Army Regulation 380–381

Security

Special Access
Programs
(SAPs)

Headquarters
Department of the Army
Washington, DC
12 October 1998

UNCLASSIFIED
SUMMARY of CHANGE
AR 380–381
Special Access Programs (SAPs)

This regulation--

o Contains extensive new and updated information on establishing, maintaining,

supporting, and disestablishing Special Access Programs (SAPs).

o Implements applicable portions of Department of Defense Directive 5205.7.

Headquarters *Army Regulation 380–381
Department of the Army
Washington, DC
12 October 1998 Effective 13 November 1998

Security

Special Access Programs (SAPs)

(SAPs). This regulation implements applica- regulation and establishment of command

ble parts of Department of Defense Directive and local forms are prohibited without prior
5205.7. approval of the Secretary of the Army.
Applicability. This regulation applies to Suggested Improvements. Users are in-
units and activities of the Active Army, vited to send comments and suggested im-
Army National Guard of the United States, provements on DA Form 2028
and the U.S. Army Reserve. It also applies to (Recommended Changes to Publications and
Army or joint program contractors and con- Blank Forms) to Chief, Technology Manage-
sultants when contract performance depends ment Office (DACS–DMP), 200 Army Pen-
on access to a SAP. tagon, Washington, DC 20310–0200.
Proponent and exception authority.
Committee Continuance Approval. The
The proponent of this regulation is the Chief
DA Committee Management Officer concurs
of Staff, Army (CSA). The proponent has the
authority to approve exceptions to this regu- in the continuance of the Special Access Pro-
lation that are consistent with controlling law gram Oversight Committee, the Fix-It Com-
and regulation. Proponents may delegate the mittee, and the SAP Program Performance
approval authority, in writing, to a division and Budget Execution Review System Com-
History. This publication is a revision of AR mittee established by AR 380–381.
chief within the proponent agency in the
380–381, dated 4 December 1992.
grade of colonel or the civilian equivalent. Distribution. Distribution of this publica-
Summary. This regulation sets forth the im- Army management control process. tion is made in accordance with Initial Distri-
plementing instructions and procedures for This regulation contains management control bution Number (IDN) 091030 for command
establishing, maintaining, supporting, and provisions and identifies key management levels D and E, for the Active Army, Army
disestablishing Special Access Programs controls that must be evaluated. National Guard of the U.S., and U.S. Army
Supplementation. Supplementation of this Reserve.

Contents (Listed by paragraph and page number) The Vice Chief of Staff, Army • 2–12, page 2
The Deputy Chief of Staff for Personnel • 2–13, page 2
Chapter 1 The Deputy Chief of Staff for Intelligence • 2–14, page 2
Introduction, page 1 The Deputy Chief of Staff for Operations and Plans • 2–15,
Purpose • 1–1, page 1 page 2
References • 1–2, page 1 The Deputy Chief of Staff for Logistics • 2–16, page 2
Explanation of abbreviations and terms • 1–3, page 1 Chief of Engineers • 2–17, page 2
Restrictions on using Special Access Programs • 1–4, page 1 The Judge Advocate General • 2–18, page 2
Chief of Legislative Liaison • 2–19, page 2
Chapter 2 Director, Program Analysis and Evaluation Directorate • 2–20,
Responsibilities, page 1 page 2
The Secretary of the Army • 2–1, page 1 Chief, Technology Management Office • 2–21, page 3
The Under Secretary of the Army • 2–2, page 1 Commanding General, U.S. Army Training and Doctrine Command
The Assistant Secretary of the Army (Research, Development, and • 2–22, page 3
Acquisition) • 2–3, page 1 Commanding General, U.S. Army Materiel Command • 2–23,
The Assistant Secretary of the Army (Manpower and Reserve page 3
Affairs) • 2–4, page 1 Commanding General, Forces Command • 2–24, page 3
The Assistant Secretary of the Army (Financial Management and Commanding General, U.S. Army Space and Missile Defense
Comptroller) • 2–5, page 1 Command • 2–25, page 3
The Director of Information Systems for Command, Control, Commanding General, U.S. Army Intelligence and Security
Communications, and Computers • 2–6, page 1 Command • 2–26, page 3
The General Counsel • 2–7, page 2 Commanding General, U.S. Army Criminal Investigation
The Inspector General • 2–8, page 2 Command • 2–27, page 3
The Auditor General • 2–9, page 2 Department of the Army Staff • 2–28, page 3
Chief of Public Affairs • 2–10, page 2 Major Army Commands and program executive officers • 2–29,
The Chief of Staff, Army • 2–11, page 2 page 3

*This regulation supersedes AR 380–381, dated 4 December 1992.

AR 380–381 • 12 October 1998 i

UNCLASSIFIED
Contents—Continued

Program/Project/Product Managers of SAPs • 2–30, page 4 Annual SAP reports • 9–5, page 18
Sensitive Records and Information Agency • 2–31, page 4
Defense Security Service • 2–32, page 4 Appendixes
A. References, page 19
Chapter 3
Special Access Program Design, page 4 B. Establishment, page 20
Purpose • 3–1, page 4
C. Management Control Evaluation Checklist, page 21
SAP types • 3–2, page 4
SAP categories • 3–3, page 4 D. Format for SAPOC Briefing, page 22
E. Guidance on Preparing the Standard SAPOC Slide (QUAD
Chapter 4
Chart), page 29
SAP Life Cycle, page 4
Establishment phase • 4–1, page 5 F. Disestablishment Concept Plan, page 30
Maintenance Phase • 4–2, page 5
G. Disestablishment Certification Checklist, page 30
Disestablishment • 4–3, page 7
Joint SAP Management • 4–4, page 8 H. Program Performance and Budget Execution Review System
Charts, page 31
Chapter 5
I. Reprogramming Request Format, page 34
SAP Security, page 8
Programs ineligible for SAP security • 5–1, page 8 J. Fix-It Status Sheets, page 35
Physical security • 5–2, page 8
K. Format for Information Systems Requirements Package,
Document/information security • 5–3, page 9
page 36
Personnel security • 5–4, page 10
Technical security • 5–5, page 10 L. Format for Information Management Support Plan, page 36
Treaties • 5–6, page 10
Technology Transfer/Foreign Disclosure • 5–7, page 11 Table List
Program security plan • 5–8, page 11
Security incidents involving SAP information • 5–9, page 12 Table 5–1: SAP security matrix, page 12
Table B–1: SAP establishment timeline, page 20
Chapter 6
Access Control, page 13 Figure List
Validation of access requirements • 6–1, page 13
Access levels • 6–2, page 13 Figure D–1: Program description, page 22
Billet structure • 6–3, page 14 Figure D–2: Justification for SAP category, page 23
Rosters • 6–4, page 14 Figure D–3: Relationship to other programs, page 23
Request for access • 6–5, page 14 Figure D–4: Foreign targets and technology, page 24
Indoctrination • 6–6, page 14 Figure D–5: External threat assessment, page 24
Termination • 6–7, page 15 Figure D–6: Security assessment, page 25
Billet structure management system • 6–8, page 15 Figure D–7: Access status, page 25
Figure D–8: Milestone chart, page 26
Chapter 7 Figure D–9: Funding profile, page 26
Industrial Security, page 15 Figure D–10: Manpower profile, page 27
Defense contractors • 7–1, page 15 Figure D–11: Contracting, page 27
National Industrial Security Program • 7–2, page 15 Figure D–12: SAP inspections and audits, page 28
Contractor Personnel Security • 7–3, page 15 Figure D–13: Issues/problems, page 28
Physical Security • 7–4, page 15 Figure D–14: Decision sought, page 29
Industrial Security Inspections • 7–5, page 15 Figure E–1: Quad chart, page 30
Contract Management • 7–6, page 16 Figure H–1: RDTE PPBERS chart (example), page 32
Security infractions, violations, and compromises at contractor Figure H–2: OMA PPBERS chart (example), page 33
facilities • 7–7, page 16 Figure I–1: Sample reprogramming request, page 34
Contract security requirements • 7–8, page 16 Figure J–1: Sample Fix-It Status Sheet, page 35

Chapter 8 Glossary
Information Mission Area, page 16
General • 8–1, page 16 Index
Information Systems Requirements Package • 8–2, page 17
Information Management Support Plan • 8–3, page 17
Accreditation • 8–4, page 17
System Maintenance • 8–5, page 17
Information Management support • 8–6, page 17
Records management • 8–7, page 17

Chapter 9
Funding, page 18
SAP funding • 9–1, page 18
Establishment phase • 9–2, page 18
Maintenance phase • 9–3, page 18
Disestablishment • 9–4, page 18

ii AR 380–381 • 12 October 1998

Chapter 1 2–3. The Assistant Secretary of the Army (Research,
Introduction Development, and Acquisition)
The Assistant Secretary of the Army (Research, Development, and
1–1. Purpose Acquisition (ASA(RDA)) will—
This regulation sets forth the implementing instructions and proce- a. Serve as the Army Acquisition Executive for all Army pro-
dures for establishing, maintaining, supporting, and disestablishing grams, including SAPs, and as the principal assistant to the SA for
Army Special Access Programs (SAPs). matters relating to Acquisition SAPs (AQ–SAP).
b. Ensure a single subordinate commander of a major Army com-
1–2. References mand (MACOM) or program executive officer (PEO) is responsible
Required and related publications and referenced forms are listed in for each AQ–SAP throughout its life cycle.
appendix A. c. Conduct periodic reviews of secure environment contracting
conducted in support of SAPs.
1–3. Explanation of abbreviations and terms d. Ensure SAP protection and procedures for procurement and
Abbreviations and special terms used in this regulation are ex-
fielding of systems, components, and modifications are developed
plained in the Glossary.
and acquired under SAP provisions.
1–4. Restrictions on using Special Access Programs e. Coordinate with the Office of the Deputy Chief of Staff for
a. Only approved Prospective Special Access Programs (PSAPs) Intelligence (ODCSINT) on issues concerning technology transfer.
and SAPs may use the extraordinary security measures outlined in f. Coordinate within Army and other DOD components to elimi-
this regulation. nate duplication of effort and ensure consistent security classifica-
b. Proponents of acquisition, intelligence, or operations and sup- tion for similar technologies.
port activities who identify a particularly sensitive piece of informa- g. Coordinate technical review of PSAPs.
tion that they believe merits SAP protection should report this h. Evaluate proposed acquisition strategies and plans for Army
information through the chain of command for a security policy SAPs.
review. If a determination is made that the information warrants i. Coordinate with Office of the Deputy Chief of Staff for Logis-
SAP controls, the Major Army Command (MACOM)/Program Ex- tics (ODCSLOG) to integrate logistics support and property ac-
ecutive Office (PEO) reports this to Chief, Technology Management countability considerations into AQ–SAP efforts and products.
Office (TMO), who coordinates a security review at HQDA. Some
2–4. The Assistant Secretary of the Army (Manpower and
examples of potential SAPs are—
Reserve Affairs)
(1) A specific technology with potential for weaponization that The Assistant Secretary of the Army (Manpower and Reserve Af-
gives the United States a significant technical lead or tactical advan- fairs) (ASA(M&RA)) will—
tage over potential adversaries. a. Review and assist in developing policy regarding personnel
(2) Sensitive technology that is especially vulnerable to foreign and personnel security support to SAPs.
intelligence exploitation without special protection. b. Provide guidance concerning the documentation process to en-
(3) An emerging technology, proposed operation, or intelligence sure that Tables of Distribution of Allowances accurately reflect
activity risking the compromise of other SAPs. Army requirements consistent with approved SAP missions and the
(4) Exposure of sensitive activities that could jeopardize the lives Army Authorization Document.
of U.S. citizens. c. Evaluate and approve requests for special pays, as appropriate,
(5) A capability that is so unique or sensitive that it requires in support of SAP missions.
protection beyond normal procedures. d. In coordination with the ASA(FM&C), assist in establishing
(6) An extremely sensitive activity requiring special protection guidance to ensure proper control and accountability of financial
from disclosure to prevent significant damage to national security or data pertaining to Army personnel assigned to SAPs.
the reputation or interests of the United States.
(7) Methods used to acquire foreign technology or equipment. 2–5. The Assistant Secretary of the Army (Financial
(8) Sensitive support to DOD and non-DOD agencies. Management and Comptroller)
c. In compliance with DOD policy, HQDA and its subordinate The Assistant Secretary of the Army (Financial Management and
units and activities will not establish, disestablish, implement, fund, Comptroller) (ASA(FM&C)) will—
categorize, create carve-out status, or change the mission or scope of a. Provide financial and budget policy and guidance for SAPs.
a SAP without written approval of the Deputy Secretary of Defense b. Provide liaison with Congress for SAP budgets.
(DEPSECDEF). c. Coordinate with Defense Finance and Accounting (DFAS) to
ensure DFAS provides a secure finance and accounting network to
process sensitive financial transactions.
d. Provide financial quality assurance oversight through the Spe-
Chapter 2 cial Review Office (SRO).
Responsibilities e. Coordinate the Army’s Budget Estimate Submission for SAPs
with OSD.
2–1. The Secretary of the Army
The Secretary of the Army (SA) has overall responsibility for SAPs 2–6. The Director of Information Systems for Command,
within the Department of the Army. The SA will— Control, Communications, and Computers
a. Make recommendations to the DEPSECDEF concerning the The Director of Information Systems for Command, Control, Com-
establishment, disestablishment, categorization, carve-out status, and munications, and Computers (DISC4) will—
changes of mission and scope of Army SAPs. a. Coordinate information systems support for SAPs.
b. Ensure adequate oversight of Army SAPs. b. Assist TMO in developing information systems policy for
c. Delegate, at SA discretion, management of Army SAPs. SAPs.
c. Validate and approve Information System Support Plans
2–2. The Under Secretary of the Army (ISSPs).
The Under Secretary of the Army (USA) will— d. Through USACECOM Technology Applications Office
a. Approve SAP reprogramming actions. (TAO):
b. Serve as co-chairman of the SAP Program Performance and (1) Provide information management support in preparing Infor-
Budget Execution Review System (PPBERS). mation Systems Requirements Packages (ISRPs) and Information
Management Support Plans (IMSPs).

AR 380–381 • 12 October 1998 1

 (2) Provide technical advice and support in preparing ISRPs and MACOMs and program managers to SAPs and present these to the
IMSPs. Working SAPOC for inclusion in the SAPOC revalidation briefing.
e. Advise the SAPOC on whether a program or activity warrants
2–7. The General Counsel SAP protection.
The General Counsel (GC) will— f. Review SAP security plans and guides for accuracy and
a. Review Army SAPs and prospective Army SAPs for legality completeness.
and propriety before submission to OSD. g. Provide input as requested to Office of the Deputy Under
b. Advise the SA on legal and policy issues. Secretary of Defense for Policy (Policy Support) (ODUSD(P)(PS))
c. Conduct policy reviews. concerning Army SAP security classification guides.
h. Coordinate intelligence property issues for Army SAPs with
2–8. The Inspector General DCSLOG.
The Inspector General (TIG) will— i. Coordinate policy for polygraph support to Army SAPs.
a. Evaluate managerial procedures and practices pertaining to j. Review and approve disclosure of official Army information
operations, personnel, materiel, funding, secure environment, con- (classified and unclassified) for release to foreign governments and
tracting, and security of SAPs. international agencies. Coordinate with TMO and Director for Spe-
b. Identify issues, situations, or circumstances that affect SAP cial Programs, Office of the Under Secretary of Defense for Policy
mission performance. (Policy Support)(OTUSD(P)(PS)) for release of information and
c. Provide a secure system for program personnel to report fraud, technology identified by SAP proponents for release to foreign gov-
waste, and abuse without fear of reprisal or unnecessary disclosure ernments and international agencies.
of information.
d. Conduct non-criminal investigations as directed by the Vice 2–15. The Deputy Chief of Staff for Operations and Plans
Chief of Staff, Army. The Deputy Chief of Staff for Operations and Plans (DSCOPS)
e. Inspect Army SAPs and Army involvement in non-Army will—
SAPs. a. Oversee Operations and Support SAPs (OS–SAPs) and serve
f. Develop and coordinate an annual inspection plan with TMO, as the ARSTAF proponent.
other inspection/audit agencies, MACOMs, and PEOs. b. Provide policy guidance and standards for operations security
(OPSEC) measures appropriate for Army SAPs.
2–9. The Auditor General c. Develop Army policy and guidance for materiel requirements
The Auditor General (TAG) will— for SAPs.
a. Maintain auditors with appropriate clearance and access to d. Establish and validate Army acquisition priorities for SAPs.
perform audits of SAPs. e. Coordinate and approve manpower requirements, allocate man-
b. Coordinate with TMO when performing audits of SAPs. power resources, and prepare tables of distribution and allowances
(TDA) documents for SAPs.
2–10. Chief of Public Affairs f. Conduct manpower and workload validations of SAPs to sup-
The Chief of Public Affairs (PA) will— port HQDA and PEO/PMs.
a. Staff media queries on SAPs and provide releasable g. Task U.S. Army Force Management Support Agency
information. (USAFMSA) to provide necessary support and analysis of SAP
b. Provide public affairs guidance on SAP matters. manpower requirements.

2–11. The Chief of Staff, Army 2–16. The Deputy Chief of Staff for Logistics
The Chief of Staff, Army (CSA) will develop, coordinate, review, The Deputy Chief of Staff for Logistics (DCSLOG) will—
and conduct oversight of all Army SAPs. a. Integrate logistics support for all Army materiel development
or acquisition for SAPs.
2–12. The Vice Chief of Staff, Army b. Provide policy guidance on property accountability and logis-
The Vice Chief of Staff, Army (VCSA) will— tics support for SAPs.
a. Review SAPs through the Special Access Program Oversight
Committee (SAPOC) and serve as chairman of the SAPOC. 2–17. Chief of Engineers
b. Serve as the chairman of the Executive Fix-It Committee. The Chief of Engineers (COE) will provide secure architectural-
c. Serve as the co-chairman of the SAP PPBERS. engineering, construction, real estate, and contracting support to
d. Provide guidance and direction to Chief, TMO. SAPs as required.

2–13. The Deputy Chief of Staff for Personnel 2–18. The Judge Advocate General
The Judge Advocate General (TJAG) will provide legal and policy
The Deputy Chief of Staff for Personnel (DCSPER) will—
advice on SAP matters to CSA and the ARSTAF.
a. Provide policy on SAP personnel matters.
b. Coordinate with ODCSOPS to establish procedures ensuring 2–19. Chief of Legislative Liaison
MACOM SAPs properly use allocated personnel spaces to resource The Chief of Legislative Liaison (CLL) will—
the SAPs. a. Coordinate congressional briefings on Army SAPs.
c. Ensure that the U.S. Army Total Personnel Command b. Provide required reports to selected congressional committees
(PERSCOM) coordinates designated DA approved personnel assign- on Army SAPs.
ment actions for SAPs. c. Assist TMO in updating clearance information for individuals
in Congress accessed to Army SAPs.
2–14. The Deputy Chief of Staff for Intelligence d. Assist TMO in verifying access of individuals in Congress.
The Deputy Chief of Staff for Intelligence (DCSINT) will—
a. Oversee Army Intelligence SAPs (IN–SAPs) and serve as IN- 2–20. Director, Program Analysis and Evaluation
–SAP Army Staff (ARSTAF) proponent. Directorate
b. Establish security, counterintelligence, and intelligence policy The Director, Program Analysis and Evaluation Directorate (PAED),
for SAPs. will—
c. Coordinate necessary counterintelligence support for the exe- a. Ensure that SAPs compete with other Army programs for
cution of Army SAPs. resources in the Program Objective Memorandum (POM) develop-
d. Provide OPSEC and threat assessments for responsible ment process.

