INDEX
PART B - EXECUTIVE ORDER 12356 AND DIRECTIVE NO. 1
1. EXECUTIVE ORDER 12356.
Federal Register
Tuesday, April 6, 1982
----------------------
Part IV
The President
----------------------
Executive Order 12356--National Security Information
Title 3--The President
Executive Order 12356 of April 2, 1982
National Security Information
TABLE OF CONTENTS
[FR Page]
Preamble...................................................[14874]
Part 1. Original Classification
1.1 Classification Levels..................................[14874]
1.2 Classification Authority...............................[14874]
1.3 Classification Categories..............................[14875]
1.4 Duration of Classification.............................[14876]
1.5 Identification and Markings............................[14877]
1.6 Limitations on Classification..........................[14877]
Part 2. Derivative Classification
2.1 Use of Derivative Classification.......................[14878]
2.2 Classification Guides..................................[14878]
Part 3. Declassification and Downgrading
3.1 Declassification Authority.............................[14878]
3.2 Transferred Information................................[14879]
3.3 Systematic Review for Declassification.................[14879]
3.4 Mandatory Review for Declassification..................[14879]
Part 4. Safeguarding
4.1 General Restrictions on Access.........................[14880]
4.2 Special Access Programs................................[14881]
4.3 Access by Historical Researchers and Former Presidential
Appointees.............................................[14881]
Part 5. Implementation and Review
5.1 Policy Direction.......................................[14881]
5.2 Information Security Oversight Office..................[14881]
5.3 General Responsibilities...............................[14882]
5.4 Sanctions..............................................[14882]
Part 6. General Provisions
6.1 Definitions............................................[14883]
6.2 General................................................[14883]
This Order prescribes a uniform system for classifying, declassifying, and
safeguarding national security information. It recognizes that it is
essential that the public be informed concerning the activities of its
Government, but that the interests of the United States and its citizens
require that certain information concerning the national defense and foreign
relations be protected against unauthorized disclosure. Information may not
be classified under this Order unless its disclosure reasonably could be
expected to cause damage to the national security.
NOW, by the authority vested in me as President by the Constitution and laws
of the United States of America, it is hereby ordered as follows:
Part 1
Original Classification
Section 1.1 Classification Levels.
(a) National security information (hereinafter "classified information")
shall be classified at one of the following three levels:
(1) "Top Secret" shall be applied to information, the unauthorized
disclosure of which reasonably could be expected to cause exceptionally
grave damage to the national security.
(2) "Secret" shall be applied to information, the unauthorized disclosure
of which reasonably could be expected to cause serious damage to the
national security.
(3) "Confidential" shall be applied to information, the unauthorized
disclosure of which reasonably could be expected to cause damage to the
national security.
(b) Except as otherwise provided by statute, no other terms shall be used
to identify classified information.
(c) If there is reasonable doubt about the need to classify information, it
shall be safeguarded as if it were classified pending a determination by an
original classification authority, who shall make this determination within
thirty (30) days. In there is reasonable doubt about the appropriate level
of classification, it shall be safeguarded at the higher level of
classification pending a determination by an original classification
authority, who shall make this determination within thirty (30) days.
Sec. 1.2 Classification Authority.
(a) Top Secret. The authority to classify information originally as Top
Secret may be exercised only by:
(1) the President;
(2) agency heads and officials designated by the President in the Federal
Register; and
(3) officials delegated this authority pursuant to Section 1.2(d).
(b) Secret. The authority to classify information originally as Secret may
be exercised only by:
(1) agency heads and officials designated by the President in the Federal
Register;
(2) officials with original Top Secret classification authority; and
(3) officials delegated such authority pursuant to Section 1.2(d).
(c) Confidential. The authority to classify information originally as
Confidential may be exercised only by:
(1) agency heads and officials designated by the President in the Federal
Register;
(2) officials with original Top Secret or Secret classification authority;
and
(3) officials delegated such authority pursuant to Section 1.2(d).
(d) Delegation of Original Classification Authority.
(1) Delegations of original classification authority shall be limited to
the minimum required to administer this Order. Agency heads are responsible
for ensuring that designated subordinate officials have a demonstrable and
continuing need to exercise this authority.
(2) Original Top Secret classification authority may be delegated only by
the President; an agency head or official designated pursuant to Section
1.2(a)(2); and the senior official designated under Section 5.3(a), provided
that official has been delegated original Top Secret classification
authority by the agency head.
(3) Original Secret classification authority may be delegated only by the
President; an agency head or official designated pursuant to Sections
1.2(a)(2) and 1.2(b)(1); an official with original Top Secret classification
authority; and the senior official designated under Section 5.3(a), provided
that official has been delegated original Secret classification authority by
the agency head.
(4) Original Confidential classification authority may be delegated only by
the President; an agency head or official designated pursuant to Sections
1.2(a)(2), 1.2(b)(1) and 1.2(c)(1); an official with original Top Secret
classification authority; and the senior official designated under Section
5.3(a), provided that official has been delegated original classification
authority by the agency head.
(5) Each delegation of original classification authority shall be in
writing and the authority shall not be redelegated except as provided in
this Order. It shall identify the official delegated the authority by name
or position title. Delegated classification authority includes the
authority to classify information at the level granted and lower levels of
classification.
(e) Exceptional Cases. When an employee, contractor, licensee, or grantee
of an agency that does not have original classification authority originates
information believed by that person to require classification, the
information shall be protected in a manner consistent with this Order and
its implementing directives. The information shall be transmitted promptly
as provided under this Order or its implementing directives to the agency
that has appropriate subject matter interest and classification authority
with respect to this information. That agency shall decide within thirty
(30) days whether to classify this information. If it is not clear which
agency has classification responsibility for this information, it shall be
sent to the Director of the Information Security Oversight Office. The
Director shall determine the agency having primary subject matter interest
and forward the information, with appropriate recommendations, to that
agency for a classification determination.
Sec. 1.3 Classification Categories.
