Controlled Access Programs of the Intelligence Community
April 20, 2022
Controlled Access Programs of the Intelligence Community
Introduction
Departments of Defense, Justice, Homeland Security, State,
The Controlled Access Programs (CAPs) that the
and Energy.
Intelligence Community (IC) has developed to further limit
the sharing of the most sensitive classified information have
CAPs vs. Classification Levels
raised questions for Congress. In response, as part of the
A CAP is not a level of classification. A CAP is a
Intelligence Authorization Act (IAA) for Fiscal Year 2022,
compartmentalized control system within a level of
(Division X of P.L. 117-103, the Consolidated
classification, involving compartments and sub-
Appropriations Act for Fiscal Year 2022) Congress added
compartments. Levels of classification include TOP
new oversight requirements with respect to these programs.
SECRET, SECRET, and CONFIDENTIAL indicating the
relative sensitivity of intelligence activities, sources and
CAPs compartmentalize intelligence on the basis of the
methods described within, and the relative damage to
sensitivity of the activity, sources, or methods involved.
United States national security that could result from the
Congressional concern has centered on the over-
document’s unauthorized disclosure. Within the IC, CAPs
classification of intelligence and potential negative impacts
are most commonly compartments or sub-compartments of
of keeping materials from those who need to know in order
the TOP SECRET level of classified intelligence.
to perform their duties. Recent legislation seeks to promote
an appropriate balance between protecting the most
CAPs vs. Dissemination Controls
sensitive sources, methods, and activities, while making
CAPs are not the same as dissemination controls.
sure information is shared with those who have a legitimate
Dissemination controls are markings appended to the
need for it. Effective oversight of CAPS may require an
security classification that provide guidance on additional
understanding of how these programs are authorized and
restrictions on access to, or dissemination of, a document.
administered, and how they intersect with other
Common dissemination control markings include ORCON
classification programs and schema.
(the document’s originator controls further dissemination),
PROPIN (contractor proprietary information), REL TO
Definitions
(releasable to a particular foreign partner(s)), IMCON
Intelligence Community Directive (ICD) 906, Controlled
(controlled imagery), RELIDO (releasable by a designated
Access Programs, provides guidance for management of
Intelligence Disclosure Official), and NOFORN (U.S.-only;
CAPs and defines a CAP as “a top-level control system and
no foreign dissemination). Separate dissemination control
any compartment or sub-compartment under that control
markings exist for non-intelligence information.
system.” Within the IC, the topmost level within a CAP
structure is called a control system. Common examples of
Authority for Establishing a CAP
control systems include SI (Special Intelligence), TK
ICD 906 specifies that the Director of National Intelligence
(Talent Keyhole), and HCS (Human Intelligence Control
(DNI) and the Principal Deputy Director of National
System). Control systems can have compartments and sub-
Intelligence (PDDNI) have the authority to “create,
compartments.
validate, substantially modify, or terminate” a CAP.
The names for many CAPs are unclassified, and, in some
ICD 906 also provides that the DNI can delegate to a CAP
cases, known to the public (their substance is classified).
Program Manager, via the head of any of the 18 statutory
There are, however, also unacknowledged CAPs. These are
IC elements, the authority to “create, substantially modify,
CAPs whose existence is known only to those who are
or terminate” compartments or sub-compartments of an
authorized for access to the information.
established control system.
Outside of the Intelligence Community the equivalent term
The Intelligence Authorization Act for Fiscal Year 2022
for similarly sensitive programs is Special Access Program
(Division X of P.L. 117-103, the Consolidated
(SAP). Executive Order (E.O.) 13526, Classified National
Appropriations Act for Fiscal Year 2022) requires that the
Security Information, defines a SAP as “a program
head of an IC element notify Congress prior to establishing
established for a specific class of classified information that
a CAP.
imposes safeguarding and access requirements that exceed
those normally required for information at the same
Standards for Establishing a CAP
classification level.” Although CAP is the IC term for a
Under ICD 906, establishment of a CAP requires (1) a
SAP, CAPs are managed separately from the SAPs
finding that “the vulnerability of, or threat to, specific
established under the authority of the National Security
information is exceptional,” such that the normal criteria for
Council (NSC) or the non-IC components of the
determining eligibility for access to information classified
at the same level are insufficient to protect the information
https://crsreports.congress.gov
Controlled Access Programs of the Intelligence Community
from unauthorized disclosure; or (2) Congress to direct the
The IAA also requires that the DNI provide briefings on
establishment of a CAP through legislation.
