEPA 99.97%5-14
Figure 5-8 Scanning electron microscope image of  activated carbon pores5-14
Figure 5-9  Charcoal filter beds5-17
Figure 5-10 UVGI array used for air disinfection with  reflective surfaces5-19
Figure 5-11 A military FFA 580 air filtration system  containing both a HEPA filter and 
an  ASZM-TEDA carbon adsorber as part of  an overpressure system5-21
Figure 5-12 A commercial air filtration unit5-22
Figure 5-13  An IMS chemical detector designed for  installation in HVAC systems  5-
29
Figure 5-14 Placards associated with chemical  incidents5-35
Figure 5-15 Placards associated with biological  incidents5-36
Figure 5-16 Placards associated with radiological  incidents5-36




ASSET VALUE, THREAT/HAZARD, VULNERABILITY, AND RISK   


Mitigating the threat of terrorist attacks against high occupancy buildings is a 
challenging task. It is difficult to predict how, why, and when terrorists may attack. 
Many factors must be considered in creating a safe building environment. This 
chapter presents several methodologies for architects and engineers to quantify risk 
and to identify the most effective mitigation measures to achieve a desired level of 
protection against terrorist attacks at an acceptable cost. The methodologies 
presented herein can be used for new buildings during the design process, as well as 
for existing buildings undergoing renovation. Sections 1.1 to 1.5 will discuss the 
assessment process, asset value assessment, threat/hazard assessment, vulnerability 
assessment, risk assessment, and risk management to help architects and engineers 
identify the best and most cost-effective terrorism mitigation measures for each 
buildingÕs unique security needs. Section 1.6 presents the Building Vulnerability 
Assessment Checklist to support the assessment process.
One of the primary objectives of this manual is to establish a common framework of 
terminology and the transfer of design concepts that have been in use by the United 
States (U.S.) Department of Defense (DoD), military services, the Department of State 
(DOS), and the General Services Administration (GSA) to commercial practice. The 
beginning point is to establish a basis for design by identifying the threat or hazard 
to be designed against. Within the military services, intelligence community, and law 
enforcement, the term "threat" is typically used to describe the design criteria for 
terrorism or manmade disasters. Within the Federal Emergency Management Agency 
(FEMA) and other civil agencies, the term "hazard" is used in several different 
contexts. "Natural hazard" typically refers to a natural event such as a flood, wind, or 
seismic disaster. "Human-caused (or manmade) hazards" are "technological hazards" 
and "terrorism." These are distinct from natural hazards primarily in that they 
originate from human activity. Furthermore, "technological hazards" are generally 
assumed to be accidental and that their consequences are unintended. For the sake 
of simplicity, this manual will use the terms "threat" and "hazard" when referring to 
terrorism and manmade disasters, respectively. 
Terrorism and physical attacks on buildings have continued to increase in the past 
decade. The geographical isolation of the United States is not a sufficient barrier to 
prevent an attack on U.S. cities and citizens. Figures 1-1 and 1-2 demonstrate the far-
reaching incidents and diverse natures and targets of recent terrorist attacks.
Design of buildings to survive natural hazards is a concept that is well understood by 
the design community. Many years of historical and quantitative data, and 
probabilities associated with the cycle, duration, and magnitude of natural hazards 
exist. Conversely, design of buildings that can survive the threat and impact of a 
terrorist attack is based on qualitative factors that evaluate organization 
requirements, recovery efforts and impacts, and loss of personnel and infrastructure, 
but have no predictable period of recurrence or damage probability. Terrorist attacks 
are often categorized as low probability, but potentially high consequence, events. 
Building designs must include physical security measures as an integral part of the 
design process. 
This chapter presents selected methodologies to determine asset value, analyze the 
threat/hazard, and evaluate vulnerabilities to complete the risk assessment. These 
elements of information become the input for determining relative levels of risk. 
Higher risk hazards may require more complex mitigation measures to reduce risk. 
Mitigation measures are conceived by the design professional and are best 
incorporated into the building architecture, building systems, and operational 
parameters, with consideration for life-cycle costs. 
In order to create a safe environment, many factors must be considered. Figure 1-3 
depicts the assessment process presented in this document to help identify the best 
and most cost-effective terrorism mitigation measures for a buildingÕs own unique 
security needs. The first part of the assessment process identifies the value of a 
buildingÕs assets (described in Section 1.1) that need to be protected. The second step 
is to conduct a threat assessment wherein the threat or hazard is identified, defined, 
and quantified (see Section 1.2). For terrorism, the threat is the aggressors (people or 
groups) that are known to exist and that have the capability and a history of using 
hostile actions, or that have expressed intentions for using hostile actions against 
potential targets, as well as on whom there is current credible information on tar-
geting activity (surveillance of potential targets) or indications of preparation for 
terrorist acts. The capabilities and histories of the aggressors include the tactics they 
have used to achieve their ends.
After conducting a threat assessment, the next step is to conduct a vulnerability 
assessment (see Section 1.3). A vulnerability assessment evaluates the potential 
vulnerability of the critical assets against a broad range of identified threats/hazards. 
In and of itself, the vulnerability assessment provides a basis for determining 
mitigation measures for protection of the critical assets. The vulnerability assessment 
is the bridge in the methodology between threat/hazard, asset value, and the 
resultant level of risk.
The next step of the process is the risk assessment (see Section 1.4). The risk 
assessment analyzes the threat, asset value, and vulnerability to ascertain the level of 
risk for each critical asset against each applicable threat. Inherent in this is the 
likelihood or probability of the threat occurring and the consequences of the 
occurrence. Thus, a very high likelihood of occurrence with very small consequences 
may require simple low cost mitigation measures, but a very low likelihood of 
occurrence with very grave consequences may require more costly and complex 
mitigation measures. The risk assessment should provide a relative risk profile. High-
risk combinations of assets against associated threats, with identified vulnerability, 
allow prioritization of resources to implement mitigation measures.
When starting the design process for any new building or the renovation of an 
existing one, various owner, statutory, and building use inputs are required. These 
inputs must be integrated to ensure that mandatory building code requirements are 
met, the building will meet the ownerÕs functional needs, and natural and manmade 
hazards are mitigated to an acceptable level. In some cases, mitigation measures to 
enhance security may be in conflict with other design intentions. The assessment 
process helps to ensure an understanding of risk, so that it can be consciously ad-
dressed within the design process with available resources.
For natural hazards (earthquakes, grassland and forest fires, floods, and winds) and 
building fire hazards (technological accidents), information is available in building 
codes, industry standards, and FEMA guidelines. For manmade hazards, the 
suggested course of action is less well defined. The United States has not yet 
developed building standards similar to those of the United Kingdom, which has a 
greater history of contending with repeated terrorism on its home soil. Helpful 
information may be found in a strategic plan or a site master plan, or it may have to 
be developed during initial design through interviews with building owners, staff, 
occupants, utility companies, local law enforcement, and others. 
There are many tools and techniques available to the designer for the development of 
new building designs, the renovation of existing buildings, and mitigation of 
vulnerabilities. Advances in commercial satellite imagery, Geographic Information 
Systems (GIS) (see Figures 1-4 and 1-5), structural hardening, glass fragmentation 
films, physical security systems, and many other building related technologies 
provide the design professional with numerous tools to design buildings to better 
protect occupants from terrorist acts. 
Another challenge for the design team is to present appropriate information to the 
building owner/decision-maker in a manner that allows him or her to make a 
rational, informed decision. Ideally, design basis threats will be identified and agreed 
upon at the earliest stages of design (no later than preliminary design). The reason 
for this is twofold. First, the designer must have a known quantity against which to 
design. Second, by considering all threats/hazards (especially manmade threats) 
early in the design, there are potential synergies among mitigating actions. One miti-
gation strategy can be beneficial against more than one hazard for little difference in 
cost. As an example, designing moment frame connections between floors and 
columns and reinforcing exterior walls can mitigate against winds, explosive blasts, 
and earthquakes. Thus, in order to design mitigation measures for manmade 
hazards, the designer must have some appreciation of the assessment of 
threat/hazard, asset value, vulnerability, and risk to assist the building 
owner/decision-maker. 
Based on the methodologies discussed in this chapter, the assessment process follows 
a logical flow:
_	Asset Value
¥ Identify criticality of assets 
¥ Identify number of people in a building
_	Threat/Hazard Assessment
¥ Identify each threat/hazard
¥ Define each threat/hazard
¥ Determine threat level for each threat/hazard
_	Vulnerability Assessment
¥ Identify site and building systems design issues
¥ Evaluate design issues against type and level of threat
¥ Determine level of protection sought for each mitigation measure against each 
threat
_	Risk Assessment
¥ Likelihood of occurrence
¥ Impact of occurrence (loss of life, property, and function)
¥ Determine relative risk for each threat against each asset
¥ Select mitigation measures that have the greatest benefit/cost for reducing risk
The goal of the assessment process is to achieve the level of protection sought 
through implementation of mitigation measures in the building design. These 
measures may reduce risk by deterring, detecting, denying, or devaluing the potential 
threat element prior to or during execution of an enemy attack. Mitigation measures 
may also reduce risk of damage or injury by providing an acceptable level of pro-
tection if the hazard does occur, which may also serve to further deter an aggressor. 
For example, the Murrah Federal Building in Oklahoma City became the target of an 
aggressor when he was deterred from attacking his primary target, the Federal Bureau 
of Investigation (FBI) building, because it was too difficult to get the attack vehicle 
close to the FBI building. He was able to park immediately adjacent to the Murrah 
Federal Building and successfully target the office of the Bureau of Alcohol, Tobacco, 
and Firearms (ATF), which was located in the Murrah Federal Building.
The remainder of this chapter describes the general concepts of asset value, 
threat/hazard, vulnerability, and risk assessments for manmade disasters and 
presents several methodologies and techniques that can be used by an organization 
in conducting these assessments.
1.1 ASSET VALUE ASSESSMENT
This section will describe how to perform an asset value assessment (the first step of 
the assessment process), to identify people and the asset value. To facilitate 
identifying people and the value of a buildingÕs assets, it is useful to conduct 
interviews of the people who are most familiar with them. Inputs from building 
owners, facility staff, and tenants, as well as any others who can help identify the most 
valuable assets, should be sought. In order to conduct productive interviews, a list of 
areas to be covered should be generated and prioritized prior to the actual interviews. 
Thorough planning and research to generate relevant questions will aid the process 
and yield better results.
An asset is a resource of value requiring protection.1 An asset can be tangible (e.g., 
tenants, buildings, facilities, equipment, activities, operations, and information) or 
intangible (e.g., processes or a companyÕs reputation). In order to achieve the 
greatest risk reduction at the least cost, identifying and prioritizing a buildingÕs 
critical assets is a vital first step in the process to identify the best mitigation 
measures to improve its level of protection prior to a terrorist attack. Recognizing 
that people are a buildingÕs most critical asset, the process described below will help 
identify and prioritize infrastructure where people are most at risk and require 
protection.
Identifying a buildingÕs critical assets is accomplished in a two-step process:
Step 1: Define and understand the buildingÕs core functions and processes
Step 2: Identify building infrastructure
_	Critical components/assets
_	Critical information systems and data
_	Life safety systems and safe haven areas
_	Security systems
1.1.1 Identifying Building Core Functions
The initial step of an asset value assessment is the determination of core functions 
and processes necessary for the building to continue to operate or provide services 
after an attack. The reason for identifying core functions/processes is to focus the 
design team on what a building does, how it does it, and how various threats can 
affect the building. This provides more discussion and results in a better 
understanding of asset value. Factors that should be considered include:
_	What are the buildingÕs primary services or outputs?
_	What critical activities take place at the building?
_	Who are the buildingÕs occupants and visitors?
_	What inputs from external organizations are required for a buildingÕs success?
1.1.2 Identifying Building Infrastructure
After the core functions and processes are identified, an evaluation of building 
infrastructure is the next step. To help identify and value rank infrastructure, the 
following should be considered, keeping in mind that the most vital asset for every 
building is its people:
_	Identify how many people may be injured or killed during a terrorist attack that 
directly affects the infrastructure.
_	Identify what happens to building functions, services, or occupant satisfaction if a 
specific asset is lost or degraded. (Can primary services continue?)
_	Determine the impact on other organizational assets if the component is lost or 
can not function.
_	Determine if critical or sensitive information is stored or handled at the building.
_	Determine if backups exist for the buildingÕs assets.
_	Determine the availability of replacements.
_	Determine the potential for injuries or deaths from any catastrophic event at the 
buildingÕs assets.
_	Identify any critical building personnel whose loss would degrade, or seriously 
complicate the safety of building occupants during an emergency. 
_	Determine if the buildingÕs assets can be replaced and identify replacement costs 
if the building is lost.
_	Identify the locations of key equipment.
_	Determine the locations of personnel work areas and systems.
_	Identify the locations of any personnel operating "outside" a buildingÕs controlled 
areas.
_	Determine, in detail, the physical locations of critical support architectures:
¥ Communications and information technology (IT - the flow of critical 
information)
¥ Utilities (e.g., facility power, water, air conditioning, etc.)
¥ Lines of communication that provide access to external resources and provide 
movement of people (e.g., road, rail, air transportation)
_	Determine the location, availability, and readiness condition of emergency 
response assets, and the state of training of building staff in their use.
1.1.3 Quantifying Asset Value
After a list of a buildingÕs assets or resources of value requiring protection have been 
identified, they should be assigned a value. Asset value is the degree of debilitating 
impact that would be caused by the incapacity or destruction of the buildingÕs assets. 
There are many scales that can be used, each with advantages and disadvantages. 
Because some people are used to working with linguistic scales, although many 
engineers and designers prefer numerical systems, this publication will use a 
combination of a seven-level linguistic scale and a ten-point numerical scale as 
shown in Table 1-1. Obviously, the key asset for every building is its people (e.g., 
employees, visitors, etc.). They will always be assigned the highest asset value as in the 
example below.
Table 1-1: Asset Value Scale