(a) Information shall be considered for classification if it concerns:
(1) military plans, weapons, or operations;
(2) the vulnerabilities or capabilities of systems, installations,
projects, or plans relating to the national security;
(3) foreign government information;
(4) intelligence activities (including special activities), or intelligence
sources or methods;
(5) foreign relations or foreign activities of the United States;
(6) scientific, technological, or economic matters relating to the national
security;
(7) United States Government programs for safeguarding nuclear materials or
facilities;
(8) cryptology;
(9) a confidential source; or
(10) other categories of information that are related to the national
security and that require protection against unauthorized disclosure as
determined by the President or by agency heads or other officials who have
been delegated original classification authority by the President. Any
determination made under this subsection shall be reported promptly to the
Director of the Information Security Oversight Office.
(b) Information that is determined to concern one or more of the categories
in Section 1.3(a) shall be classified when an original classification
authority also determines that its unauthorized disclosure, either by itself
or in the context of other information, reasonably could be expected to
cause damage to the national security.
(c) Unauthorized disclosure of foreign government information, the identity
of a confidential foreign source, or intelligence sources or methods is
presumed to cause damage to the national security.
(d) Information classified in accordance with Section 1.3 shall not be
declassified automatically as a result of any unofficial publication or
inadvertent or unauthorized disclosure in the United States or abroad of
identical or similar information.
Sec. 1.4 Duration of Classification.
(a) Information shall be classified as long as required by national
security considerations. When it can be determined, a specific date or
event for declassification shall be set by the original classification
authority at the time the information is originally classified.
(b) Automatic declassification determinations under predecessor orders
shall remain valid unless the classification is extended by an authorized
official of the originating agency. These extensions may be by individual
documents or categories of information. The agency shall be responsible for
notifying holders of the information of such extensions.
(c) Information classified under predecessor orders and marked for
declassification review shall remain classified until reviewed for
declassification under the provisions of this Order.
Sec. 1.5 Identification and Markings.
(a) At the time of original classification, the following information shall
be shown on the face of all classified documents, or clearly associated with
other forms of classified information in a manner appropriate to the medium
involved, unless this information itself would reveal a confidential source
or relationship not otherwise evident in the document or information:
(1) one of the three classification levels defined in Section 1.1;
(2) the identity of the original classification authority if other than the
person whose name appears as the approving or signing official;
(3) the agency and office of origin; and
(4) the date or event for declassification, or the notation "Originating
Agency's Determination Required."
(b) Each classified document shall, by marking or other means, indicate
which portions are classified, with the applicable classification level, and
which portions are not classified. Agency heads may, for good cause, grant
and revoke waivers of this requirement for specified classes of documents or
information. The Director of the Information Security Oversight Office
shall be notified of any waivers.
(c) Marking designations implementing the provisions of this Order,
including abbreviations, shall conform to the standards prescribed in
implementing directives issued by the Information Security Oversight Office.
(d) Foreign government information shall either retain its original
classification or be assigned a United States classification that shall
ensure a degree of protection at least equivalent to that required by the
entity that furnished the information.
(e) Information assigned a level of classification under predecessor orders
shall be considered as classified at that level of classification despite
the omission of other required markings. Omitted markings may be inserted
on a document by the officials specified in Section 3.1(b).
Sec. 1.6 Limitations on Classification
(a) In no case shall information be classified in order to conceal
violations of law, inefficiency, or administrative error; to prevent
embarrassment to a person, organization, or agency; to restrain competition;
or to prevent or delay the release of information that does not require
protection in the interest of national security.
(b) Basic scientific research information not clearly related to the
national security may not be classified.
(c) The President or an agency head or official designated under Sections
1.2(a)(2), 1.2(b)(1), or 1.2(c)(1) may reclassify information previously
declassified and disclosed if it is determined in writing that (1) the
information requires protection in the interest of national security; and
(2) the information may reasonably be recovered. These reclassification
actions shall be reported promptly to the Director of the Information
Security Oversight Office.
(d) Information may be classified or reclassified after an agency has
received a request for it under the Freedom of Information Act (5 U.S.C.
552) or the Privacy Act of 1974 (5 U.S.C. 552a), or the mandatory review
provisions of this Order (Section 3.4) if such classification meets the
requirements of this Order and is accomplished personally and on a
document-by-document basis by the agency head, the deputy agency head, the
senior agency official designated under Section 5.3(a), or an official with
original Top Secret classification authority.
Part 2
Derivative Classification
Sec. 2.1 Use of Derivative Classification.
(a) Derivative classification is (1) the determination that information is
in substance the same as information currently classified, and (2) the
application of the same classification markings. Persons who only
reproduce, extract, or summarize classified information, or who only apply
classification markings derived from source material or as directed by a
classification guide, need not possess original classification authority.
(b) Persons who apply derivative classification markings shall:
(1) observe and respect original classification decisions; and
(2) carry forward to any newly created documents any assigned authorized
markings. The declassification date or event that provides the longest
period of classification shall be used for documents classified on the basis
of multiple sources.
Sec. 2.2 Classification Guides.
(a) Agencies with original classification authority shall prepare
classification guides to facilitate the proper and uniform derivative
classification of information.
(b) Each guide shall be approved personally and in writing by an official
who:
(1) has program or supervisory responsibility over the information or is
the senior agency official designated under Section 5.3(a); and
(2) is authorized to classify information originally at the highest level
of classification prescribed in the guide.
(c) Agency heads may, for good cause, grant and revoke waivers of the
requirement to prepare classification guides for specified classes of
documents or information. The Director of the Information Security
Oversight Office shall be notified of any waivers.
Part 3
Declassification and Downgrading
Sec. 3.1 Declassification Authority
(a) Information shall be declassified or downgraded as soon as national
security considerations permit. Agencies shall coordinate their review of
classified information with other agencies that have a direct interest in
the subject matter. Information that continues to meet the classification
requirements prescribed by Section 1.3 despite the passage of time will
continue to be protected in accordance with this Order.
