A Special Access Program (SAP) is established to control access, distribution, and provide protection for sensitive classified information beyond that normally required. This is a high state of enforced need-to-know, and only a minimum number of cleared employees are given access to SAP information.  For example, those with SAP access have clearances at the SECRET and TOP SECRET levels. Conversely, not all those cleared for SECRET and TOP SECRET have access to SAP information.

An authority grants access to SAPs based on need-to-know and eligibility for SECRET, TOP SECRET or SCI security clearances. What makes SAP access unique is the need-to-know.  To better understand the concept, consider school clubs. Schools provide opportunities for exceptional students to join any number of available clubs including running, robotics, chess, and debate. Though these clubs are unique in themselves, they have one determining and similar qualification: membership is open only to those enrolled in the particular school.

Not all children can attend the school of their choice. Instead, they must meet fundamental requirements such as, be zoned for that school, pass tests and continue to be promoted to the next grade. Once vetted, student body members are eligible for invitation into a club meeting their skills and qualifications. It isn’t until someone approves their entry into an organization above and beyond the school’s primary function that they obtain that access.

These students are then scouted for certain abilities based on records already established from enrollment into the school system. After meeting some simple pre-requisites, they become part of the club and have access to meetings, events and projects occurring during normally-scheduled class time.

Similarly, the National Industrial Security Program Operating Manual states that SAP access is a determination made by the granting authority (club sponsor).  In other words, all employees cleared to the SECRET and TOP SECRET levels are fundamentally eligible for SAP access.  All they need is an invitation by someone who has determined their need-to-know.

Suitability and loyalty are the most predominant criteria – and for good reason. Those with SAP access are entrusted with protecting highly sensitive information. So, candidates who are proven suitable and loyal are then:

  1. Nominated by someone with need to know;
  2. In possession of or processed for a SECRET or TOP SECRET CLEARANCE with investigation completed within the last 5 years;
  3. Awarded a favorable clearance adjudication based on the current Standard Form 86 (SF-86), “Questionnaire for National Security Positions” submitted for within the past 12 months. If the SF-86 is older than 12 months, it can either be updated using the original form or a current SF 86C, “Standard Form 86 Certification”; (Sometimes a pen and ink change is sufficient, so keep those completed SF 86s in a safe place. You may need them again.)
  4. Setup to take a random CI-scope polygraph examination, if required;
  5. Required to sign a DoD-approved SAP program indoctrination and non-disclosure agreement. This agreement ensures the applicant:
  • Accepts all obligations of protecting classified information;
  • Acknowledges receipt of security indoctrination. The indoctrination hi-lights obligations and future obligations and enforcing access and need to    know;
  • Is advised of implications to national security in the event of unauthorized disclosure, unauthorized retention, or negligent handling of SAP information to those without access and need to know;
  • Submits all writings for security review if they contain any SAP information or descriptions of activities related to SAP information. If the case, then the US Government responds to submission of material within a reasonable time, not to exceed 30 working days from date of receipt;
  • Understands that personal repercussions for breaches of the agreement can result in termination of access, removal from a position of special confidence and trust and that the United States has the right to prosecute for any statutory violation;
  • Accepts that all information based on access will remain the property of the United States Government; and
  • Understands that all conditions and obligations imposed by the Agreement apply when access is granted and for all time afterward.

So, what about those without a clearance? If an uncleared employee possesses skills that can be useful on a SAP, they can be provided access. This begins with the successful adjudication of a clearance based on the described background investigation. This is completely up to the granting authority. Additionally, it is possible for cleared employees with interim clearances and even foreign nationals to be granted SAP access based on the needs of the program and the granting authority.

The SAP access determination isn’t very hard to understand if you keep it in perspective. There are no additional investigations needed beyond what is required for SECRET, TOP SECRET and Sensitive Compartmented Information. This is the result of reciprocal investigation requirements established by executive orders.  Once cleared, a validated need to know is the final requirement.

Just keep the example of the school club in mind. Not everyone in school can become part of the club. Though only those attending that school are eligible, not all students can become members. Membership is open only those who have expressed aptitude and interest, then they are vetted to the organization. Similarly, to have access to SAP information a candidate must have an investigation adjudicated for SECRET and TOP SECRET clearances. But not all employees cleared to those levels will have access, only those who are invited and allowed by the granting authority.

Related News

Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP is a podcaster, consultant and author of NISPOM, security, and risk management topics. Jeff's first book was a study guide for security certification. Soon after, Jeff began writing other security books and courses, and started his company Red Bike Publishing, LLC. You can find his books, ITAR, NISPOM, PodCast and more @ www.redbikepublishing.com.