| Annex C | Page C 1 |
| Joint Security Commission I |
| Rec # | Recommendation | Implementation / Status |
| JSC_001 | One-level classification system with 2 | Secs 1.3 & 4.2 of E.O. 12958 issued 20 April 1995, retains three levels of |
| degrees of protection. | classification: Top Secret, Secret, and Confidential. |
| JSC_002A | Integrate all special access, SCI, covert | EO 12958 issued 20 April 1995, did not require the integration of all controlled |
| activities etc. into the new classification | access activities. |
| system. |
| JSC_002B | Combine all special control channels into | EO 12958 issued 20 April 1995, rejected JSC recommended classification |
| a single channel with codewords for | system. However, agencies have made important progress, and continue to seek |
| need-to-know lists. | fewer categories under more integrated special access and compartments, in |
| response to initiatives by the SPB. |
| JSC_003 | Review and validate categories of | Implemented through DepSecDef Memorandum, dated 5 January 1994 and DCID |
| sensitive information for inclusion under | 3/29, dated 2 June 1995. The DCI's CAPOC, DOE's SAPOC and DOD's |
| the secret compartmented access control | SAPOC review and validate the categories of sensitive information included in |
| system. | SCI programs and NFIP-funded SAPs and Restricted Collateral programs. |
| JSC_004 | Managers shall review information within | Implemented through DepSecDef Memorandum, dated 5 January 1994 and DCID |
| compartments/ subcompartments and | 3/29, dated 2 June 1995. The DoD's SAPOC, DOE's SAPOC and the DCI's |
| consolidate into the fewest possible | CAPOC accomplish the review recommended on a continuing basis. |
| compartments. |
| JSC_005 | Establish uniform risk assessment criteria. | Implemented through DepSecDef Memorandum, dated 5 January 1994. and |
| DCID 3/29, dated 2 June 1995. The DoD's SAPOC, DOE's SAPOC and the |
| DCI's CAPOC accomplish the review recommended on a continuing basis. |
| JSC_005B | Conduct independent risk assessments of | Implemented through DepSecDef Memorandum, dated 5 January 1994 and DCID |
| compartmented access programs. | 3/29, dated 2 June 1995. The DoD's SAPOC, DOE's SAPOC and the DCI's |
| CAPOC accomplish the review recommended on a continuing basis. |
| JSC_005C | Across DoD and the IC, review similar | Implemented through DepSecDef Memorandum, dated 5 January 1994 and DCID |
| compartmented access programs to ensure | 3/29, dated 2 June 1995. The DoD's SAPOC, DOE's SAPOC and the DCI's |
| reciprocity. | CAPOC accomplish the review recommended on a continuing basis. |
| JSC_005D | Institute a mechanism to review | Implemented through DepSecDef Memorandum, dated 5 January 1994 and DCID |
| designation, coordination and integration | 3/29, dated 2 June 1995. The DoD's SAPOC, DOE's SAPOC and the DCI's |
| issues for compartmented access programs | CAPOC accomplish the review recommended on a continuing basis. |
| and ensure other government elements are |
| advised of such programs affecting their |
| interests. |
| JSC_006A | Develop a single set of standards for | Implemented through DepSecDef Memorandum, dated 5 January 1994 and DCID |
| compartmented access. | 3/29, dated 2 June 1995. The NISPOM Supplement cites DCIDs as personnel, |
| physical, and technical security standards for all SCI programs. For SAPs, the |
| DoD issued the NISPOM Supplement Overprint recognizing a common set of |
| security standards for each of three sensitivity levels. |
| JSC_006B | Provide for waivers down from | Implemented through DepSecDef Memorandum, dated 5 January 1994 and DCID |
| compartmented access security standards | 3/29, dated 2 June 1995, as well as through SPB Issuance 4-97, Reciprocity of |
| when there is no impact upon reciprocity. | Facilities dated 16 September 1997. |
| JSC_007A | All intelligence reporting within | Policy issues addressed with the Issuance of DCID 1/7 on 30 June 1998. |
| compartmented channels be severely | Compliance to be assessed through annual report provided by SPB Staff to the |
| restricted to limit the amount of | DCI and the Dep Sec Def on compliance. Staff developing survey tool to |
| information that could compromise | support compilation of annual report |
| sources/methods or has exceptional |
| political sensitivity. |
| 23 Aug 1999 |