Asset Value
Very High
10
High
8-9
Medium 
High
7
Medium
5-6
Medium Low
4
Low
2-3
Very Low
1

Very High Ð Loss or damage of the buildingÕs assets would have exceptionally grave 
consequences, such as extensive loss of life, widespread severe injuries, or total loss of 
primary services, core processes, and functions.
High Ð Loss or damage of the buildingÕs assets would have grave consequences, such 
as loss of life, severe injuries, loss of primary services, or major loss of core processes 
and functions for an extended period of time.
Medium High Ð Loss or damage of the buildingÕs assets would have serious 
consequences, such as serious injuries or impairment of core processes and functions 
for an extended period of time.
Medium Ð Loss or damage of the buildingÕs assets would have moderate to serious 
consequences, such as injuries or impairment of core functions and processes.
Medium Low Ð Loss or damage of the buildingÕs assets would have moderate 
consequences, such as minor injuries or minor impairment of core functions and 
processes.
Low Ð Loss or damage of the buildingÕs assets would have minor consequences or 
impact, such as a slight impact on core functions and processes for a short period of 
time.
Very Low Ð Loss or damage of the buildingÕs assets would have negligible 
consequences or impact.
Asset Value Example. A nominal list of assets for a typical building with assigned 
value is presented in Table 1-2. Please note that this is a nominal example; each 
building should tailor its list to its own unique situation.
1.2THREAT/HAZARD ASSESSMENT
1.2.1 Threat/Hazard Identification
With any manmade hazard, it is important to understand who are the people with the 
intent to cause harm. For those people, it is essential to understand their weapons, 
tools, and tactics, realizing that weapons, tools, and tactics can change faster than a 
building can be modified against the threat. The threat/hazard assessment 
information should be sought from local law enforcement, local emergency 
management, the FBI, the Centers for Disease Control and Prevention (CDC), the 
U.S. Department of Homeland Security (DHS), and the Homeland Security Offices 
(HSOs) at the state level. For technological hazards, it is also important to gather 
information from the local fire department and hazardous materials (HazMat) unit, 
Local Emergency Planning Committee (LEPC), and State Emergency Response 
Commission (SERC). LEPC and SERC are local and state organizations established 
under a U.S. Environmental Protection Agency (EPA) program. They identify critical 
facilities in vulnerable zones and generate emergency management plans. 
Additionally, most fire departments understand which industries in the local area 
handle the most combustible materials and the HazMat unit understands who 
handles materials that could have a negative impact upon people and the 
environment. In many jurisdictions, the HazMat unit is part of the fire department.
The aggressors (those people with intent to do harm) seek publicity for their cause, 
monetary gain (in some instances), or political gain through their actions. These 
actions injure or kill people; destroy or damage facilities, property, equipment, or 
resources; or steal equipment, material, or information. Their methods can be forced 
entry tools, vehicles, and surveillance (visual/audio; stand-off or planted). Their 
weapons can include incendiary devices; small arms (rifles and handguns); stand-off 
military-style weapons (rocket propelled grenades or mortars) (see Figure 1-6); 
explosives; and chemical, biological, and radiological agents (CBR, individually or 
combined with explosives to aid in dispersion). 
Explosives include homemade and stolen industrial and military varieties, packaged 
from small to very large (mail bombs to vehicle bombs). Aggressor tactics run the 
gamut: moving vehicle bombs; stationary vehicle bombs; exterior attacks (thrown 
objects like rocks, Molotov cocktails, hand grenades, or hand-placed bombs); stand-
off weapons attacks (military or improvised larger direct and indirect fire weapons); 
ballistic attacks (small arms handled by one individual); covert entries (gaining entry 
by false credentials or circumventing security with or without weapons); mail bombs 
(delivered to individuals); supply bombs (larger bombs processed through shipping 
departments); airborne contamination (CBR agents used to contaminate the air 
supply of a building as notionally (hypothetically) demonstrated in Figure 1-7); and 
waterborne contamination (CBR agents injected into the water supply).
Table 1-3 provides insight into the various manmade hazards to consider and can be 
used as a tool for threat assessments. Note that Table 1-1 combines aspects of tools, 
weapons, explosives, and tactics. Chapters 4 and 5 provide additional information on 
manmade hazards, and Appendix C provides a complete list of CBR agents.
Table 1-3 provides the designer with a general profile of events associated with a 
spectrum of threats/hazards. The next sections will begin the process of quantifying 
a buildingÕs "design basis" by applying a systems engineering evaluation process to 
determine a buildingÕs critical functions, infrastructure, and vulnerabilities using an 
understanding of the aggressors, potential threat elements, a more refined definition 
of the threat/hazard, and methods to evaluate the risk. There are several 
methodologies and assessment techniques that can be used. Historically, the U.S. 
military methodology (with a focus on explosive effects, CBR, and personnel 
protection) has been used extensively for military installations and other national 
infrastructure assets. The DOS adopted many of the same blast and CBR design 
criteria, and the GSA further developed criteria for federal buildings as a result of the 
attack on the Murrah Federal Building. The Department of Commerce (DOC) 
Critical Infrastructure Assurance Office (CIAO) established an assessment framework, 
which focused on information technology infrastructure. 

1.2.2 Threat Definition of Physical Attack on a Building
To stop a terrorist or physical attack on a building is very difficult; any building or 
site can be breached or destroyed. However, the more secure the building or site and 
the better the building is designed to withstand an attack, the better the odds the 
building will not be attacked or, if attacked, will suffer less damage. Terrorists 
generally select targets that have some value as a target, such as an iconic commercial 
property, symbolic government building, or structure likely to inflict significant 
emotional or economic damage such as a shopping mall or major seaport. A 
manmade threat/hazard analysis requires interface with security and intelligence 
organizations that understand the locality, the region, and the nation. These 
organizations include the police department (whose jurisdiction includes the 
building or site), the local state police office, and the local office of the FBI. In many 
areas of the country, there are threat coordinating committees, including FBI Joint 
Terrorism Task Forces, that facilitate the sharing of information. A common method 
to evaluate terrorist threats is to analyze five factors: existence, capability, history, 
intention, and targeting.
Existence addresses the questions: Who is hostile to the assets, organization, or 
community of concern? Are they present or thought to be present? Are they able to 
enter the country or are they readily identifiable in a local community upon arrival?
Capability addresses the questions: What weapons have been used in carrying out past 
attacks? Do the aggressors need to bring them into the area or are they available 
locally?
History addresses the questions: What has the potential threat element done in the 
past and how many times? When was the most recent incident and where, and against 
what target? What tactics did they use? Are they supported by another group or 
individuals? How did they acquire their demonstrated capability?
Intention addresses the questions: What does the potential threat element or 
aggressor hope to achieve? How do we know this (e.g., published in books or news 
accounts, speeches, letters to the editor, informant)?
Targeting addresses the questions: Do we know if an aggressor (we may not know 
which specific one) is performing surveillance on our building, nearby buildings, or 
buildings that have much in common with our organization? Is this information 
current and credible, and indicative of preparations for terrorist operations 
(manmade hazards)?
The threat/hazard analysis for any building can range from a general threat/hazard 
scenario to a very detailed examination of specific groups, individuals, and tactics 
that the building may need to be designed to repel or defend against.
A terrorist or aggressor will analyze the building or target as shown in Figure 1-8 to 
determine the type of attack, type of weapon, and tactics to employ to defeat the 
building or critical mission/business function. 
The Homeland Security Advisory System has five threat levels that provide a general 
indication of risk of terrorist attack. In Table 1-4, the five factors commonly used to 
evaluate terrorist threats have been layered onto the Homeland Security Advisory 
levels. If the anticipated threat or projected use of the building warrants it, a detailed 
threat analysis should be developed in coordination with local law enforcement, 
intelligence, and civil authorities in order to more quantitatively determine the 
vulnerability or risk. Having conducted a threat analysis and having a good con-
ceptual idea of the preliminary building design and site layout, the next step is to 
conduct a vulnerability assessment to identify weaknesses that can be exploited by an 
aggressor and to help identify specific design features and establish operational 
parameters to mitigate them.

1.3VULNERABILITY ASSESSMENT
Knowing the expected threat/hazard capability allows the designer to integrate the 
threat knowledge with specific building and site information by conducting a 
vulnerability assessment. A vulnerability assessment is an in-depth analysis of the 
building functions, systems, and site characteristics to identify building weaknesses 
and lack of redundancy, and determine mitigations or corrective actions that can be 
designed or implemented to reduce the vulnerabilities. A vulnerability assessment 
should be performed for existing buildings and the process incorporated into the 
design for new construction and renovation.
Table 1-5 contains vulnerability and consequence aspects and provides an objective 
approach to determine a relative value of vulnerability for the building or site. An 
alternate method for determining a relative value is presented in Table 1-6, from the 
U.S. Department of Justice (DOJ), as applicable to GSA buildings. This method 
provides a suggestion of "security measures" for typical sizes and types of sites, in 
addition to a transferable example of appropriate security measures for typical loca-
tions and occupancies. Tables 1-5 and 1-6 address operational, consequential, and 
inherent characteristics that contribute to vulnerability. They are a first step and 
should be used in conjunction with a more detailed vulnerability assessment such as 
the Building Vulnerability Assessment Checklist (see Table 1-22).
Table 1-7 is an example of one approach to implement minimum building design 
standards to mitigate terrorist events following the methodology of Table 1-6. Note 
that an evaluation or vulnerability assessment still needs to be done before 
incorporating any mitigation measures. 