(b) Information shall be declassified or downgraded by the official who
authorized the original classification, if that official is still serving in
the same position; the originator's successor; a supervisory official of
either; or officials delegated such authority in writing by the agency head
or the senior agency official designated pursuant to Section 5.3(a).
(c) If the Director of the Information Security Oversight Office determines
that information is classified in violation of this Order, the Director may
require the information to be declassified by the agency that originated the
classification. Any such decision by the Director may be appealed to the
National Security Council. The information shall remain classified, pending
a prompt decision on the appeal.
(d) The provisions of this Section shall also apply to agencies that, under
the terms of this Order, do not have original classification authority, but
that had such authority under predecessor orders.
Sec. 3.2 Transferred Information
(a) In the case of classified information transferred in conjunction with a
transfer of functions, and not merely for storage purposes, the receiving
agency shall be deemed to be the originating agency for purposes of this
Order.
(b) In the case of classified information that is not officially
transferred as described in Section 3.2(a), but that originated in an agency
that has ceased to exist and for which there is no successor agency, each
agency in possession of such information shall be deemed to be the
originating agency for purposes of this Order. Such information may be
declassified or downgraded by the agency in possession after consultation
with any other agency that has an interest in the subject matter of the
information.
(c) Classified information accessioned into the National Archives of the
United States shall be declassified or downgraded by the Archivist of the
United States in accordance with this Order, the directives of the
Information Security Oversight Office, and agency guidelines.
Sec. 3.3 Systematic Review for Declassification.
(a) The Archivist of the United States shall, in accordance with procedures
and timeframes prescribed in the Information Security Oversight Office's
directives implementing this Order, systematically review for
declassification or downgrading (1) classified records accessioned into the
National Archives of the United States, and (2) classified presidential
papers or records under the Archivist's control. Such information shall be
reviewed by the Archivist for declassification or downgrading in accordance
with systematic review guidelines that shall be provided by the head of the
agency that originated the information, or in the case of foreign government
information, by the Director of the Information Security Oversight Office in
consultation with interested agency heads.
(b) Agency heads may conduct internal systematic review programs for
classified information originated by their agencies contained in records
determined by the Archivist to be permanently valuable but that have not
been accessioned into the National Archives of the United States.
(c) After consultation with affected agencies, the Secretary of Defense may
establish special procedures for systematic review for declassification of
classified cryptologic information, and the Director of Central Intelligence
may establish special procedures for systematic review for declassification
of classified information pertaining to intelligence activities (including
special activities), or intelligence sources or methods.
Sec. 3.4. Mandatory Review for Declassification.
(a) Except as provided in Section 3.4(b), all information classified under
this Order or predecessor orders shall be subject to a review for
declassification by the originating agency, if:
(1) the request is made by a United States citizen or permanent resident
alien, a federal agency, or a State or local government; and
(2) request describes the document or material containing the information
with sufficient specificity to enable the agency to locate it with a
reasonable amount of effort.
(b) Information originated by a President, the White House Staff, by
committees, commissions, or boards appointed by the President, or others
specifically providing advice and counsel to a President or acting on behalf
of a President is exempted from the provisions of Section 3.4(a). The
Archivist of the United States shall have the authority to review, downgrade
and declassify information under the control of the Administrator of General
Services or the Archivist pursuant to sections 2107, 2107 note, or 2203 of
title 44, United States Code. Review procedures developed by the Archivist
shall provide for consultation with agencies having primary subject matter
interest and shall be consistent with the provisions of applicable laws or
lawful agreements that pertain to the respective presidential papers or
records. Any decision by the Archivist may be appealed to the Director of
the Information Security Oversight Office. Agencies with primary subject
matter interest shall be notified promptly of the Director's decision on
such appeals and may further appeal to the National Security Council. The
information shall remain classified pending a prompt decision on the appeal.
(c) Agencies conducting a mandatory review for declassification shall
declassify information no longer requiring protection under this Order.
They shall release this information unless withholding is otherwise
authorized under applicable law.
(d) Agency heads shall develop procedures to process requests for the
mandatory review of classified information. These procedures shall apply to
information classified under this or predecessor orders. They shall also
provide a means for administratively appealing a denial of a mandatory
review request.
(e) The Secretary of Defense shall develop special procedures for the
review of cryptologic information, and the Director of Central Intelligence
shall develop special procedures for the review of information pertaining to
intelligence activities (including special activities), or intelligence
sources or methods, after consultation with affected agencies. The
Archivist shall develop special procedures for the review of information
accessioned into the National Archives of the United States.
(f) In response to a request for information under the Freedom of
Information Act, the Privacy Act of 1974, or the mandatory review provisions
of this Order:
(1) An agency shall refuse to confirm or deny the existence or
non-existence of requested information whenever the fact of its existence or
non-existence is itself classifiable under this Order.
(2) When an agency receives any request for documents in its custody that
were classified by another agency, it shall refer copies of the request and
the requested documents to the originating agency for processing, and may,
after consultation with the originating agency, inform the requester of the
referral. In cases in which the originating agency determines in writing
that a response under Section 3.4(f)(1) is required, the referring agency
shall respond to the requester in accordance with that Section.
Part 4
Safeguarding
Sec. 4.1 General Restrictions on Access.
(a) A person is eligible for access to classified information provided that
a determination of trustworthiness has been made by agency heads or
designated officials and provided that such access is essential to the
accomplishment of lawful and authorized Government purposes.
(b) Controls shall be established by each agency to ensure that classified
information is used, processed, stored, reproduced, transmitted, and
destroyed only under conditions that will provide adequate protection and
prevent access by unauthorized persons.
(c) Classified information shall not be disseminated outside the executive
branch except under conditions that ensure that the information will be
given protection equivalent to that afforded within the executive branch.
(d) Except as provided by directives issued by the President through the
National Security Council, classified information originating in one agency
may not be disseminated outside any other agency to which it has been made
available without the consent of the originating agency. For purposes of
this Section, the Department of Defense shall be considered one agency.
