SAP Lifecycle Flashcards
SAP Oversight Basics
- Oversight provided to DoD SAPs is much more significant than that given to collateral programs.
- SAP oversight is outlined in Section 119, Title 10 United States Code, and includes the requirement to report annually to Congress.
Section 119 of Title 10
Specifies the types of reports that are submitted to Congress as well as the frequency with which they are submitted.
Congressional Reporting
Existing SAPs must submit a report to Congress no later than March 1 of each year
Information in Reports:
Existing SAPs
- The estimated total budget requested for the current and next fiscal years
- A brief description of the program, including the numbers of individuals involved
- The actual cost of the program for each previous fiscal year
- A brief discussion of the major milestones for the SAP, such as current issues or significant changes
Reporting:
New or proposed SAPs
Submit a SAP Listing to Congress no later than February 1 of each year
Information in Reports:
New or proposed SAP
- Notice of the designation of the program as a SAP and the justification for such designation
- The current estimate of the total cost for the program
- Identification of existing programs or technologies that are similar to the new SAP’s technology or mission
- Submit a SAP Listing to Congress no later than February 1 of each year
Establishment Phase
- A SAP begins in the establishment phase.
- Determines whether or not extra protection is warranted to establish a Prospective SAP (PSAP).
- Phase begins when it is determined enhanced security measures are required.
- Program’s eligibility to become a SAP is evaluated through the approval process.
-Establishing SAPCO must notify the Director, DoD SAPCO, in writing of the decision to create a PSAP.
*Include documents that ensure the SAP’s
protection
Management and Administration Phase
- Starts once the SAP is approved.
- Entails the day-to-day operations of the SAP.
- Inspections, audits, and internal control.
- Work on the SAP is accomplished as long as there is a continued need for the SAP.
Disestablishment Phase
- Once the SAP is no longer needed, it is disestablished.
- May be due to the program transitioning to a collateral program or by being absorbed into another existing SAP.
- Disestablishment includes ensuring the SAP’s information and related SAPs are protected, a disestablishment plan is developed, a debrief of personnel, and a closeout inspection are conducted.
Three phases of the SAP lifecycle?
- Establishment
- Management and Administration
- Disestablishment
Steps of Establishment Phase
Verify that individual needs the information specifically to do their work, they have the appropriate clearance, and that someone in a position of authority has given them the permission to access the information. If you are unsure of someone’s need-to-k
Apportionment
- SAP or section of a SAP has been formally included in the Integrated Joint Special Technical Operations (IJSTO) process
- SAP is in use for Combatant Commands during deliberate planning, crisis action response, and operational employment.
Apportionment Phase
- SAP is deemed operational in capability (or no later than 18 months prior to plan IOC)
- DoD Component and PSA SAPCOs nominates SAP capabilities to be apportioned into IJSTO
Disestablishment Phase 2
Once the SAP is no longer needed, it is disestablished. This may be due to the program transitioning to a collateral program or by being absorbed into another existing SAP. Disestablishment includes ensuring the SAP’s information and related SAPs are protected, a disestablishment plan is developed, a debrief of personnel, and a closeout inspection are conducted.
SAP Approval Authorities
Authorized to approve SAPs:
Unless otherwise directed by the President of the United States only…
Secretary of State Secretary of Defense Secretary of Energy Secretary of Homeland Security Director of National Intelligence Attorney General
*Or their principal deputy
Other agency SAPs
- Agencies with SAPs do not always establish and operate SAPs in the same way as the Department of Defense
- Agencies do work together.
- In cases of joint programs, the host activity ensures regulatory requirements are met by the other involved agencies.
DOD SAP Approval Authority
The Deputy Secretary of Defense (DEPSECDEF) is designated primary and direct responsibility for SAPs.
Where does the initial need for a SAP come from?
Initial need for a SAP can be identified and initiated anywhere:
-Within the government
(civilians and warfighters)
- Within industry
- Whether identified by government or industry, each need is first assessed.
When does the SAP Establishment process begin?
When it is determined enhanced security measures are required
SAP Approval Process
Program referred to as prospective SAP (PSAP)
- Upon PSAP approval, enhanced security measures may be applied for a period not to exceed 210 days.
- During Establishment phase, all documents required for a program to be approved as a SAP are developed (aka the SAP Approval package).
- The Approval Package is sent to the SAP Oversight Committee (SAPOC) for concurrence or non-concurrence.
- If SAPOC concurs, then the SAP approval package goes to Congress for formal approval.
SAP Governance
- SAP governance structure is comprised of the SAPOC, the SRG, and the SSWG.
- Governance process relies upon personnel making the determination that the need for a SAP exists.
- Process relies upon the examination into and justification for the need for a SAP.