Level**
Typical Location
Examples of Tenant 
Agencies***
Security Measures (based 
on evaluation) 
 I
10 Employees (Federal)
2,500 Square Feet
Low Volume Public Contact
Small "Store Front" Type Operation 
Local Office
District Office
Visitor Center
USDA Office
Ranger Station
Commercial Facilities
Industrial/Manufacturing 
Health Care
High Security Locks
Intercom
Peep Hole (Wide View)
Lighting w/Emergency 
Backup Power
Controlled Utility Access 
Annual Employee Security 
Training
  II
11 - 150 Employees (Federal) 
2,500 - 80,000 Square Feet
Moderate Volume Public Contact
Routine Operations Similar to 
Private Sector and/or Facility Shared 
with Private Sector
Public Officials
Park Headquarters
Regional/State Offices
Commercial Facilities
Industrial
Manufacturing
Health Care
Entry Control Package 
w/Closed Circuit 
Television (CCTV)
Visitor Control/Screening
Shipping/Receiving 
Procedures
Guard/Patrol Assessment
Intrusion Detection 
w/Central Monitoring
CCTV Surveillance (Pan-
Tilt, Zoom System)
Duress Alarm w/Central 
Monitoring
 III
151 - 450 Employees (Federal) 
Multi-Story Facility
80,000 - 150,000 Square Feet
Moderate/High Volume Public 
Contact
Agency Mix:
 Law Enforcement Operations
 Court Functions
 Government Records
Inspectors General
Criminal Investigations
Regional/State Offices
GSA Field Office
Local Schools 
Commercial Facilities
Industrial
Manufacturing
Health Care
Guard Patrol on Site
Visitor Control/Screening
Shipping/Receiving 
Procedures
Intrusion Detection 
w/Central Monitoring
CCTV Surveillance (Pan-
Tilt/Zoom System)
Duress Alarm w/Central 
Monitoring
 IV 
>450 Employees (Federal)
Multi-Story Facility
>150,000 Square Feet
High Volume Public Contact
High-Risk Law 
Enforcement/Intelligence Agencies
District Court
Significant Buildings and 
Some Headquarters
Federal Law Enforcement 
Agencies
Local Schools, Universities
Commercial Facilities
Health Care
Extend Perimeter 
(Concrete/Steel Barriers)
24-Hour Guard Patrol
Adjacent Parking Control
Backup Power System
Hardened Parking Barriers
  V
Level IV Profile and Agency/Mission 
Critical to National Security
Principal Department 
Headquarters
Agency-Specific

* SOURCE:  U.S. DEPARTMENT OF JUSTICE, VULNERABILITY ASSESSMENT OF FEDERAL FACILITIES, JUNE 28, 1995
  NOTES: ** ASSIGNMENT OF LEVELS TO BE BASED ON AN "ON-SITE" RISK ASSESSMENT/EVALUATION***EXAMPLES OF TYPICAL (BUT NOT LIMITED 
TO) TENANT AGENCIES FOR THIS LEVEL FACILITY
Table 1-5: Selected Extracts -- Recommended Standards Chart*



LEVEL

I
II
III
IV
V
PERIMETER SECURITY
Parking
Control of Facility Parking
D
D
M
M
M
Control of Adjacent Parking
D
D
D
S
S
Avoid Leases Where Parking Cannot be Controlled
D
D
D
D
D
Leases Should Provide Security Control for Adjacent Parking
D
D
D
D
D
Post Signs and Arrange for Towing Unauthorized Vehicles
S
S
M
M
M
ID System and Procedures for Authorized Parking (Placard, Decal, Card 
Key, etc.)
D
D
M
M
M
Adequate Lighting for Parking Areas
D
D
M
M
M
Closed Circuit Television (CCTV) Monitoring
CCTV Surveillance Cameras with Time Lapse Video Recording
D
S
S
M
M
Post Signs Advising of 24-Hour Video Surveillance
D
S
S
M
M
Lighting
Lighting with Emergency Power Backup
M
M
M
M
M
Physical Barriers
Extend Physical Perimeter with Barriers (Concrete and/or Steel 
Composition)
N/
A
N/
A
D
S
S
Parking Barriers
N/
A
N/
A
D
S
S
ENTRY SECURITY
Receiving/Shipping
Review Receiving/Shipping Procedures (Current)
M
M
M
M
M
Implement Receiving/Shipping Procedures (Modified)
D
S
M
M
M
Access Control
Evaluate Facility for Security Guard Requirements
D
S
M
M
M
Security Guard Patrol
D
D
S
S
S
Intrusion Detection System with Central Monitoring Capability
D
S
M
M
M
Upgrade to Current Life Safety Standards (Fire Detection, Fire 
Suppression Systems, etc.)
M
M
M
M
M
Entrances/Exits
X-Ray and Magnetometer at Public Entrances
N/
A
D
S
S
M
Require X-Ray Screening of All Mail/Packages
N/
A
D
S
M
M
Peep Holes
S
S
N/
A
N/
A
N/
A
Intercom
S
S
N/
A
N/
A
N/
A
Entry Control w/CCTV and Door Strikes
D
S
N/
A
N/
A
N/
A
High Security Locks
M
M
M
M
M
INTERIOR SECURITY
Employee/Visitor Identification
Agency Photo ID for all Personnel Displayed at all Times
N/
A
D
S
M
M
Visitor Control/Screening System
D
M
M
M
M
Visitor Identification Accountability System
N/
A
D
S
M
M
Establish ID Issuing Authority
S
S
S
M
M
Utilities
Prevent Unauthorized Access to Utility Areas
S
S
M
M
M
Provide Emergency Power to Critical Systems (Alarm Systems, Radio 
Communications, Computer Facilities, etc.)
M
M
M
M
M
Daycare Centers
Evaluate Whether to Locate Daycare Facilities in Buildings with High-
Threat Activities
N/
A
M
M
M
M
Compare Feasibility of Locating Daycare in Facilities Outside 
Locations
N/
A
M
M
M
M
SECURITY PLANNING
Tenant Assignment
Collocate Agencies with Similar Security Needs
D
D
D
D
D
Do Not Collocate High-/Low-Risk Agencies
D
D
D
D
D
Administrative Procedures
Arrange for Employee Parking In/Near Building After Normal Work 
Hours
S
S
S
S
S
Conduct Background Security Checks and/or Establish Security 
Control Procedures for Service Contract Personnel
M
M
M
M
M
Construction/Renovation
Install Mylar Film on all Exterior Windows (Shatter Protection)
D
D
S
M
M
Review Current Projects for Blast Standards
M
M
M
M
M
Review/Establish Uniform Standards for Construction
M
M
M
M
M
Review/Establish New Design Standard for Blast Resistance
S
S
M
M
M
Establish Street Setback for New Construction
D
D
S
M
M

* SOURCE: EXTRACTS FROM U.S. DEPARTMENT OF JUSTICE STUDY "VULNERABILITY ASSESSMENT OF FEDERAL FACILITIES," JUNE 28, 1995
In the preceding tables, determining which "level" most nearly reflects the site and 
building under design or renovation may help to identify which security standards 
would be most appropriate to apply. The GSA method provides a more detailed 
analysis of a building vulnerability and good suggestions for security measures that 
may be appropriate to design into a building for certain occupancies and sizes of 
facilities. A more quantitative evaluation or ranking of one building compared to 
another may be required in some instances (e.g., where a building owner and 
designer may need to know the relative risk of one building compared to an 
equivalent building on another site or on the same campus). 
The DOJ, Office of Justice Programs (OJP) provides an objective approach to 
determining vulnerability (see U.S. Department of Justice, Fiscal Year 1999 State 
Domestic Preparedness Equipment Program, Assessment and Strategy Development 
Tool Kit, May 15, 1999). DOJÕs Threat/Hazard Assessment uses seven factors that are 
Threat Assessment and Consequence Management oriented, and provides a 
quantitative means to rank buildings. It requires rating each of the seven areas and 
summing the ratings to determine the overall ranking for the building or site. This 
approach is as follows:
1. Level of Visibility (Table 1-8)
What is the perceived awareness of the targetÕs existence and the visibility of the 
target to the general populace, or to the terrorist in particular?
2. Asset Value of Target Site (Individual Asset or Assets Accumulated within Building Ð 
Table 1-9)
What is the usefulness of the asset(s) to the population, economy, government, 
company, or organization? Also consider the impact on continuity of operations, 
hampering of emergency response, and general potential consequences. Table 1-9 
could be used more than once if the value of the asset(s) impacts more than one 
critical area.
3. Target Value to Potential Threat Element/Aggressor (Table 1-10)
Does the target serve the ends of the aggressors identified in the Threat Assessment 
based on motivations (political, religious, racial, environmental, and special 
interests)? Table 1-10 should help to capture these motivations. 
4. Aggressor Access to Target (Table 1-11)
Does the target have available ingress and egress for a potential aggressor?

5. Target Threat of Hazard (Table 1-12)
Are CBR materials present in quantities that could become hazardous if released? 
These quantities could be on site or in relatively close proximity so that a theft or an 
accident could render them a hazard to the building or site. Take into consideration 
distance from building (a 1-mile radius is suggested around the building), the 
prevailing wind direction, the slope of the terrain, and the quantity of materials 
present. 
6. Site Population Capacity (Table 1-13)
What is the maximum number of individuals at the building or site at a given time? 
This could be standard worst case occupancy during an average day or peak 
occupancy at a designated time (e.g., a movie theater). 
Table 1-13: Site Population Capacity


Rating Value
0
0
1 to 250
1
251 to 500
2
501 to 1,000
3
1,001 to 5,000
4
> 5,000
5

7. Potential for Collateral Damage (Mass Casualties - Table 1-14) Address potential 
collateral mass casualties within a 1-mile radius of the target site. Number ranges 
indicate inhabitants within a 1-mile radius of the site. 
Table 1-14: Potential for Collateral Damage (Mass Casualties)


Rating Value
 0-100
0
101 to 500
1
501 to 1,000
2
1,001 to 2,000
3
2,001 to 5,000
4
> 5,000
5

Each building is assessed and scored (see Table 1-15). Tables 1-15 and 1-16 contain a 
nominal example.

Table 1-15: Building Summary Sheet

Building/Target Name
Score
Visibility
4
Criticality
3
Value
4
Access
2
Threat of Hazard
0
Site Population
3
Collateral Mass 
Casualties
3
Total Score
19

The total building score can be used to rank multiple buildings (see Table 1-16) and 
quantitatively provides an analysis of building vulnerability from a site perspective. 
Table 1-16: Building Ranking

Rankin
g
Building/Target Name
Total Score
1
ABC Building
23
2
DEF Building
19
3
GHI Building
14

