Classification Guidelines
And Distribution Controls
Original and
Derivative Classification
Executive Order 12958, April 17, 1995, sets
U.S. Government policy for classifying national security information that must be
protected from unauthorized disclosure. Information is classified in one of two ways --
originally or derivatively.
Original classification is the initial
determination that information requires protection. Only U.S. Government officials to whom
this authority has been delegated in writing and who have been trained in classification
requirements have the authority for original classification. Original classification
authorities issue security classification guides that others use in making derivative
classification decisions. Most government employees and contractors make derivative
classification decisions.
Derivative classification is the act of
classifying a specific item of information or material on the basis of an original
classification decision already made by an authorized original classification authority.
The source of authority for derivative classification ordinarily consists of a previously
classified document or a classification guide issued by an original classification
authority.
For example, Defense contractors make
derivative classification decisions based on the Contract Security Classification
Specification that is issued with each classified contract. If a contractor develops an
unsolicited proposal or originates information not in the performance of a classified
contract, the following rules apply. If the information was previously identified as
classified, it should be classified derivatively. If the information was not previously
classified, but the contractor believes the information may be or should be classified,
the contractor should protect the information as though classified at the appropriate
level and submit it to the agency that has an interest in the subject matter for a
classification determination. In such a case, the material should be marked CLASSIFICATION
DETERMINATION PENDING. Protect as though classified (TOP SECRET, SECRET, or CONFIDENTIAL).
The full text of Executive Order 12958 is available at
DSS website at www.dss.mil/seclib/index.htm.
Classification guidelines for defense contractors are in Chapter 4 of the National
Industrial Security Program Operating Manual. Full text of the NISPOM is available on the Defense Security Service Internet
site at, www.dss.mil/seclib/index.htm.
Classification Levels
Information that must be controlled to
protect the national security is assigned one of three levels of classification, as
follows:
- TOP SECRET information is
information which, if disclosed without authorization, could reasonably be expected to
cause exceptionally grave damage to the national security.
- SECRET information is information which, if
disclosed without authorization, could reasonably be expected to cause serious damage to
the national security.
- CONFIDENTIAL information is information which,
if disclosed without authorization, could reasonably be expected to cause damage to the
national security.
Atomic energy information is classified under
the Atomic Energy Act of 1954, and the procedures differ from those prescribed for
National Security Information. Atomic energy information is automatically classified and
remains classified until a positive action is taken to declassify it. It may be
declassified only by the Department of Energy. Consult your security officer for
information on marking and handling atomic energy information. There are two types:
- RESTRICTED DATA covers "all data
concerning (1) design, manufacture, or utilization of atomic weapons; (2) the production
of special nuclear material; or (3) the use of special nuclear material in the production
of energy," except for data that has been declassified or removed from the Restricted
Data category.
- FORMERLY RESTRICTED DATA is information which
has been removed from the Restricted Data category after Department of Energy and
Department of Defense have jointly determined that the information relates primarily to
the military utilization of atomic weapons and can be adequately safeguarded as National
Security Information. The word "formerly" only means that such information is no
longer subject to controls under the Atomic Energy Act. Formerly Restricted Data remains
classified and subject to controls on National Security Information. Such data may not be
given to any other nation except under specially approved agreements. It is
identified and handled as RESTRICTED DATA when sent outside the United States.
RESTRICTED DATA and FORMERLY RESTRICTED DATA
should also be marked with one of the three classification levels -- TOP SECRET, SECRET,
or CONFIDENTIAL.
Challenging a
Classification
Any approved holder of classified
information who believes the information is classified improperly or
unnecessarily, or that current security considerations justify downgrading
to a lower classification or upgrading to a higher classification, or that
security classification guidance is improper or inadequate, is encouraged
and expected to challenge the classification status.
Government employees should pursue such
actions through established agency procedures that protect individuals
from retribution for bringing such actions, provide an opportunity for
review by an impartial official or panel, and provide a right of appeal to
the Interagency Security Classification Appeals Panel. Contractors should
appeal such issues through their pertinent government contracting
authority.
Distribution Controls
In addition to its classification,
intelligence information and certain scientific or technical information may also be subject to other controls on its distribution and
handling. It is your responsibility to understand and comply with the control markings on classified
information. If you are not sure, contact your security office. These control markings
include:
- Dissemination and Extraction of
Information Controlled by Originator (ORCON) or (OC) means that
any additional distribution or inclusion in another document must be approved by the
originator of the document. It is used on intelligence information that could permit
identification of a sensitive intelligence source or method.
- Not Releasable to
Contractors/Consultants (NOCONTRACT) has been discontinued but is still seen on
older documents. Check with the originator of the document regarding any ongoing controls
on the use of such a document. This caveat was used on intelligence information that
is provided by a source on the express or implied condition that it not be made available
to contractors; or that, if disclosed to a contractor, would actually or potentially give
him/her a competitive advantage or cause a conflict of interest with his/her obligation to
protect the information.
- Caution - Proprietary Information
Involved (PROPIN) or (PR) is used with or without a security
classification to identify information provided by a commercial firm or private source
under an express or implied understanding that the information will be protected as a
trade secret or proprietary data with actual value.
- NOFORN is for
intelligence information that may not be passed to foreign nationals.
- Authorized for Release to ____ (REL TO)
signifies intelligence information that is releasable to or has been released through
proper disclosure channels to the named foreign government or international organization.
- Sensitive Compartmented Information
(SCI) applies to certain intelligence sources, methods, or analytical processes
that are subject to a formal access control system established by the Director of Central
Intelligence. Special approval is required for access to SCI.
- Communications Security (COMSEC)
is the protection of all elements of telecommunications -- encryption,
transmission, emissions, and the physical security of equipment and
materials.
- Cryptographic Material (CRYPTO)
identifies information or materials that must be handled through special cryptographic
channels.
- Warning Notice - Intelligence Sources
or Methods Involved (WNINTEL) has been discontinued but is still seen on older
documents. It was used on intelligence information that identifies or would
reasonably permit identification of an intelligence source or method that is susceptible
to countermeasures that could nullify or reduce its effectiveness.
- Critical Nuclear Weapons Design
Information (CNWDI) or (N) applies to information
that reveals the theory of operation or design of the components of a thermonuclear or
fission bomb, warhead, demolition munition, or test device. Special handling procedures
are required.
Department of Defense also uses the
marking Alternative or Compensatory Control Measures (ACCM) for
classified information that requires special security measures to
safeguard classified intelligence or operations and support information
when normal measures are insufficient to achieve strict need-to-know
controls and where special access program (SAP) controls are not required.
ACCM measures are defined as the maintenance of lists of personnel to whom
the specific classified information has been or may be provided together
with the use of an unclassified nickname. The ACCM designation is used in
conjunction with the security classification to identify the portion,
page, and document containing ACCM information.
Related Topics: Marking Classified Information, Handling Classified Information, For Official Use Only (FOUO), Foreign Government Classified Information.
|