Special Access programs Flashcards
What Executive Order defines Special Access Programs?
Executive order 12958
Define Special Access Program
a program established for a specific class of classified information that imposes safeguarding and access requirements exceeding those normally required for information at the same classification level.
SAPs are established only when:
The program is required by statute, or upon the finding
of exceptional vulnerability of, or threat to, specific information, and if the normal criteria
for determining access to information classified at the same level are insufficient
True/False, SAPs use the standardized classification levels?
True
True/False, SAPs require a codeword or nickname?
True
Prior to being identified as Special Access Programs, what term was used (mainly in the 80’s)
Black Program
Name three mis-conceptions about SAPs:
SAPs are used as a means to hide money spent on certain
programs
SAPs are used to avoid taxpayer scrutiny
SAPs lack Congressional oversight
What Black Program investigation led to increased scrutiny over SAPs
Yellow Fruit
What section of the US Code outlines SAP oversight?
Section 119, Title 10
Existing SAPs must report to congress NLT ___________ each year
March 1st
Existing SAP reports to Congress include:
- The estimated total budget requested for the current and next fiscal years
- A brief description of the program, including the numbers of individuals involved
- A brief discussion of the major milestones for the SAP, such as current issues or significant changes
- The actual cost of the program for each previous fiscal year
New/Proposed SAPs must report to congress NLT ___________ each year
February 1st
New/Proposed SAP reports to Congress include:
- Notice of the designation of the program as a SAP and the justification for such designation
- The current estimate of the total cost for the program
- Identification of existing programs or technologies that are similar to the new SAP’s technology or mission
What communicates how a SAP is acknowledged and protected?
the Protection Level
Two types of SAP protection levels
Acknowledged, Unacknowledged
True/False. SECDEF can waive Congressional reporting requirements?
True
Name the three SAP categories
Acquisition, Intelligence, Operations and Support
Name the phases of the SAP lifecycle
Exploration, Establishment, Maintenance, Disestablishment
During what phase is a SAP referred to as a “prospective SAP?
Establishment
Programs generally cannot be designated a P-SAP for more than ______ months
six
Who approves a SAP (big government, not just DoD)?
Unless otherwise directed by the President of the United States, only the Secretaries of State, Defense, Energy, Homeland Security, and the Director of National Intelligence - or their principal deputies - are authorized to approve SAPs.
When does a SAP move into the maintenance phase?
Once it has been approved
Each year, one of three things will happen to every DoD SAP. Name these three things.
the SAP will revalidate and continue its work, restructure, or transition to the disestablishment phase
Within the DoD, who approves all SAPs
Deputy Secretary of Defense
True/False. Industry can initiate the need for a SAP?
True
SAP Approval Packages are sent where?
Special Access Program Oversight Committee (SAPOC)
The component level organization with SAP oversight responsibility
Special Access Program Coordination
Office (SAPCO)
Acquisition SAPs are assigned to
The Office of the Under Secretary of Defense for
Acquisition, Technology, and Logistics
Intelligence SAPs are assigned to
The Office of the Under Secretary of Defense for Intelligence
Operations and support SAPs are assigned to
The Office of the Under Secretary of Defense for Policy
Senior executive service-level working group that is
responsible for ensuring SAPs aren’t duplicated across the various SAP categories
Senior Review Group (SRG)
True/False. Members of the SAPOC have access to all DoD-Approved SAPs?
True
Who is the lead for the DoD SAPCO?
Under Secretary of Defense for Acquisition, Technology, and Logistics
When a SAP is approved by the SAPOC, it is the ____________ that notifies Congress
DoD SAPCO
Congressional members of the __________________ have access to SAPs
Authorization and Appropriations Committees and their Defense Subcommittees
Name the three Appropriations Committees
- House Armed Services Committee (HASC)
- Senate Armed Services Committee (SASC)
Name the two Intelligence Committees
- House Permanent Select Committee on Intelligence (HPSCI)
- Senate Select Committee on Intelligence (SSCI)
Component level organization that maintains records and list of SAP facilities
Special Access Program Central Offices (SAPCO)
Chaired by the Deputy Secretary of Defense and formally approves SAPs
Special Access Program Oversight
Committee (SAPOC)
Ensures “one voice” to congress in regards to SAPs
DoD SAP Central Office
True/False. A SAP can have multiple Program Security Officers?