This evaluation methodology can be applied to all building types (see Foreword). The 
result is independent of facility/occupancy type, except for the type of influence on 
population and siting.
An alternate approach is shown in Table 1-17, which uses a simplified matrix to rank 
the order of buildings using a numerical score of 1 (low) to 5 (high). The evaluation 
factors can be developed for each building use or owner-specific criteria. For Table 1-
17, the factors shown illustrate a health care provider scenario:
_		Criticality of Function: How critical is the building and function to the 
organization?
_		Location: Is the building near federal buildings, major transportation, or 
iconic properties?
_		Occupancy of Building: Are occupants mobile or non-ambulatory?
_		Involvement in Community: Does the building or staff provide unique 
capabilities? 
_		Critical External Commitments: Does the building support other 
organizations or missions?
The objective of Tables 1-1 through 1-17 or similar assessment methodologies is to 
provide an analysis of a building, facility, or site and to identify the buildings that are 
most vulnerable from a given threat/hazard matched against specific building type or 
function. Having the ranked list of buildings, the next step is to conduct an in-depth 
vulnerability assessment of the building. The building assessment is to evaluate 
specific design and architectural features and identify all vulnerabilities of the 
building functions and building systems. Frequently, single-point-vulnerabilities 
exist, which are critical functions or systems that lack redundancy and, if damaged by 
an attack, would result in immediate organization disruption or loss of capability. 
These are generally the highest risk vulnerabilities. Figure 1-9 illustrates the common 
system vulnerabilities.
1.4 RISK ASSESSMENT
Risk is the potential for a loss of or damage to an asset. It is measured based upon the 
value of the asset in relation to the threats and vulnerabilities associated with it. Risk 
is based on the likelihood or probability of the hazard occurring and the conse-
quences of the occurrence. A risk assessment analyzes the threat (probability of 
occurrence), and asset value and vulnerabilities (consequences of the occurrence) to 
ascertain the level of risk for each asset against each applicable threat/hazard. The 
risk assessment provides engineers and architects with a relative risk profile that 
defines which assets are at the greatest risk against specific threats. Chapters 2 and 3 
explore mitigation measures to reduce the vulnerability and risk for valuable assets 
with a high risk.
There are numerous methodologies and technologies for conducting a risk 
assessment. One approach is to assemble the results of the asset value assessment, 
threat assessment, and vulnerability assessment, and determine a numeric value of 
risk for each asset and threat/hazard pair in accordance with the following formula:
Risk = Asset Value x Threat Rating x Vulnerability Rating
This methodology can be used for new buildings during the design process, as well as 
for existing structures. The first task is to identify the value of assets and people that 
need to be protected. Next, a threat assessment is performed to identify and define 
the threats and hazards that could cause harm to a building and its inhabitants. After 
threats and assets are identified, a vulnerability assessment is performed to identify 
weaknesses that might be exploited by a terrorist or aggressor. Using the results of 
the asset value, threat, and vulnerability assessments, risk can be computed.
After the architect and building engineer know how people and assets are at greatest 
risk against specific threats, they can then identify mitigation measures to reduce 
risk. Because it is not possible to completely eliminate risk, and every project has 
resource limitations, architects and engineers must analyze how mitigation measures 
would affect risk and decide on the best and most cost-effective measures to 
implement to achieve the desired level of protection (risk management). 
There are numerous checklists and techniques to use for conducting an individual 
building risk assessment. A simplified approach is presented in Tables 1-18 through 
1-21. The tables are used as a pre-assessment screening tool by the assessor who con-
ducts an interview with several key staff members (e.g., building owner, security, site 
management, key function representatives, etc.). The interview provides a consensus 
judgment of the relative risk or vulnerability of functions or systems and should also 
identify system interdependencies. Table 1-19 provides both a quantitative score and 
color code to objectively and visually determine the functions and systems that have 
been determined to be at risk. Engineers, architects, or experienced assessors could 
perform a short walk-through and conduct the pre-assessment interview of an 
existing building in less than a day. For a new building, the pre-screening results can 
be used by the designer to focus the design team on incorporating features and 
redundancies to reduce vulnerabilities and risk.
In the risk assessment approach presented in Tables 1-18 through 1-21, three factors 
or elements of risk are considered for each function or system against each threat 
previously identified. The first factor is the value of the asset or degree of debilitating 
impact that would be caused by the incapacity or destruction of the asset. A value on a 
scale of 1 to 10 is assigned (as shown in Table 1-18), 1 being a very low impact or 
consequence and 10 being very high or an exceptionally grave consequence. The next 
factor is the threat rating or subjective judgment of a terrorist threat based on 
existence, capability, history, intentions, and targeting. Again, on a scale of 1 to 10, 1 
is a very low probability and 10 is a very high probability of a terrorist attack. The third 
factor of risk is vulnerability, or any weaknesses that can be exploited by an aggressor. 
A value of 1 to 10 is assigned, 1 being very low or no weaknesses exist, and 10 being 
very high vulnerability, meaning one or more major weaknesses make an asset 
extremely susceptible to an aggressor. Multiplying the values assigned to each of the 
three factors provides quantification of total risk. The total risk for each function or 
system against each threat is assigned a color code in accordance with Table 1-19. 
The results of the risk assessment should be used to help prioritize which mitigation 
measures should be adopted, given limited resources, in order to achieve a desired 
level of protection. 

Table 1-18: Risk Factors Definitions

Very High
10
High
8-9
Medium High
7
Medium
5-6
Medium Low
4
Low
2-3
Very Low
1

Table 1-19: Total Risk Color Code


Low Risk
Medium Risk
High Risk
Risk Factors 
Total
1-60
61-175
³ 176

Table 1-21: Site Infrastructure Systems Pre-Assessment Screening Matrix*

Function
Cyber 
Attack
Armed Attack (single 
gunman)
Vehicle 
Bomb
CBR 
Attack
Site
48
80
108
72
Asset Value
4
4
4
4
Threat Rating
4
4
3
2
Vulnerability Rating
3
5
9
9
Architectural
40
40
135
20
Asset Value
5
5
5
5
Threat Rating
8
4
3
2
Vulnerability Rating
1
2
9
2
Structural Systems
24
32
240
16
Asset Value
8
8
8
8
Threat Rating
3
4
3
2
Vulnerability Rating
1
1
10
1
Envelope Systems
84
112
189
112
Asset Value
7
7
7
7
Threat Rating
6
4
3
2
Vulnerability Rating
2
4
9
8
Utility Systems
112
56
168
42
Asset Value
7
7
7
7
Threat Rating
8
4
3
2
Vulnerability Rating
2
2
8
3
Mechanical Systems
42
56
105
126
Asset Value
7
7
7
7
Threat Rating
6
4
3
2
Vulnerability Rating
1
2
5
9
Plumbing and Gas Systems
40
40
120
70
Asset Value
5
5
5
5
Threat Rating
8
4
3
2
Vulnerability Rating
1
2
8
7
Electrical Systems
42
84
189
28
Asset Value
7
7
7
7
Threat Rating
8
4
3
2
Vulnerability Rating
1
3
9
2
Fire Alarm Systems
162
108
216
36
Asset Value
9
9
9
9
Threat Rating
6
4
3
2
Vulnerability Rating
3
3
8
2
IT/Communications 
Systems
512

192
32
Asset Value
8
8
8
8
Threat Rating
8
4
3
2
Vulnerability Rating
8
2
8
2

     * NOTIONAL DATA INSERTED FOR DEMONSTRATION PURPOSES.
The functions and infrastructure analysis will identify the geographic distribution 
within the building and interdependencies between critical assets. Ideally, the 
functions should have geographic dispersion as well as a pre-determined recovery site 
or alternate work location. Similarly, critical infrastructure should have geographic 
dispersion and backup. Figure 1-10 shows an example of a building that has 
numerous critical functions and infrastructure collocated, which creates a single-
point vulnerability as illustrated below. A bomb or CBR attack entering through the 
loading dock could impact the telecommunications, data, uninterrupted power 
supply (UPS), generator, and other key infrastructure systems.
As a minimum, those critical assets assessed to be at highest risk should receive an 
on-site vulnerability assessment using the Building Vulnerability Assessment 
Checklist in Table 1-22. The vulnerability assessment may change the risk rating of 
assets due to the identification of accessible critical nodes, the ease of attack using a 
common tactic, or some other factor that makes the building more attractive as a 
target or more susceptible to damage that could result in casualties or irrecoverable 
system damage. The photographs in Figure 1-11 illustrate some examples of single-
point vulnerabilities of systems and infrastructure. 
1.5 RISK MANAGEMENT
Traditionally, the building regulatory system has addressed natural disaster 
mitigation (hurricane, tornado, flood, earthquake, windstorm, and snow storm) 
through prescriptive building codes supported by well-established and accepted 
reference standards, regulations, inspection, and assessment techniques. Some man-
made risks (e.g., HazMat storage) and specific societal goals (energy conservation 
and life safety) have also been similarly addressed. However, the building regulation 
system has not yet fully addressed most manmade hazards or terrorist threats.
Soon after September 11, 2001, the New York City Building Department initiated an 
effort to analyze the building code with regard to terrorist threats. The task force 
issued a report recommending code changes based on the attack on the World Trade 
Center. The National Fire Protection Association (NFPA) has a committee on 
premises security and security system installation standards. These advances may 
some day result in the building regulatory system developing more prescriptive 
building codes to mitigate security threats.
In the absence of such regulations, the designer needs to understand on what threat 
the design is based. Just like seismic design requires an understanding of geology, 
soil structure, and the maximum credible earthquake accelerations possible at a 
given location, the site designer needs to comprehend the bomb size, vehicle size, 
and gun or other weapon size to provide an appropriate level of protection. The size 
of threat and desired level of protection are equally important to the design. For most 
cases across the United States, the threats and risks for a specific building will be low. 
For buildings at a higher threat and risk, higher standards and performance may be 
required. The Department of Defense (DoD), GSA, and DOS all have established 
processes to identify design basis threats for their facilities.
The typical building design and construction process is sequential, progressing from 
identifying building use and design goals through actual construction. This process 
is illustrated in Figure 1-12.
In every design and renovation project, the owner ultimately has three choices when 
addressing the risk posed by terrorism. He or she can:
1. Do nothing and accept the risk
2. Perform a risk assessment and manage the risk by installing reasonable mitigation 
measures
3. Harden the building against all threats to achieve the least amount of risk
Figure 1-13 is a graphical representation of the three choices. Since September 11, 
2001, terrorism has become a dominant concern. Life, safety, and security issues 
should be a design goal from the beginning. 
Table 1-22 contains key questions that designers may use to determine vulnerabilities 
of an existing building or a new construction in order to focus resources and 
minimize the impacts of potential terrorist attacks or technological accidents.
1.6 BUILDING VULNERABILTY ASSESSMENT CHECKLIST 
The Building Vulnerability Assessment Checklist (Table 1-22) is based on the 
checklist developed by the Department of Veterans Affairs (VA) and compiles many 
best practices based on technologies and scientific research to consider during the 
design of a new building or renovation of an existing building. It allows a consistent 
security evaluation of designs at various levels. The checklist can be used as a 
screening tool for preliminary design vulnerability assessment. In addition to 
examining design issues that affect vulnerability, the checklist includes questions 
that determine if critical systems continue to function in order to enhance 
deterrence, detection, denial, and damage limitation, and to ensure that emergency 
systems function during a threat or hazard situation.
The checklist is organized into the 13 sections listed below. To conduct a 
vulnerability assessment of a building or preliminary design, each section of the 
checklist should be assigned to an engineer, architect, or subject matter expert who is 
knowledgeable and qualified to perform an assessment of the assigned area. Each 
assessor should consider the questions and guidance provided to help identify 
vulnerabilities and document results in the observations column. If assessing an 
existing building, vulnerabilities can also be documented with photographs, if pos-
sible. The results of the 13 assessments should be integrated into a master 
vulnerability assessment and provide a basis for determining vulnerability ratings 
during the assessment process. 

1. Site
2. Architectural
3. Structural Systems
4. Building Envelope
5. Utility Systems
6. Mechanical Systems (heating, ventilation, and air conditioning (HVAC) and CBR)
7. Plumbing and Gas Systems
8. Electrical Systems
9. Fire Alarm Systems
10.  Communications and Information Technology (IT) Systems
11.  Equipment Operations and Maintenance
12.  Security Systems
13.  Security Master Pla


FEDERAL EMERGENCY MANAGEMENT AGENC


FEDERAL EMERGENCY MANAGEMENT AGENC


U.S. AIR FORC


Figure 1-1   Recent acts of terrorism (clockwise left to right, U.S. Pentagon, Arlington, VA; World Trade 
Center, New York, NY; Murrah Federal Building, Oklahoma City, OK


SOURCE: DEPARTMENT OF STATE PATTERNS OF GLOBAL TERRORISM 200


Figure 1-2 Total facilities struck by international terrorist attacks in 1997-2002 and total facilities attacked 
in 2002


Figure 1-3The assessment process mode


Figure 1-4 Satellite imagery/GIS too


Figure 1-5 Satellite imagery/GIS too


Deter: The process of making the target inaccessible or difficult to defeat with the weapon or tactic selected. 
It is usually accomplished at the site perimeter using highly visible electronic security systems, fencing, 
barriers, lighting and security personnel; and in the building by securing access with locks and electronic 
monitoring devices.
Detect: The process of using intelligence sharing and security services response to monitor and identify the 
threat before it penetrates the site perimeter or building access points.
Deny: The process of minimizing or delaying the degree of site or building infrastructure damage or loss of 
life or protecting assets by designing or using infrastructure and equipment designed to withstand blast and 
chemical, biological, or radiological effects.
Devalue:  The process of making the site or building of little to no value or consequence, from the terroristsÕ 
perspective, such that an attack on the facility would not yield their desired result


1 Appendix B is a glossary of assessment and security terminology. Appendix C contains chemical, biological, and radiological terms


Table 1-2: Nominal Building Asset Value Assessment

Asset
Value
Numeric Value
Site
Medium Low
4
Architectural
Medium
5
Structural Systems
High
8
Envelope Systems
Medium 
High
7
Utility Systems
Medium 
High
7
Mechanical Systems
Medium 
High
7
Plumbing and Gas Systems
Medium
5
Electrical Systems
Medium 
High
7
Fire Alarm Systems
High
9
IT/Communications Systems
High
8


Figure 1-6 Aggressor weapon


Figure 1-7 Estimated plume from a 1-ton chlorine spill in Washington, D


Table 1-3: Event Profiles for Terrorism and Technological Hazards



Threat/Hazard
Application 
ode
Duratio
n
Extent of 
Effects;Static/Dynamic
Mitigating and 
Exacerbating Conditions