Sec. 4.2 Special Access Programs.
(a) Agency heads designated pursuant to Section 1.2(a) may create special
access programs to control access, distribution, and protection of
particularly sensitive information classified pursuant to this Order or
predecessor orders. Such programs may be created or continued only at the
written direction of these agency heads. For special access programs
pertaining to intelligence activities (including special activities but not
including military operational, strategic and tactical programs), or
intelligence sources or methods, this function will be exercised by the
Director of Central Intelligence.
(b) Each agency head shall establish and maintain a system of accounting
for special access programs. The Director of the Information Security
Oversight Office, consistent with the provisions of Section 5.2(b)(4), shall
have non-delegable access to all such accountings.
Sec. 4.3 Access by Historical Researchers and Former Presidential
Appointees.
(a) The requirement in Section 4.1(a) that access to classified information
may be granted only as is essential to the accomplishment of authorized and
lawful Government purposes may be waived as provided in Section 4.3(b) for
persons who:
(1) are engaged in historical research projects, or
(2) previously have occupied policy-making positions to which they were
appointed by the President.
(b) Waivers under Section 4.3(a) may be granted only if the originating
agency:
(1) determines in writing that access is consistent with the interest of
national security;
(2) takes appropriate steps to protect classified information from
unauthorized disclosure or compromise, and ensures that the information is
safeguarded in a manner consistent with this Order; and
(3) limits the access granted to former presidential appointees to items
that the person originated, reviewed, signed, or received while serving as a
presidential appointee.
Part 5
Implementation and Review
Sec. 5.1 Policy Direction.
(a) The National Security Council shall provide overall policy direction
for the information security program.
(b) The Administrator of General Services shall be responsible for
implementing and monitoring the program established pursuant to this Order.
The Administrator shall delegate the implementation and monitorship
functions of this program to the Director of the Information Security
Oversight Office.
Sec. 5.2 Information Security Oversight Office.
(a) The Information Security Oversight Office shall have a full-time
Director appointed by the Administrator of General Services subject to
approval by the President. The Director shall have the authority to appoint
a staff for the Office.
(b) The Director shall:
(1) develop, in consultation with the agencies, and promulgate, subject to
the approval of the National Security Council, directives for the
implementation of this Order, which shall be binding on the agencies;
(2) oversee agency actions to ensure compliance with this Order and
implementing directives;
(3) review all agency implementing regulations and agency guidelines for
systematic declassification review. The Director shall require any
regulation or guideline to be changed if it is not consistent with this
Order or implementing directives. Any such decision by the Director may be
appealed to the National Security Council. The agency regulation or
guideline shall remain in effect pending a prompt decision on the appeal;
(4) have the authority to conduct on-site reviews of the information
security program of each agency that generates or handles classified
information and to require of each agency those reports, information, and
other cooperation that may be necessary to fulfill the Director's
responsibilities. If these reports, inspections, or access to specific
categories of classified information would pose an exceptional national
security risk, the affected agency head or the senior official designated
under Section 5.3(a) may deny access. The Director may appeal denials to
the National Security Council. The denial of access shall remain in effect
pending a prompt decision on the appeal;
(5) review requests for original classification authority from agencies or
officials not granted original classification authority and, if deemed
appropriate, recommend presidential approval;
(6) consider and take action on complaints and suggestions from persons
within or outside the Government with respect to the administration of the
information security program;
(7) have the authority to prescribe, after consultation with affected
agencies, standard forms that will promote the implementation of the
information security program;
(8) report at least annually to the President through the National Security
Council on the implementation of this Order; and
(9) have the authority to convene and chair interagency meetings to discuss
matters pertaining to the information security program.
Sec. 5.3 General Responsibilities.
Agencies that originate or handle classified information shall:
(a) designate a senior agency official to direct and administer its
information security program, which shall include an active oversight and
security education program to ensure effective implementation of this Order;
(b) promulgate implementing regulations. Any unclassified regulations that
establish agency information security policy shall be published in the
Federal Register to the extent that these regulations affect members of the
public;
(c) establish procedures to prevent unnecessary access to classified
information, including procedures that (i) require that a demonstrable need
for access to classified information is established before initiating
administrative clearance procedures, and (ii) ensure that the number of
persons granted access to classified information is limited to the minimum
consistent with operational and security requirements and needs; and
(d) develop special contingency plans for the protection of classified
information used in or near hostile or potentially hostile areas.
Sec. 5.4 Sanctions.
(a) If the Director of the Information Security Oversight Office finds that
a violation of this Order or its implementing directives may have occurred,
the Director shall make a report to the head of the agency or to the senior
official designated under Section 5.3(a)(1) so that corrective steps, if
appropriate may be taken.
(b) Officers and employees of the United States Government, and its
contractors, licensees, and grantees shall be subject to appropriate
sanctions if they:
(1) knowingly, willfully, or negligently disclose to unauthorized persons
information properly classified under this Order or predecessor orders;
(2) knowingly and willfully classify or continue the classification of
information in violation of this Order or any implementing directive; or
(3) knowingly and willfully violate any other provision of this Order or
implementing directive.
(c) Sanctions may include reprimand, suspension without pay, removal,
termination of classification authority, loss or denial of access to
classified information, or other sanctions in accordance with applicable law
and agency regulation.
(d) Each agency head or the senior official designated under Section 5.3(a)
shall ensure that appropriate and prompt corrective action is taken whenever
a violation under Section 5.4(b) occurs. Either shall ensure that the
Director of the Information Security Oversight Office is promptly notified
whenever a violation under Section 5.4(b)(1) or (2) occurs.
Part 6
General Provisions
Sec. 6.1 Definitions.
(a) "Agency" has the meaning provided at 5 U.S.C. 552(e).
(b) "Information" means any information or material, regardless of its
physical form or characteristics, that is owned by, produced by or for, or
is under the control of the United States Government.
(c) "National security information" means information that has been
determined pursuant to this Order or any predecessor order to require
protection against unauthorized disclosure and that is so designated.