False
True/False. a SAP can have multiple Government SAP Security Officers?
True
Duties of the GSSO (15)
- Ensure adequate secure storage and workspace
- Ensure strict adherence to NISPOM/NISPOMSUP/Overprint
- When required, establish and oversee a classified material control program for each SAP
- When required, conduct annual inventory of accountable classified material
- When required, establish a Special Access Program Facility (SAPF)
- Establish and oversee the visitor control program
- Monitor reproduction and /or duplication and destruction capability of SAP information
- Ensure adherence to special communications requirements and procedures within the Special Access Program Facility (SAPF)
- Provide initial program indoctrination of employees after access approval; rebrief and debrief as required
- Establish and oversee specialized procedures for transmission of SAP material to and from program elements
- When required, ensure contractually specific security requirements such as: TEMPEST, automated information system (AIS), Operations Security (OPSEC), etc. are accomplished
- Establish security training and briefings specifically tailored to the unique requirements of the SAP
What does CPSO stand for?
Contractor Program Security Officer
Executive Order 12958 directs the
__________________ under the direction of the National Archives, to develop implementing guidance.
the Information Security Oversight Office (ISOO)
ISOO Directive No. 1, Classified National Security Information
Sets forth more specific guidance to agencies on the implementation of the Executive Order
The ___________ provides standardized
guidance for the SAP community and while it is utilized by the Air Force, Army, and Navy, it is not the DoD policy.
Joint Air Force-Army-Navy (JAFAN) Manual 6/0
Outlines policy and responsibilities on the oversight and management of all DoD SAPs.
DoD Directive 5205.07, DoD Special Access Program Policy
Implementing document for the 5205.07. It disseminates policy, assigns responsibilities, and prescribes procedures for implementation and use in the management, administration, and oversight of all DoD SAPs.
DoDI O-5205.11
Should conditions or unforeseen factors render full compliance with the JAFAN 6/0 Revision 1 standards unreasonable, the PSO may apply equivalent protections, rather than following the exact wording of the JAFAN 6/0, as long as ___________________________
Approval has been sought from the component SAPCO
Establishes the standard procedures and requirements
for all government contractors, with regard to classified information (baseline doc plus added guidance)
NISPOM, NISPOM supplement, and DoD Overprint
Having standard SAP practices that are applied uniformly across all service branches to enable individuals to move between SAPs is known as:
reciprocity
Executive Order 12958, as amended:
Classified National Security Information
- Is the foundation of national policy for classified
information - Directs the Information Security Oversight Office
(ISOO) to develop implementing guidance
Information Security Oversight Office (ISOO) Directive No. 1: Classified National Security Information
- Sets forth more specific guidance to agencies on
the implementation of the Executive Order 12958,
as amended
Section 119, Title 10 United States
Code: Special Access Programs
Congressional Oversight
- Outlines SAP oversight and reporting requirements
Revision 1 Department of Defense Overprint to the National Industrial Security Program Operating Manual
(NISPOM) Supplement
- Provides additional guidance and applies the DoD’s rules
- Applies to all personnel with access to DoD Special Access Programs (SAPs), regardless of government or industry employment or agency affiliation
Joint Air Force-Army-Navy (JAFAN) Manual 6/0: Special Access Program Security Manual
- Provides standardized guidance for the Special Access Program (SAP) community
- Is utilized by the Air Force, Army, and Navy, but it is not the DoD policy
- Other agencies have also adopted and utilize the JAFAN 6/0
DoD Directive 5205.07: DoD Special Access Program Policy
Outlines policy and responsibilities on the
oversight and management of all DoD Special
Access Programs (SAPs)
DoDI O-5205.11, Management, Administration, and Oversight of DoD Special Access Programs
- Is the implementing document for DoD Directive 5205.07
- Disseminates policy, assigns responsibilities, and prescribes procedures for implementation and use in the management, administration, and oversight of all DoD SAPs
DoDI O-5205.11, Management, Administration, and Oversight of DoD Special Access Programs
- Is the implementing document for DoD Directive 5205.07
- Disseminates policy, assigns responsibilities, and prescribes procedures for implementation and use in the management, administration, and oversight of all DoD SAPs