2 AR 380–381 • 12 October 1998

 b. Coordinate with the ARSTAF and TMO to develop SAP pro- identification and protection of potential R&D breakthroughs within
gram funding profiles and provide copies of approved profiles to the USASMDC that may warrant SAP protection and coordinate
TMO. potential release of SAR information through DA DCSINT to
c. Provide program analyses for reprogramming actions. SARD–SO and TMO prior to initiating or engaging in preliminary
d. Coordinate SAP POM during the program review process with discussions with a foreign government or international organization.
OSD. DA DCSINT will coordinate, as required, with Director for Special
Programs, OTUSD(P)(PS), prior to any release.
2–21. Chief, Technology Management Office
The Chief, Technology Management Office (TMO), will— 2–26. Commanding General, U.S. Army Intelligence and
a. Serve as the Army primary point of contact for the manage- Security Command
ment and oversight of Army and Army-supported SAPs. The Commanding General, U.S. Army Intelligence and Security
b. Establish policy for the management of SAPs. Command (CG, USAINSCOM), will—
c. Coordinate establishment, maintenance, and disestablishment a. Institute procedures to ensure early identification and protec-
of SAPs. tion of sensitive intelligence activities that may warrant SAP
d. Act as the approval authority for establishment and dises- protection.
tablishment of Army PSAPs. b. Provide dedicated counterintelligence, security, and OPSEC
e. Approve the creation or closure of SAP subcompartments support to commanders, program managers, or heads of DA activi-
when there is no change to the categorization, carve-out status, ties having proponency for Army SAPs or Army supported SAPs.
mission, or scope of the parent SAP. In cases where creation or This support includes counterintelligence (CI) assessments of Army
closure of a subcompartment will change the mission or scope of SAPs, PSAPs and contractor facilities involved in Army SAP
the parent SAP, Chief, TMO will submit the action through SA to contracts.
the Deputy Secretary of Defense for approval. c. Provide DCSINT with counterintelligence assessments of the
f. Serve as the Executive Secretary for the SAPOC, SAP threat posed to SAPs by Foreign Intelligence Services (FIS) and
PPBERS, and Fix-It committees. technology assessments of foreign research and development efforts
g. Provide quarterly update reviews to the senior Army related to SAP technologies. Coordinate with DCSINT to provide
leadership. this information to organizations and installations supporting SAPs.
h. Assist CLL in coordinating congressional SAP access briefings d. Provide to DCSINT an annual counterintelligence (CI) evalua-
and congressional notifications. tion of the OPSEC and security posture of Army SAPs and Army-
i. Monitor budget and financing associated with SAPs. supported SAPs.
j. Review SAPs for compliance with authorizations, legal con- e. Manage and execute the Army polygraph program in support
straints, funding, and continued enhanced security measures. of SAPs.
k. Serve as the POC for Army sensitive support to DOD and non- f. Provide technical surveillance countermeasures (TSCM), TEM-
DOD agencies. PEST, ADP security and counter-SIGINT support to SAPs.
l. Maintain a registry of Army involvement in SAPs and sensitive g. Conduct security reviews of SAP disestablishment actions, se-
activities. curity plans, and CI support plans.
m. Maintain the Army baseline billet roster.
n. Coordinate indoctrination of ARSTAF principals to Army 2–27. Commanding General, U.S. Army Criminal
SAPs. Investigation Command
o. Direct the Sensitive Records and Information Agency (SRIA). The Commanding General, U.S. Army Criminal Investigation Com-
mand (CG, USACIC), will—
2–22. Commanding General, U.S. Army Training and a. Maintain criminal investigators with appropriate clearances
Doctrine Command and access to conduct investigations of criminal activity in or di-
The Commanding General, U.S. Army Training and Doctrine Com- rected against SAPs.
mand (CG, TRADOC), will— b. Maintain effective liaison, through individuals well acquainted
a. Institute procedures to ensure early identification and protec- with special access procedures, with TMO to ensure quick response
tion of combat developments, concepts, and systems with SAP to investigative requirements.
potential. c. Conduct criminal investigations in all instances of suspected
b. Identify support requirements for SAP–developed products de- criminal activity in or directed against Army SAPs in accordance
ployed to the field. with applicable Federal statutes, DOD Directive 5205.7, DOD In-
struction 5505.2 and AR 195–2.
2–23. Commanding General, U.S. Army Materiel
d. Conduct periodic economic crime threat assessments.
Command
Commanding General, U.S. Army Materiel Command (CG, AMC), e. Coordinate with TMO to conduct crime prevention surveys on
will— SAPs.
a. Institute procedures to ensure early identification and protec-
2–28. Department of the Army Staff
tion of potential research and development (R&D) breakthroughs The ARSTAF sections having SAP proponency or support require-
that may warrant SAP protection. ments for SAPs will—
b. Conduct appropriate technology feasibility reviews of AMC
a. Designate a central point of contact for SAPs.
SAPs.
b. Provide appropriate staff oversight for the planning, program-
c. Provide support and oversight for AMC SAPs.
ming, budgeting, and execution of SAPs.
2–24. Commanding General, Forces Command c. Act as SAP managers when appointed to do so.
The Commanding General, Forces Command (CG, FORSCOM),
will institute procedures to ensure early identification and protection 2–29. Major Army Commands and program executive
of activities, operational concepts, and combat developments requir- officers
ing SAP status. The MACOMS and program executive officers (PEOs) who super-
vise managers of SAPs will—
2–25. Commanding General, U.S. Army Space and Missile a. Assist program managers in managing their programs.
Defense Command b. Establish internal inspection programs for SAPs.
The Commanding General, U.S. Army Space and Missile Defense c. Conduct periodic property reviews to validate new require-
Command (USASMDC), will institute procedures to ensure early ments and document materiel assets in support of SAPs.

AR 380–381 • 12 October 1998 3

 d. Coordinate with ARSTAF proponents and DCSINT for SAP Chapter 3
intelligence, counterintelligence, and threat assessments. Special Access Program Design
e. Ensure that all SAPs are incorporated into the Internal Review
and Audit Compliance (IRAC) program as described in chapter 4. 3–1. Purpose
f. Coordinate potential release of SAR information through DA a. Special Access Program. A SAP is a security program estab-
DCSINT to SARD–SO and TMO prior to initiating or engaging in lished under the provisions of Executive Order (EO) 12958 and
preliminary discussions with a foreign government or international approved by the DEPSECDEF to apply extraordinary security meas-
organization. DA DCSINT will coordinate with Director for Special ures to protect extremely sensitive information. SAP status is de-
Programs, OTUSD(P)(PS), prior to any release. fined by DOD Directive 5200.1R.
g. Coordinate with USAFMSA for manpower support for TDA b. Prospective Special Access Program. A PSAP is an interim
documentation. security program to apply extraordinary security measures to protect
extremely sensitive information pending approval of SAP status by
the DEPSECDEF. Chief, TMO approves PSAP status for Army
2–30. Program/Project/Product Managers of SAPs
programs.
In addition to the duties and responsibilities normally incumbent on
managers and those delineated by law and regulation, Program/ 3–2. SAP types
Project/Product Managers (PMs) of SAPs will— DOD recognizes three types of SAPs: Acquisition (AQ–SAP), Intel-
a. Maintain essential SAP information including establishment, ligence (IN–SAP) and Operations and Support (OS–SAP). Within
documentation, security plans, access rosters, and security inspec- the Army, ASA(RDA) is the proponent for AQ–SAPs, DCSINT for
tion records. IN–SAPs, and DCSOPS for OS–SAPs.
b. Plan, prepare, and implement security and OPSEC programs a. AQ–SAPs protect sensitive research, development, test, and
designed to protect critical program information. evaluation (RDT&E), modification or procurement efforts.
c. Coordinate with TMO for information systems advice and b. IN–SAPs protect the planning and execution of especially sen-
support. sitive intelligence or counterintelligence units or operations, includ-
d. Establish and maintain a viable records management program. ing the collection, analysis, and exploitation of intelligence.
e. Coordinate with SRIA for records management assistance. IN–SAPs also protect especially sensitive programs to procure and
f. Coordinate with the Defense Security Service (DSS) for indus- exploit foreign materiel.
trial facility reviews. c. OS–SAPs protect the planning, execution, and support to espe-
g. Identify, establish, maintain, and forward to the SAP Archive, cially sensitive military operations. This type of SAP may protect
SRIA, appropriate historical record files pertaining to the program organizations, property, operational concepts, plans, or activities.
and its operations.
3–3. SAP categories
h. Coordinate potential release of SAR information through DA
DCSINT to SARD–SO and TMO prior to initiating or engaging in a. Army SAPs. SAP categories reflect the sensitivity of protected
material and the degree of protection needed beyond collateral secu-
preliminary discussions with a foreign government or international
rity management. Categories I through III delineate programs requir-
organization. DA DCSINT will coordinate with Director for Special
ing varying degrees of protection with CAT I being the most
Programs, OTUSD(P)(PS), prior to any release.
sensitive and CAT III being the least sensitive. The Army SAPOC
determines the category designation for each SAP. SAP categories
2–31. Sensitive Records and Information Agency
may change as a program matures based on changing needs for
The SRIA will— protection or the sensitivity of the information being protected. The
a. Operate the Army Records Center for Sensitive Records and categories are—
Information. Accept, review, process, archive, and destroy Army (1) Category I (CAT I): Army SAPs that are extremely sensitive
sensitive records in accordance with DOD Directive 5205.7, AR and include only the most critical technical developments and the
380–381, and AR 25–400–2. Respond to requests for information. most sensitive intelligence and operational activities. Compromise
Conduct records review and disposition. would cause exceptionally grave damage to national security. Only
b. Conduct Army-wide document searches for sensitive informa- Army CAT I SAPs are eligible for consideration for waived SAP
tion. Compile and prepare document indexes and responsive docu- status.
ments for forwarding to requesting agencies. Coordinate (2) Category II (CAT II): Army SAPs that include critical acqui-
declassification reviews. sition, intelligence and operational activities that do not meet the
c. Maintain the Billet Structure Management System (BSMS) for criteria for CAT I. Compromise would cause serious damage to
the Army. Develop, maintain and distribute the BSMS system soft- national security.
ware. Identify BSMS hardware and software system requirements (3) Category III (CAT III): Army SAPs usually having signifi-
for Army SAPs. Maintain a consolidated BSMS database for Army cant non-Army participation, relatively short duration or are not
SAPs. Ensure consistency between program office databases and suitable for a billet structure.
SRIA master database through regular periodic updates and data (4) Unless waived by the SAPOC or the DEPSECDEF, if neces-
transfers. sary, CAT I, II and III SAPs follow security procedures listed in
figure 5–1.
2–32. Defense Security Service b. Non-Army SAPs.
The DSS will— (1) Category N (CAT–N) is the category designation for SAPs or
a. Maintain industrial security inspectors with appropriate clear- sensitive activities where the Army is the executive agent but not
ances and access to perform facility clearance inspections and indus- the sponsor. Security measures for CAT–N SAPs are in accordance
trial security reviews of contractor facilities supporting Army SAPs. with this regulation as amended by memoranda of agreement
b. Coordinate with TMO in the conduct of industrial security (MOAs) between Army and the program sponsor. CAT–N programs
reviews. have the same management oversight as Army SAPs unless other-
wise directed by the VCSA.
(2) Army elements may also participate in SAPs that are neither
sponsored nor executed (primarily) by Army. Approval for, and

4 AR 380–381 • 12 October 1998

management of, Army participation in SAPs executed by other or- (10) The DCSPER evaluates the personnel assets required and
ganizations are governed by paragraph 4–4 of this regulation. Secu- conducts a personnel affordability and supportability assessment.
rity measures for these SAPs are in accordance with the executing (11) TJAG and GC provide legal and policy evaluations.
organization’s security procedures. (12) If applicable, the DCSLOG evaluates the proposed SAP
materiel development or acquisition plan in light of Integrated Lo-
gistics Support (ILS).
(13) The Program Analysis and Evaluation Directorate (PAED)
Chapter 4 of OCSA and ASA(FM) evaluate the proposed funding profile re-
SAP Life Cycle quired and conduct an affordability assessment.
(14) TMO schedules the working SAPOC to meet within 90 days
4–1. Establishment phase of granting a program PSAP status. The MACOM/PEO proponent
a. As soon as an organization determines that an activity needs briefs the PSAP to the working SAPOC and the appropriate
SAP protection, it should request approval to establish a PSAP. ARSTAF elements brief the results of their detailed evaluations.
MACOM/PEO proponents route PSAP requests through their (15) TMO schedules the SAPOC to meet at a date between 10
MACOM commander (if applicable) and ARSTAF principal to and 30 days after the working SAPOC. The MACOM/PEO briefs
TMO using the format at appendix B. TMO reviews the request and the SAPOC. If the SAPOC approves the program for SAP status,
staffs it with the ARSTAF. If the review is favorable, TMO notifies TMO prepares a memorandum to SA recommending submission of
the proponent in writing of the PSAP approval. This notification the PSAP through the OSD-level SAP central office to the OSD
includes PSAP nickname and registration date, critical program ele- SAPOC for SAP approval. This memorandum sets forth the en-
ments, PSAP security level and category, funding guidance, and hanced security measures intended for the SAP, any upgrade of
date to present the PSAP to the SAPOC. The ARSTAF proponent adjudicative requirements that may be intended, the SAPOC min-
informs appropriate activities and organizations of the requirement utes, the Report of Establishment of the SAP, and the congressional
for increased security procedures. Once the MACOM/PEO receives notification letters. If the prospective SAP deals with Special Opera-
PSAP approval, the program applies selected SAP security controls tions/Low Intensity Conflict (SO/LIC) activities, the SA memoran-
to the program. dum must be coordinated with ASD (SO/LIC) before submission to
b. PSAP status is valid for 6 months from the date it is approved the respective OSD level SAP central office.
by TMO. During that period, the MACOM/PEO proponent, the (16) If the OSD SAPOC approves the SAP, the DEPSECDEF
ARSTAF proponent, the SA (through the SAPOC) and the DEP- notifies Congress. The PSAP becomes a SAP 30 days after congres-
SECDEF (through the OSD SAPOC) must determine whether to sional notification unless Congress raises an objection.
grant SAP status. If the DEPSECDEF does not approve SAP status
within this 6-month period, authority to use SAP security controls 4–2. Maintenance Phase
terminates unless OSD has granted an extension in writing. a. Maintenance of Army-executed SAPs. Maintenance of Army-
c. PSAPs will not receive obligated funds without written TMO executed SAPs includes periodic reviews by senior leaders at
approval. PSAPs will receive only those minimum obligated funds HQDA; audits, inspections and investigations by DOD and Army
necessary for program security and administration until the DEP- agencies; the management control program (UP AR 11–2 as modi-
SECDEF grants SAP approval. fied by this regulation); and the internal review and audit control
d. Proponents of an approved PSAP apply SAP security controls program (UP AR 11–7 as modified by this regulation).
to the prospective program with one exception: they do not execute b. Reviews.
indoctrination statements until the SAP is formally approved. How- (1) Special Access Program Oversight Committee. The DA
ever, to keep track of who knows of the PSAP, the program office, SAPOC oversees the establishment, management, support and dises-
the MACOM/PEO and TMO keep knowledgeability rosters so that tablishment of SAPs.
indoctrination statements can be executed if SAP status is approved. (a) Composition. The SAPOC is a general officer-level forum
e. The SAP Approval Process follows. chaired by the VCSA. In the VCSA’s absence, the senior standing
(1) TMO authorizes the PSAP in writing and advises the VCSA. member of the SAPOC serves as chairman. The standing members
of the SAPOC are ASA(RDA), GC, DCSINT, DCSOPS, and TJAG.
(2) The TMO furnishes written notification of the approval of
Other members are invited to attend meetings of interest to them.
PSAP status to the ARSTAF and MACOM/PEO proponent and
Frequently invited members include ASA(FM&C), DISC4,
other appropriate Army organizations.
DCSLOG, DCSPER, COE, PAE, CLL, TIG, AG (Auditor General),
(3) The PSAP program office, MACOM/PEO proponent and
AMC and INSCOM.
TMO initiate knowledgeability rosters to maintain record of all
(b) Executive secretary. Chief, TMO is the Executive Secretary
personnel knowledgeable of the PSAP.
of the SAPOC.
(4) The program prepares the necessary supporting documenta-
(c) SAPOC reviews. The SAPOC—
tion to request creation of a SAP and submits it to TMO within 60
1. Reviews requests for the establishment of SAPs and forwards
days of being granted PSAP status (see paras 5–8, 6–4, and app B).
these requests with appropriate recommendations to SA.
The MACOM/PEO assists the PSAP program office in coordinating
2. Reviews existing programs annually to determine whether to
with the working SAPOC members as indicated below. revalidate them as SAPs.
(5) The ASA(RDA) evaluates the proposed acquisition strategy 3. Reviews and recommends policy for management of SAPs.
and acquisition plan for AQ–SAPs. (d) Meetings. The committee meets at the call of the chairman.
(6) The ASA(RDA) conducts a technology feasibility review for Generally, the SAPOC meets monthly to review selected programs
AQ–SAPs. This may be done through the appropriate MACOM or so that all Army programs receive an annual review. TMO prepares
directly with the PEO. minutes after each meeting, submits the minutes to VCSA for ap-
(7) The ASA(RDA), DCSOPS, and DCSINT evaluate the availa- proval, and furnishes copies of the minutes to all standing and
bility of funds, manpower, and reprogramming actions for invited members of the committee.
AQ–SAPs, OS–SAPS, and IN–SAPs respectively. (e) Costs. Costs of travel, per diem and overtime related to the
(8) The DISC4 validates information management and secure SAPOC are the responsibilities of individual attendees and their
communications requirements. organizations.
(9) DCSINT ensures INSCOM conducts a CI assessment of the (f) Working SAPOC. Chief, TMO, chairs the working SAPOC.
program’s security and OPSEC posture and a multidiscipline coun- Standing members include points of contact from ODCSINT,
terintelligence assessment of the threat. DCSINT coordinates the ODCSOPS, ASA (RDA), TJAG, and OGC. Other attendees include
foreign technology threat assessment with the National Ground In- points of contact from each of the major ARSTAF elements and HQ
telligence Center. INSCOM/902d MI Group, AMC, and the AAA. The working