(d) "Foreign government information" means:
(1) information provided by a foreign government or governments, an
international organization of governments, or any element thereof with the
expectation, expressed or implied, that the information, the source of the
information, or both, are to be held in confidence; or
(2) information produced by the United States pursuant to or as a result of
a joint arrangement with a foreign government or governments or an
international organization of governments, or any element thereof, requiring
that the information, the arrangement, or both, are to be held in
confidence.
(e) "National security" means the national defense or foreign relations of
the United States.
(f) "Confidential source" means any individual or organization that has
provided, or that may reasonably be expected to provide, information to the
United States on matters pertaining to the national security with the
expectation, expressed or implied, that the information or relationship, or
both, be held in confidence.
(g) "Original classification" means an initial determination that
information requires, in the interest of national security, protection
against unauthorized disclosure, together with a classification designation
signifying the level of protection required.
Sec. 6.2 General.
(a) Nothing in this Order shall supersede any requirement made by or under
the Atomic Energy Act of 1954, as amended. "Restricted Data" and "Formerly
Restricted Data" shall be handled, protected, classified, downgraded, and
declassified in conformity with the provisions of the Atomic Energy Act of
1954, as amended, and regulations issued under the Act.
(b) The Attorney General, upon request by the head of an agency or the
Director of the Information Security Oversight Office, shall render an
interpretation of this Order with respect to any question arising in the
course of its administration.
(c) Nothing in this Order limits the protection afforded any information by
other provisions of law.
(d) Executive Order No. 12065 of June 28,1978, as amended, is revoked as of
the effective date of this Order.
(e) This Order shall become effective on August 1, 1982.
THE WHITE HOUSE
April 2, 1982.
Editorial Note: The President's statement of Apr. 2. 1982, on signing
Executive Order 12356 is printed in the Weekly Compilation of Presidential
Documents (vol. 18, no. 13)
[FR Doc. 82-9320 Filed 4-2-82; 2:52 p.m.]
BILLING CODE 3195-01-M
2. 32 CFR Part 2001 (DIRECTIVE NO. 1)
Federal Register
Friday, June 25, 1982
-------------------------------------
Part VIII
Information Security Oversight Office
-------------------------------------
National Security Information
INFORMATION SECURITY OVERSIGHT OFFICE
32 CFR Part 2001
[Directive No. 1]
National Security Information
AGENCY: Information Security Oversight Office (ISOO).
ACTION: Implementing Directive; final rule.
SUMMARY: The Information Security Oversight Office is publishing this
Directive (final rule) pursuant to section 5.2(b)(1) of Executive Order
12356, relating to national security information. The National Security
Council approved this Directive on June 22, 1982. The Executive order
prescribes a uniform information security system; it also establishes a
monitoring system to enhance its effectiveness. This Directive sets forth
guidance to agencies on original and derivative classification, downgrading,
declassification, and safeguarding of national security information.
EFFECTIVE DATE: August 1, 1982.
FOR FURTHER INFORMATION CONTACT: Steven Garfinkel, Director, ISOO.
Telephone: 202-535-7251.
SUPPLEMENTAL INFORMATION: This Directive is issued pursuant to the
provisions of section 5.2(b)(1) of Executive Order 12356. The purpose of
the Directive is to assist in implementing the Order; users of the Directive
shall refer concurrently to that Order for guidance.
List of Subjects in 32 CFR Part 2001
Archives and records, Authority delegations, Classified information,
Executive orders, Freedom of information, Information, Intelligence.
National defense, National security information, Presidential documents,
Security information, Security measures.
Title 32 of the Code of Federal Regulations, Part 2001, is revised to
read as follows:
PART 2001--NATIONAL SECURITY INFORMATION
Subpart A--Original Classification
Sec.
2001.1 Classification levels.
2001.2 Classification authority.
2001.3 Classification categories.
2001.4 Duration of classification.
2001.5 Identification and markings.
2001.6 Limitations on classification.
Subpart B--Derivative Classification
2001.20 Use of derivative classification.
2001.21 Classification Guides.
2001.22 Derivative identification and markings.
Subpart C--Declassification and Downgrading
2001.30 Listing declassification and downgrading authorities.
2001.31 Systematic review for declassification.
2001.32 Mandatory review for declassification.
2001.33 Assistance to the Department of State.
2001.34 FOIA and Privacy Act requests.
Subpart D--Safeguarding
2001.40 General.
2001.41 Standards for security equipment.
2001.42 Accountability.
2001.43 Storage.
2001.44 Transmittal.
2001.45 Special access programs.
2001.46 Reproduction controls.
2001.47 Loss or possible compromise.
2001.48 Disposition and destruction.
2001.49 Responsibilities of holders.
2001.50 Emergency planning.
2001.51 Emergency authority.
Subpart E--Implementation and Review
2001.60 Agency relations.
2001.61 Security education.
2001.62 Oversight.
Subpart F--General Provisions
2001.70 Definitions.
2001.71 Publication and effective date.
Authority: Section 5.2(b)(1), E.O. 12356, 47 FR 14874, April 6, 1982.
Subpart A--Original Classification
Section 2001.1 Classification levels.
(a) Limitations [1.1(b)]./1/ Markings other than "Top Secret," "Secret,"
and "Confidential," such as "For Official Use Only" or "Limited Official
Use," shall not be used to identify national security information. No other
term or phrase shall be used in conjunction with these markings, such as
"Secret Sensitive" or "Agency Confidential," to identify national security
information. The terms "Top Secret," "Secret," and "Confidential" should
not be used to identify nonclassified executive branch information.
(b) Reasonable doubt [1.1(c)]. (1) When there is reasonable doubt about
the need to classify information, the information shall be safeguarded as if
it were "Confidential" information in accordance with Subpart D, pending the
determination about its classification. Upon the determination of a need
for classification, the information that is classified shall be marked as
provided in section 2001.5.
/1/ Bracketed references pertain to related sections of Executive Order
12356.