Improvised Explosive 
Device (Bomb)
- Stationary Vehicle
- Moving Vehicle
- Mail
- Supply
- Thrown
- Placed
- Personnel
Detonation of 
explosive device on 
or near target; via 
person, vehicle, or 
projectile. 
Instantaneous; 
additional 
secondary 
devices may 
be used, 
lengthening 
the duration 
of the 
threat/hazard 
until the 
attack site is 
determined to 
be clear. 
Extent of 
damage is 
determined by 
type and 
quantity of 
explosive. 
Effects 
generally static 
other than 
cascading 
consequences, 
incremental 
structural 
failure, etc. 
Blast energy at a 
given stand-off is 
inversely proportional 
to the cube of the 
distance from the 
device; thus, each 
additional increment 
of stand-off provides 
progressively more 
protection. 
Exacerbating 
conditions include 
ease of access to 
target; lack of 
barriers/shielding; 
poor construction; 
and ease of 
concealment of 
device.
Chemical Agent
- Blister
- Blood
- 
Choking/Lung/Pulm
onary
- Incapacitating
- Nerve
- Riot Control/Tear 
Gas
- Vomiting

Liquid/aerosol 
contaminants can 
be dispersed using 
sprayers or other 
aerosol generators; 
liquids vaporizing 
from 
puddles/containers; 
or munitions.
Chemical 
agents may 
pose viable 
threats for 
hours to 
weeks, 
depending on 
the agent and 
the conditions 
in which it 
exists.
Contamination 
can be carried 
out of the 
initial target 
area by 
persons, 
vehicles, 
water, and 
wind. 
Chemicals 
may be 
corrosive or 
otherwise 
damaging over 
time if not 
remediated. 
Air temperature can 
affect evaporation of 
aerosols. Ground 
temperature affects 
evaporation of 
liquids. Humidity 
can enlarge aerosol 
particles, reducing 
the inhalation hazard. 
Precipitation can 
dilute and disperse 
agents, but can spread 
contamination. Wind 
can disperse vapors, 
but also cause target 
area to be dynamic. 
The micro-
meteorological effects 
of buildings and 
terrain can alter travel 
and duration of 
agents. Shielding in 
the form of sheltering 
in place may protect 
people and property 
from harmful effects. 


Table 1-3: Event Profiles for Terrorism and Technological Hazards* (continued



Threat/Hazard
Application 
Mode
Duratio
n
Extent of 
Effects;Static/Dynamic
Mitigating and 
Exacerbating Conditions

Arson/Incendiary 
Attack
Initiation of fire or 
explosion on or 
near target via 
direct contact or 
remotely via 
projectile. 
Generally 
minutes to 
hours. 
Extent of damage 
is determined by 
type and quantity 
of device 
/accelerant and 
materials present 
at or near target. 
Effects generally 
static other than 
cascading 
consequences, 
incremental 
structural failure, 
etc. 
Mitigation factors include 
built-in fire detection and 
protection systems and fire-
resistive construction 
techniques. Inadequate 
security can allow easy 
access to target, easy 
concealment of an 
incendiary device, and 
undetected initiation of a 
fire. Non-compliance with 
fire and building codes as 
well as failure to maintain 
existing fire protection 
systems can substantially 
increase the effectiveness of 
a fire weapon.
Armed Attack
- Ballistics 
(small arms)
- Stand-off 
Weapons 
(rocket 
propelled 
grenades, 
mortars) 
Tactical assault or 
sniper attacks from 
a remote location.
Generally 
minutes to 
days.
Varies, based 
upon the 
perpetratorÕs 
intent and 
capabilities.
Inadequate security can 
allow easy access to target, 
easy concealment of 
weapons, and undetected 
initiation of an attack.
Biological Agent
- Anthrax
- Botulism
- Brucellosis
- Plague
- Smallpox
- Tularemia
- Viral 
Hemorrhagic 
Fevers
- Toxins 
(Botulinum, 
Ricin, 
Staphylococ-
cal Enterotoxin 
B, T-2 
Mycotoxins)
Liquid or solid 
contaminants can 
be dispersed using 
sprayers/aerosol 
generators or by 
point or line 
sources such as 
munitions, covert 
deposits, and 
moving sprayers. 
May be directed at 
food or water 
supplies.
Biological 
agents may 
pose viable 
threats for 
hours to 
years, 
depending 
on the agent 
and the 
conditions 
in which it 
exists.
Depending on the 
agent used and 
the effectiveness 
with which it is 
deployed, 
contamination 
can be spread via 
wind and water. 
Infection can be 
spread via human 
or animal vectors. 
Altitude of release above 
ground can affect 
dispersion; sunlight is 
destructive to many bacteria 
and viruses; light to 
moderate winds will 
disperse agents, but higher 
winds can break up aerosol 
clouds; the micro-
meteorological effects of 
buildings and terrain can 
influence aerosolization and 
travel of agents. 


Table 1-3: Event Profiles for Terrorism and Technological Hazards* (continued



Threat/Hazard
Application 
Mode
Duratio
n
Extent of 
Effects;Static/Dynamic
Mitigating and 
Exacerbating Conditions

Cyberterrorism
Electronic attack 
using one computer 
system against 
another.
Minutes to days.
Generally no direct 
effects on built 
environment. 
Inadequate security 
can facilitate access to 
critical computer 
systems, allowing 
them to be used to 
conduct attacks.
Agriterrorism
Direct, generally 
covert 
contamination of 
food supplies or 
introduction of 
pests and/or disease 
agents to crops and 
livestock.
Days to months.
Varies by type of 
incident. Food 
contamination 
events may be 
limited to discrete 
distribution sites, 
whereas pests and 
diseases may spread 
widely. Generally 
no effects on built 
environment. 
Inadequate security 
can facilitate 
adulteration of food 
and introduction of 
pests and disease 
agents to crops and 
livestock.
Radiological 
Agent
- Alpha
- Beta
- Gamma
Radioactive 
contaminants can 
be dispersed using 
sprayers/aerosol 
generators, or by 
point or line 
sources such as 
munitions, covert 
deposits, and 
moving sprayers. 
Contaminants 
may remain 
hazardous for 
seconds to years, 
depending on 
material used. 
Initial effects will be 
localized to site of 
attack; depending 
on meteorological 
conditions, 
subsequent behavior 
of radioactive 
contaminants may 
be dynamic. 
Duration of exposure, 
distance from source 
of radiation, and the 
amount of shielding 
between source and 
target determine 
exposure to radiation. 
Nuclear Device
Detonation of 
nuclear device 
underground, at the 
surface, in the air or 
at high altitude. 
Light/heat flash 
and blast/shock 
wave last for 
seconds; nuclear 
radiation and 
fallout hazards 
can persist for 
years. 
Electromagnetic 
pulse from a 
high-altitude 
detonation lasts 
for seconds and 
affects 
unprotected 
electronic 
systems. 
Initial light, heat, 
and blast effects of a 
subsurface, ground, 
or air burst are static 
and are determined 
by the deviceÕs 
characteristics and 
employment; fallout 
of radioactive 
contaminants may 
be dynamic, 
depending on 
meteorological 
conditions. 
Harmful effects of 
radiation can be 
reduced by 
minimizing the time 
of exposure. Light, 
heat, and blast energy 
decrease 
logarithmically as a 
function of distance 
from seat of blast. 
Terrain, forestation, 
structures, etc., can 
provide shielding by 
absorbing and/or 
deflecting blast, 
radiation, and 
radioactive 
contaminants. 


Table 1-3: Event Profiles for Terrorism and Technological Hazards* (continued



Threat/Hazard
Application 
Mode
Duratio
n
Extent of 
Effects;Static/Dynamic
Mitigating and 
Exacerbating Conditions

Hazardous Material 
Release
(fixed site or 
transportation)
- Toxic 
Industrial 
Chemicals and 
Materials 
(Organic 
vapors: 
cyclohexane; 
Acid gases: 
cyanogens, 
chlorine, 
hydrogen 
sulfide; Base 
gases: 
ammonia; 
Special cases: 
phosgene, 
formaldehyde)
Solid, liquid, 
and/or gaseous 
contaminants 
may be released 
from fixed or 
mobile 
containers.
Hours to 
days.
Chemicals may be 
corrosive or 
otherwise damaging 
over time. 
Explosion and/or 
fire may be 
subsequent. 
Contamination may 
be carried out of 
the incident area by 
persons, vehicles, 
water, and wind.
As with chemical weapons, 
weather conditions will 
directly affect how the hazard 
develops. The micro-
meteorological effects of 
buildings and terrain can alter 
travel and duration of agents. 
Shielding in the form of 
sheltering in place may 
protect people and property 
from harmful effects. Non-
compliance with fire and 
building codes as well as 
failure to maintain existing 
fire protection and 
containment features can 
substantially increase the 
damage from a hazardous 
materials release. 
Unauthorized 
Entry
- Forced
- Covert
Use of hand or 
power tools, 
weapons, or 
explosives to 
create a man-
sized opening or 
operate an 
assembly (such 
as a locked 
door), or use of 
false credentials 
to enter a 
building.
Minutes to 
hours, 
depending 
upon the 
intent. 
If goal is to steal or 
destroy physical 
assets or 
compromise 
information, the 
initial effects are 
quick, but damage 
may be long 
lasting. If intent is 
to disrupt 
operations or take 
hostages, the effects 
may last for a long 
time, especially if 
injury or death 
occurs.
Standard physical security 
building design should be the 
minimum mitigation 
measure. For more critical 
assets, additional measures, 
like closed circuit television 
or traffic flow that channels 
visitors past access control, 
aids in detection of this 
hazard.


Table 1-3: Event Profiles for Terrorism and Technological Hazards* (continued



Threat/Hazard
Application 
Mode
Duratio
n
Extent of 
Effects;Static/Dynamic
Mitigating and 
Exacerbating Conditions


Surveillance
- Acoustic
- Electronic 
eavesdrop
ping
- Visual
Stand-off collection of 
visual information using 
cameras or high powered 
optics, acoustic 
information using 
directional microphones 
and lasers, and electronic 
information from 
computers, cell phones, 
and hand-held radios. 
Placed collection by 
putting a device "bug" at 
the point of use.
Usually 
months.
This is usually the prelude 
to the loss of an asset. A 
terrorist surveillance team 
spends much time looking 
for vulnerabilities and 
tactics that will be 
successful. This is the time 
period that provides the 
best assessment of threat 
because it indicates 
targeting of the building.
Building design, 
especially blocking 
lines of sight and 
ensuring the exterior 
walls and windows 
do not allow sound 
transmission or 
acoustic collection, 
can mitigate this 
hazard.