AR 380–381 • 12 October 1998 5

SAPOC reviews each program prior to its presentation to the General Accounting Office (GAO). Audits include financial audits,
SAPOC (format for the SAPOC briefing is at app D). During its economy and efficiency audits, program audits, and SA Special
review, the working SAPOC identifies issues and formulates recom- Area of Interest.
mendations to present to the SAPOC. (1) Internal audits. Internal audits include those performed by
(2) The SAP PPBERS Committee. the U.S. Army Audit Agency (AAA) as well as those done by
(a) Purpose. The SAP PPBERS committee provides oversight of IRACs. All Army SAPs are subject to internal audit. TMO inte-
SAP program and budget accomplishments. It convenes at the call grates the AAA audit plan with the SAIG–IO inspection schedule,
of the chairperson when special SAP budgetary or funding issues the SAPOC schedule, and external audit and inspection require-
arise. ments to minimize duplication of effort. In developing their audit
(b) Composition. The USA and the VCSA jointly chair the SAP plans, IRAC organizations with SAP responsibilities should contact
PPBERS committee. Standing members of the committee are the TMO to gain an appreciation of recent and planned audits and
GC, ASA(FM&C), ASA(RDA), DCSINT, DCSOPS, Director of inspections of their program.
PAED, and TJAG. Additional members may include DISC4, (2) External audits. Organizations outside the Army conduct
DCSLOG, DCSPER, COE, CLL, AAA, and TIG, depending on the external audits. These include GAO, the Department of Defense
agenda. The committee’s Executive Secretary is the Chief, TMO. Inspector General (IG, DOD), and the Defense Contract Audit
(c) PPBERS review. The PPBERS reviews— Agency (DCAA). TMO functions as the entry point for all SAP-
1. Overall program performance objectives. related external audits entering Army channels except standard
2. Obligation and disbursement data. DCAA contract support audits. TMO notifies the cognizant
3. Budget year (BY) issues or problems. MACOM SAP central office or IRAC after being notified of an
4. Deviations from planned performance and HQDA goals. external audit. TMO also ensures the Army provides written re-
5. Recommended corrective actions. sponse to draft external audit reports in a timely manner.
(d) Administrative support. TMO provides administrative support (3) Coordination. SAP proponents and program offices coordi-
to the SAP PPBERS committee. nate directly with Defense Contract Management Command
(e) Working PPBERS committee. Chief, TMO chairs the Working (DCMC) and DCAA for contract audits as well as accounting and
PPBERS committee. It consists of representatives from those staff financial advisory services regarding contracts for Army SAPs.
agencies identified for the Executive PPBERS committee and other (4) Findings. Findings from AAA audits of SAPs and all non-
activities and organizations invited by Chief, TMO. The Working Army (for example, DOD IG, GAO, and so forth) audits of SAPs
PPBERS committee has the same general purpose as the Executive are addressed in the Fix-It process.
PPBERS committee. However, the Working PPBERS committee is d. Inspections.
a recurring forum, meeting quarterly to compare actual program (1) The SAIG conducts inspections of SAPs and sensitive activi-
performance with HQDA goals. Two weeks prior to meetings of the ties under the authority of AR 20–1. These inspections include an
working PPBERS committee, the SAP proponent submits data to assessment of command and control, financial management, securi-
TMO in the format given in appendix H. ty, contract management, intelligence oversight and SA special areas
(3) Fix-It Committee. of interest.
(a) Purpose. The Fix-It committee provides oversight of SAP (2) The IG, DOD, conducts audits and inspections of SAPS or
audits and inspections. It convenes annually to brief the VCSA (or sensitive activities on the basis of special concerns or unusual
Director of the Army Staff (DAS)) on progress made during the events. Programs should coordinate with TMO before contacting the
year to resolve issues and correct deficiencies identified in audits IG, DOD concerning inspections.
and inspections. (3) The ASA(RDA), U.S. Army Contracting Agency, conducts
(b) Composition. The Fix-It Committee is a general officer forum Procurement Management Reviews (PMRs) of Secure Environment
chaired by the VCSA. In the VCSA’s absence, the DAS chairs the Contracting (SEC) in support of SAPs.
committee. Standing members are the ASA(RDA), ASA(FM&C), (4) USAFMSA conducts annual manpower management reviews
GC, DCSINT, DCSOPS, TJAG, AAA, TIG, Director of PAED, and when necessary. No later than 120 days prior to their annual
USACIC. The VCSA or DAS designates other members of the Fix- SAPOC, SAP PMs coordinate a manpower and workload validation
It Committee based on the agenda for a specific meeting. Additional with the USAFMSA SAP representative to accommodate an on-site
attendees may include representatives of DISC4, DCSLOG, and visit if USAFMSA deems it necessary. The PM reports findings of
DCSPER and CG INSCOM, CG AMC, CG MDW, and COE. The the USAFMSA annual validation at the SAPOC.
Chief of TMO is the Executive Secretary of the Fix-It Committee. (5) The Special Review Office (SRO), U.S. Army Finance Com-
(c) Support. TMO provides administrative support to the Fix-It mand, ASA(FM&C), conducts quality assurance reviews of finan-
Committee. cial activity under the authority of AR 11–37. SRO refers any
(d) Working Fix-It Committee. The Chief, TMO co-chairs the serious deficiency or repeat deficiency to the Fix-It Committee for
Working Fix-It with either the Chief, SAIG–IO (for findings related resolution. SRO reviews the Finance and Accounting Offices that
to inspections) or the Chief, SAAG–AFI (for findings related to have sensitive support missions annually and semiannually reviews
audits). The Working Fix-It committee is comprised of action offi- those that have special mission funds.
cers from TMO, SAIG–IO, ODCSINT, SAAG–AFI, a technical (6) DSS conducts industrial security reviews of contractors hav-
representative from the Field Investigation Unit (FIU) of USACIDC, ing SAP-related contracts. These DSS inspections cover security
vulnerabilities, compliance with security plans and contracts, secu-
and the command or staff element responding to the findings. It
rity violations, and security compromises.
meets quarterly to review actions taken to resolve findings from
(7) Army organizations responsible for SAPs include SAPs in
audits and inspections. Respondents brief their open findings and
their organizational inspection programs as commanders deem
the committee decides whether actions taken by the respondents are
necessary.
adequate to close the finding. One week prior to a meeting of the
e. Investigations.
working Fix-It committee, respondents provide TMO with Fix-It
(1) Each program manager and commander or director of a SAP
Status Sheets (see app J). If a respondent is recommending that a
or sensitive activity must develop and publicize procedures for
finding be closed, he or she must coordinate that recommendation
reporting fraud, waste, and abuse without compromising sensitive
with the issuing audit or inspection organization prior to the meeting
information. This can be a hotline notification procedure, or it may
of the working committee. Additionally, if the respondent is recom-
be addressed during the program indoctrination briefing.
mending closure of an audit finding, the respondent must provide
(2) When audits or inspections uncover criminal wrongdoing or
the results of the follow-up IRAC review(UP AR 11–7).
suspected wrongdoing, the lead inspector or auditors must notify
c. Audits. Audits are detailed examinations of any sensitive ac-
TMO and the FIU, USACIDC, immediately.
tivity following generally accepted auditing standards issued by the
(3) The IG, DOD and GAO also have investigative branches.

6 AR 380–381 • 12 October 1998

Before an IG, DOD or GAO investigation, the TMO must be noti- i. Training. Program Security Managers (PSMs) follow the guid-
fied. TMO will facilitate the granting of the necessary SAP accesses ance in AR 380–5, chapter 10, regarding security education require-
for these investigations. ments for personnel accessed to SAPs. Additionally, PSMs will use
(4) Security related incidents involving SAPs will be investigated the guidance in AR 530–1, appendix F, regarding OPSEC training
and reported in accordance with AR 380–5 and SAP security guide- requirements.
lines. Items of counterintelligence interest will be investigated by
INSCOM in accordance with AR 381–12 and SAP security 4–3. Disestablishment
procedures. a. Procedures. The ARSTAF/MACOM/PEO proponent recom-
(5) Program Managers, Commanders, or Directors of Army SAPs mends a SAP for disestablishment when the SAP no longer requires
will immediately report all instances of suspected criminal activity extraordinary security controls. The SAPOC may also identify a
SAP for disestablishment at the annual revalidation. Disestablish-
in or against a SAP through appropriately cleared channels to the
ment does not equate to program cancellation. It means removal of
FIU, USACIDC.
SAP security controls from the program.
f. Management Control Program.
b. Rationale. Rationale for the disestablishment of a SAP include,
(1) SAPs are subject to the requirements of AR 11–2 (Manage- but are not limited to—
ment Control ) as modified herein. Commanders, PEOs or PMs of (1) The RDT&E, procurement, training, or other requirements
assessable units will use the Management Control Evaluation check- during a program’s life cycle significantly increase the number of
list at appendix C in assessing Army SAPs under their control. If personnel requiring knowledgeability.
assessable units identify material weaknesses in their SAPs, they (2) The tactical or strategic impact or value of the system, opera-
report these to the TMO where they are addressed through the Fix-It tion, or activity lessens significantly.
process. The assessable unit also sends an unclassified version of (3) Technological advances required to develop, produce and
the material weakness through command channels. field a system have not, or will not, reach the required levels.
(2) If Army participation in a non-Army SAP requires a devia- (4) The resources required for continued enhanced security pro-
tion from the participating Army unit’s Management Control Plan, cedures are excessive compared to the benefits achieved by continu-
the SAP sponsor will address the deviation in an MOA between the ing to maintain SAP status.
unit and the SAP sponsor. (5) Other Services or foreign nations are developing similar tech-
g. Internal Review and Audit Compliance Program. nology or applications without equivalent levels of protection.
(1) The IRAC program (UP AR 11–7) applies to SAPs with the (6) A security compromise negates the protection achieved by
modification that MACOMs that have established SAP central of- continued enhanced security.
fices are authorized to designate these offices as the focal point for (7) The program has met the tactical or strategic mission of the
SAP audits. In this capacity, SAP central offices— system, operation, or activity and there is no further mission
(a) Serve as the POC for SAP audits by agencies external to the requirement.
MACOM. (8) The Army has fielded the system and operational use at the
(b) Secure support from MACOM IRAC offices to assist during tactical or strategic levels precludes continued use of extraordinary
audits by agencies external to the MACOM. This assistance may security measures.
include liaison with external auditors, negotiating audit results and (9) The Army established the SAP to protect an identified vulner-
audit follow on. ability but countermeasures have been developed eliminating the
(c) Ensure that SAPs are included in the audible entity files of vulnerability.
the responsible IRAC office. c. Procedures.
(2) MACOMs/PEOs or ARSTAF POCs responsible for a SAP (1) Throughout the planning for SAP disestablishment, the pro-
will— gram limits knowledge of this considered course of action until the
(a) Ensure that the SAP has adequate IRAC support, including DEPSECDEF approves the disestablishment and notifies Congress.
accessed auditors at supporting IRAC offices, to meet command and (2) Prior to recommending SAP disestablishment, the MACOM/
program audit needs. The MACOM/PEO/ARSTAF can arrange this PEO conducts a risk assessment of the potential for compromise of
support from internal assets or from other DOD organizations capa- program information and the effects of such a compromise if SAP
ble of providing audit support at SAP locations. controls are removed.
(b) Coordinate IRAC coverage when multiple commands or in- (3) The MACOM/PEO develops a disestablishment concept (app
stallations have overlapping responsibility for a single SAP or sensi- F), staffs it for ARSTAF review and concurrence, and submits it to
tive activity. TMO.
h. Restructure. (4) After favorable review by the ARSTAF, TMO schedules the
(1) SAPs may require restructuring for several reasons: SAP disestablishment as a SAPOC topic. The SAPOC forwards its
recommendation to the SA.
(a) To create a new subcompartment.
(5) If the SA recommends disestablishment, TMO will forward
(b) To disestablish an existing subcompartment.
the SA recommendation to OSD with congressional notification
(c) To alter an existing charter or create a new one. letters. If Congress does not object within 14 days, TMO notifies
(d) To change security requirements. appropriate ARSTAF, MACOM, and PEOs that disestablishment
(2) A SAP PM desiring to restructure submits a memorandum has been approved and the program commences disestablishment
through the chain of command to TMO. The memorandum includes actions.
the specifics of the restructure, the reason for the restructure, a (6) Disestablished SAPs return to the normal oversight system
statement of any impact on security, manpower, or funding and a within 6 months of approval to disestablish. After disestablishment,
point of contact for the restructure. the responsible MACOM/PEO certifies to TMO that the actions
(3) TMO reviews and staffs the request. If TMO determines that specified in appendix G have been accomplished. TMO refers to the
the proposed restructure does not change the scope or mission of the Fix-It committee for follow-up all SAPs not completing dises-
SAP, the Chief, TMO, can approve the restructure. If the Chief, tablishment actions and gaining certification (UP app G) as disestab-
TMO determines that the restructure changes the scope or mission lished by the end of the 6-month period.
of the SAP, TMO will staff the proposed restructure through the d. Non-Army SAP. Termination of Army participation in a non-
Army leadership. If the Army leadership concurs with the proposed Army SAP. There are occasions when the Army withdraws from
restructure, Chief, TMO will submit the proposed restructure to the SAPs but the programs continue to be managed as SAPs by other
OSD-level SAP central office for their recommendation for approval agencies. In these cases Army follows the procedures set forth by
by the DEPSECDEF. the SAP sponsor for termination. While the program is still an

AR 380–381 • 12 October 1998 7

approved SAP, the Army protects the special access information in (9) The Judge Advocate General
accordance with the existing program security plan. (10) Technology Management Office: Chief, Deputy, Legal Ad-
visor, Finance Officer, Security Officer, Appropriate Action
4–4. Joint SAP Management Officers.
a. Category-N SAPs. d. Non-Army SAPs. Any involvement in non-Army SAPs which
(1) CAT–N SAPS are those executed by the Army but sponsored does not afford at least the minimum access defined in paragraph
by others. They are managed and overseen in the same manner as 4–4c above is prohibited, unless the SA approves a specific excep-
Army-sponsored SAPs unless otherwise approved by the SAPOC. tion in writing. Requests for waivers are forwarded, with the pro-
(2) Before accepting execution responsibility for a CAT–N SAP, posed MOA, through the appropriate MACOM/PEO activity to
the responsible MACOM or PEO develops an MOA with the spon- Chief, TMO, for approval by SA.
soring agency. The MOA defines program relationships, responsibil-
e. Non-DOD SAPs. Army support to non-DOD SAPs and other
ities, security procedures and financial arrangements. Additionally,
sensitive activities, no matter how limited, is governed by DOD
the MOA specifies any deviations from security and oversight re-
Directive 5210.36. Army units and offices will not provide support
quirements established in this regulation. Any security deviations
to non-DOD SAPs without prior approval in accordance with Ar-
from DOD 5200.1–R, 5200.2–R, 5220.22–R, and 5220.22–M, or for
my’s implementing instructions to DOD Directive 5210.36. If an
SAPs in which SCI material is handled, deviations from DOD
Army unit or office is approached by a non-DOD agency to provide
S–5105.21–M–1, DOD TS–5105.21–M–2, and DOD
support to a restricted or limited access program, the unit or office
TS–5105.21–M–3, may not be implemented without approval of the
DEPSECDEF. The proposed MOA is included in the SAP justifica- should contact TMO as soon as possible.
tion package that is staffed during the SAP establishment process f. Non-Army agencies. Army sensitive support to non-Army
and presented to the SAPOC. The MOA conforms to the format and agencies, regardless of whether the support is to a SAP or not, is
guidance set forth in AR 25–50 and includes the effective date and a also governed by DOD Directive 5210.36. If an Army unit or office
requirement for biennial review. Army MOA signature authority is is asked to provide sensitive support to a non-Army agency, the unit
based on the level of agreement. or office should contact TMO immediately.
(3) CAT–N MOAs are reviewed every other year as a minimum. g. SAP registry. The TMO maintains a registry of SAPs (both
Substantive changes are staffed through TMO for SAPOC approval. Army and non-Army) involving Army participation. Annually,
If the SAP sponsor has an immediate need that requires deviation TMO validates this register via an Army-wide SAP data call. In
from an approved MOA, the Chief, TMO, in coordination with response to this data call, all Army units and offices report any
OTJAG and OGC, can grant interim approval. Prior to approval, a participation in or support to SAPs and other restricted access activi-
formal review of the proposed deviations must ensure they do not ties (no matter how limited) sponsored or executed by non-Army
violate the security requirements set forth by DOD 5200.1–R, agencies.
5200.2–R, 5220.22–R, and 5220.22–M. If the proposal involves
deviation from these requirements or if the SAP handles SCI materi-
al, and the proposal deviates from DOD S–5105.21–M–1, DOD
TS–5105.21–M–2, and DOD TS–5105.21–M–3, DEPSECDEF ap- Chapter 5
proval is required before the deviation is implemented. SAP Security
b. Army participation in SAPs sponsored and executed by
others. 5–1. Programs ineligible for SAP security
(1) Army organizations may participate in SAPs sponsored and a. The extraordinary security measures approved for use with
executed by non-Army organizations without establishing a separate SAPs may not be used by non-SAP programs. No collateral pro-
Army-executed CAT–N SAP. However, the Army organization and gram, including programs with approved Limited Dissemination
the SAP sponsor must establish, and keep current, an MOA to controls, may use program access non-disclosure agreements (read-
govern program security and minimum Army access in cases that on statements), classified code words for program identification,
involve— “Carve-out” contracting, Special Access Required markings or cover
(a) Substantial or recurring use of Army personnel or resources sheets, a program billet structure, or personnel security investigative
(over one-half man year or $10,000 in any 12-month period), or or adjudicative requirements more stringent than those required for a
(b) Risk of physical harm to Army personnel, damage to Army comparable level of classified information. These measures are re-
resources, or potential embarrassment to the Army, or served for SAPs.
(c) Questions of propriety or policy. b. SAPs derive enhanced security primarily from the restricted
(2) No DA organization, command, activity, or individual will access features of these programs. Generally, with respect to other
negotiate such an agreement with any non-Army activity without security features (for example, physical security, technical security,
prior coordination with TMO. After the MOA has been drafted, it and so forth), SAPs are held to the same standards as collateral
will be forwarded to TMO for review and appropriate approval programs at the same classification level.
(VCSA, USA, or SECARMY) before it is signed by the Army
entity entering the MOA. These programs will be managed based on 5–2. Physical security
their individual requirements and may have more restricted access a. Security level. As a general rule, SAPs base the level of physi-
than the Army baseline billet structure. cal security on the classification level of the information processed
c. MOA content. MOAs between SAP proponents and Army ele- or stored by the SAP.
ments include consideration of each element in the SAP matrix (1) Category I SAPs and SAPs processing or storing Sensitive
(table 5–1), to include a billet structure. At a minimum, access is Compartmented Information (SCI) adhere to standards established
required for the following personnel: by DCID 1/21 and the applicable requirements of DOD
(1) Secretary of the Army S–5105.21–M–1, DOD TS–5105.21–M–2, and DOD
(2) Under Secretary of the Army TS–5105.21–M–3.
(3) General Counsel (2) Category II and III SAPs that do not process or store SCI will
(4) Chief of Staff, Army follow AR 380–5.
(5) Vice Chief of Staff, Army b. Risk assessment.
(6) Appropriate principals of HQDA Staff (for example, (1) Program managers of CAT II and III SAPs conduct risk
DCSOPS, DCSINT, ASA (RDA)) assessments during the PSAP process to determine whether they
(7) The Inspector General must implement physical security measures above the standards
(8) Chief, Intelligence Oversight Division prescribed in AR 380–5.

