How strictly are SCIF policies enforced? I'm just a civilian who's never had exposure to that world, but based on my experience with other parts of the government, I'd expect SCIF compliance to fall on a broad spectrum from "sloppy or non-existent" to "overly strict and paranoid." Is my intuition accurate? Who's accountable for the compliance of a given SCIF - can anyone with clearance "setup a SCIF" or does it need to be registered, audited, etc?
In my experience, they are seriously enforced, though any time you have a large number of people you'll definitely find exceptions. The threat of massive fines and long jail times tends to encourage compliance. Also, many of the people who work in SCIFs know they are dealing with information that, if released, could lead to a number of people getting killed (think intelligence sources) or a country being unable to defend itself because a US weapon system was compromised (think Ukraine). Nation-states are working to extract information from SCIFs, it's not a theoretical problem, and SCIF users know this.
I don't work in this space, but many of my friends do, as did my father.
SCIF policies are usually strictly enforced. But, that's the most secure workplace available to civilians and they aren't all that common. They also tend to be located in facilities that are higher-than-normal security. Out here in Reston, all my friends who work in SCIFs are also in fenced/gated complexes with paramilitary guards.
There are secure (but not SCIF) facilities that probably vary more. My father's little 6 person contracting office had a secure room, with a Dod approved design and a safe inside, for contracts that required that level of security (State/DoD facilities in China and Russia required TS clearance, other projects varied).
The people that work in SCIFs also generally take it seriously. TS+poly is worth a big chunk of salary here in DC and not something to risk (and that's ignoring that flaunting those laws is a felony for anybody not named Trump). And most believe in the mission (whatever that happens to be). The work spans everything from military hardware to CIA or NSA operations. And a lot of stuff that probably doesn't really need to be TS, but that's a whole other discussion.