* SOURCE: FEMA 386-7, INTEGRATING HUMAN-CAUSED HAZARDS INTO MITIGATION PLANNING, SEPTEMBER 200


  


Figure 1-8 Facility system interaction


Table 1-4: Homeland Security Threat Condition



Threat Level
Threat Analysis Factors

Existence
Capability
History
Intention
s
Targetin
g
Severe (Red)
_
_
_
_
_
High (Orange)
_
_
_
_
_
Elevated (Yellow)
_
_
_
_

Guarded (Blue)
_
_
_


Low (Green)
_
_





_ Factor must be present            _	Factor may or may not be presen


Please note the DHS does not use these threat analysis factors to determine threat level. 
SOURCE: COMMONWEALTH OF KENTUCKY OFFICE OF HOMELAND SECURIT


Table 1-5: Site/Building Inherent Vulnerability Assessment Matrix (Partial Risk Assessment)*

Criteria
0
1
2
3
4
5
Score
Asset Visibility
Ñ
Existence 
not well 
known
Ñ
Existence 
locally 
known
Ñ
Existence 
widely 
known

Target Utility
None
Very Low
Low
Medium
High
Very High

Asset Accessibility
Remote 
location, 
secure 
perimeter, 
armed 
guards, 
tightly 
controlled 
access
Fenced, 
guarded, 
controlled 
access
Controlled 
access, 
protected 
entry
Controlled 
access, 
unprotected 
entry
Open access, 
restricted 
parking
Open 
access, 
unrestricted 
parking

Asset Mobility
Ñ
Moves or is 
relocated 
frequently
Ñ
Moves or is 
relocated 
occasionall
y
Ñ
Permanent/ 
fixed in 
place

Presence of 
Hazardous Materials
No 
hazardous 
materials 
present
Limited 
quantities, 
materials in 
secure 
location
Moderate 
quantities, 
strict 
control 
features
Large 
quantities, 
some 
control 
features
Large 
quantities, 
minimal 
control 
features
Large 
quantities, 
accessible 
to non-staff 
personnel

Collateral Damage 
Potential
No risk
Low 
risk/limite
d to 
immediate 
area
Moderate 
risk/limite
d to 
immediate 
area
Moderate 
risk within 
1-mile 
radius
High risk 
within 1-
mile radius
High risk 
beyond 1-
mile radius

Site 
Population/Capacity
0
1-250
251-500
501-1,000
1,001-5,000
> 5,000







Total



* SOURCE: FEMA 386-7, INTEGRATING HUMAN-CAUSED HAZARDS INTO MITIGATION PLANNING, SEPTEMBER 200


Table 1-6: Classification Table Extracts


Table 1-7: Selected Extracts -- Recommended Standards Chart


M Ð  Minimum Standard    S Ð  Standard Based On Facility EvaluationD Ð  Desirable (to minimize risk)              
N/A Ð Not Applicabl


Table 1-7: Selected Extracts -- Recommended Standards Chart* (continued


M Ð  Minimum Standard    S Ð  Standard Based On Facility EvaluationD Ð  Desirable (to minimize risk)             
N/A Ð Not Applicabl




LEVEL

I
I
I
II
I
I
V
V


Table 1-8: Level of Visibility


Rating Value
Invisible Ð Classified location
0
Very Low Visibility Ð Probably not aware of 
existence
1
Low Visibility Ð Existence probably not well known
2
Medium Visibility Ð Existence is probably known
3
High Visibility Ð Existence is well known
4
Very High Visibility Ð Existence is obvious
5


Table 1-9: Criticality of Target Site


Rating Value
No Usefulness
0
Minor Usefulness
1
Moderate Usefulness
2
Significant Usefulness
3
Highly Useful
4
Critical
5


Table 1-10: Target Value to Potential Threat Element


Rating Value
None
0
Very Low
1
Low
2
Medium
3
High
4
Very 
High
5


Table 1-11: Aggressor Access to Target


Rating 
Value
Fenced, Guarded, Protected Air/Consumable Entry, Controlled Access by Pass Only, No Vehicle 
Parking within a designated minimum distance (such as 50 feet or 80 feet)
0
Guarded, Protected Air/Consumable Entry, Controlled Access of Visitors and Non-Staff 
Personnel, No Vehicle Parking within the designated minimum distance
1
Protected Air/Consumable Entry, Controlled Access of Visitors and Non-Staff Personnel, No 
Unauthorized Vehicle Parking within the designated minimum distance
2
Controlled Access of Visitors, Unprotected Air/Consumable Entry, No Unauthorized Vehicle 
Parking within the designated minimum distance
3
Open Access to All Personnel, Unprotected Air/Consumable Entry, No Unauthorized Vehicle 
Parking within the designated minimum distance
4
Open Access to All Personnel, Unprotected Air/Consumable Entry, Vehicle Parking within the 
designated minimum distance
5


Table 1-12: Target Threat of Hazard (WMD Materials)


Rating 
Value
No CBR materials present
0
CBR materials present in moderate quantities, under positive control, and in secured locations
1
CBR materials present in moderate quantities and controlled
2
Major concentrations of CBR materials that have established control features and are secured in 
the site
3
Major concentrations of CBR materials that have moderate control features
4
Major concentrations of CBR materials that are accessible to non-staff personnel
5


Table 1-17: Simplified Building Ranking Matrix

Building
Criticality of 
Function
Location
Occupancy of 
Building
Involvement in 
Community
Critical External 
Commitments
Total 
Score
Headquarters
2
5
3
1
4
15
Hospital 1
1
2
2
1
1
7
Hospital 2
3
2
3
4
4
16
Data Center
5
4
3
3
2
17


Figure 1-9 Common system vulnerabilitie


Table 1-20: Site Functional Pre-Assessment Screening Matrix*

Function
Cyber Attack
Armed Attack (single gunman)
Vehicle Bomb
CBR Attack
Administration
280
140
135
90
Asset Value
5
5
5
5
Threat Rating
8
4
3
2
Vulnerability 
Rating
7
7
9
9
Engineering 
128
128
192
144
Asset Value
8
8
8
8
Threat Rating
8
4
3
2
Vulnerability 
Rating
2
4
8
9
Warehousing
96
36

54
Asset Value
3
3
3
3
Threat Rating
8
4
3
2
Vulnerability 
Rating
4
3
9
9
Data Center
360
128
216
144
Asset Value
8
8
8
8
Threat Rating
9
4
3
2
Vulnerability 
Rating
5
4
9
9
Food Service
2
32
48
36
Asset Value
2
2
2
2
Threat Rating
1
4
3
2
Vulnerability 
Rating
1
4
8
9
Security
280
140
168
126
Asset Value
7
7
7
7
Threat Rating
8
4
3
2
Vulnerability 
Rating
5
5
8
9
Housekeeping
16
64
48
36
Asset Value
2
2
2
2
Threat Rating
8
4
3
2
Vulnerability 
Rating
1
8
8
9
Day Care
54
324
243
162
Asset Value
9
9
9
9
Threat Rating
3
4
3
2
Vulnerability 
Rating
2
9
9
9

    * NOTIONAL DATA INSERTED FOR DEMONSTRATION PURPOSES


Table 1-20: Site Functional Pre-Assessment Screening Matrix* (continued



 Function
Cyber Attack
Armed Attack (single gunman)
Vehicle Bomb
CBR Attack


Table 1-21: Site Infrastructure Systems Pre-Assessment Screening Matrix* (continued



Functio
n
Cyber Attack
Armed Attack (single gunman)
Vehicle Bomb
CBR Attack


Figure 1-10 Non-redundant critical functions collocated near loading doc


Figure 1-11 Vulnerability example


Figure 1-12 Typical building design and construction proces


Figure 1-13 Risk management choice


Table 1-22: Building Vulnerablilty Assessment Checklist



Section
Vulnerability Question
Guidance
Observations


1         Sit

1.


What major structures surround the facility (site or building(s))?
What critical infrastructure, government, military, or recreation facilities are in the local area that impact 
transportation, utilities, and collateral damage (attack at this facility impacting the other major structures 
or attack on the major structures impacting this facility)?
What are the adjacent land uses immediately outside the perimeter of this facility (site or building(s))?
Do future development plans change these land uses outside the facility (site or building (s)) perimeter? 
Although this question bridges threat and vulnerability, the threat is the manmade hazard that can occur 
(likelihood and impact) and the vulnerability is the proximity of the hazard to the building(s) being 
assessed. Thus, a chemical plant release may be a threat/hazard, but vulnerability changes if the plant is 1 
mile upwind for the prevailing winds versus 10 miles away and downwind. Similarly, a terrorist attack upon 
an adjacent building may impact the building(s) being assessed. The Murrah Federal Building in Oklahoma 
City was not the only building to have severe damage caused by the explosion of the Ryder rental truck 
bomb


Critical infrastructure to consider includes:
Telecommunications infrastructure
Facilities for broadcast TV, cable TV; cellular networks; newspaper offices, production, and distribution; 
radio stations; satellite base stations; telephone trunking and switching stations, including critical cable 
routes and major rights-of-way
Electric power systems
Power plants, especially nuclear facilities; transmission and distribution system components; fuel distribution, 
delivery, and storage
Gas and oil facilities
Hazardous material facilities, oil/gas pipelines, and storage facilitie


Banking and finance institutions
Financial institutions (banks, credit unions) and the business district; note schedule business/financial district 
may follow; armored car services
Transportation networks
Airports: carriers, flight paths, and airport layout; location of air traffic control towers, runways, passenger 
terminals, and parking areas
Bus Stations
Pipelines: oil; gas
Trains/Subways: rails and lines, railheads/rail yards, interchanges, tunnels, and cargo/passenger terminals; note 
hazardous material transported
Traffic: interstate highways/roads/tunnels/bridges carrying large volumes; points of congestion; note time of day 
and day of week
Trucking: hazardous materials cargo loading/unloading facilities; truck terminals, weigh stations, and rest areas
Waterways: dams; levees; berths and ports for cruise ships, ferries, roll-on/roll-off cargo vessels, and container 
ships; international (foreign) flagged vessels (and cargo)
Water supply systems
Pipelines and process/treatment facilities, dams for water collection; wastewater treatment 
Government services
Federal/state/local government offices Ð post offices, law enforcement stations, fire/rescue, town/city hall, 
local mayorÕs/governorÕs residences, judicial offices and courts, military installations (include type-Active, 
Reserves, National Guard)
Emergency services
Backup facilities, communications centers, Emergency Operations Centers (EOCs), fire/Emergency Medical Service 
(EMS) facilities, Emergency Medical Center (EMCs), law enforcement facilities
The following are not critical infrastructure, but have potential collateral damage to consider: 
Agricultural facilities: chemical distribution, storage, and application sites; crop spraying services; farms and 
ranches; food processing, storage, and distribution facilities
Commercial/manufacturing/industrial facilities: apartment buildings; business/corporate centers; chemical 
plants (especially those with Section 302 Extremely Hazardous Substances); factories; fuel production, 
distribution, and storage facilities; hotels and convention centers; industrial plants; raw material production, 
distribution, and storage facilities; research facilities and laboratories; shipping, warehousing, transfer, and 
logistical centers
Events and attractions: festivals and celebrations; open-air markets; parades; rallies, demonstrations, and 
marches; religious services; scenic tours; theme parks
Health care system components: family planning clinics; health department offices; hospitals; radiological 
material and medical waste transportation, storage, and disposal; research facilities and laboratories, walk-in 
clinics
Political or symbolically significant sites: embassies, consulates, landmarks, monuments, political party and 
special interest groups offices, religious sites
Public/private institutions: academic institutions, cultural centers, libraries, museums, research facilities and 
laboratories, schools
Recreation facilities: auditoriums, casinos, concert halls and pavilions, parks, restaurants and clubs (frequented 
by potential target populations), sports arenas, stadiums, theaters, malls, and special interest group facilities; note 
congestion dates and times for shopping centers
References: FEMA 386-7, FEMA SLG 101, DOJ NCJ181200



1.2
Does the terrain place the building in a depression or low area?

Depressions or low areas can trap heavy vapors, inhibit natural decontamination by prevailing winds, and reduce 
the effectiveness of in-place sheltering.
Reference: USAF Installation Force Protection Guid



1.3

In dense, urban areas, does curb lane parking allow uncontrolled vehicles to park unacceptably close to a 
building in public rights-of-way


Where distance from the building to the nearest curb provides insufficient setback, restrict parking in the curb lane. 
For typical city streets, this may require negotiating to close the curb lane. Setback is common terminology for the 
distance between a building and its associated roadway or parking. It is analogous to stand-off between a vehicle 
bomb and the building. The benefit per foot of increased stand-off between a potential vehicle bomb and a 
building is very high when close to a building and decreases rapidly as the distance increases. Note that the July 1, 
1994, Americans with Disabilities Act Standards for Accessible Design states that required handicapped parking shall 
be located on the shortest accessible route of travel from adjacent parking to an accessible entrance.
Reference: GSA PBS-P100

1.4

Is a perimeter fence or other types of barrier controls in place?
The intent is to channel pedestrian traffic onto a site with multiple buildings through known access control points. 
For a single building, the intent is to have a single visitor entrance.
Reference: GSA PBS-P100 
1.5

What are the site access points to the site or building?