8 AR 380–381 • 12 October 1998

 (2) Program offices coordinate this risk assessment with support- (3) Indoctrinated SAP personnel as couriers (must have courier
ing INSCOM CI elements and include the results in their SAP orders).
security plan. (4) Registered mail using procedures outlined in AR 380–5 for
(3) The risk assessment incorporates— documents up to and including SECRET SAR. Top Secret material
(a) Intelligence Threat Report. This is a multidisciplined coun- cannot be transmitted via registered mail. Programs may use dedi-
terintelligence report that addresses the general and specific collec- cated post office boxes to ensure SAP security for postal mailing.
tion threat to the program. The provisions of AR 381–102 apply.
(b) Counterintelligence Assessment. This is an in-depth analysis (5) U.S. Postal Service Express Mail in accordance with AR
of the counterintelligence factors affecting the program’s overall 380–5 for documents up to and including SECRET SAR if within
security and CI/OPSEC posture. INSCOM normally supports SAPs the 50 states, District of Columbia and the Commonwealth of Puerto
by developing Intelligence Threat Reports and the Counterintel- Rico. Using Express Mail to APO/FPO addresses is prohibited.
ligence Assessments for the programs at their request. Similarly, TS material cannot be transmitted via Express Mail.
(c) Program Security Assessment. Program Managers integrate (6) Restricted use of message dissemination systems for CAT III
information from the Intelligence Threat Report and the Counterin- SAPs if authorized by the VCSA.
telligence Assessment to determine whether the program requires d. Dissemination. Programs must not release any classified SAP
further technical protection. If so, the PM requests a TSCM Survey information to the public or to any individual not approved for
(see para 5–5). access without written approval from the SA. Additionally,
c. Two Person Integrity (TPI). TPI is required for Category I (1) DOD grants SAP access to select members of Congress and
their staffs. When indoctrinating these individuals, Access Approval
SAPs only.
Authorities (AAA) use the procedures outlined in chapter 6 of this
d. Entry/Exit Searches. MACOM/PEOs and program offices es-
regulation with the exception that DOD Directives do not require
tablish entry/exit programs in accordance with AR 380–5, DOD members of Congress to execute indoctrination statements. Offices
5220.22–M (the National Industrial Security Program Operating that routinely provide Congressional briefings or SAP documents to
Manual (NISPOM)), and the NISPOM Supplement. Congress (for example, ASA(RDA)) maintain rosters of Congres-
sional members and their staffs granted access to SAP material and
5–3. Document/information security
ensure that SAP security managers receive the information needed
a. Marking. Authors of classified information mark documents
to keep their access rosters current.
in accordance with AR 380–5. Additionally, authors of SAP mate-
(2) SAP managers and their supporting contracting officers pro-
rial will—
hibit contractor release of SAP information by using contract secu-
(1) Mark SAP nicknames at the top and bottom of the outside rity classification specifications issued for each SAP-related
front cover, title page, all interior pages and on the outside back contract. Item 12 of the DD Form 254 (Contract Security Classifica-
cover of all documents (for example, SECRET/BROKEN BRIDGE/ tion Specification) must state “Public release of information con-
SPECIAL ACCESS REQUIRED). cerning any aspect of this contract is prohibited.”
(2) Mark the subcompartment nickname in accordance with para- (3) Programs coordinate with MACOM/PEO and TMO for ad-
graph (1) above (for example, SECRET/BROKEN BRIDGE/ vice and assistance on all Freedom of Information Act (FOIA)
STURDY TWIG/SPECIAL ACCESS REQUIRED). The SAP nick- requests for SAP information.
name and the wording “INCLUSIVE” may be used when a report (4) Programs and contractors will not release information pertain-
contains information on all subcompartments (for example, SE- ing to an Army SAP to the Defense Technical Information Center or
CRET/BROKEN BRIDGE/INCLUSIVE/SPECIAL ACCESS any other information service. Programs must include this restriction
REQUIRED). in the DD Form 254.
(3) Use the caveat “SPECIAL ACCESS REQUIRED” on the top (5) Patent applications containing SAP information are submitted
and bottom of all pages that contain SAP information (for example, through ASA(RDA) to the TMO for VCSA approval prior to sub-
SECRET/BROKEN BRIDGE/SPECIAL ACCESS REQUIRED). mission to the U.S. Patent and Trademark Office. The contractor
(4) Mark the beginning of each paragraph with the initial of the must notify the Contracting Officer 30 days in advance before filing
classification and the initials of the unclassified nickname of the a patent classified at the Secret or higher level. The Government
SAP and subcompartment if applicable (for example, S/BB). Pro- cannot stop a contractor from filing a patent. However, the Govern-
grams must include the parent SAP initials before the subcompart- ment can recommend the imposition of a secrecy order to the Patent
ment for portions containing subcompartment information (for Commissioner. To seal a case, the Patent Office requires the Signa-
example, S/BB/ST). Partial paragraphs which begin a page will be ture of an Assistant Secretary or higher. If a release in judicial
marked with appropriate paragraph markings. proceedings is anticipated, Chief, TMO will notify the Director,
b. Unauthorized caveats. Programs will not use the unauthorized Special Access Program Coordination Office, OSD, of the proposed
caveats PROGRAM CONTROLLED or CONTROLLED NEED- release of SAP information in connection with the judicial
TO-KNOW. This does not preclude use of distribution statements proceedings.
such as Handle via Special Access Program (Nickname) Channels. e. Storage. Offices that store SAP material must do so in accord-
c. Transmission. SAP material will be transmitted in the same ance with AR 380–5, the NISPOM and SAP supplement. Addition-
manner as material with collateral classification of the same level ally, these offices must segregate SAP material from collateral
unless the program’s approved security procedures guide dictates material in a manner that ensures only program cleared individuals
more stringent procedures. Individuals transmitting SAP material have access to the material.
may use— f. Destruction. Responsible offices destroy SAP material in ac-
(1) Approved secure point-to-point communications systems (for cordance with AR 380–5 and AR 25–400–2.
example, STU–III, secure FAX) appropriate for the security classifi- g. Archiving. SRIA has the Army charter to archive and main-
cation of the material; however, the transmitting individual must tain a central repository for information related to SAPs and sensi-
ensure that access is limited to indoctrinated SAP personnel on the tive activities. Program offices maintain files and records per AR
receiving end of the transmission. Programs request guidance re- 25–400–2 and send SAP related documents to SRIA for archiving.
garding approved mechanisms for secure point-to-point communica- h. Accountability.
tions from HQDA, ODISC4 (SAIS–PPP). Additionally, programs (1) Special access status does not add additional accountability
use TEMPEST countermeasures and terminal equipment as deter- inventory requirements to those specified in AR 380–5.
mined by INSCOM based on analysis performed in accordance with (2) Contractors account for documents in accordance with the
AR 380–19–1. NISPOM and the SAP supplement.
(3) Program SPGs set forth the accountability procedures for
(2) Defense Courier Service (DCS).
each program.

AR 380–381 • 12 October 1998 9

 i. Receipting. Use classified information receipt for all TOP 5–5. Technical security
SECRET documents per AR 380–5. Documents classified SECRET/ a. Signal security. Army SAP proponents request counter-signals
SAR and below do not require a receipt unless mailed or couriered intelligence support from INSCOM to assist in identifying informa-
outside of the command, in which case transmitters and recipients tion transmission needs and recommending appropriate signal secu-
follow the provisions of AR 380–5 and the NISPOM. rity requirements. Programs will—
j. Reproduction. Special access status does not add additional (1) When possible, use systems listed in NSA’s Information Sys-
restrictions on reproduction to those specified in AR 380–5 and the tems Security Products and Services Catalog. Refer to AR
NISPOM. 380–19–1 for specific requirements.
(2) Limit non-secure commercial telephones to the minimum
5–4. Personnel security number essential for efficient operations.
a. Clearances. The Army grants access to SAP information (3) Utilize secure communications as much as possible.
based upon an individual’s level of clearance for information and (4) Programs using facilities to store, process or discuss SCI
need to know. The Army does not conduct separate, duplicate ad- follow the standards specified in DCID 1/21.
judications for access to SAP information. b. TEMPEST. AR 380–19–1 implements national TEMPEST
b. Investigative requirements. policies and procedures. TEMPEST Countermeasures (CM) will be
(1) Personnel requiring access to Category I SAP information applied in proportion to the threat based on a TEMPEST CM Re-
and incumbents of Army baseline billets must have TOP SECRET view by a Certified TEMPEST Technical Authority (CTTA). This
clearances based on a favorable single scope background investiga- CM review must be performed and validated by a CTTA prior to
tion (SSBI), or the equivalent, conducted by an authorized agency the programming or expenditure of funds for TEMPEST. For SAPs,
and favorably adjudicated in accordance with AR 380–67 and the requests will be forwarded to TMO for coordination with
NISPOM. ODCSINT, DAMI–CHS. To preclude unnecessary expenditures,
(2) Personnel requiring access to Category II or Category III SAP program offices should consult with INSCOM Technical Security
information must have a TOP SECRET clearance based on a favora- representatives at the earliest possible stage in the planning process
ble SSBI or a SECRET clearance based on a National Agency regarding the application of TEMPEST CM.
Check (NAC) and/or a NAC with written inquiries (NACI). The c. Technical Surveillance Countermeasures. AR 381–14 (S) pre-
NACI is acceptable if the highest level of access required is scribes the physical and technical security standards for implementa-
SECRET. tion in certain facilities where SAP information is electronically
(3) For initial and continued access to SAP information, the in- processed or routinely discussed aloud.
vestigation cited in paragraphs (1) and (2) above must be within the (1) Category I program management offices that discuss or proc-
last 5 years. However, AAAs may grant access to an individual with ess information electronically require a TSCM survey. All other
an out of date investigation if the individual has submitted a peri- SAPs request TSCM services only when the facility risk assessment
odic re-investigation through security channels and there is no indi- indicates the threat or vulnerability of the facility requires a techni-
cation of new derogatory information since the previous cal security evaluation. PMs will include the risk assessment results
investigation. in the SAP establishment package.
(4) A break in military service or civilian employment of 24 (2) Annually, INSCOM reviews the program facility risk assess-
months or more during the most recent 5 year period requires a new ments and the TSCM schedules for each program. INSCOM
SSBI or NAC/NACI. provides its results and recommendations to the program manager
c. Extraordinary requirements. Requests for extraordinary inves- and HQDA ODCSINT as part of the working SAPOC brief.
tigative requirements (that is, investigations beyond those specified (3) INSCOM will only conduct TSCM surveys on finished facili-
in paragraph b above) require prior approval from the Office of the ties which have physical controls and access procedures already in
Secretary of Defense. These requests are submitted through TMO to place. TSCM survey team members may require short-term SAP
ODCSINT for staffing. access. They must submit the appropriate access paperwork and
meet the personnel security requirements set forth in paragraph 5–4
d. Reciprocity. For purposes of SAP access, Army accepts clear-
above in order to have access. Upon completion of TSCM surveys,
ance determinations made by the appropriate clearance or adjudica-
the program manager maintains the physical security integrity of the
tive authority of other DOD components and agencies of the Federal
facility and limits access to authorized and properly cleared person-
Government. The office requesting access to Army SAPs agrees to
nel (see AR 381–14).
abide by all other rules for access set forth in this regulation.
(4) To preclude unnecessary expenditures, program offices con-
e. Derogatory information. Individuals with derogatory informa- sult with INSCOM TSCM representatives at the earliest possible
tion, information that constitutes a possible basis for taking an stage in the planning process regarding the physical and technical
adverse or unfavorable personnel security action, on personnel with security measures required for planned construction of new SAP
access to Army SAPs will report this information in accordance facilities or renovations to existing facilities. TSCM personnel will
with AR 380–67. The PM must report valid derogatory information conduct a preconstruction advice and assistance service to identify
to the 902nd MI Group/INSCOM or FIU as appropriate for an required measures.
independent impartial investigation. The PM may also suspend ac-
cess to the program in accordance with AR 380–67 during the 5–6. Treaties
conduct of the investigation until completion of final clearance a. Treaty authority. Army SAP facilities are subject to inspection
adjudication. and monitoring under select arms control treaties (for example,
f. Citizenship. All persons accessed to Category I and II Army Open Skies and the Chemical Weapons Treaties).
SAPs must be U.S. citizens. b. Treaty proponent. HQDA, DCSOPS is the Army staff propo-
g. Polygraph. nent for implementation and compliance for arms control treaties.
(1) Personnel approved for access to Army and non-Army SAPs The Assistant Secretary of the Army (Installations, Logistics and
may be subject to random polygraphs examinations upon approval Environment) serves as the Army’s arms control implementation
by the SA. Any adverse action, including removal of SAP access, and compliance review manager.
based solely on polygraph results is prohibited. c. Open Skies Treaty. The Open Skies treaty is a multilateral
(2) Army does not inform program managers regarding cases agreement designed to promote openness and transparency with
referred for investigation. If the investigation reveals adverse infor- respect to military activities. The treaty permits signatories to fly
mation, the Army will adjudicate the matter and notify the program unrestricted, unarmed observation missions over the territory of
manager according to existing policy. other signatories using aircraft equipped with a variety of optical
sensors and synthetic aperture radar.

10 AR 380–381 • 12 October 1998

 (1) The entire airspace of every treaty member is open to obser- b. Normally, Army SAP information is not releasable to non-U.S.
vation flights. Consequently, every U.S. Army facility on the terri- citizens, foreign governments, or international organizations. In rare
tory of the United States and on the territory of all other signatory instances, Army, in coordination with OSD, approves discrete ele-
nations (Germany, Italy, Korea, and others) are subject to observa- ments of SAP information for release to foreign governments usu-
tion flights. ally as part of a joint or collaborative program. Release to foreign
(2) The treaty requires a minimum notification time of 72 hours governments and international organizations will comply with the
from the time an observing party notifies the observed party of National Disclosure Policy (NDP–1), DODD 5230.11, and DODD
intent to conduct an overflight until the observing party touches C–5230.33 for military intelligence SAP information. Release is not
down onto the observed party’s point of entry airfield. As a conse- authorized without an approved international agreement (MOU,
quence, PMs and PSMs must take appropriate actions prior to an Data Exchange Agreement (DEA), an Information Exchange Agree-
inspection to safeguard their program facilities and field testing ment (IEA) in accordance with DOD Directive 5530.3, a DA
facilities. DCSINT approved Delegation of Disclosure Authority Letter
d. Chemical weapons treaties. The United States is currently a (DDL)), and in cases of waived SAP information, DEPSECDEF
party to three CW agreements: two bilateral agreements with Russia approval.
(Bilateral Destruction Agreement and the Wyoming MOU) and one c. Program managers anticipating the need for eventual release of
multilateral agreement (Chemical Weapons Convention (CWC)). information/technology to foreign governments and international or-
The CWC prohibits the development, production, stockpiling, and ganizations must identify this requirement as early as possible in the
use of designated types and quantities of chemical weapons. One of SAP’s “life cycle,” preferably before SAP establishment, and seek
several verification provisions of the CWC is the use of “challenge approval for release of program information early on. PMs must
inspections” at any Government, private or commercial activity fa- ensure the program SCG and SPG clearly identify the release
cility to demonstrate compliance with the CWC. A team of multina- authority.
tional inspectors employed from the CWC’s implementing body, the d. Program managers, MACOMs, and SAP proponents that iden-
Organization for the Prohibition of Chemical Weapons, conducts the tify the need for foreign release of SAP and SAP-related informa-
inspections. Challenge inspections have virtually the same protocols tion/technology must submit the required documentation to
and requirements under all three CW agreements. The only major DAMI–CHS for review and approval. DAMI–CHS will coordinate
difference in the process is the composition of the foreign inspection with SARD–SO and TMO.
team. e. The program manager will not initiate or engage in prelimi-
(1) The mere suspicion that a facility is producing or stockpiling nary discussions with a foreign government or international organi-
CW agents or precursor chemicals is sufficient justification for a zation regarding the establishment of an international agreement or
challenge inspection. Therefore, all facilities are potential sites for potential release or exchange of classified military information, con-
challenge inspections. trolled unclassified information (CMI/CUI), SAP or SAP-related
(2) During a challenge inspection, the inspection team has the information without the written approval of HQDA (DAMI–CHS).
right to monitor all traffic exiting the facility; take soil and air f. Any person who has any indication that a foreign government
samples; request to have photos taken; review records, and inter- has compromised SAP information, shall report the compromise
view employees. The inspection team can also request an overflight immediately to the Chief, TMO, who shall report to the DCSINT,
of the area/facility. OGC, TJAG, VCSA, CSA, USA, and SA as well as the National
(3) SAP facilities will generally have less than 48 hours from Disclosure Policy Committee. The DCSINT shall conduct a damage
time of notice until the time inspectors arrive at their facilities. assessment and provide copies of the completed case report and
e. Treaty security measures. Because of the short notification damage assessment to the Chair of the National Disclosure Policy
times, to maintain security while complying with treaties, SAPs Committee.
must maintain the ability to react quickly in the event of any chal- 5–8. Program security plan
lenge inspection. Additionally, Army installations and contractors a. Draft plan. The program develops and submits a draft security
that support SAPs must maintain the capacity to quickly alert SAPs plan to TMO within 60 days of PSAP approval. The MACOM/PEO
resident in their facilities. and ARSTAF review the security plan during the SAP approval
(1) SAP PMs, assisted by supporting counterintelligence person- process.
nel, must evaluate the potential threat posed by treaty inspections b. Plan contents. At a minimum, each SAP security plan consists
and overflights and develop contingency plans as part of their secu- of a security classification guide, security procedures guide, OPSEC
rity and OPSEC plans. Annex, threat assessment, indoctrination briefing and a billet roster
(2) PMs must educate program personnel on the potential secu- (if applicable).
rity threat treaties pose. c. Security Classification Guide. The Security Classification
(3) Army employs an installation-based approach to treaty in- Guide (SCG) describes the critical elements within the SAP and
spection notification. DA DCSOPS alerts MACOMs and installa- explains in detail how to classify program information.
tions that they are subject to an inspection during a specified time Additionally—
window. The installation notifies subordinate and tenant activities. (1) The PSM assists the program manager and program technical
PMs ensure that their offices, contractors (if applicable) and field personnel in preparing the SCG.
sites are connected with installation notification schemes. He or she (2) The original TOP SECRET classification authority (OCA)
validates this periodically through direct coordination with signs the SCG.
MACOM/installation treaty POCs. (3) TMO, ICW DCSINT, and the SAP ARSTAF proponent, ap-
(4) TMO, the 902nd MI Group, INSCOM, and the MACOMs proves the SCG prior to OCA signature and SAP approval.
monitor the adequacy of SAP notifications by reviewing SAP notifi- (4) The PSM ensures everyone handling program information has
cation plans, as necessary, during staff visits and inspections. Addi- access to a SCG.
tionally, SAP managers brief their notification plans, as required, at (5) The DD Form 254 for contractors references applicable
working SAPOCs. SCGs.
(6) Significant changes to an approved SCG or an SCG
5–7. Technology Transfer/Foreign Disclosure developed for a newly proposed subcompartment must be reviewed
a. The HQDA DCSINT exercises approval authority for disclo- at HQDA. Revised or proposed SCGs should be submitted by the
sure of official Army information, both classified and controlled PM through the ARSTAF proponent to TMO for approval 60 days
unclassified, to foreign governments and international organizations. prior to implementation unless otherwise directed by the Chief,
This authority may be delegated in writing to DA subordinate ele- TMO. TMO will coordinate ARSTAF review and return the SCG
ments (MACOMS and below). with comments within 45 days of receipt.

