What best describes the difference between SCI and SAP regarding access controls?

The key idea is understanding how access controls differ in scope and protection level. SCI (Sensitive Compartmented Information) is information that’s compartmentalized into restricted sections; access is limited by clearance and a need-to-know within those compartments. SAPs (Special Access Programs) sit on top of that: they are highly restricted programs with their own, additional safeguards beyond what SCI requires, including separate access approvals, handling rules, storage controls, and heightened oversight. In other words, SCI manages compartmentalized information, while SAPs impose extra layers of protection beyond SCI. The other options misstate the relationship, implying equal protection, less restriction, or no safeguards.