The goal is to have at least two access points Ð one for passenger vehicles and one for delivery trucks due to the 
different procedures needed for each. Having two access points also helps if one of the access points becomes 
unusable, then traffic can be routed through the other access point.
Reference: USAF Installation Force Protection Guide

1.6

Is vehicle traffic separated from pedestrian traffic on the site?
Pedestrian access should not be endangered by car traffic. Pedestrian access, especially from public transportation, 
should not cross vehicle traffic if possible.
References: GSA PBS-P100 and FEMA 386-7

1.7
Is there vehicle and pedestrian access control at the perimeter of the site



Vehicle and pedestrian access control and inspection should occur as far from facilities as possible (preferably at the 
site perimeter) with the ability to regulate the flow of people and vehicles one at a time.
Control on-site parking with identification checks, security personnel, and access control systems.
Reference: FEMA 386-7
1.8
Is there space for inspection at the curb line or outside the protected perimeter?
What is the minimum distance from the inspection location to the building



Design features for the vehicular inspection point include: vehicle arrest devices that prevent vehicles from leaving 
the vehicular inspection area and prevent tailgating.
If screening space cannot be provided, consider other design features such as: hardening and alternative location for 
vehicle search/inspection.
Reference: GSA PBS-P100   

1.9
Is there any potential access to the site or building through utility paths or water runoff




Eliminate potential site access through utility tunnels, corridors, manholes, stormwater runoff culverts, etc. Ensure 
covers to these access points are secured.
Reference: USAF Installation Force Protection Guide

1.10
What are the existing types of vehicle anti-ram devices for the site or building?
Are these devices at the property boundary or at the building



Passive barriers include bollards, walls, hardened fences (steel cable interlaced), trenches, ponds/basins, concrete 
planters, street furniture, plantings, trees, sculptures, and fountains. Active barriers include pop-up bollards, swing 
arm gates, and rotating plates and drums, etc.
Reference: GSA PBS-P100

1.11
What is the anti-ram buffer zone stand-off distance from the building to unscreened vehicles or parking



If the recommended distance for the postulated threat is not available, consider reducing the stand-off required 
through structural hardening or manufacturing additional stand-off through barriers and parking restrictions. Also, 
consider relocation of vulnerable functions within the building, or to a more hazard-resistant building. More stand-
off should be used for unscreened vehicles than for screened vehicles that have been searched.
Reference: GSA PBS-P100
1.12
Are perimeter barriers capable of stopping vehicles?
Will the vehicle barriers at the perimeter and building maintain access for emergency responders, 
including large fire apparatus


Anti-ram protection may be provided by adequately designed: bollards, street furniture, sculpture, landscaping, 
walls, and fences. The anti-ram protection must be able to stop the threat vehicle size (weight) at the speed 
attainable by that vehicle at impact. If the anti-ram protection cannot absorb the desired kinetic energy, consider 
adding speed controls (serpentines or speed bumps) to limit the speed at impact. If the resultant speed is still too 
great, the anti-ram protection should be improved.
References: Military Handbook 1013/14 and GSA PBS P-100



1.13
Does site circulation prevent high-speed approaches by vehicles



The intent is to use site circulation to minimize vehicle speeds and eliminate direct approaches to structures.
Reference: GSA PBS-P100



1.14
Are there offsetting vehicle entrances from the direction of a vehicleÕs approach to force a reduction of 
speed



Single or double 90-degree turns effectively reduce vehicle approach speed.
Reference: GSA PBS-P100
1.1


Is there a minimum setback distance between the building and parked vehicles

Adjacent public parking should be directed to more distant or better-protected areas, segregated from employee 
parking and away from the building. Some publications use the term setback in lieu of the term stand-off.
Reference: GSA PBS-P100

1.1


Does adjacent surface parking on site maintain a minimum stand-off distance





The specific stand-off distance needed is based upon the design basis threat bomb size and the building 
construction. For initial screening, consider using 25 meters (82 feet) as a minimum, with more distance needed for 
unreinforced masonry or wooden walls.
Reference: GSA PBS-P100

1.1


Do standalone, aboveground parking garages provide adequate visibility across as well as into and out of 
the parking garage


Pedestrian paths should be planned to concentrate activity to the extent possible.
Limiting vehicular entry/exits to a minimum number of locations is beneficial.
Stair tower and elevator lobby design should be as open as code permits. Stair and/or elevator waiting areas should 
be as open to the exterior and/or the parking areas as possible and well lighted. Impact-resistant, laminated glass for 
stair towers and elevators is a way to provide visual openness.
Potential hiding places below stairs should be closed off; nooks and crannies should be avoided, and dead-end 
parking areas should be eliminated.
Reference: GSA PBS-P100

1.1


Are garage or service area entrances for employee-permitted vehicles protected by suitable anti-ram devices?
Coordinate this protection with other anti-ram devices, such as on the perimeter or property boundary to 
avoid duplication of arresting capability


Control internal building parking, underground parking garages, and access to service areas and loading docks in this 
manner with proper access control, or eliminate the parking altogether.
The anti-ram device must be capable of arresting a vehicle of the designated threat size at the speed attainable at the 
location.
Reference: GSA PBS-P100

1.1


Do site landscaping and street furniture provide hiding places



Minimize concealment opportunities by keeping landscape plantings (hedges, shrubbery, and large plants with 
heavy ground cover) and street furniture (bus shelters, benches, trash receptacles, mailboxes, newspaper vending 
machines) away from the building to permit observation of intruders and prevent hiding of packages.
If mail or express boxes are used, the size of the openings should be restricted to prohibit the insertion of packages.
Reference: GSA PBS-P100
1.2


Is the site lighting adequate from a security perspective in roadway access and parking areas


Security protection can be successfully addressed through adequate lighting. The type and design of lighting, 
including illumination levels, is critical. Illuminating Engineering Society of North America (IESNA) guidelines can be 
used. The site lighting should be coordinated with the CCTV system.
Reference: GSA PBS-P100
1.2


Are line-of-sight perspectives from outside the secured boundary to the building and on the property 
along pedestrian and vehicle routes integrated with landscaping and green space


The goal is to prevent the observation of critical assets by persons outside the secure boundary of the site. For 
individual buildings in an urban environment, this could mean appropriate window treatments or no windows for 
portions of the building.
Once on the site, the concern is to ensure observation by a general workforce aware of any pedestrians or vehicles 
outside normal circulation routes or attempting to approach the building unobserved.
Reference: USAF Installation Force Protection Guide
1.22
Do signs provide control of vehicles and people



The signage should be simple and have the necessary level of clarity. However, signs that identify sensitive areas 
should generally not be provided.
Reference: GSA PBS-P100

1.23
Are all existing fire hydrants on the site accessible


Just as vehicle access points to the site must be able to transit emergency vehicles, so too must the emergency 
vehicles have access to the buildings and, in the case of fire trucks, the fire hydrants. Thus, security considerations 
must accommodate emergency response requirements.
Reference: GSA PBS-P100












2         Architectural


2.1

Does the site and architectural design incorporate strategies from a Crime Prevention Through 
Environmental Design (CPTED) perspective




The focus of CPTED is on creating defensible space by employing:
1. Natural access controls:
Ð  Design streets, sidewalks, and building entrances to clearly indicate public routes and direct people away from 
private/restricted areas
Ð  Discourage access to private areas with structural elements and limit access (no cut-through streets)
Ð  Loading zones should be separate from public parking
2. Natural surveillance:
Ð  Design that maximizes visibility of people, parking areas, and building entrances; doors and windows that look 
out on to streets and parking areas
Ð  Shrubbery under 2 feet in height for visibility
Ð  Lower branches of existing trees kept at least 10 feet off the ground
Ð  Pedestrian-friendly sidewalks and streets to control pedestrian and vehicle circulation
Ð  Adequate nighttime lighting, especially at exterior doorways
3. Territorial reinforcement:
Ð  Design that defines property lines
Ð  Design that distinguishes private/restricted spaces from public spaces using separation, landscape plantings; 
pavement designs (pathway and roadway placement); gateway treatments at lobbies, corridors, and door 
placement; walls, barriers, signage, lighting, and "CPTED" fences
Ð  "Traffic-calming" devices for vehicle speed control
4. Target hardening:
Ð  Prohibit entry or access: window locks, deadbolts for doors, interior door hinges
Ð  Access control (building and employee/visitor parking) and intrusion detection systems
5. Closed circuit television cameras:
Ð  Prevent crime and influence positive behavior, while enhancing the intended uses of space. In other words, 
design that eliminates or reduces criminal behavior and at the same time encourages people to "keep an eye out" 
for each other.
References: GSA PBS-P100 and FEMA 386-7

2.


Is it a mixed-tenant building


Separate high-risk tenants from low-risk tenants and from publicly accessible areas. Mixed uses may be 
accommodated through such means as separating entryways, controlling access, and hardening shared partitions, as 
well as through special security operational countermeasures.
Reference: GSA PBS-P100

2.


Are pedestrian paths planned to concentrate activity to aid in detectio


Site planning and landscape design can provide natural surveillance by concentrating pedestrian activity, limiting 
entrances/exits, and eliminating concealment opportunities. Also, prevent pedestrian access to parking areas other 
than via established entrances.
Reference: GSA PBS-P100
2.


Are there trash receptacles and mailboxes in close proximity to the building that can be used to hide 
explosive devices


The size of the trash receptacles and mailbox openings should be restricted to prohibit insertion of packages. Street 
furniture, such as newspaper vending machines, should be kept sufficient distance (10 meters or 33 feet) from the 
building, or brought inside to a secure area.
References: USAF Installation Force Protection Guide and DoD UCF 4-010-01

2.


Do entrances avoid significant queuing



If queuing will occur within the building footprint, the area should be enclosed in blast-resistant construction. If 
queuing is expected outside the building, a rain cover should be provided. For manpower and equipment 
requirements, collocate or combine staff and visitor entrances.
Reference: GSA PBS-P100

2.


Does security screening cover all public and private areas?
Are public and private activities separated?
Are public toilets, service spaces, or access to stairs or elevators located in any non-secure areas, including 
the queuing area before screening at the public entrance


Retail activities should be prohibited in non-secured areas. However, the Public Building Cooperative Use Act of 
1976 encourages retail and mixed uses to create open and inviting buildings. Consider separating entryways, 
controlling access, hardening shared partitions, and special security operational countermeasures.
References: GSA PBS-P100 and FEMA 386-7


2.


Is access control provided through main entrance points for employees and visitors?
(lobby receptionist, sign-in, staff escorts, issue of visitor badges, checking forms of personal identification, electronic 
access control systems


Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities


2.


Is access to private and public space or restricted area space clearly defined through the design of the space, 
signage, use of electronic security devices, etc.



Finishes and signage should be designed for visual simplicity.
Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities
2.


Is access to elevators distinguished as to those that are designated only for employees and visitors



Reference: Physical Security Assessment for the Department of Veterans Affairs Facilities

2.1


Do public and employee entrances include space for possible future installation of access control and 
screening equipment


These include walk-through metal detectors and x-ray devices, identification check, electronic access card, search 
stations, and turnstiles.
Reference: GSA PBS-P100

2.1


Do foyers have reinforced concrete walls and offset interior and exterior doors from each other


Consider for exterior entrances to the building or to access critical areas within the building if explosive blast hazard 
must be mitigated.
Reference: U.S. Army TM 5-853 
2.1


Do doors and walls along the line of security screening meet requirements of UL752 "Standard for Safety: 
Bullet-Resisting Equipment"



If the postulated threat in designing entrance access control includes rifles, pistols, or shotguns, then the screening 
area should have bullet-resistance to protect security personnel and uninvolved bystanders. Glass, if present, should 
also be bullet-resistant.
Reference: GSA PBS-P100

2.1


Do circulation routes have unobstructed views of people approaching controlled access points



This applies to building entrances and to critical areas within the building.
References: USAF Installation Force Protection Guide and DoD UFC 4-010-01
2.1


Is roof access limited to authorized personnel by means of locking mechanisms



References: GSA PBS-P100 and CDC/NIOSH, Pub 2002-139
2.1


Are critical assets (people, activities, building systems and components) located close to any main entrance, 
vehicle circulation, parking, maintenance area, loading dock, or interior parking?
Are the critical building systems and components hardened


Critical building components include: Emergency generator including fuel systems, day tank, fire sprinkler, and 
water supply; Normal fuel storage; Main switchgear; Telephone distribution and main switchgear; Fire pumps; 
Building control centers; Uninterruptible Power Supply (UPS) systems controlling critical functions; Main 
refrigeration and ventilation systems if critical to building operation; Elevator machinery and controls; Shafts for 
stairs, elevators, and utilities; Critical distribution feeders for emergency power. Evacuation and rescue require 
emergency systems to remain operational during a disaster and they should be located away from potential attack 
locations. Primary and backup systems should be separated to reduce the risk of both being impacted by a single 
incident if collocated. Utility systems should be located at least 50 feet from loading docks, front entrances, and 
parking areas.
One way to harden critical building systems and components is to enclose them within hardened walls, floors, and 
ceilings. Do not place them near high-risk areas where they can receive collateral damage.
Reference: GSA PBS-P100

2.1


Are high-value or critical assets located as far into the interior of the building as possible and separated 
from the public areas of the building



Critical assets, such as people and activities, are more vulnerable to hazards when on an exterior building wall or 
adjacent to uncontrolled public areas inside the building.
Reference: GSA PBS-P100
2.1


Is high visitor activity away from critical assets



High-risk activities should also be separated from low-risk activities. Also, visitor activities should be separated from 
daily activities.
Reference: USAF Installation Force Protection Guide
2.1


Are critical assets located in spaces that are occupied 24 hours per day?
Are assets located in areas where they are visible to more than one person


Reference: USAF Installation Force Protection Guide


2.1


Are loading docks and receiving and shipping areas separated in any direction from utility rooms, utility 
mains, and service entrances, including electrical, telephone/data, fire detection/alarm systems, fire 
suppression water mains, cooling and heating mains, etc.