AR 380–381 • 12 October 1998 11

 d. Security Procedures Guide. The PM develops a SAP Security will notify TMO and INSCOM if appropriate. DAMI–CHS and
Procedures Guide (SPG) to provide indoctrinated personnel specific TMO will provide additional guidance as appropriate.
security procedures for protecting program information. In addition b. Preliminary investigation. If warranted, DAMI–CHS will di-
to identifying the ACA and AAAs, the SPG addresses the following rect a preliminary investigation in accordance with the procedures
security disciplines: information system security, communication se- set forth in AR 380–5. Upon completion of the preliminary investi-
curity, emission security, operational security, personnel security, gation, the SAP PM—
information security, physical security, signal security, and TSCM.
The SPG also addresses treaty verification inspections and foreign (1) Forwards a report to HQDA (DAMI–CHS) within 7 days of
travel/contact. As with the SCG, the following occurs: the incident.
(1) The PSM prepares the SPG (2) Determines the appropriate remedial, administrative, discipli-
(2) TMO approves the SPG prior to PM signature and SAP nary, or legal action to pursue, to include completion of DA Form
approval. 5750–R (Inadvertent Disclosure Oath) (Requirements Control Sym-
(3) PSM ensures everyone handling program information has ac- bol (RCS) exempt, AR 335–15, para 5–2b(4)). If appropriate, exe-
cess to a SPG. cute DA Form 5750–R. A copy of this form is at the back of this
(4) The DD Form 254 for contractors references applicable regulation for local reproduction on 81/2- by 11-inch paper. The
SPGs. completed form will be retained with program read-on
e. OPSEC Assessment. OPSEC is the responsibility of the SAP documentation.
program manager. The program manager prepares an OPSEC Annex
(3) If applicable, forwards a report of derogatory information
to the security plan (in accordance with AR 530–1) with the assist-
through chain of command in accordance with AR 380–5 to the
ance of 902nd MI Group, INSCOM. The program provides copies
to TMO and the DCSINT. appropriate adjudicating authority.
(1) SAP program offices and MACOM/PEO proponents provide (4) Considers the removal of indoctrinated persons from access
all activities, agencies, or organizations supporting their program to the SAP when actions by such individuals contributed to the
copies or appropriate extracts of the OPSEC Annex. compromise, violation, or infraction.
(2) The program office reviews and updates the OPSEC annex (5) Considers the impact of the security violation compromise on
annually. As a minimum, the OPSEC annex addresses the essential the SAP; determines whether the damage may be “localized” and,
elements of friendly information, threat, travel/mail procedures, test- therefore, mitigated; considers reclassifying or declassifying any
ing, media and public release, and program signatures reduction. compromised SAP information; and incorporates changes in security
f. SAP Security Manager. The PSM is a fully qualified individual classification of program information.
who reports to the PM for security issues. The security manager for
c. Update. As long as issues related to a compromise or security
CAT I and II programs will be a full-time position. The SAP PSM
will not have additional duties related to collateral programs, but infraction remain unresolved, SAP PMs will provide monthly up-
may act as the PSM for more than one SAP under the same PM. dates to HQDA (DAMI–CHS) via normal SAP reporting channels.
For CAT III the PSM may be a part-time position (see table 5–1). Additionally, the PM will render a final report within 30 days of
PSMs— closure.
(1) Advise PMs on classification, declassification, downgrading d. Nickname or code word compromise. If the association of a
and upgrading of SAP information. nickname or code word with a specific classified activity is compro-
(2) Prepare and submit program security plans to their PMs. mised, or is suspected of being compromised, the program reports
(3) Maintain billet/access rosters. the incident in the manner described above and requests a new
(4) Ensure through MACOM security officers that personnel with nickname or code word. TMO takes the necessary action to cancel
access to the program have the appropriate level of personnel secu- the compromised nickname/code word in the Global Command and
rity clearance. Control System database.
(5) Serve as the program focal point for all security, CI and e. Compromise of automated information systems. If a compro-
OPSEC related issues.
mise of SAP information involves automated information systems,
(6) Review SAP contract requirements and assist in the prepara-
the PM will consult HQDA (DAMI–CHS) to determine if the inci-
tion of the security classification specifications (DD Form 254).
(7) Review suspected and confirmed program compromises and dent should be brought to the attention of the accreditation authori-
advise their PMs on required actions. ty. The accreditation authority will, in turn, determine if the
automated information system should be allowed to continue to
5–9. Security incidents involving SAP information process SAP information. All accreditation packages, after the dis-
a. Notification. Individuals who become aware of a security in- covery of the incident, will clearly identify the incident, its status,
fraction or violation involving SAP information will contact the and any corrective action taken.
program office immediately. Upon learning of the infraction, the f. Special situations. The TMO in coordination with ODCSINT
PM and PSM will take immediate steps aimed to minimize further may direct that an investigation be initiated in situations where the
damage and regain custody of the information or material. Within action taken by the SAP manager or proponent did not fully address
24 hours of notification of the infraction, the PM will notify HQDA
the potential compromise, or in other special situations.
(DAMI–CHS) through normal SAP reporting channels. DAMI–CHS

Table 5–1
SAP security matrix
Criteria N I II III

ACCESS CONTROL
Access Control Authority * Single Single Single
Access Approval Authority * Required Required Required
Billet Structure * Required Required Not Required
Levels of Access * Required Not Required Not Required
Access Roster * Required Required Required
Request for Access * Written Written Written
Indoctrination Forms, Non-disclosure Agreement * Required Required Required

12 AR 380–381 • 12 October 1998

Table 5–1
SAP security matrix—Continued
Criteria N I II III

SECURITY MANAGEMENT
Security Manager * Full Time Full Time Part Time
Nickname (TMO) * Required Required Required
Code word (TMO) * Authorized Authorized Authorized
Document Control * Per AR 380–5 Per AR 380–5 Per AR 380–5
Secure Communication * Required Required Required
TSCM Survey * Required Not Required Not Required
Facility Security Risk Assessment * Required Required Required
Security Plan * Required Required Required
Information Management Support Plan (ISRP) * Required Required Required
ISRP * Required Required Required
Special Markings * AR 380–381 AR 380–381 AR 380–381
Foreign Knowledgeability * Not Authorized Not Authorized As Approved
Courier * Program cleared or Program cleared or Program cleared or
DCS DCS DCS
SECURITY POLICY
Minimum Level Security Clearance** * TS TS or S S
Type Investigation** * SSBI SSBI or NAC/NACI NAC/NACI
U.S. Citizen * Required Required Not Required
Polygraph *** * Random Random Random
Temporary Access * Authorized Authorized Authorized
Revalidation * Annual Required Annual Required Annual Required
(SAPOC Brief) (SAPOC Brief) (SAPOC Brief)
PSAP Process * Required Required Required
INSCOM OPSEC Support (advise/assist) * Required Required Required
Special Mission Funds (SMF) * Authorized Authorized Authorized
"Carve-out" Contract * Not Authorized Not Authorized Not Authorized
Waivers SAPOC Approved SAPOC Approved SAPOC Approved
Notes:
* In accordance with MOU between Army and SAP sponsor.
** Citizenship now required for SECRET clearance (May be waived by ODTUSD(P)(PS)).
*** When approved by SA.

Chapter 6 (1) Specify access management controls in program security pro-

Access Control cedures guides.
(2) Appoint AAAs in writing. Appointment letters delineate the
6–1. Validation of access requirements scope of the AAA’s authority and authorize each AAA to indoctri-
a. The SAPOC. The SAPOC validates each program’s initial bil- nate and terminate access to the SAP. AAA authority cannot be
let structure or access requirements and revalidates them annually further delegated.
until program disestablishment. (3) For Category I and II programs, identify that portion of the
b. TMO. TMO provides management and oversight of access billet structure under the cognizance of each AAA.
control and— (4) May delegate the authority to oversee the AAA’s day-to-day
(1) Establishes the Army Baseline billet structure and manages activities to the program manager but retain access control responsi-
baseline access as described in this chapter. bility for the program.
(2) Processes all requests for changes to program billet structures. (5) Ensure that AAAs grant access to program information only
Approves or disapproves requests for changes above the 5 percent to those persons essential to conducting the program, including
or 100 billet annual change ceiling specified in paragraph 6–3 those involved in management, execution, and oversight.
below. (6) Review indoctrination briefings annually and update as
(3) Directs changes to billet structures. necessary.
(4) Reviews and approves requests to double billet personnel for e. Access approval. SAP AAAs—
more than 90 days. (1) Approve/disapprove requests for access after verifying that
(5) Maintains a reference copy of access and billet data from they are correct and complete.
each program. This data are updated by the programs no less than (2) Use the program approved briefing materials for
quarterly per paragraph 6–8. indoctrinations.
c. SAP proponents. SAP proponents (MACOM/PEO/ARSTAF)— (3) Send signed indoctrination and termination agreements to the
(1) Appoint the Access Control Authority (ACA) and identify the office of record designated by the ACA. Individuals administratively
ACA in the SAP security procedures guide. The ACA is a General debriefed will be notified in writing, if practical.
Officer or SES employee in the chain of command for that program f. Security managers. Program security managers maintain each
or activity. When the program manager is a General Officer or SES program’s master access roster and are responsible for providing up-
employee, the ACA responsibility falls to the next higher General to-date security indoctrination briefings to program AAAs. Each
Officer or SES employee. Besides the ACA, the Secretary, Under program office is the office of record for program access.
Secretary, Chief of Staff, and Vice Chief of Staff of the Army and 6–2. Access levels
the Chief, TMO, have authority to direct changes to billet structures a. The complexity of the SAP or the special sensitivity of certain
and grant access to all Army SAP information. aspects of it may dictate the establishment of either additional levels
(2) Provide direction and guidance to the ACA regarding man- of access or subcompartments.
agement of access to the program. (1) Levels. Levels of access are required within Category I
d. SAP access authorities. SAP access control authorities SAPs. SAP proponents may define levels of access within Category
(ACAs)— II SAPs. Levels are designated numerically starting with Level I

AR 380–381 • 12 October 1998 13

(the lowest or most general administrative access) and leading to baseline programs, the billet structure must include all program
successively higher degrees of knowledgeability of the technical or execution, management review, and oversight positions.
operational details of the SAP. Level I access applies to administra- d. Preparing billet structures. Program managers use BSMS to
tive, clerical, or support personnel who are aware of the general prepare billet structures. Program managers should coordinate with
nature of the program but do not require unrestricted access or TMO for instructions regarding the specific format of a billet
knowledge of all details of the SAP. The highest level of access structure.
applies to individuals requiring unlimited access to all facts relating e. Modifications. Within a 12-month period, each PM, on his or
to the SAP. SAP proponents establish the number of levels and her own authority, may make modifications to the program billet
specify these in the program’s security procedures guide. structure that equate to 5 percent of the personnel accessed to the
(2) Subcompartments. Upon approval of TMO, proponents may program, or 100 billets, whichever is less. If the PM requires more
devise subcompartments to limit knowledge of extremely sensitive than 5 percent or 100 billet modifications during a given 12-month
aspects of the program. Proponents register all subcompartments period, Chief, TMO must approve additional modifications. Program
with TMO. TMO assigns a nickname and/or a code word for each managers summarize changes to their billet structure during SAPOC
subcompartment. Individuals with access to subcompartments re- revalidation briefings.
quire at least an administrative level of access to the parent SAP and f. Updates. As billet structure changes occur, PMs forward up-
access only to those additional program subcompartments required. dated pages to appropriate AAAs. After each SAPOC revalidation,
The SAP category of the subcompartment must be the same as the PMs provide TMO and SRIA with an updated billet structure.
parent SAP.
6–4. Rosters
b. Levels and subcompartments will not be established to avoid
a. Using BSMS software, SAP PMs maintain the master roster of
oversight. ACAs ensure that sufficient access is afforded to all individuals with access to the SAP. Access rosters contain full
levels and subcompartments to allow effective oversight. name, social security number, security clearance, date granted, type
c. The program manager will complete the following actions of investigation, investigation date, MACOM, organization, office,
upon establishment of a subcompartment: date access granted, and access level if appropriate. Additionally,
(1) The PM will establish the criteria for access to the subcom- PMs maintain an inactive roster listing all personnel debriefed from
partment in accordance with SAPOC and TMO guidance. their program, recording the date of debriefing.
(2) An individual accessed to only specific subcompartments of a b. For programs with billet structures, AAAs slot individuals
SAP will sign an indoctrination statement that lists the specific only against an approved vacant billet.
subcompartments. The PSM will annotate BSMS records to show c. PSMs may double billet incoming personnel in the same billet
subcompartment access. with the incumbent for 90 days. TMO must approve extensions
(3) The PSM will assist the PM in developing a subcompartment beyond 90 days. PSMs will not double billet personnel to satisfy
SCG. short-term read-on requirements.
(4) If required, a separate subcompartment PM and PSM will be d. PMs notify access roster holders when individuals are read-off
designated in writing. and provide quarterly updates of BSMS data to SRIA.
(5) If required, a separate SPG will address security responsibili- e. PMs must address disposition of program access rosters in the
ties and countermeasures for personnel accessed to that disestablishment concept plan.
subcompartment. f. Anyone may verify an individual’s access to Army SAP infor-
(6) When the subcompartment occurs outside of the program mation by—
manager’s Command, an MOU will be developed between the pro- (1) Contacting the program security staff.
gram manager’s Command and the subcompartment program man- (2) Contacting a duly appointed access approval authority having
ager’s command to outline program and security responsibilities. cognizance over the individual’s organization.
The MOU will be reviewed and approved by TMO prior to (3) Using a current access roster.
signature. (4) Checking BSMS.
(7) Program managers review and inspect subcompartment man-
agement practices and procedures. 6–5. Request for access
a. Possession of a valid security clearance does not by itself
(8) DSS will be “carved in” for facility clearance inspections and
justify access to SAP information. Individuals must have a valid
industrial security reviews for all subcompartment contractor
need-to-know, an approved billet (if applicable), and approval from
facilities.
the program ACA or designated AAA for access to a SAP.
6–3. Billet structure b. Individuals nominating personnel for access to a SAP submit
a. Category I and II. Category I and II SAPs require a billet to the program AAA a request for access, DA Form 5749–R (Spe-
structure. Within 60 days following PSAP approval for a proposed cial Access Program Request for Access). A copy of DA Form
Category I or II SAP, the proponent develops and submits to TMO 5749–R is at the back of this regulation for local reproduction on 8
a proposed billet structure. The proponent for the PSAP presents the 1/2- by 11-inch paper. An authorized security official (for example,
the security manager) verifies the individual’s clearance data before
billet structure to the SAPOC during the SAP approval process and
signing and submitting the DA Form 5749–R to commander or PM
makes adjustments as necessary before the annual revalidation proc-
for signature. Final approval for access rests with the ACA or
ess. TMO maintains a copy of all program billet structures.
designated AAA. The SAP PM maintains the DA Form 5749–R
b. Baseline billets structure. The Army SAP baseline billet struc- (RCS exempt, AR 335–15, para 5–2b(4)) for 2 years after reading
ture identifies positions at HQDA and subordinate commands that off an individual, after which it is destroyed. Upon disestablishment
require access to all baseline SAPs to fulfill leadership, oversight of the SAP, the program disestablishment concept plan must address
and management responsibilities. TMO determines SAPs to be in- disposition of DA Forms 5749–R less than 2 years old at the time of
cluded in the baseline, maintains the baseline billet structure, distrib- disestablishment.
utes changes to the structure, and publishes the complete baseline
billet structure annually. 6–6. Indoctrination
c. Essential functions. The individual SAP billet structure a. Once an AAA has determined that an individual requires ac-
provides for essential program functions to include contractor, secu- cess to a SAP, the AAA indicates his or her approval on the DA
rity, clerical and communications support, as well as staffing for Form 5749–R and signs the form.
other organizations necessary to implement and oversee the pro- b. AAAs can limit the duration of an individual’s access. In these
gram. For baseline programs, the baseline billet structure is automat- cases, the AAA or person conducting the read-on notifies the indi-
ically incorporated into the program billet structure. For non- vidual of the date when his/her access will end. This expiration date

14 AR 380–381 • 12 October 1998

is annotated on the indoctrination form (DA Form 5399–R (Special (3) Maintain the central BSMS data base for all Army SAPs.
Access Program Initial Security Briefing)) (RCS exempt, AR (4) Provide customer service and training support for BSMS us-
335–15, para 5–2b(4)). A copy of DA Form 5399–R is located that ers as required.
the back of this regulation for local reproduction purposes on 8 1/2- (5) Provide projected budget data to BSMS sites.
by 11-inch paper. The expiration date (if any) is included as an
entry in the BSMS data base. When the expiration date arrives, if
the individual has not already been debriefed, the PSM arranges for
a debriefing. Examples of limited duration access are— Chapter 7
(1) Short-term studies and analyses. Industrial Security
(2) Normal tour of duty.
(3) Limited duration operations. 7–1. Defense contractors
c. Individuals authorized to indoctrinate personnel as follows: For purposes of this regulation, a defense contractor is any individ-
(1) Verify the information on the DA Form 5399–R, including ual or entity that submits an offer for and is awarded a Government
the individual’s data and the program’s nicknames. (Note “baseline” contract or conducts business with the Government as an agent or
or “all Army SAPS” may be submitted for individual program representative of another contractor.
names when appropriate.)
(2) Require individuals to read, agree to, and sign DA Form 7–2. National Industrial Security Program
5399–R before being indoctrinated. a. The NISPOM specifies the baseline security procedures for
(3) Provide a copy of the signed initial security briefing to the contractors working on Federal Government projects. A supplement
office of record, normally the program office. to the NISPOM specifies additional procedures that apply to SAPs.
(4) Include in the briefing program specific briefing security re- b. The NISPOM Supplement specifies required security enhance-
quirements (for example, what is sensitive about the program and ments and provides a menu of optional security enhancements for
why), procedures for OPSEC and COMSEC, EEFI, classification use by SAPs. Programs may select from a menu of options to tailor
guidelines, SAEDA reporting, and how to report fraud, waste, and SAP security based on the program’s vulnerabilities to the threat.
abuse without compromising security. Any security enhancements above those specified as required or
(5) Sign the DA Form 5399–R as the witness. optional in the NISPOM Supplement must be approved by the OSD
SAPOC.
6–7. Termination
a. PSMs ensure individuals completing their duties with a SAP 7–3. Contractor Personnel Security
are debriefed by an authorized program representative. Once de- a. The basic personnel security requirements of the NISPOM and
briefed, the individual is no longer authorized access to SAP infor- paragraph 5–4 of this regulation apply to contractors and sub-
mation and is not allowed to disclose program information in the contractors participating in Army SAPs. Contractors are cleared at
future. PSMs, AAAs, or their designated representatives will use the the minimum level of classification commensurate with the level of
locally reproducible DA Form 5401–R (Special Access Program work specified in the contract.
Security Termination Briefing) (RCS exempt, AR 335–15, para b. Defense contractor personnel requiring access to Army SAP
5–2b(4)) for termination briefings. (A copy is at the back of this information must consent to undergo random counterintelligence
regulation for local reproduction on 8 1/2- by 11-inch paper.) scope polygraph examinations. The PM must remove contractor
b. In those instances when an individual cannot sign a termina- personnel from the program who withdraw their consent to undergo
tion briefing statement, the PSM will administratively terminate the a polygraph and report this action to the Contracting Officer.
individual’s access and place the individual’s name and date of
termination on the inactive roster. Additionally, the person making 7–4. Physical Security
the determination that an individual should be debriefed administra- a. The physical security standards contained in paragraph 5–2 of
tively will fill out a DA Form 5401–R (except for the individual’s this regulation and the NISPOM with SAP Supplement provide
signature) and forward it to the office of record. basic guidance concerning physical security within contractor facili-
c. PMs and AAAs continuously review rosters, deleting individu- ties. Each SAP’s security procedures guide clarifies this basic guid-
als no longer requiring access to the SAP. The PM retains SAP ance but cannot specify requirements greater than the NISPOM
access briefing and debriefing statements (for both actual and ad- (with SAP Supplement) without OSD approval.
ministrative debriefs) for 2 years after debriefing an individual after b. DSS coordinates exceptions to contractor facility construction
which they are destroyed. standards to ensure standards do not conflict with NISPOM
requirements.
6–8. Billet structure management system c. DCI Directive (DCID) 1/21 applies to SAPs containing sensi-
a. The billet structure management system (BSMS) is an auto- tive compartmented information.
mated system for maintaining access and billet roster information
for Army SAPs. 7–5. Industrial Security Inspections
b. PMs will— a. SAPs require fully documented comprehensive security inspec-
(1) Use BSMS to manage and maintain access and billet roster tions of contractors by qualified Government industrial security spe-
information. cialists. Under Army policy, the DSS conducts annual industrial
(2) Provide regular BSMS data updates quarterly to the central security reviews of all contractor and subcontractor facilities con-
BSMS data base at SRIA. taining Army SAP material. DSS has an inspection cadre for Army
(3) Perform a comprehensive review and reconciliation of BSMS SAPs which follows contract security inspection standards set by the
data at least annually. NISPOM, the NISPOM Supplement, and the program SPG.
(4) Provide an annual BSMS data base backup to the central b. SAP program offices or proponents coordinate DSS inspec-
BSMS data base at SRIA. tions. The SAP security office extracts appropriate security proce-
(5) Provide funding for BSMS hardware and software dures from the NISPOM Supplement, highlights these in the
requirements. program SPG, and provides them to the appropriately cleared DSS
c. SRIA will— inspectors. Program offices attend DSS inspections only when a
(1) Develop, document, maintain, develop training for, distribute, change in situation requires detailed program attention. Examples
and upgrade the BSMS software. include the initial industrial security (IS) inspection of a facility, a
(2) Provide regular updates of the BSMS data to the program new contractor, a new IS representative, a new contract security
managers and other designated users. officer, or an anticipated security problem.