- If the need is justified, then it moves into the Establishment phase, also called a PSAP
Establishment Phase Again
all the required documents to identify how that widget or piece of technology is going to be protected are developed. Once all the documents are developed, they are packaged together and sent to the SAPOC for concurrence. Finally, once a SAP is approved by the SECDEF/DEPSECDEF, Congress needs to be notified.
Component-Level SAP Central Office (SAPCO)
- Component-level SAPCO assesses the need for a SAP when it is initially identified
- Each component-level SAPCO is responsible for all SAPs under their purview
What organizations have component-level SAPCOs?
Each military component
The Joint Chiefs of Staff
The Defense Advanced Research Projects Agency (DARPA)
The Missile Defense Agency (MDA
OSD-level SAP Central Office
DoD SAPs are categorized and managed by the Under Secretaries of Defense.
Each OSD-level SAP Central Office is established to assist the Deputy Secretary of Defense in overseeing DoD SAPs.
Each Under Secretary serves as the oversight authority for a specific category of SAPs: acquisition, intelligence, or operations and support.
- All acquisition SAPs are assigned to the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics.
- All intelligence SAPs are assigned to the Office of the Under Secretary of Defense for Intelligence.
- All operations and support SAPs are assigned to the Office of the Under Secretary of Defense for Policy.
Senior Review Group (SRG)
- Senior executive service-level working group
- Responsible for ensuring SAPs aren’t duplicated across the various SAP categories
Senior Review Group Members
Chair: Under Secretary of Defense for AT&L
Vice Chair: Director, DoD SAPCO
Executive Secretary: Deputy Director, DoD SAPCO
General Membership:
Comprised of primary or alternate members, designated in writing by each SAPOC member.
Only designated SRG members have voting rights.
*In the case of the Army, Navy, and Air Force, only one individual will represent their respective Under Secretary and Vice Chief of Staff (one vote per Military Department).
Additional appropriately cleared personnel may attend if approved by the SRG Chair.
Senior SAP Working Group (SSWG)
- Senior program protection forum.
- Coordinates, deconflicts, and integrates special programs.
- Addresses SAP policy, oversight, and management.
- Provides recommendations to the SRG.
Senior SAP Working Group Members
Chair: Director, DoD SAPCO
SAPCO Director of the USD (I) SAPCO Director of the USD (AT&L) SAPCO Director of the Army SAPCO Director of the Air Force SAPCO Director of the Navy SAPCO Director of the Marine Corps SAPCO Director of the JS SAPCO Director of the DARPA SAPCO Director of the MDA
Principal-appointed representatives from offices of the
- DCAPE
- DoD CIO
- USD(C)/CFO
- GC
- DoD
SAP Oversight Committee (SAPOC)
Chair: Deputy Secretary of Defense
- SAPOC is where the formal SAP approval decision is made.
- SAPOC members are considered super users and have access to all DoD-approved SAPs.
- All committee members are appointed officials of the DoD (with exception of the Vice Chairman of the Joint Chiefs of Staff).
SAPOC Members
Chair: The DepSecDef
Vice-Chair: The USD(AT&L)
Executive Secretary: Director, DoD SAPCO -
General Membership:
- USD(P)
- USD(Comptroller)/Chief Financial Officer, DoD (USD(C)/CFO)
- USD(I)
- Under Secretary of Defense for Personnel and Readiness
- Vice Chairman of the Joint Chiefs of Staff
- Assistant Secretary of Defense for Networks & Information Integration [ASD(NII)]/DoD Chief Information Officer (DoD CIO), General Counsel of the Department of Defense (GC, DoD)
- Director, Cost Assessment and Program Evaluation (DCAPE)
- Under Secretaries for the Departments of the Army, Navy, and Air Force
- Vice Chiefs of Staff of the Army and the Air Force
- Vice Chief of Naval Operations
- Assistant Commandant of the Marine Corps
DoD SAP Central Office
- Communicates SAPOC program concurrence to Congress for approval.
- Develops, coordinates, and publishes policy
-Main point of contact for DoD SAP resources
-Is the DoD SAP legislative liaison
- Ensures “one voice” to Congress
- Director serves as Executive Secretary SAPOC
Director of DoD SAPCO
- Head of the Acquisition SAPCO, the Under Secretary of Defense for Acquisition, Technology, and Logistics.
- Primary point of contact with agencies of the executive branch, Congress, and the DoD components on all issues relating to DoD SAPs.
- This ensures that the DoD speaks to Congress about SAPs using one voice.
Who notifies Congress and when?
When concurrence has been reached by the SAPOC, it is the DoD SAPCO that notifies Congress.
Congressional Committees
- Congress is notified of all approved SAPs
- Not all members of Congress have access to SAP information.
