SAPPC CERTIFICATION STUDY GUIDE 2026
EXAM SCRIPT WITH VERIFIED SOLUTIONS
⫸ Enhanced security requirements for protecting Special Access
Program (SAP) information. Answer: 1. Within Personnel Security:
• Access Rosters; • Billet Structures (if required); • Indoctrination
Agreement; • Clearance based on an appropriate investigation completed
within the last 5 years; • Individual must materially contribute to the
program in addition to having the need to know; • All individuals with
access to SAP are subject to a random counterintelligence scope
polygraph examination; • Polygraph examination, if approved by the
DepSecDef, may be used as a mandatory access determination; • Tier
review process; • Personnel must have a Secret or Top Secret clearance;
• SF-86 must be current within one year; • Limited Access; • Waivers
required for foreign cohabitants, spouses, and immediate family
members.
2. Within Industrial Security: The SecDef or DepSecDef can approve a
carve-out provision to relieve Defense Security Service of industrial
security oversight responsibilities.
3. Within Physical Security: • Access Control; • Maintain a SAP Facility;
• Access Roster; • All SAPs must have an unclassified nickname/
Codeword (optional).
4. Within Information Security: • The use of HVSACO; • Transmission
requirements (order of precedence).
,⫸ Principle incident/events required to be reported to DoD
counterintelligence (CI) organizations. Answer: espionage, sabotage,
terrorism, cyber
⫸ Indicators of insider threats. Answer: 1. Failure to report overseas
travel or contact with foreign nationals
2. Seeking to gain higher clearance or expand access outside the job
scope
3. Engaging in classified conversations without a need to know
4. Working hours inconsistent with job assignment or insistence on
working in private
5. Exploitable behavior traits
6. Repeated security violations
7. Attempting to enter areas not granted access to
8. Unexplained affluence/living above one's means
, 9. Anomalies (adversary taking actions which indicate they are
knowledgeable to information)
10. Illegal downloads of information/files
⫸ Asset, threat, vulnerability, risk, countermeasures. Answer: Elements
that a security professional should consider when assessing and
managing risks to DoD assets
⫸ The three categories of Special Access Programs. Answer:
acquisition, intelligence, and operations and support
⫸ Responsibilities of the Government SAP Security Officer/Contractor
Program Security Officer (GSSO/CPSO):. Answer: From Revision 1
Department of Defense Overprint to the National Industrial Security
Program Operating Manual Supplement - 1 April 2004:
• Possess a personnel clearance and Program access at least equal to the
highest level of Program classified information involved.
• Provide security administration and management for his/her
organization.
• Ensure personnel processed for access to a SAP meet the prerequisite
personnel clearance and/or investigative requirements specified.
• Ensure adequate secure storage and work spaces.
EXAM SCRIPT WITH VERIFIED SOLUTIONS
⫸ Enhanced security requirements for protecting Special Access
Program (SAP) information. Answer: 1. Within Personnel Security:
• Access Rosters; • Billet Structures (if required); • Indoctrination
Agreement; • Clearance based on an appropriate investigation completed
within the last 5 years; • Individual must materially contribute to the
program in addition to having the need to know; • All individuals with
access to SAP are subject to a random counterintelligence scope
polygraph examination; • Polygraph examination, if approved by the
DepSecDef, may be used as a mandatory access determination; • Tier
review process; • Personnel must have a Secret or Top Secret clearance;
• SF-86 must be current within one year; • Limited Access; • Waivers
required for foreign cohabitants, spouses, and immediate family
members.
2. Within Industrial Security: The SecDef or DepSecDef can approve a
carve-out provision to relieve Defense Security Service of industrial
security oversight responsibilities.
3. Within Physical Security: • Access Control; • Maintain a SAP Facility;
• Access Roster; • All SAPs must have an unclassified nickname/
Codeword (optional).
4. Within Information Security: • The use of HVSACO; • Transmission
requirements (order of precedence).
,⫸ Principle incident/events required to be reported to DoD
counterintelligence (CI) organizations. Answer: espionage, sabotage,
terrorism, cyber
⫸ Indicators of insider threats. Answer: 1. Failure to report overseas
travel or contact with foreign nationals
2. Seeking to gain higher clearance or expand access outside the job
scope
3. Engaging in classified conversations without a need to know
4. Working hours inconsistent with job assignment or insistence on
working in private
5. Exploitable behavior traits
6. Repeated security violations
7. Attempting to enter areas not granted access to
8. Unexplained affluence/living above one's means
, 9. Anomalies (adversary taking actions which indicate they are
knowledgeable to information)
10. Illegal downloads of information/files
⫸ Asset, threat, vulnerability, risk, countermeasures. Answer: Elements
that a security professional should consider when assessing and
managing risks to DoD assets
⫸ The three categories of Special Access Programs. Answer:
acquisition, intelligence, and operations and support
⫸ Responsibilities of the Government SAP Security Officer/Contractor
Program Security Officer (GSSO/CPSO):. Answer: From Revision 1
Department of Defense Overprint to the National Industrial Security
Program Operating Manual Supplement - 1 April 2004:
• Possess a personnel clearance and Program access at least equal to the
highest level of Program classified information involved.
• Provide security administration and management for his/her
organization.
• Ensure personnel processed for access to a SAP meet the prerequisite
personnel clearance and/or investigative requirements specified.
• Ensure adequate secure storage and work spaces.