AR 380–381 • 12 October 1998 15

 c. Army contracts excluding DSS are “carve-out” contracts. Re- actions taken against an employee in the report to DSS when an
quests to carve-out DSS from the industrial security inspection re- individual is found culpable and one or more of the following
quirement for SAP contracts must include extensive justification and factors are evident:
a detailed description of proposed carve-out contracting procedures. (1) The violation occurred due to a deliberate disregard of secu-
Programs submit such requests to TMO for Secretary of the Army rity requirements.
review and DEPSECDEF approval. Carve-out procedures must (2) The violation involved a pattern of negligence or
comply with NISPOM Supplement, AR 380–49, and the Federal, carelessness.
Defense, and Army Acquisition Regulations. Normally, the Army (3) There was a violation of the security terms of the contract.
does not approve carve-out requests. c. Based on the investigation results, the PM makes a decision
(1) INSCOM inspects industrial security for approved carve-out whether to terminate contractor access to the program.
contracts.
(2) Army SAPs with approved carve-out contracts report the sta- 7–8. Contract security requirements
tus of these contracts at their annual SAPOC. This report includes a. The following security guidance is intended for industry.
the number of active carve-out contracts, number of contracts (1) Program SCGs outline classification guidance for contractors.
awarded during past year, total dollar value of all active carve-out (2) DD Form 254 specifies OPSEC requirements determined by
contracts, the names of each carved-out prime and subcontractor, the the SAP PM.
total number of employees who have access to the SAP, justification (3) SAP PSMs prepare and sign the DD Form 254 for each SAP-
for the need to continue the carve-out status of each contract and a related contract and the contracting officer reviews it prior to issue.
summary of the results of the industrial security inspections con- This applies whether the contract itself is classified, an enclosure
(such as the statement of work) is classified, or the contractor
ducted by INSCOM.
requires access to classified information. The PSM annotates block
(3) When contracts no longer require carve-out status, proponents
16 of the DD Form 254 adding TMO to the distribution.
transfer the industrial security inspection responsibility to DSS and
(4) For carve-out contracts, the DD Form 254 identifies all areas,
update the DD Form 254 (Contract Security Classification Specifi-
material or information for which DSS retains security inspection
cation Form) to reflect this change.
responsibility and those remaining under Army security administra-
7–6. Contract Management tion. The PSM annotates blocks 10c and d and block 15 of the DD
a. The program manager or proponent for a SAP, in coordination Form 254 stating the contract contains certain carve-out information
with his/her contracting officer, determines whether the program and provides a copy of the DD Form 254 to the responsible DSS
will employ secure environment contracting procedures and how the security office.
program and contracting officer will ensure positive fiscal and legal (5) Army SAP contracts list AR 380–19, NISPOM, and this
control. The PSM participates in these discussions and reviews the regulation in block 15 of the DD Form 254 as documents governing
security practices of the supporting contracting office. The PM man- accreditation of contractor’s AIS.
ages this process to provide control over potential financial and (6) The program updates DD Forms 254 every 2 years or when
legal abuses. there is a change to the program SCG. The PSM provides a copy of
revisions to TMO.
b. The Defense Contract Audit Agency (DCAA) provides audit
(7) The SAP program manager is responsible for resolving ques-
support by properly cleared auditors.
tions or issues regarding the DD Form 254 or the classification
c. Supporting contracting organizations report SAP contract
guide.
awards by preparing and submitting a DD Form 350, (Individual
b. Once a contract is complete, the contracting officer and PSM
Contracting Action Report) in accordance with AR 715–30, Secure
ensure the contractor—
Environment Contracting.
(1) Inventories and returns all Government material to Govern-
d. SAP research and development contracts are assigned to the ment control.
Defense Contract Management Command (DCMC) for secure envi- (2) Processes contractor requests for post contract retention of
ronment contract administration under FAR Subpart 42.2 and De- classified material. Only the VCSA can approve such requests for
fense and Army FAR Supplements. contractor retention of documents other than that mandated by the
e. Contracting Officers will use a DD Form 254 (Contract Secu- Federal Acquisition Regulation (FAR).
rity Classification Specification) for each SAP contract. This docu- (3) Disposes of classified material according to Army policies
ment makes security requirements a legally binding part of the and regulations and provides a list of all material destroyed to the
contract. The contracting officer forwards a copy of each DD Form PSM.
254, including all revisions, to TMO.
f. The PSM indoctrinates personnel involved in soliciting, evalu-
ating, negotiating, approving, and awarding a SAP-related contract
at an appropriate level. Those indoctrinated include the contracting Chapter 8
officer, a legal representative, and appropriate contracting support Information Mission Area
personnel.
8–1. General
7–7. Security infractions, violations, and compromises at a. This chapter describes the essential parameters and procedures
contractor facilities to follow to ensure the Information Management Area (IMA) sup-
a. Contractor personnel report compromises, suspected compro- port provided to Army SAPs and sensitive activities is secure. The
mises, or other security infractions involving SAP information to the IMA encompasses communications, automated information systems
contractor security manager, who, in turn, immediately reports to (AIS), audio/visual support, records management, printing and
the DSS industrial security representative and the PM who, in turn, publications.
immediately reports to the PSM and DSS. The contractor is required b. TMO establishes SAP-specific IMA policy and validates new
to conduct a preliminary investigation that outlines the details of the requests for IMA support.
incident and submit a copy of the report of investigation if there is a c. DISC4 approves all requests for Information Management
probable compromise to the program office and DSS. DSS will (IM) support to SAPs and sensitive activities.
conduct an administrative inquiry if they determine further action is d. The USACECOM is the Army’s executive agent for informa-
necessary, or at the request of the program office. The PSM must tion systems support of sensitive activities and serves as the DA
inform DAMI–CHI through SAP reporting channels within 24 focal point for staff management and oversight of IM support to
hours. sensitive activities.
b. The contractor will include a statement of the administrative e. At the direction of USACECOM, the Technology Application

16 AR 380–381 • 12 October 1998

Office (TAO) performs project management support of Army SAPs 8–6. Information Management support
and sensitive activities. a. Army sensitive activities and SAPs requiring IM support (as
authorized in an approved IMSP) should submit their request to the
8–2. Information Systems Requirements Package U.S. Army Communications-Electronics Command, Technology
SAP activities must document initial IM support requirements (for Applications Office (TAO) (AMSEL–TA) with information copies
example, secure voice, data, facsimile systems) in an Information to HQDA (DACS–DMP and SAIS–PAJ–O). The USACECOM
Systems Requirements Package (ISRP) and submit it as an enclo- TAO will review support requests for conformity with the approved
sure to the initial request for PSAP status. A suggested format for program IMSP and justify, if appropriate, the use of special proce-
an ISRP is at appendix K. dures in lieu of normal/routine support procedures. The
USACECOM TAO will redirect all taskings which fall beyond the
8–3. Information Management Support Plan scope of an approved IMSP to TMO.
a. Following SAP establishment, program managers prepare de- b. Army sensitive activities and SAPs requiring IM support, not
tailed IMSPs. This plan identifies IM resources necessary to accom- reflected in an approved IMSP, will submit requests through TMO
plish the assigned information mission throughout the program’s (DACS–DMP) for review and concurrence, to DISC4
life-cycle, drawing from ISRP requirements. The IMSP defines the (SAIS–PAJ–O) for validation and approval. DISC4 will subsequ-
system architecture, establishes configuration management, property ently forward approval support taskings to USACECOM–TAO for
accountability, acquisition strategy, information security oversight execution.
and command and control structure. The IMSP identifies the PM’s
future IS objectives, the current system and the strategy of how 8–7. Records management
special access program IM goals are achieved. a. The PM will determine the records which are necessary to
b. The program manager oversees formulation and promulgation maintain “Adequate and Proper Documentation” of the program and
of the IMSP. Upon request, the TAO provides technical advice and its operations. SAP PMs will create and maintain a comprehensive
support to PMs in preparing the IMSP. documentation system in the form of record files to explain how
decisions were reached and how business was conducted. Although
c. Program managers submit the IMSP through TMO for review
access to these files is restricted, the records remain subject to
and concurrence to HQDA, DISC4, for validation and approval. The
appropriate HQDA and DOD oversight inspections. Program man-
IMSP is the baseline for all IMA support of the program. Upon
agers must ensure that needed records are recorded and maintained
approval, the program manager will provide a copy of the IMSP to
in official files. Program managers will also ensure that like require-
TMO who retains a copy of the plan to facilitate oversight. Appen-
ments are included in the design and implementation of electronic
dix L outlines the suggested format for the IMSP. systems supporting their programs. Records Management provisions
must be included in the establishment and disestablishment planning
8–4. Accreditation
process for each SAP.
a. Program managers are required to have all IM that process
b. Program Managers will maintain the record files per AR
SAP information accredited under AR 380–19. Additionally—
25–400–2. File definitions, retention and disposition instructions for
(1) SAPs will operate systems in the dedicated security mode
SAP-related files are found in the MARKS 380–381 file series. As a
unless a waiver has been approved by HQDA (DAMI–IM).
minimum, the SAP record file shall include—
(2) Program managers will request accreditation at the sensitivity (1) Establishment files;
level appropriate to the classification of the material involved. The (2) Policy file;
accreditation authority for systems processing SAP information is (3) Operational files (to include access files);
the MACOM commander, or DA Staff agency director, unless the (4) Contract management files;
system is a single user system such as a personal computer. SAP (5) Financial management files;
managers accredit personal computers in accordance with AR (6) Oversight files;
380–19. Army managers of SAPs with SCI content must accredit (7) R&D specifications and drawings files;
their IS in accordance with DCID 1/16 and agency-specific guid- (8) Security management files;
ance. Accreditation for non-Army SAPs with no SCI content will be (9) Recurring report files;
in accordance with AR 380–19 and program-specific guidance. (10) Disestablishment files;
b. Program managers provide a coordinated accreditation pack- (11) SAP congressional reporting files;
age, any coordination reports, and their recommendations to the (12) SAP critical technical data files;
accrediting authority, who then determines if the automated system c. The PM identifies, maintains, and forwards historical docu-
may process SAP information. ments to be archived. When a PM identifies SAR-related records
(1) Programs normally prepare accreditation packages without in- that are of no current use, but have historical value, he or she will
cluding SAP information and process them through the security contact the SRIA to place these records into the SAP archive. PMs
office (of the command owning and operating the computer in will forward to SRIA only those permanent records that cannot be
question), to the appropriate accreditation authority. Security person- archived at another records holding area or Army records center.
nel need not be in an approved SAP billet to process this When a PM is preparing a SAP for disestablishment, he or she must
documentation. contact SRIA, before developing a disestablishment concept, to co-
(2) In those rare instances where an accreditation package must ordinate archiving responsibilities. The 380–381 file series, AR
include SAP information, program managers will process the pack- 25–400–2, contains detailed retention and disposition instructions
age through SAP channels to the appropriate accreditation authority. for SAP files. Detailed procedures to effect transfer of records are
established in the SRIA Records Management Memorandum of
8–5. System Maintenance Instruction.
When maintenance or programming must be performed on IS that d. Records submitted to the SRIA will include, as a minimum,
process SAP information, only the Information Systems Security the following:
Manager or Information Systems Security Officer for the SAP site (1) SAP establishment files
may authorize the removal of system components from the SAP (2) SAP congressional reporting files
automation site including magnetic media. Systems components that (3) SAP critical technical data files
cannot be declassified will not be removed from the automation site (4) SAP annual and recurring reports files
for maintenance. Programmers and maintenance personnel must (5) SAP disestablishment files;
have a security clearance commensurate with the highest level of e. PMs will send retirement requests for SAP and SAP related
information stored on the system in question. sensitive records to SRIA (DACS–DMP–SR), Chief of Staff, 200
Army Pentagon, Washington, DC 20310–0200. PMs must submit

AR 380–381 • 12 October 1998 17

the following information in their archiving request: the originating OGC and PAED. ASA(FM&C) will ensure the reprogramming ac-
agency; the SAP program; highest classification of enclosures; num- tion complies with HQDA directives and DOD guidance. Requests
ber of documents and total number of pages being forwarded; en route to the USA will also be reviewed by the VCSA.
method of transfer; desired dates of transfer; program POC name, (4) TMO will prepare a summary report in October, for the USA,
address, telephone, and FAX numbers. Transfer of records to listing all SAP reprogramming executed during the fiscal year.
HQDA (SRIA) will be governed by the SRIA Memorandum of
Instruction for Transfer of Records and by procedures found in AR 9–4. Disestablishment
25–400–2. When disestablishing a SAP, the MACOM/PEO prepares a dises-
tablishment concept plan that addresses fiscal control (app F). The
plan identifies SAP budget lines that will have funds remaining
when the program disestablishes and proposes disposition of these
Chapter 9 funds.
Funding
9–5. Annual SAP reports
9–1. SAP funding In the first quarter of each fiscal year, SAP managers submit a SAP
The Army will fund only properly registered and approved SAPs. Report through the ARSTAF proponent to TMO. OUSD(A&T)/
TMO is required to report all Army-funded SAPs to Congress on an DSP) provides the report format and preparation instructions in a
annual basis. memorandum to the Services. SAP reports cover program activities
of the past fiscal year, planned activities and funding requirements,
9–2. Establishment phase and justification for continued SAP status. TMO consolidates these
a. During the SAP establishment phase, the MACOM/PEO sub- SAP reports and submits them to OUSD(A&T)/DSP). OUS-
mits a memorandum proposing the program for SAP status (see app D(A&T)/DSP) consolidates the reports of each Service for submis-
B). This proposal must include an estimated amount of funds sion to Congress. These reports collectively become the justification
needed for the program, listed by appropriation (for example, book for the classified portion of the President’s Budget. OSD
RDTE, procurement and OMA funds). publishes guidance annually regarding format and suspense dates for
b. The ARSTAF proponent, PA&E, and ASA(FM) evaluate the SAP reports.
proposed funding and management structure. The management
structure must specify distinct program elements (PE), project codes
and standard study numbers (SSN). The ARSTAF proponent also
assigns the program to the appropriate Management Decision Pack-
age (MDEP).
c. MACOM/PEO/PMs are prohibited from providing funds to
PSAP requirements without prior written authorization of Chief,
TMO. Chief, TMO can authorize funds for administration and secu-
rity purposes for a PSAP until SAP status is granted by OSD (30
days after congressional notification).

9–3. Maintenance phase

a. Budget estimate submission. Program managers justify a con-
tinuing need to fund a program by submitting a budget estimate
submission (BES) every August. The BES identifies resources nec-
essary to maintain the program and provides information on the
prior year, the current year and the 2 budget years. OSD publishes
guidance annually regarding the format and suspense dates for
Budget Exhibits.
b. Program budget decision. Program budget decisions (PBDs)
are issued between October and December, after OSD’s review of
the BES. Using the PBD, OSD proposes changes to the Army
Budget. The Army then has the opportunity to submit reclamas
(counter-arguments) to OSD. To facilitate the preparation of these
reclamas, MACOMs/PEOs provide input to appropriate ARSTAF
proponents who validate the input and forward reclamas through
TMO to ASA(FM&C).
c. SAP reprogramming. Reprogramming includes transfers be-
tween appropriations, transfers between program elements (PE) in-
ternal to an appropriation, and transfers within a PE from one
project code to another.
(1) Reprogramming requests must be evaluated in terms of DOD
guidance provided in DODFMR Volume 3, on requirements for
Congressional notification and/or prior approval. If congressional
notification or prior approval is required, the USA will be the
Army’s approval authority for reprogramming.
(2) When USA approval is not required, the ARSTAF proponent
can approve SAP reprogramming requests after review by the of-
fices listed in (3) below. ARSTAF proponents for SAPs at HQDA
are: ASA(RDA) for acquisition SAPs, ODCSINT for intelligence
SAPs, and ODCSOPS for operations and support SAPs.
(Reprogramming Format is at app I.)
(3) Regardless of the approving official, all requests to reprogram
SAP funds must be reviewed by: ASA(FM&C), TMO, OTJAG,

18 AR 380–381 • 12 October 1998

Appendix A (U) AR 37–64
References Finance and Accounting for Special Mission Funds (C)

Section I AR 37–100–Series
Required Publications The Army Management Structure

AR 11–2 AR 70–1
Management Control. (Cited in para 4–2a.) Systems Acquisition Policy and Procedures

AR 25–400–2 AR 70–6
Modern Army Recordkeeping System (MARKS). (Cited in para Management of the Research, Development, Test, and Evaluation
2–31a.) Army Appropriation

AR 380–5 AR 70–9
Information Security Program. (Cited in paras 4–2e(4), 4–2l, 5–2d, Army Research Information Systems and Report
5–3c, 5–3h(1), 5–3l, 5–3j, 5–8b(3).)
AR 70–10
AR 380–19 Test and Evaluation During Development and Acquisition of
Information Systems Security. (Cited in para 7–8a(5), 8–5a(2), and Materiel
8–8c.) AR 70–11
Dissemination of Scientific and Technical Information
(U) AR 380–19–1
Control of Compromising Emanations (C). (Cited in para 5–3c(1).) AR 71–3
User Testing
AR 380–67
Personnel Security Program. (Cited in para 5–4b(1) and 5–4e.) AR 71–9
Materiel Objectives and Requirements
(U) AR 381–14
Military Intelligence Technical Surveillance Countermeasures (S). AR 195–2
(Cited in para 5–5c(3).) Criminal Investigative Activities
AR 530–1 AR 195–6
Operations Security (OPSEC). (Cited in para 4–2 and 5–8e.) DA Polygraph Activities

AR 715–30 AR 335–15
Secure Environment Contracting. (Cited in para 7–6c.) Management Information Control System

DOD 5220.22–M AR 380–10

National Industrial Security Program Operating Manual. (Cited in Technology Transfer, Disclosure of Information and Contacts with
paras 5–2d, 5–3e, 5–4b(1), 7–2, 7–3a, 7–4a, 7–5a.) Foreign Representatives.