(2) When there is reasonable doubt about the appropriate classification
level, the information shall be safeguarded at the higher level in
accordance with Subpart D, pending the determination about its
classification level. Upon the determination of its classification level,
the information shall be marked as provided in section 2001.5.
Section 2001.2 Classification authority.
(a) Requests for original classification authority [1.2 and 5.2(b)(5)]. A
request for original classification authority pursuant to section 1.2 of
Executive Order 12356 (hereinafter "the Order") shall include a complete
justification for the level of classification authority sought, a
description of the information that will require original classification,
and the anticipated frequency of original classification actions.
(b) Listing classification authorities [1.2]. Agencies shall maintain a
current listing of officials delegated original classification authority by
name, position, or other identifier. If possible, this listing shall be
unclassified.
(c) Exceptional cases [1.2(e)]. Information described in section 1.2(e)
of the Order shall be protected as provided in section 2001.1(b).
Section 2001.3 Classification categories.
(a) Classification in context of related information [1.3(b)]. Certain
information which would otherwise be unclassified may require classification
when combined or associated with other unclassified or classified
information. Classification on this basis shall be supported by a written
explanation that, at a minimum, shall be maintained with the file or
referenced on the record copy of the information.
(b) Unofficial publication or disclosure [1.3(d)]. Following an
inadvertent or unauthorized publication or disclosure of information
identical or similar to information that has been classified in accordance
with the Order or predecessor orders, the agency of primary interest shall
determine the degree of damage to the national security, the need for
continued classification, and, in coordination with the agency in which the
disclosure occurred, what action must be taken to prevent similar
occurrences.
Section 2001.4 Duration of classification.
(a) Information not marked for declassification [1.4]. Information
classified under predecessor orders that is not subject to automatic
declassification shall remain classified until reviewed for
declassification.
(b) Authority to extend automatic declassification determinations
[1.4(b)]. The authority to extend the classification of information subject
to automatic declassification under predecessor orders is limited to those
officials who have classification authority over the information and are
designated in writing to have original classification authority at the level
of the information to remain classified. Any decision to extend this
classification on other than a document-by-document basis shall be reported
to the Director of the Information Security Oversight Office.
Section 2001.5 Identification and markings [1.5(a), 1.5(b) and 1.5(c)].
A uniform information security system requires that standard markings be
applied to national security information. Except in extraordinary
circumstances as provided in section 1.5(a) of the Order, or as indicated
herein, the marking of paper documents created after the effective date of
the Order shall not deviate from the following prescribed formats. These
markings shall also be affixed to material other than paper documents, or
the originator shall provide holders or recipients of the information with
written instructions for protecting the information.
(a) Classification level. The markings "Top Secret," "Secret," and
"Confidential" are used to indicate: that information requires protection
as national security information under the Order; the highest level of
classification contained in a document; and the classification level of each
page and, in abbreviated form, each portion of a document.
(1) Overall marking. The highest level of classification of information
in a document shall be marked in such a way as to distinguish it clearly
from the informational text. These markings shall appear at the top and
bottom of the outside of the front cover (if any), on the title page (if
any), on the first page, and on the outside of the back cover (if any).
(2) Page marking. Each interior page of a classified document shall be
marked at the top and bottom either according to the highest classification
of the content of the page, including the designation "Unclassified" when it
is applicable, or with the highest overall classification of the document.
(3) Portion marking. Agency heads may waive the portion marking
requirement for specified classes of documents or information only upon a
written determination that: (i) There will be minimal circulation of the
specified documents or information and minimal potential usage of these
documents or information as a source for derivative classification
determinations; or (ii) there is some other basis to conclude that the
potential benefits of portion marking are clearly outweighed by the
increased administrative burdens. Unless the portion marking requirement
has been waived as authorized, each portion of a document, including
subjects and titles, shall be marked by placing a parenthetical designation
immediately preceding or following the text to which it applies. The
symbols "(TS)" for Top Secret, "(S)" for Secret, "(C)" for Confidential, and
"(U)" for Unclassified shall be used for this purpose. If the application
of parenthetical designations is not practicable, the document shall contain
a statement sufficient to identify the information that is classified and
the level of such classification, and the information that is not
classified. If all portions of a document are classified at the same level,
this fact may be indicated by a statement to that effect. If a subject or
title requires classification, an unclassified identifier may be applied to
facilitate reference.
(b) Classification authority. If the original classifier is other than
the signer or approver of the document, the identity shall be shown as
follows:
"CLASSIFIED BY (identification of original classification authority)"
(c) Agency and office of origin. If the identity of the originating
agency and office is not apparent on the face of a document, it shall be
placed below the "CLASSIFIED BY" line.
(d) Declassification and downgrading instructions. Declassification and,
as applicable, downgrading instructions shall be shown as follows:
(1) For information to be declassified automatically on a specific date:
"DECLASSIFY ON: (date)"
(2) For information to be declassified automatically upon occurrence of a
specific event:
"DECLASSIFY ON: (description of event)"
(3) For information not to be declassified automatically:
"DECLASSIFY ON: ORIGINATING AGENCY'S DETERMINATION REQUIRED or 'OADR'"
(4) For information to be downgraded automatically on a specific date or
upon occurrence of a specific event:
"DOWNGRADE TO (classification level) ON (date or description of event)"
(e) Special markings.--(1) Transmittal documents [1.5(c)]. A transmittal
document shall indicate on its face the highest classification of any
information transmitted by it. It shall also include the following or
similar instruction:
(i) For an unclassified transmittal document:
"UNCLASSIFIED WHEN CLASSIFIED ENCLOSURE IS REMOVED"
(ii) For a classified transmittal document:
"UPON REMOVAL OF ATTACHMENTS THIS DOCUMENT IS (classification level of
the transmittal document standing alone)"
(2) "Restricted Data" and "Formerly Restricted Data" [6.2(a)].
