How should FOIA/public records requests be handled with respect to SCI?

Protecting SCI in public records requests hinges on strict need-to-know and formal review. When a FOIA or public records request arrives, you don’t disclose SCI outright. Instead, route the request through the appropriate legal and security channels so a determination can be made about exemptions, access, or what can be released. Only information that has been declassified or that has been properly sanitized (redacted to remove SCI details) and released under authorized procedures should be provided. This approach prevents sensitive methods, sources, or capabilities from leaking and ensures compliance with classification and safeguarding rules. Releasing all SCI would be unsafe; attempting to release only non-sensitive portions can still reveal sensitive context; and simply giving access to authorized recipients conflicts with the public, need-to-know nature of FOIA. The proper path is a legal/security review with release only as authorized and, when possible, declassified or sanitized.