DOD 5220–22–M Supplement AR 380–28

National Industrial Security Program Operating Manual Supplement. Army Special Security Officer and Office System
(Cited in 7–2b.)
AR 380–40
Section II Policy for Safeguarding and Controlling COMSEC Materiel
Related Publications
AR 380–49
A related publication is a source of additional Industrial Security
nformation. The user does not have to read a related publication in
AR 380–53
order to understand or use this regulation.
Communications Security Monitoring
AR 1–1
AR 381–10
Planning, Programming, Budgeting and Budgeting Execution
U.S. Army Intelligence Activities
System
AR 381–11
AR 11–7 Threat Support to U.S. Army Force, Combat, and Materiel
Internal Review Development
AR 20–1 AR 381–20
Inspector General Activities and Procedures The Army Counterintelligence Program
AR 25–1 AR 381–25
The Army Information Management Resources Program Safeguarding Information Pertaining to Certain HUMINT Activities
AR 25–55 (U) AR 381–26
Army Freedom of Information Act Program Foreign Materiel Exploitation Program (C)
AR 37–47 (U) AR 381–47
Contingency Funds of the Secretary of the Army USA Counterespionage Activities (S)

AR 380–381 • 12 October 1998 19

(U) AR 381–102 DA Form 5401–R
Intelligence Operational Support Activities (S) Special Access Program Security Termination Briefing. (Prescribed
in para 6–7.)
(U) AR 381–141
Provisions for Administration, Supervision, Control, and Use of DA Form 5749–R
Intelligence Contingency Funds (C) Special Access Program Request for Access. (Prescribed in para
6–5.)
(U) AR 381–143
Logistics Policies and Procedures (C) DA Form 5750–R
Inadvertent Disclosure Oath. (Prescribed in para 5–9.)
AR 600–50
Standards of Conduct Section IV
Referenced Forms
DOD 5200.1–R
DD Form 254
Information Security Program
(Contract Security Classification Specification)
DOD 5200.2–R DD Form 350
Personnel Security Program (Individual Contracting Action Report)
DOD 5205.7
Special Access Programs
Appendix B
DOD 5210.48–R Establishment
DOD Polygraph Program
B–1. Establishment Checklist/Timeline
DOD 5210.74 The following (table B–1) is a list of the major events required to
Security of Defense Contractor Telecommunications establish a SAP.

DOD 5230.11
Disclosure of Classified Military Information to Foreign Table B–1
Governments and International Organizations SAP establishment timeline
Day Event
DOD 5505.2
0 Memo requesting PSAP status sent to TMO.
Criminal Investigations of Fraud Offenses
15 PSAP memo staffed within HQDA.
40 TMO approves PSAP and dispatches PSAP approval
(U) DOD S–5105.21–M–1 memo to PMSAP security controls applied. Guidance on
Sensitive Compartmented Information Administrative Security request for SAP establishment memo given.
Manual (C) Knowledgeability roster started.
60 Proponent submission of proposed structure and man-
(U) DOD TS–5105.21–M–2 ning proposal to USAFMSA for preliminary validation.
Sensitive Compartmented Information (SCI) Security Manual, 100 PM submits draft security plan/billet structure, draft
COMMINT Policy (S) SAPOC briefing slides, and Request to Establish SAP
memo to TMO.
120 USAFMSA manpower report submitted.
(U) DOD TS–5105.21–M–3
130 TMO conducts working SAPOC.
Sensitive Compartmented Information (SCI) Security Manual, TK 160 HQ DA SAPOC meets.
Policy (TS) 180 TMO submits SAPOC paperwork to OSD.
220 DEPSECDEF approves SAP.
(U) DOD S–5210.36 Tbd OSD submits notification letters to Congress.
Provision of DOD Sensitive Support to DOD Components and Tbd+30 SAP can obligate funds.
Other Departments and Agencies of the U.S. Government (S)

DOD 7000.14–R Volume 5 B–2. Format for requesting establishment of a

Department of Defense Financial Management Regulation prospective Special Access Program
(Disbursing Policy and Procedures) a. The proponent submits a request to establish a PSAP in the
format shown below through the chain-of-command to TMO.
DOD 7250.5 b. Format of the request follows.
Reprogramming of Appropriated Funds (1) Agency/proponent of the PSAP and chain of command from
program office to HQDA.
DOD 7600.7–M
(2) Relationship to other programs in DOD or other Government
Internal Audit Manual
agencies.
DFAS 37–1 (3) Rationale for PSAP establishment.
Finance and Accounting Policy Implementation (a) Critical elements (essential program information, tech-
nologies, and systems (EPITS)) of the program which cannot be
Section III adequately protected under the provisions of AR 380–5 and reasons
Prescribed Forms why collateral measures are inadequate.
(b) Recommendation and justification of category for the SAP.
DA Form 5399–R (4) Funding sources and funding profile by appropriation.
Special Access Program Initial Security Briefing (Prescribed in para (5) Key Program Personnel
6–6.) (a) Agency POC (position, address, and phone).
(b) Program manager (address and phone).

20 AR 380–381 • 12 October 1998

 (c) Program security manager (address and phone). (2) Has the Secretary or the Deputy Secretary of Defense ap-
proved the program for SAP status?
B–3. Format for requesting establishment of a Special (3) Does the Program Manager have a copy of the SAP approval
Access Program (SAP) document?
The proponent submits a request to establish a SAP to TMO in the (4) Have manpower authorizations been validated by DCSOPS
format shown below. within the past 12 months?
a. Agency/proponent and chain of command from Program Of- (5) Is the program’s nickname and subcompartment nicknames or
fice to HQDA. code words, if appropriate, assigned by the Technology Manage-
b. PSAP establishment date. ment Office (TMO)?
c. Relationship to other programs in DOD or other Government (6) Is the SAP revalidation approval briefing presented annually
agency. to the SAPOC?
d. Rationale for SAP establishment. b. CATEGORY: SAP Security Management.
(1) Critical elements of the program which cannot be adequately (1) Are the program’s security measures commensurate with the
protected under the provisions of AR 380–5 and reasons why collat- program’s category level (UP AR 380–381) and the threat?
eral measures are inadequate. (2) Is the security officer’s status (full time or part time) consis-
(2) Multidisciplined counterintelligence threat to the program. tent with the program’s category?
(3) Recommended SAP category with rationale. (3) Does the program have a current security plan which includes
e. Access. a security procedures guide, classification guide and OPSEC plan?
(1) Access Control Authority (4) Are CAT I and II program billet structures current, accurate
(2) Access Approval Authorities. and sufficient (that is, meet security and operational needs)?
(3) Estimated number of people with access. (5) Are program access rosters current and accurate?
f. Program Security Plan (include Security Classification Guide, (6) Is the classification guide current? Did the TOP SECRET
Security Procedures Guide, OPSEC Plan, billet structure and pro- original classification authority (OCA) approve the SCG?
gram indoctrination briefing). (7) Does the program have required counterintelligence docu-
g. Key Program Personnel (include address and phone numbers). mentation to include a comprehensive OPSEC assessment, annual
(1) Program manager. OPSEC assessment and technical services plan (when required)?
(2) Program security manager. (8) Has the ACA identified in writing all access approval authori-
(3) Contracting office and its location. ties (AAA) for the program?
h. Information Systems Requirements Package (9) Do all access approval authorities (AAAs) have a listing of
i. Any Memoranda of Understanding (MOUs) (if applicable). their duties and responsibilities?
j. Anticipated cost, proposed funding profile and location of ac- c. CATEGORY: Secure Environment Contracting (SEC).
counting support. (1) Do vendors have adequate protection for SAP material?
k. Management control for the program. (2) Has the DD Form 254 been forwarded to TMO and DSS?
l. Proposed manpower requirements and personnel profile dis- (3) If a patent contains SAP information, was FAR Clause
played by officer, warrant officer, enlisted, and DA civilian. Include 52.227–10 included in the contract? Did the vendor forward the
proposed grade and MOS/job series. proposed patent through the Procuring Contracting Officer (PCO) to
m. Agency POC (position or title, address, and telephone the SAP program manager? Did the Program Manager forward the
number). patent filing information through HQDA, ASA(RDA) ATTN:
SARD–SO, to TMO for VCSA approval?
d. CATEGORY: Financial Management.
(1) Does the Program report accurate information to the HQDA
Appendix C SAP Program Performance and Budget Execution Review System
Management Control Evaluation Checklist (PPBERS) committee?
(2) Are all reprogrammed funds approved by the Under Secretary
C–1. Function of the Army or by the ARSTAF proponent?
Use this management control evaluation checklist for Special Ac- (3) Are the program’s SAP funding nicknames assigned by the
cess Programs (SAPs), AR 380–381 TMO?
(4) Does the program prepare and submit a congressional de-
C–2. Purpose
Use of this checklist assists MACOM commanders, program execu- scriptive summary (CDS) annually?
tive officers, and program managers in their key management con- (5) Are annual budgets submitted to support timely receipt of
trols. It is not intended to cover all controls. funding for program operations?
e. CATEGORY: Audits and Inspections.
C–3. Instructions (1) Has the program manager coordinated with the supporting
Answers must be based on the actual testing of key management IRAC office to ensure the SAP is included in the command’s
controls (for example, document analysis, direct observation, inter- auditable entity file?
viewing, sampling, simulation, other). Answers that indicate defi- (2) Has an IRAC auditor reviewed the MCP annual assurance
ciencies must be explained and corrective action indicated in the statement for SAP considerations?
supporting documentation. These management controls must be (3) Do auditors have program access to conduct reviews?
evaluated every 5 years. Certification that this evaluation has been (4) Has the SAP had an USAAA audit or SAIG–IO inspection
conducted must be accomplished on DA Form 11–2–R (Manage- within the past 2 years?
ment Control Evaluation Certification Statement). DA Form 11–2–R (5) Are non-IRAC audit and inspection findings formally incor-
is at the back of this publication to be locally reproduced on 8 1/2- porated into the Fix-It process and tracked until resolved?
by 11-inch paper. f. CATEGORY: Information Systems and SAP Records Manage-
ment.
C–4. Test questions (1) Is the program IMSP current and has it been submitted
The test questions below are divided into categories involving sepa- through the TMO for approval by DISC4?
rate areas of SAP management controls. (2) Are the Program’s Automated Information Systems (AIS)
a. CATEGORY: SAP Management. accredited?
(1) Has the Army SAPOC recommended the program for SAP (3) Does the Program security procedures guide address AIS and
status? comply with appropriate regulations?

AR 380–381 • 12 October 1998 21

 (4) Has the Program office established SAP files in accordance D–4. Foreign targets and technology (fig D–4)
with AR 25–400–2?
(5) Does the program office review and separate permanent files D–5. External threat assessment (fig D–5)
and other appropriate documents for transfer to SRIA?
(6) Does the Program office destroy SAP temporary files and D–6. Security assessment (fig D–6)
working documents in accordance with AR 25–400–2 and AR
380–5? D–7. Access status (fig D–7)
— Total number of billets (CAT I & II).
C–5. Comments — Current total number having access.
Help make this a better review tool. Submit comments to the HQDA — Number change from previous year.
functional proponent: Chief of Staff (Technology Management Of-
— ACA and list of AAAs.
fice (DACS–DMP)), 200 Army Pentagon, Washington, DC
20310–0200.
D–8. Milestone chart (fig D–8)
— Highlight any past SAPOC decisions affecting program.

Appendix D D–9. Funding profile (fig D–9)

Format for SAPOC Briefing — Current/projected funding (amount and source).
— Location of FAO support.
D–1. Program description (fig D–1)
— Mission statement or purpose. D–10. Manpower profile (fig D–10)
— Program origin. — Personnel number (working in the program).
— Date of last manpower survey.
D–2. Justification for SAP category (fig D–2)
— What requires protection.
— Security objectives. D–11. Contracting (fig D–11)
— Justification for category 1 status (if applicable).
D–12. SAP inspections and audits (fig D–12)
D–3. Relationship to other programs (fig D–3)
— DA, AF, Navy. D–13. Issues/problems (fig D–13)

D–14. Decision sought (fig D–14)

Figure D-1. Program description

22 AR 380–381 • 12 October 1998

Figure D-2. Justification for SAP category

Figure D-3. Relationship to other programs

AR 380–381 • 12 October 1998 23

 Figure D-4. Foreign targets and technology

Figure D-5. External threat assessment

24 AR 380–381 • 12 October 1998

Figure D-6. Security assessment

Figure D-7. Access status

AR 380–381 • 12 October 1998 25

 Figure D-8. Milestone chart

Figure D-9. Funding profile

26 AR 380–381 • 12 October 1998

 Figure D-10. Manpower profile

Figure D-11. Contracting

AR 380–381 • 12 October 1998 27

 Figure D-12. SAP inspections and audits

Figure D-13. Issues/problems

28 AR 380–381 • 12 October 1998

 Figure D-14. Decision sought

Appendix E 3. FY total includes all types of $ (R&D, Procurement, O&M, and

Guidance on Preparing the Standard SAPOC Slide so forth)
(QUAD Chart) 4. Schedule bars should be accurate to the month if possible.
The following is guidance to be used to prepare the standard
SAPOC slide (QUAD Chart). FORMAT INSTRUCTIONS:
1. Slide generated using Powerpoint software.
UPPER LEFT HAND SIDE: 2. Slide is black background — Words and lines are white unless
1. Photo/line drawing/artist sketch of item being developed. If a
otherwise specified.
technology, an illustration of the technology application. An explan-
atory caption may be included. 3. Page setup is 9.4 by 7.4 inches. Box is 9.0 by 6.6 inches centered
2. “A picture is worth a thousand words.” on the page.
4. All fonts are HELVETICA.
UPPER RIGHT HAND SIDE: 5. Classification is red (RD8), bolded, 18 point.
1. Program status. 6. Major headings (STATUS — ISSUES, XXX YYYY PRO-
2. Important issues affecting program status or progress. GRAM, and BUDGET & SCHEDULE) are bold, 14 point.
7. Bullets are 85 percent of character size — color yellow (YW8).
LOWER LEFT HAND SIDE 8. Program narrative and issues are 12 point, non-bold.
1. BRIEF program description. What is it? Where is program going? 9. Budget & Schedule headings are 14 point, non-bold.
What need does it fill? Why is it a SAP? 10. Budget & Schedule detail is 12 point, non-bold.
2. Highlight major points and successes or problems. 11. Follow-on slides use the same layout, letter sizes and color
scheme except quad chart format not required.
LOWER RIGHT HAND SIDE:
1. Include current FY and next two FYs as a minimum.
2. Include most recent or next (whichever is closer) milestone or
DAB level review.

AR 380–381 • 12 October 1998 29

 Figure E-1. Quad chart

Appendix F j. Contracting considerations. Close out and final contract pay-

Disestablishment Concept Plan ment reconciliation with funds obligated in accounting records.
Note. Contractor turns over all SAP material to the PSM.
F–1. Format
There is no prescribed format for the disestablishment concept plan.
Appendix G
F–2. Content
Disestablishment Certification Checklist
Each disestablishment concept plan must address the following:
a. Basis/rationale for disestablishment. G–1. Checklist
b. Fiscal controls. What is the plan for funds not obligated and MACOMs/PEOs and PMs use this checklist to certify SAP dises-
funds obligated but not disbursed? What is the plan for transfer and tablishment is complete:
control of prior year accounting records? a. Access controls eliminated.
c. Recommended disposition of SAP records and files. b. Normal oversight restored.
d. Disposition of any Government-owned property, both GFE or c. Disposition of SAP funds finalized (current and prior year).
purchased by vendor. d. LOAs and EADs for SMF or ICF canceled, if applicable.
e. Status of open contracts compared with funds available.
e. Recommendation on security level of remaining program, if
f. Project funds reprogrammed.
any (collateral, incorporated into another SAP, unclassified, and so
g. Nickname and/or code words no longer in use.
forth).
h. Indoctrination forms no longer used.
f. Legal considerations. i. Special markings no longer used.
g. Coordination with appropriate ARSTAF proponent, j. Polygraph program terminated (if applicable).
DAMI–CHS, and TMO to ensure new security guidance is applied k. DSS notified.
to any related DOD program. l. Updated SCG published and distributed.
h. How debriefings are to be handled. m. SAP security plan no longer used.
i. How documents are to be remarked. n. SAP hardware properly disposed.
o. SAP files and records properly disposed.

30 AR 380–381 • 12 October 1998

 H–7. Program office
p. Debriefings complete. In the upper right-hand block entitled “Proponent,” enter the name
q. Updated DD Form 254 issued to the contractor by contracting of the program office, POC, and telephone number.
officer detailing his or her actions concerning program material and
security. H–8. Funding
r. USAFMSA notified. Directly under “Proponent” is the “Resource Summary” block. The
first subheading shows funds “appropriated” by Congress for the
G–2. Certification memorandum current and previous year. The “Programmed” amount is the appro-
After the MACOM/PEO, in coordination with INSCOM/902nd priated amount minus adjustments for Small Business Innovation
MIG, certifies that disestablishment is complete, the program man- Research (SBIR), closed account, and approved reprogrammings. In
agers will forward a memorandum through the chain of command to the upper right corner of the block, enter the Program Element (PE).
TMO specifying all actions specified in this checklist are complete.
H–9. Discussion
In the “Analysis” block, discuss—
a. Plans for funds carried over from previous FY.
Appendix H b. Why actual obligations or disbursements differed from plan (if
Program Performance and Budget Execution Review > 10 percent), and how and when the program will be back on
System Charts track.
c. What unresolved issues remain.
Use the following instructions to complete the PPBERS charts (figs
d. Differences between appropriated and programmed amounts
H–1 and H–2).
(that is, SBIR, closed account, and reprogrammings).
e. Current personnel strength for military and civilian employees,
H–1. Paper and markings
including matrix support. Here you must show all personnel who
Prepare a PPBERS chart for each program appropriation on 8 1/2–
spend at least 50 percent of their time in support of the program.
by 11–inch white bond paper and place proper security classification
Totals must be in whole numbers and must be updated quarterly.
markings at the top and bottom of each chart. See figure H–1.
f. Date of the last audit (DAIG, DODIG, AAA, and so forth).
H–2. Fiscal year and quarter H–10. OMA funds
In the upper left block entitled “FY” and “Qtr,” enter the fiscal year Prepare a separate PBBERS chart for OMA funds. Enter current
and quarter under review. fiscal year data only. Track obligations only. See OMA sample at
figure H–2.
H–3. Program nickname
In the upper middle block entitled “PGM,” enter actual program H–11. Procurement funds
nicknames. Do not use funding nicknames. Prepare a separate PBBERS chart for procurement funds. Enter the
same data as shown on the RDTE sample PBBERS chart (figure
H–4. Current year H–1). Since procurement SAPS are funded for 3 years, prepare a
Directly under the “Overall Program Objective,” display bar graphs summary line for each of the 2 preceding years above the current
of planned and actual obligations and disbursements for current FY year’s quarterly breakdown in the “resource details” box.
funding. Enter the type of appropriation (that is, RDTE, OMA or
PROC) at the top center of the bar graph. The “X” axis shows the
quarters of the fiscal year; the “Y” axis on the left side shows the
program dollars in millions. The columns represent amounts cumu-
lative by quarter. The “Y” axis on the right side shows the percent
of total program.