"Restricted Data" and "Formerly Restricted Data" shall be marked in
accordance with regulations issued under the Atomic Energy Act of 1954, as
amended.
(3) Intelligence sources or methods [1.5(c)]. Documents that contain
information relating to intelligence sources or methods shall include the
following marking unless otherwise proscribed by the Director of Central
Intelligence:
"WARNING NOTICE--INTELLIGENCE SOURCES OR METHODS INVOLVED"
(4) Foreign government information [1.5(c)]. Documents that contain
foreign government information shall include either the marking "FOREIGN
GOVERNMENT INFORMATION," or a marking that otherwise indicates that the
information is foreign government information. If the fact that information
is foreign government information must be concealed, the marking shall not
be used and the document shall be marked as if it were wholly of U.S.
origin.
(5) Computer output [1.5(c)]. Documents that are generated as computer
output may be marked automatically by systems software. If automatic
marking is not practicable, such documents must be marked manually.
(6) Agency prescribed markings [1.5(c), 4.2(a), and 5.3(c)]. Officials
delegated original classification authority by the President may prescribe
additional markings to control reproduction and dissemination, including
markings required for special access programs authorized by section 4.2(a)
of the Order.
(f) Electrically transmitted information (messages) [1.5(c)]. National
security information that is transmitted electrically shall be marked as
follows:
(1) The highest level of classification shall appear before the first
line of text;
(2) A "CLASSIFIED BY" line is not required;
(3) The duration of classification shall appear as follows:
(i) For information to be declassified automatically on a specific date:
"DECL (date)"
(ii) For information to be declassified upon occurrence of a specific
event:
"DECL (description of event)"
(iii) For information not to be automatically declassified which requires
the originating agency's determination (see also Section 2001.5(d)(3)):
"DECL OADR"
(iv) For information to be automatically downgraded:
"DNG (abbreviation of classification level to which the information is to
be downgraded and date or description of event on which downgrading is to
occur)"
(4) Portion marking shall be as prescribed in Section 2001.5(a)(3);
(5) Special markings as prescribed in Section 2001.5(e)(2), (3), and (4)
shall appear after the marking for the highest level classification. These
include:
(i) "Restricted Data" and "Formerly Restricted Data" shall be marked in
accordance with regulations issued under the Atomic Energy Act of 1954, as
amended;
(ii) Information concerning intelligence sources or methods:
"WNINTEL," unless proscribed by the Director of Central Intelligence;
(iii) Foreign government information:
"FGI," or a marking that otherwise indicates that the information is
foreign government information. If the fact that information is foreign
government information must be concealed the marking shall not be used and
the message shall be marked as if it were wholly of U.S. origin.
(6) Paper copies of electrically transmitted messages shall be marked as
provided in section 2001.5(a)(1) and (2).
(g) Changes in classification marking's [1.4(b) and 4.1(b)]. When a
change is made in the duration of classified information, all holders of
record shall be promptly notified. If practicable, holders of record shall
also be notified of a change in the level of classification. Holders shall
alter the markings to conform to the change, citing the authority for it.
If the remarking of large quantities of information is unduly burdensome,
the holder may attach a change of classification notice to the storage unit
In lieu of the marking action otherwise required. Items withdrawn from the
collection for purposes other than transfer for storage shall be marked
promptly in accordance with the change notice.
Section 2001.6 Limitations on classification [1.6(c)].
Before reclassifying information as provided in section 1.6(c) of the
Order, the authorized official shall consider the following factors, which
shall be addressed in the report to the Director of the Information Security
Oversight Office:
(a) The elapsed time following disclosure;
(b) The nature and extent of disclosure;
(c) The ability to bring the fact of reclassification to the attention
of persons to whom the information was disclosed;
(d) The ability to prevent further disclosure; and
(e) The ability to retrieve the information voluntarily from persons not
authorized access in its reclassified state.
Subpart B--Derivative Classification
Section 2001.20 Use of derivative classification [2.1].
The application of derivative classification markings is a responsibility
of those who incorporate, paraphrase, restate, or generate in new form
information that is already classified, and of those who apply markings in
accordance with instructions from an authorized original classifier or in
accordance with an authorized classification guide. If a person who applies
derivative classification markings believes that the paraphrasing,
restating, or summarizing of classified information has changed the level of
or removed the basis for classification, that person must consult for a
determination an appropriate official of the originating agency or office of
origin who has the authority to upgrade, downgrade, or declassify the
information.
Section 2001.21 Classification guides.
(a) General [2.2(a)]. Classification guides shall, at a minimum:
(1) Identify or categorize the elements of information to be protected;
(2) State which classification level applies to each element or category
of information; and
(3) Prescribe declassification instructions for each element or category
of information in terms of (i) a period of time, (ii) the occurrence of an
event, or (iii) a notation that the information shall not be declassified
automatically without the approval of the originating agency.
(b) Requirement for review [2.2(a)]. Classification guides shall be
reviewed at least every two years and updated as necessary. Each agency
shall maintain a list of its classification guides in current use.
(c) Waivers [2.2(c)]. An authorized official's decision to waive the
requirement to issue classification guides for specific classes of documents
or information should be based, at a minimum, on an evaluation of the
following factors:
(1) The ability to segregate and describe the elements of information;
(2) The practicality of producing or disseminating the guide because of
the nature of the information;
(3) The anticipated usage of the guide as a basis for derivative
classification; and
(4) The availability of alternative sources for derivatively classifying
the information in a uniform manner.
Section 2001.22 Derivative identification and markings [1.5(c) and 2.1(b)].
Documents classified derivatively on the basis of source documents or
classification guides shall bear all markings prescribed in section
2001.5(a) through (e) as are applicable. Information for these markings
shall be taken from the source document or instructions in the appropriate
classification guide.