each CAP at least semiannually or as requested by the
congressional intelligence and appropriations committees or
CAP Administration and Oversight
House and Senate leadership. The briefings are to include a
The DNI must validate each CAP at least annually. CAPs
description of the activity during the reporting period and
not validated within a year are to be terminated.
the extent to which it has satisfied the requirements that
CAP Program Managers, within an IC element, are
initially justified establishing the program.
responsible for administering CAPs. They also establish the
appropriate level of protections for a CAP within the
Statutory IC Elements with Authority for the
minimum and maximum limits established by the DNI or
Administration and Oversight of CAPs
PPDNI. The CAP Program Manager designates a CAP
DOD Elements:
Control Officer (CAPCO) for routine administration, and
the enforcement of policy and procedures related to the
Defense Intelligence Agency (DIA)
execution of the program.
National Geospatial-Intelligence Agency (NGA)
National Reconnaissance Office (NRO)
National Security Agency (NSA)
An IC Senior Review Group (SRG) reviews control
U.S. Air Force Intel igence, Surveil ance and Reconnaissance
systems and their compartments and sub-compartments for
(AF/A2)
whether they should be validated, substantially modified, or
U.S. Space Force Intel igence (S-2)
terminated. On the basis of the findings of the SRG, an IC
U.S. Army Intel igence (G2)
CAP Oversight Committee (CAPOC), which meets
U.S. Marine Corps Intel igence, Surveil ance and Reconnaissance
aperiodically, makes recommendations to the DNI on the
Enterprise (MCISR-E)
creation, validation, substantial modification, or termination
U.S. Naval Intelligence (N2)
of control systems.
Non-DOD Elements:
For the purposes of conducting CAP oversight within the
Office of the Director of National Intelligence (ODNI)
Executive Branch, E.O. 13526, which provides for the
Central Intel igence Agency (CIA)
administration of classified national security information,
Department of Energy (DOE) intel igence component: Office of
allows for the Director of the Information Security
Intelligence and Counter-Intelligence (I&CI)
Oversight Office (ISOO) of the National Archives and
Department of Homeland Security (DHS) intelligence components:
Records Administration (NARA) and no more than one
Office of Intelligence and Analysis (I&A) and U.S. Coast Guard
Intelligence (CG-2)
other ISOO employee be given access to a CAP. For CAPs
that are “extraordinarily sensitive and vulnerable” access
Department of Justice (DOJ) intelligence components: the Drug
Enforcement Agency’s Office of National Security Intel igence
may be limited to the ISOO director alone.
(DEA/ONSI) and the Federal Bureau of Investigation’s Intelligence
Branch (FBI/IB)
The names of personnel granted access to a CAP are to be
Department of State (DOS) intel igence component: Bureau of
kept in the designated IC database that serves as the
Intelligence and Research (INR)
repository for verifying and validating individual CAP
Department of the Treasury intelligence component: Office of
access.
Intelligence and Analysis (OIA)
Congressional Oversight
Related CRS Products
Congress has acted to supplement IC and NARA oversight
CRS Report R45421, Congressional Oversight of Intelligence:
measures for CAPs in order to have a better understanding
Background and Selected Options for Further Reform, by Michael
of the purpose and impact of these sensitive programs. The
E. DeVine
Intelligence Authorization Act (IAA) for Fiscal Year 2022
CRS In Focus IF10525, Defense Primer: National and Defense
requires that each IC element provide a baseline report
Intelligence, by Michael E. DeVine
giving information on each CAP, to include for each
program the date it commenced, its rationale, annual
funding, and current operational use. The report is to go to
Relevant Legislation
congressional intelligence and appropriations committees
Intelligence Authorization Act for Fiscal Year 2022 (Division X
and to Senate and House leadership.
of the Consolidated Appropriations Act for Fiscal Year 2022,
P.L. 117-103)
In addition, the IAA for FY2022 requires the head of each
IC element to submit an annual report to the congressional
intelligence and appropriations committees of the Senate
Other Resources
and House of Representatives on CAPs the element
ICD 906, Control ed Access Programs
administers. The reports are to include (1) a list of the
E.O. 13526, Classified National Security Information
compartments and sub-compartments for each CAP that is
either active or was terminated during the previous year;
E.O. 12333, United States Intelligence Activities
and (2) (for the annual report submitted by the DNI), a
Control ed Access Program Coordination Office (CAPCO)
certification of whether the creation, validation, substantial
Register and Manual
modification, or termination of each CAP is “substantiated
and justified.”
https://crsreports.congress.gov
Controlled Access Programs of the Intelligence Community
Michael E. DeVine, Analyst in Intelligence and National
Security
IF12080
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF12080 · VERSION 1 · NEW