Loading docks should be designed to keep vehicles from driving into or parking under the building. If loading docks 
are in close proximity to critical equipment, consider hardening the equipment and service against explosive blast. 
Consider a 50-foot separation distance in all directions.
Reference: GSA PBS-P100
2.20
Are mailrooms located away from building main entrances, areas containing critical services, utilities, 
distribution systems, and important assets?
Is the mailroom located near the loading dock?

The mailroom should be located at the perimeter of the building with an outside wall or window designed for 
pressure relief.
By separating the mailroom and the loading dock, the collateral damage of an incident at one has less impact upon 
the other. However, this may be the preferred mailroom location.
Off-site screening stations or a separate delivery processing building on site may be cost-effective, particularly if 
several buildings may share one mailroom. A separate delivery processing building reduces risk and simplifies 
protection measures.
Reference: GSA PBS-P100


2.21
Does the mailroom have adequate space available for equipment to examine incoming packages and for an 
explosive disposal container





Screening of all deliveries to the building, including U.S. mail, commercial package delivery services, delivery of office 
supplies, etc.
Reference: GSA PBS-P100
2.2


Are areas of refuge identified, with special consideration given to egress


Areas of refuge can be safe havens, shelters, or protected spaces for use during specified hazards.
Reference: FEMA 386-7


2.23
Are stairwells required for emergency egress located as remotely as possible from high-risk areas where 
blast events might occur?
Are stairways maintained with positive pressure or are there other smoke control systems



Consider designing stairs so that they discharge into areas other than lobbies, parking, or loading docks.
Maintaining positive pressure from a clean source of air (may require special filtering) aids in egress by keeping 
smoke, heat, toxic fumes, etc,. out of the stairway. Pressurize exit stairways in accordance with the National Model 
Building Code.
References: GSA PBS-P100 and CDC/NIOSH, Pub 2002-139


2.2


Are enclosures for emergency egress hardened to limit the extent of debris that might otherwise impede 
safe passage and reduce the flow of evacuees?


Egress pathways should be hardened and discharge into safe areas.
Reference: FEMA 386-7
2.2


Do interior barriers differentiate level of security within a building


Reference: USAF Installation Force Protection Guide

2.2


Are emergency systems located away from high-risk areas



The intent is to keep the emergency systems out of harmÕs way, such that one incident does not take out all 
capability Ð both the regular systems and their backups.
Reference: FEMA 386-7

2.2

Is interior glazing near high-risk areas minimized?
Is interior glazing in other areas shatter-resistant



Interior glazing should be minimized where a threat exists and should be avoided in enclosures of critical functions 
next to high-risk areas.
Reference: GSA PBS-P100

2.2


Are ceiling and lighting systems designed to remain in place during hazard events?

When an explosive blast shatters a window, the blast wave enters the interior space, putting structural and non-
structural building components under loads not considered in standard building codes. It has been shown that 
connection criteria for these systems in high seismic activity areas resulted in much less falling debris that could injure 
building occupants.
Mount all overhead utilities and other fixtures weighing 14 kilograms (31 pounds) or more to minimize the 
likelihood that they will fall and injure building occupants. Design all equipment mountings to resist forces of 0.5 
times the equipment weight in any direction and 1.5 times the equipment weight in the downward direction. This 
standard does not preclude the need to design equipment mountings for forces required by other criteria, such as 
seismic standards.
Reference: DoD UCF 4-101-0




3         Structural Systems


3.


What type of construction?
What type of concrete and reinforcing steel?
What type of steel?
What type of foundation?


The type of construction provides an indication of the robustness to abnormal loading and load reversals. A 
reinforced concrete moment-resisting frame provides greater ductility and redundancy than a flat-slab or flat-plate 
construction. The ductility of steel frame with metal deck depends on the connection details and pre-tensioned or 
post-tensioned construction provides little capacity for abnormal loading patterns and load reversals. The resistance 
of load-bearing wall structures varies to a great extent, depending on whether the walls are reinforced or un-
reinforced. A rapid screening process developed by FEMA for assessing structural hazards identifies the following 
types of construction with a structural score ranging from 1.0 to 8.5. A higher score indicates a greater capacity to 
sustain load reversals.
Wood buildings of all types - 4.5 to 8.5
Steel moment-resisting frames - 3.5 to 4.5
Braced steel frames - 2.5 to 3.0
Light metal buildings - 5.5 to 6.5
Steel frames with cast-in-place concrete shear walls - 3.5 to 4.5
Steel frames with unreinforced masonry infill walls - 1.5 to 3.0
Concrete moment-resisting frames - 2.0 to 4.0
Concrete shear wall buildings - 3.0 to 4.0
Concrete frames with unreinforced masonry infill walls - 1.5 to 3.0
Tilt-up buildings - 2.0 to 3.5
Precast concrete frame buildings - 1.5 to 2.5
Reinforced masonry - 3.0 to 4.0
Unreinforced masonry - 1.0 to 2.5
References: FEMA 154 and Physical Security Assessment for the Department of Veterans Affairs Facilities
3.2
Do the reinforced concrete structures contain symmetric steel reinforcement (positive and negative faces) 
in all floor slabs, roof slabs, walls, beams, and girders that may be subjected to rebound, uplift, and 
suction pressures?
Do the lap splices fully develop the capacity of the reinforcement?
Are lap splices and other discontinuities staggered?
Do the connections possess ductile details?
Is special shear reinforcement, including ties and stirrups, available to allow large post-elastic behavior?

Reference: GSA PBS-P100

3.3
Are the steel frame connections moment connections?
Is the column spacing minimized so that reasonably sized members will resist the design loads and 
increase the redundancy of the system?
What are the floor-to-floor heights?

A practical upper level for column spacing is generally 30 feet. Unless there is an overriding architectural 
requirement, a practical limit for floor-to-floor heights is generally less than or equal to 16 feet.
Reference: GSA PBS-P100
3.4
Are critical elements vulnerable to failure?
The priority for upgrades should be based on the relative importance of structural or non-structural elements that 
are essential to mitigating the extent of collapse and minimizing injury and damage.
Primary Structural Elements provide the essential parts of the buildingÕs resistance to catastrophic blast loads and 
progressive collapse. These include columns, girders, roof beams, and the main lateral resistance system.
Secondary Structural Elements consist of all other load-bearing members, such as floor beams, slabs, etc.
Primary Non-Structural Elements consist of elements (including their attachments) that are essential for life safety 
systems or elements that can cause substantial injury if failure occurs, including ceilings or heavy suspended 
mechanical units.
Secondary Non-Structural Elements consist of all elements not covered in primary non-structural elements, such as 
partitions, furniture, and light fixtures.
Reference: GSA PBS-P100

3.5
Will the structure suffer an unacceptable level of damage resulting from the postulated threat (blast 
loading or weapon impact)?  

The extent of damage to the structure and exterior wall systems from the bomb threat may be related to a 
protection level. The following is for new buildings: 
Level of Protection Below Antiterrorism Standards Ð Severe damage. Frame collapse/massive destruction. Little 
left standing. Doors and windows fail and result in lethal hazards. Majority of personnel suffer fatalities.
Very Low Level Protection Ð Heavy damage. Onset of structural collapse. Major deformation of primary and 
secondary structural members, but progressive collapse is unlikely. Collapse of non-structural elements. Glazing will 
break and is likely to be propelled into the building, resulting in serious glazing fragment injuries, but fragments will 
be reduced. Doors may be propelled into rooms, presenting serious hazards. Majority of personnel suffer serious 
injuries. There are likely to be a limited number (10 percent to 25 percent) of fatalities.
Low Level of Protection Ð Moderate damage, unrepairable. Major deformation of non-structural elements and 
secondary structural members and minor deformation of primary structural members, but progressive collapse is 
unlikely. Glazing will break, but fall within 1 meter of the wall or otherwise not present a significant fragment 
hazard. Doors may fail, but they will rebound out of their frames, presenting minimal hazards. Majority of personnel 
suffer significant injuries. There may be a few (<10 percent) fatalities.
Medium Level Protection Ð Minor damage, repairable. Minor deformations of non-structural elements and 
secondary structural members and no permanent deformation in primary structural members. Glazing will break, 
but will remain in the window frame. Doors will stay in frames, but will not be reusable. Some minor injuries, but 
fatalities are unlikely.
High Level Protection Ð Minimal damage, repairable. No permanent deformation of primary and secondary 
structural members or non-structural elements. Glazing will not break. Doors will be reusable. Only superficial 
injuries are likely.
Reference: DoD UFC 4-010-01

3.6
Is the structure vulnerable to progressive collapse?
Is the building capable of sustaining the removal of a column for one floor above grade at the building 
perimeter without progressive collapse?
In the event of an internal explosion in an uncontrolled public ground floor area, does the design prevent 
progressive collapse due to the loss of one primary column?
Do architectural or structural features provide a minimum 6-inch stand-off to the internal columns 
(primary vertical load carrying members)?
Are the columns in the unscreened internal spaces designed for an unbraced length equal to two floors, or 
three floors where there are two levels of parking?
Design to mitigate progressive collapse is an independent analysis to determine a systemÕs ability to resist structural 
collapse upon the loss of a major structural element or the systemÕs ability to resist the loss of a major structural 
element. Design to mitigate progressive collapse may be based on the methods outlined in ASCE 7-98 (now 7-02). 
Designers may apply static and/or dynamic methods of analysis to meet this requirement and ultimate load capacities 
may be assumed in the analyses. Combine structural upgrades for retrofits to existing buildings, such as seismic and 
progressive collapse, into a single project due to the economic synergies and other cross benefits. Existing facilities may 
be retrofitted to withstand the design level threat or to accept the loss of a column for one floor above grade at the 
building perimeter without progressive collapse. Note that collapse of floors or roof must not be permitted.
Reference: GSA PBS-P100


3.7
Are there adequate redundant load paths in the structure?

Special consideration should be given to materials that have inherent ductility and that are better able to respond to 
load reversals, such as cast in place reinforced concrete, reinforced masonry, and steel construction.
Careful detailing is required for material such as pre-stressed concrete, pre-cast concrete, and masonry to adequately 
respond to the design loads. Primary vertical load carrying members should be protected where parking is inside a 
facility and the building superstructure is supported by the parking structure.
Reference: GSA PBS-P100

3.8
Are there transfer girders supported by columns within unscreened public spaces or at the exterior of the 
building?

Transfer girders allow discontinuities in columns between the roof and foundation. This design has inherent 
difficulty in transferring load to redundant paths upon loss of a column or the girder. Transfer beams and girders 
that, if lost, may cause progressive collapse are highly discouraged.
Reference: GSA PBS-P100

3.9
What is the grouting and reinforcement of masonry (brick and/or concrete masonry unit (CMU)) exterior 
walls?

Avoid unreinforced masonry exterior walls. Reinforcement can run the range of light to heavy, depending upon the 
stand-off distance available and postulated design threat.
Reference: GSA PBS-P100 recommends fully groute