H–5. Obligations and disbursements

The block directly under the bar graph entitled “Resource Details”
contains cumulative amounts of obligations and disbursements and
is divided as follows:
a. “QTR/FY” – Use the first line to display the previous year
cumulative amounts (plan and actual obligations; actual disburse-
ments). Break out current year amounts by quarter.
b. “Plan” – Equals the cumulative amount of funds planned for
obligation. This figure does not include prior year funding carried
over.
c. “Actual” – Reflects actual cumulative obligations and dis-
bursements shown at the end of quarter in official accounting
reports.
d. “DA GOAL” – Shows the DA goal percentage.
e. “ACTUAL” (% Program) – Shows the percentage derived by
dividing the actual obligations/disbursements by the total pro-
grammed amount for that FY (that is, the amount shown in the
resource summary block). Address all deviations > 10 percent in the
analysis section.

H–6. Deviation
In the top upper right-hand corner of the chart, rate the program
RED (deviation > 15 percent), AMBER (deviation 10–15 percent),
or GREEN (deviation < 10%).

AR 380–381 • 12 October 1998 31

32
AR 380–381 • 12 October 1998

Figure H-1. RDTE PPBERS chart (example)

AR 380–381 • 12 October 1998

Figure H-2. OMA PPBERS chart (example)

33
Appendix I
Reprogramming Request Format
The following (fig I–1) is a sample reprogramming request.

Figure I-1. Sample reprogramming request

34 AR 380–381 • 12 October 1998

Appendix J
Fix-It Status Sheets
Figure J–1 is an example of a Fix-It Status Sheet.

Figure J-1. Sample Fix-It Status Sheet

AR 380–381 • 12 October 1998 35

Appendix K 2. Purpose
Format for Information Systems Requirements Summarize the proponent’s requirements.
Package
Use the following format when preparing the Information Systems 3. System Description
Requirements Package. Describe, in detail, the general system, network, facilities, equip-
ment, services, and support required to satisfy the proponent’s
1. General requirements.
a. Unclassified name or short title of program.
b. Name of project proponent. 4. Technical Analysis and Cost Estimates (TACE)
c. Project participants (agency name, address, point of contact, Provide a technical analysis of future IS systems, including a cost
and secure/nonsecure telephone numbers). estimate covering five fiscal years and an annual estimate for sus-
d. Format taining O&M over the life-cycle of the project.

2. Scope of Requirement 5. Management, Command, and Control

Indicate the management, command, and control structure of the
3. Urgency project participants. Include personnel and organizations both inter-
a. Priority need. nal and external to the command structure.
b. Implementation
6. Financial Management
c. Date initial operational capability required.
Identify the financial management structure, procedures, and
d. Date final operational capability required. methodologies to be applied against the project. It is the SAP man-
e. Impact if service is not provided. ager’s responsibility to budget for information management support.
4. Existing Capability 7. Resource Management
a. Common user or dedicated information systems capabilities a. Manpower. Determine the realistic and prudent manpower re-
that presently exist or are available. quirements to support the IS initiative throughout its life-cycle.
b. How capabilities satisfy any portion of IM requirement in their b. Material. Indicate the material required to support the project
present or modified state. and identify issues and details relevant to the acquisition and imple-
mentation of the project.
5. Security Management
c. Funds. Indicate the methodologies to be applied against the
a. Name of security manager.
project.
b. Unique security requirements.
c. Appropriate extracts of the program security plan and classifi- 8. Security
cation guide. a. Billets and Access.
b. Describe, in detail, the information systems security concept.
6. Funding
Type and source of funds to be used for information systems 9. Operations Security
acquisitions. Describe the Security Plan for the project’s Information Systems.
7. Procurement 10. Architecture and Configuration Management
Concept for procurement of information systems. Identify systems, networks, and equipment fielded to ensure com-
patibility with the Army information architecture.
8. Accountability a. Establish an information systems Configuration Control Board
Describe the concept for property accountability.
and procedures for controlling changes, enhancements, and system
upgrades.
9. Technical Requirements
a. Type of service required. b. Identify a Configuration Control Manager for the information
systems project.
b. Type of traffic to be transported.
c. Interfaces with existing systems, networks or equipment. 11. Project Implementation
d. Different capabilities required for different phases of the Describe how the information systems project will be implemented
project. over initial, expanded, and final phases.
e. For COMSEC material/equipment, the supporting COMSEC
account number(s), name, address, and telephone number(s) of 12. Operations and Maintenance (O&M)
COMSEC custodian(s). Identify roles, relationships, and responsibilities concerning the op-
f. Resource requirements, engineering, fabrication, installation, eration and maintenance of the information systems, networks, and
operations, training, and maintenance necessary to provide service. equipment.

13. Memoranda of Understanding (MOU)/Interservice

Support Agreements (ISSA)
Appendix L Indicate any MOU/ISSA that would be required to effectively exe-
Format for Information Management Support Plan cute the project.
Use the Format for Information Management Support Plan (IMSP)
to identify the finite IM requirements of a SAP or sensitive activity. 14. Integrated Logistic Support
The clarity provided in the IMSP merely amplifies the IM require- Describe the integrated logistic support concept for the information
ments generally referred to in the IMRP (see para 8–4). Prepare the systems and technical activities in support of the equipment and
plan in the following format. material during its life cycle.

1. Executive Summary 15. Property Accountability

Describe project scope, background, overview, recommendations, Provide details on how accountability of project equipment and
and conclusions. material is maintained.

36 AR 380–381 • 12 October 1998

16. Approvals and Coordination
After the proponent has developed the IMSP, the IMSP is submitted
via SAP channels through the MACOM or PEO, through TMO
(DACS–DMP), to DISC4 (SAIS–PAJ–O) for approval. Following
approval, DISC4 may task USACECOM–TAO (AMSEL–TA) to
provide information system support.

AR 380–381 • 12 October 1998 37

Glossary DCSOPS NACI
Deputy Chief of Staff for Operations and national agency check with written inquiries
Section I Plans
Abbreviations NISPOM
DCSPER National Industrial Security Program Operat-
AAA Deputy Chief of Staff for Personnel ing Manual
Army Audit Agency; access approval
authority DISC4 OCA
Director of Information Systems for Com- original classification authority
ACA mand, Control, Communication, and
access control authority Computers OCSA
Office of the Chief of Staff, Army
AMC DISCO
U.S. Army Materiel Command Defense Industrial Security Clearance Office ODUSD(P)(PS)
Office of the Deputy to the Under Secretary
DLA of Defense for Policy, Policy Support
ASA(FM)
Defense Logistics Agency
Assistant Secretary of the Army for Financial
Management OFCO
DOD offensive counterintelligence operations
Department of Defense
ASA(RDA)
OPM
Assistant Secretary of the Army for Re- DODIG Office of Personal Management
search, Development, and Acquisition Department of Defense Inspector General
OPSEC
CCF DSS operations security
U.S. Army Central Personnel Security Clear- Defense Security Service
ance Facility OSD
EEFI Office of the Secretary of Defense
CG essential elements of friendly information
commanding general PAED
FAR Program Analysis and Evaluation Director-
CI Federal Acquisition Regulation ate, OCSA
counterintelligence
FIS PEO
CLL Foreign Intelligence Service program executive officer
Chief of Legislative Liaison
FOIA
POC
COE Freedom of Information Act
point of contact
Chief of Engineers HCA
PPBERS
head of contracting activity
CPA Program Performance and Budget Execution
Chief of Public Affairs HQDA Review System
Headquarters, Department of the Army
DA PSAP
Department of the Army ICF Prospective Special Access Program
intelligence contingency funds
DAA R&D
designated accrediting authority IMSP research and development
Information Management Support Plan
DAS RDT&E
Director of the Army Staff IRAC research, development, test, and evaluation
internal review and audit compliance
DASR SA
IR&D Secretary of the Army
Department of the Army special roster
independent research and development
SAP
DCAA
ISRP special access program
Defense Contract Audit Agency
Information Systems Support Package
SAPOC
DCAS Special Access Program Oversight
ISSA
Defense Contract Administration Services Committee
interservice support agreement
DCI MACOM SAR
Director of Central Intelligence major Army command special access required
DCS MOA SSBI
Defense Courier Service memorandum of agreement single scope background investigation

DCSINT MOU SCI

Deputy Chief of Staff for Intelligence memorandum of understanding sensitive compartmented information

38 AR 380–381 • 12 October 1998

SCIF Security compromise
sensitive compartmented information facility The disclosure of classified information to
persons not authorized access thereto.
SES
senior executive service Security infraction
Any other incident that is not in the best
SFAO interest of security that does not involve the
Special Finance and Accounting Office loss, compromise, or suspected compromise
of classified information.
SMF
special mission funds Security violation
Any incident that involves the loss, compro-
SRIA mise, or suspected compromise of classified
Sensitive Records and Information Agency information.
TIARA Sensitive Compartmented Information
tactical intelligence and related activities (SCI)
Classified information that can only be pro-
TIG tected with security measures authorized by
The Inspector General AR 380-28, Army Special Security Officer
and Office System.
TJAG
The Judge Advocate General Extraordinary security measures
A security measure necessary to adequately
TMO protect particularly sensitive information but
Technology Management Office which imposes a substantial impediment to
normal staff management and oversight. Ex-
TRADOC
traordinary security measures are—
U.S. Army Training and Doctrine Command
Program access non-disclosure agreements
TSCM (read-on statements).
technical surveillance countermeasures Specific officials authorized to determine
“need to know” (ACA/AAA)
USA Nicknames/Codewords for program identi-
Under Secretary of the Army fication.
Special Access Required markings.
USACIDC Program billet structure.
U.S. Army Criminal Investigation Command Access roster.
Use of cover.
USAFMSA Use of special mission funds or proce-
U.S. Army Force Management Support dures.
Agency Use of a SAP facility/vault.
Use of a dedicated SAP security manager.
USAINSCOM Any other security measure above those
U.S. Army Intelligence and Security required to protect collateral information in
Command accordance with AR 380–5.

USAISC
U.S. Army Information Systems Command

USASMDC
U.S. Army Space and Missile Defense
Command

VCSA
Vice Chief of Staff, Army

Section II
Terms

Classified National Security Information

Information classified in accordance with Ex-
ecutive Order 12958 that could reasonably be
expected to cause damage to national security
if disclosed outside official government
channels.

Collateral information
Classified information which can be ade-
quately safeguarded using the ordinary secu-
rity measures outlined in AR 380-5.

AR 380–381 • 12 October 1998 39

Index Disestablishment, 2–1, 2–21, 2–26, 4–2, SAP
4–3, 6–4, 6–5, 8–7, 9–4 Approval, 4–1, 5–8, 6–3
This index is organized alphabetically by
Disestablishment Plan, 8–7 Matrix, 4–4
topic and by subtopic within a topic.
Dissemination, 5–1, 5–3 SAP reports, 9–5
Topics and subtopics are identified by SAPOC, 2–12, 2–14, 2–21, 3–3, 4–1, 4–2,
paragraph number. Establishment, 2–1, 2–30, 4–1, 4–2, 5–5,
4–3, 5–5, 5–6, 6–1, 6–2, 6–3, 7–2, 7–5
5–7
Army Audit Agency, 4–2 Secretary of the Army (SA), The, 2–1, 2–3,
Exceptions, 7–4
Access 2–7, 2–21, 4–1, 4–2, 4–3, 4–4, 5–3, 5–4,
External audits, 4–2
Approval Authority, 4–5, 5–3, 5–4, 5–8, 5–7
Extraordinary security measures, 1–4, 3–1,
6–1, 6–3, 6–4, 6–5, 6–6, 6–7 Secure
4–3, 5–1
Control, 6–1, 6–5 Communications, 4–1, 5–5
Control Authority, 5–8, 6–1, 6–2, 6–5 Facility Environment contracting, 2–3, 2–8, 4–2,
Accountability, 2–3 Risk assessments, 5–5 7–6
Acquisition SAP, 2–3, 9–3 Security Risk Assessment, Fig 5–1 Classification Guide, 2–14, 5–8, 6–2
Army Audit Agency, 4–2 Fix–It, 2–12, 2–21, 4–2, 4–3 Management, 3–3, 8–7
Auditor General, The, 2–9 Freedom of Information Act, 5–3 Manager, 4–2, 5–3, 5–8, 6–1, 6–2, 6–5,
Audits, 2–9, 4–2 Forces Command (CG, FORSCOM), 2–24 7–7, 8–5
Foreign technology threat assessment, 4–1 Personnel, 8–4
Baseline Plan, 5–8
Billet Structure, 4–4, 6–1, 6–3 General Counsel, The, 2–7, 4–4, 4–1, 4–2,
Procedures Guide, 5–3, 5–8, 6–1, 6–2, 7–4
Billets, 5–4 5–9, 9–3
Special Access Program Oversight
Billet Information Committee (SAPOC), 2–12, 4–2
Structure, 2–31, 3–3, 4–4, 5–1, 6–1, 6–3, Management Support Plan (IMSP), 2–6, SRIA, 2–21, 2–30, 2–31, 5–3, 6–3, 6–4, 6–8,
6–4 8–3, 8–6 8–7,
Structure Management System (BSMS), Systems, 2–6, 5–5, 5–8, 5–9, 7–8, 8–1,
2–31, 6–8 Technology Management Office (TMO),
8–1, 8–5
1–4, 2–6, 2–8, 2–9, 2–12, 2–14, 2–19,
Carve-out, 1–4, 2–1, 2–21, 5–1, 7–5, 7–8 Systems Requirements Package (ISRP),
2–20, 2–21, 2–25, 2–27, 2–29, 2–30, 3–1,
Category, 3–3, 4–1 2–6, 8–2, 8–3
4–1, 4–2, 4–3, 4–4, 5–3, 5–4, 5–5, 5–6,
I, 3–3, 5–2, 5–4, 5–5, 6–1, 6–2, 6–3 Inspections, 2–32, 4–2, 5–6, 5–8, 6–2, 7–5,
5–7, 5–8, 5–9, 6–1, 6–2, 6–3, 6–4, 7–5,
II, 3–3, 5–2, 5–4 8–7
7–6, 7–8, 8–1, 8–3, 8–6, 9–1, 9–2, 9–3,
III, 3–3, 5–4 Inspector General, 2–8, 4–2, 4–4
9–5
N, 3–3 Intelligence SAP, 2–14, 5–7, 9–3
TEMPEST, 2–26, 5–3, 5–5
Chief Internal audits, 4–2
Termination, 1–4, 4–3, 5–4, 6–1, 6–7
of Engineers (COE), 2–17 Inspector General, 2–8, 4–2, 4–4
TSCM, 2–26, 5–2, 5–5, 5–8
of Legislative Liaison (CLL), 2–19 Judge Advocate General (TJAG), The, Two person integrity, 5–2
of Staff, Army (CSA), The, 2–11, 2–18, 2–18, 4–1, 4–2, 4–4, 9–3
5–7 Under Secretary of the Army, The, 2–2,
CI assessment, 4–1 Legislative Liaison, 2–19 4–2, 4–4, 5–7, 9–3
Classification Guide, 2–14, 5–8, 6–2, 6–6, Limited dissemination, 5–1 U.S. Army Criminal Investigation
7–8 Command (USACIDC), 4–2
MACOMs, 2–8, 2–14, 2–29, 4–2, 5–6, 5–7,
Compromise, 1–4, 3–3, 4–2, 4–3, 5–7 U.S. Army Force Management Support
9–3
through 5–9, 7–7 Agency (USAFMSA), 2–15, 2–29, 4–2
MOU, 5–6, 5–7, 6–2
Cover, 4–2, 5–1, 5–3, 9–5 U.S. Army Intelligence and Security
Multi–discipline counterintelligence
Command (USAINSCOM), 2–26
DD Form 254, 5–3, 5–8, 7–5, 7–6, 7–8 (MDCI) assessment, 4–1
U.S. Army Materiel Command (AMC),
Debriefing, 6–4, 6–6, 6–7 NISPOM, 5–3, 5–4, 7–2 2–23, 4–2
Defense Non–Army SAP, 2–8, 3–3
Contract Audit Agency (DCAA), 4–2, 7–6 Vice Chief of Staff of the Army (VCSA),
Contract Management Command, 4–2, 7–6 Operations and Support SAP, 2–15, 9–3 2–8, 2–12, 3–3, 4–1, 4–2, 4–4, 5–3, 5–7,
Contractor, 7–1, 7–3 7–8, 9–3
Patent, 5–3
Security Service, 2–30, 2–32, 4–2, 6–2, Personnel Security, 2–4, 5–1, 5–4, 5–5, 5–8, Working SAPOC, 2–14, 4–1, 4–2, 5–5, 5–6
7–4, 7–5, 7–7, 7–8 7–3
Department of the Army Staff (ARSTAF), Physical security, 5–1, 5–2, 5–5, 5–8, 7–4
2–28 Polygraph, 2–14, 2–26, 5–4, 7–3
Deputy Chief of Staff for Intelligence PPBERS, 2–2, 2–12, 2–21, 4–2
(DCSINT), 2–14 Procurement Management Reviews
Director, (PMRs), 4–2
Information, Systems for Command, Program
Control, Communications, and Executive Officers, 2–29
Computers, 2–6, 4–1, 4–2, 5–3, 8–1, Performance and Budget Execution Review
8–3, 8–6 System, Intro (CCA)
Program Analysis and Evaluation Proponent, 1–4, 2–14, 2–15, 2–29, 3–2, 4–1,
Directorate (PAED), 2–20 4–2, 4–3, 4–4, 5–5, 5–6, 5–7, 5–8, 5–9,
Deputy Chief of Staff for Logistics 6–1, 6–2, 6–3, 7–5, 7–6, 9–2, 9–3, 9–5
(DCSLOG), 2–3, 2–14, 2–16, 4–1, 4–2 Prospective Special Access Program
Deputy Chief of Staff for Operations and (PSAP), 1–4, 3–1
Plans (DCSOPS), 2–13, 2–15, 3–2, 4–1,
Reprogramming, 2–2, 2–20, 4–1, 9–3
4–2, 4–4, 5–6, 9–3
Request for Access, 6–5
Deputy Chief of Staff for Personnel
Revalidation, 2–14, 4–3, 6–3
(DCSPER), 2–13, 4–1, 4–2

40 AR 380–381 • 12 October 1998

42 AR 380–381 • 12 October 1998 • R-Forms
44 AR 380–381 • 12 October 1998 • R-Forms
46 AR 380–381 • 12 October 1998 • R-Forms
48 AR 380–381 • 12 October 1998 • R-Forms
50 AR 380–381 • 12 October 1998 • R-Forms
UNCLASSIFIED PIN 053596–000
 USAPA
ELECTRONIC PUBLISHING SYSTEM
TEXT FORMATTER ... Version 2.45

PIN: 053596–000
DATE: 09-22-98
TIME: 08:34:47
PAGES SET: 54

DATA FILE: a380381.fil

DOCUMENT: AR 380–381
DOC STATUS: REVISION