- Only members of the Authorization and Appropriations Committees and their Defense Subcommittees are authorized access to SAPs.
- Appropriate intelligence committees receive notification of approved intelligence SAPs.
Authorization Committees
House Armed Services Committee (HASC)
Senate Armed Services Committee (SASC)
Appropriations Committees
House Appropriations Committee (HAC)
Senate Appropriations Committee (SAC)
Defense Subcommittees of HAC and SAC
Intelligence Committees
House Permanent Select Committee on Intelligence (HPSCI)
Senate Select Committee on Intelligence (SSCI)
Component-Level SAPCO
- Manage and oversee SAPs
- Maintain records and list of SAP facilities
- Responsible for all SAPs under their purview
- Assess the need for a SAP when it is initially identified
- Each DoD component has a Special Access Program Central Office (SAPCO)
- A SAPCO for the Joint Chiefs of Staff coordinates unified commands.
Office of the Secretary of Defense- Level SAPCO
- Oversight authority for the SAP category under their purview
- Established to assist the Deputy Secretary of Defense in overseeing DoD SAPs
- Serves as the oversight authority for a specific category of SAPs: Acquisition, Intelligence, or Operations and Support
- All Acquisition SAPs are assigned to the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD AT&L)
All Intelligence SAPs are assigned to the Office of the Under Secretary of Defense for Intelligence (USDI)
All Operations and Support SAPs are assigned to the Office of the Under Secretary of Defense for Policy (USDP)
Senior Review Group
- Principal working-level body executing the governance process.
- Performs oversight and management of DoD SAPs.
- Unanimous recommendations of the SRG may be forwarded directly to the DepSecDef for decision.
SAPOC
Chair: Deputy Secretary of Defense
Where the formal SAP approval decision is made
DoD SAP Central Office
- Develops, coordinates, and publishes policy
- Is principal DoD point of contact for all SAP resources
- Director serves as Executive Secretary SAPOC
- Is the DoD SAP legislative liaison
- Ensures “one voice” to Congress
SAP Senior Working Group
- Serves as the senior program protection forum to coordinate, deconflict, and integrate special programs
- Addresses SAP policy, oversight, and management
- Provides recommendations to the SR
SAP Audits and Inspections
SAPs are subject to audits from…
- The Federal Acquisition Regulation (FAR)
- The Defense Federal Acquisition Regulation Supplement (DFARS).
- The Defense Contract Management Agency policies.
Audits may be conducted by many entities, including:
- The Government Accountability Office
- The DoD Inspector General
- The Defense Contract Audit Agency
SAPs may be subjected to other audits and inspections, as appropriate.
Oversight and Support Agencies
Defense Contract Audit Agency
Defense Counterintelligence & Security Agency
Defense Logistics Agency
DoD Inspector General
Others include: • National Reconnaissance Office • Missile Defense Agency • National Security Agency • Defense Intelligence Agency
Many of these agencies have staff specifically dedicated to providing support to SAPs.
Different SAPs may receive oversight and support from other agencies, depending on their function and the agencies with which they interact.
It is important to note that the agencies represented here are not the only agencies that provide oversight and support to SAPs
Component-Level SAP Central Office
- Each DoD component has a Special Access Program Central Office (SAPCO)
- Responsible for coordinating and performing oversight of SAPs within their respective components.
- A SAPCO for the Joint Chiefs of Staff coordinates unified commands.
Reciprocity Definition
- Having standard SAP practices that are applied uniformly across all service branches enable individuals to move between SAPs.
- Reciprocity applies to DoD SAPs of the same sensitivity level, as long as the individual has a valid need-to-know and meets all requirements.
- Reciprocity applies to contractor facilities that have been approved for SAP access.
- That is, if a contractor facility has been approved to work on a Navy SAP, that facility does not need to be approved separately in order to work on an Army SAP
Purpose of SAP reciprocity?
Simplify the process and save time and money.
To be eligible for reciprocity
Must have NTK and meet all requirements
What can reciprocity be utilized for?
Personnel Security Clearances
Facility Security Clearances
SAP Access
Administrative Review Process
Inspections
One of three things that will happen to every SAP within the DoD annually
Revalidation
Apportionment
Disestablishment
Requirements for Apportion Phase
A program Quad Chart
A program fact sheet
Indoctrination briefing
An SCG
A written legal review
A PID and nickname.
Annually, what happens to each SAP?
Each year one of three things will happen to every DoD SAP:
- It will be revalidated and continue its work
- It will be apportioned
- It will be transitioned to the Disestablishment phase
Steps in the Disestablishment Phase
- Ensure SAP information and related SAPs are protected
- Disestablishment plan is developed
- A debrief of personnel
- A closeout inspection is conducted.