(a) Classification authority. The authority for classification shall be
shown as follows:
"CLASSIFIED BY (description of source document or classification guide)"
If a document is classified on the basis of more than one source document or
classification guide, the authority for classification shall be shown as
follows:
"CLASSIFIED BY MULTIPLE SOURCES"
In these cases the derivative classifier shall maintain the identification
of each source with the file or record copy of the derivatively classified
document. A document derivatively classified on the basis of a source
document that is marked "CLASSIFIED BY MULTIPLE SOURCES" shall cite the
source document in its "CLASSIFIED BY" line rather than the term "MULTIPLE
SOURCES."
(b) Declassification and downgrading instructions. Dates or events for
automatic declassification or downgrading, or the notation "ORIGINATING
AGENCY'S DETERMINATION REQUIRED" to indicate that the document is not to be
declassified automatically, shall be carried forward from the source
document, or as directed by a classification guide, and shown on a
"DECLASSIFY ON" line as follows:
"DECLASSIFY ON: (date; description of event; or `ORIGINATING AGENCY'S
DETERMINATION REQUIRED' (OADR))"
Subpart C--Declassification and Downgrading
Section 2001.30 Listing declassification and downgrading authorities
[3.1(b)].
Agencies shall maintain a current listing of officials delegated
declassification or downgrading authority by name, position, or other
identifier. If possible, this listing shall be unclassified.
Section 2001.31 Systematic review for declassification [3.3].
(a) Permanent records. Systematic review is applicable only to those
classified records and presidential papers or records that the Archivist of
the United States, acting under the Federal Records Act, has determined to
be of sufficient historical or other value to warrant permanent retention.
(b) Non-permanent records. Non-permanent classified records shall be
disposed of accordance with schedules approved by the Administrator of
General Services under the Records Disposal Act. These schedules shall
provide for the continued retention of records subject to an ongoing
mandatory review for declassification request.
(c) Responsibilities. (1) In meeting responsibilities assigned by
section 3.3(a) of the Order, the Archivist shall:
(i) Establish procedures, in consultation with the Director of the
Information Security Oversight Office, for the systematic declassification
review of permanent classified records accessioned into the National
Archives and classified presidential papers or records under the Archivists
control;
(ii) Conduct systematic declassification reviews in accordance with
guidelines provided by the head of the agency that originated the
information; or, with respect to foreign government information, in
accordance with guidelines provided by the head of the agency having
declassification jurisdiction over the information, or, if no guidelines
have been provided, in accordance with the general guidelines provided by
the Director of the Information Security Oversight Office after coordination
with the agencies having declassification authority over the information;
or, with respect to presidential papers or records, in accordance with
guidelines developed by the Archivist and approved by the National Security
Council;
(iii) Conduct systematic declassification reviews of accessioned records
and presidential papers or records as they become 30 years old, except for
file series concerning intelligence activities (including special
activities), or intelligence sources or methods created after 1945, and
information concerning cryptology created after 1945;
(iv) Conduct systematic declassification reviews of accessioned records
and presidential papers or records in file series concerning intelligence
activities (including special activities), or intelligence sources or
methods created after 1945 and cryptology records created after 1945 as they
become fifty years old;
(v) Establish systematic review priorities for accessioned records and
presidential papers or records based on the degree of researcher interest
and the potential for declassifying a significant portion of the
information;
(vi) Re-review for declassification accessioned records and presidential
papers or records upon the determination that the followup review will be
productive, both in terms of researcher interest and the potential for
declassifying a significant portion of the information.
(2) The Archivist may review for declassification with the concurrence of
the originating agency, accessioned records and presidential papers or
records, prior to the timeframes established in paragraphs (c)(1)(iii) and
(iv) of this section.
(3) Officials delegated original classification authority by the
President under the Order or predecessor orders shall:
(i) Within six months of the effective date of the Order issue guidelines
for systematic declassification review and, if applicable, for downgrading.
These guidelines shall be developed in consultation with the Archivist and
the Director of the Information Security Oversight Office and be designed to
assist the Archivist in the conduct of systematic reviews;
(ii) Designate experienced personnel to provide timely assistance to the
Archivist in the systematic review process;
(iii) Review and update guidelines for systematic declassification review
and downgrading at least every five years unless earlier review is requested
by the Archivist.
(4) Within six months of the effective date of the Order the Director of
the Information Security Oversight Office shall issue, in consultation with
the Archivist and the agencies having declassification authority over the
information, general guidelines for the systematic declassification review
of foreign government information. Also within six months, agency heads may
issue, in consultation with the Archivist and the Director of the
Information Security Oversight Office, specific systematic declassification
review guidelines for foreign government information over which the agency
head has declassification authority. These guidelines shall be reviewed and
updated every five years unless earlier review is requested by the
Archivist.
(d) Special procedures. All agency heads shall be bound by the special
procedures for systematic review of classified cryptologic records and
classified records pertaining to intelligence activities (including special
activities), or intelligence sources or methods issued by the Secretary of
Defense and the Director of Central Intelligence, respectively.
Section 2001.32 Mandatory review for declassification [3.4].
(a) U.S. originated information. (1) Each agency head shall publish in
the Federal Register the identity of the person(s) or office(s) to which
mandatory declassification review requests may be addressed.
(2) Processing. (i) Requests for classified records in the custody of
the originating agency. A valid mandatory declassification review request
need not identify the requested information by date or title of the
responsive records, but must be of sufficient particularity to allow agency
personnel to locate the records containing the information sought with a
reasonable amount of effort. Agency responses to mandatory declassification
review requests shall be governed by the amount of search and review time
required to process the request. In responding to mandatory
declassification review requests, agencies shall either make a prompt
declassification determination and notify the requester accordingly, or
inform the requester of the additional time needed to process the request.
Agencies shall make a final determination within one year from the date of
receipt except in unusual circumstances. When information cannot be
declassified in its entirety, agencies will make reasonable efforts to
release, consistent with other applicable law, those declassified portions
of the requested information that constitute a coherent segment. Upon the
denial of an initial request, the agency shall also notify the requester of
the right of an administrative appeal, which must be filed within 60 days of
receipt of the denial.
(ii) Requests for classified records in the custody of an agency other
than the originating agency. When an agency receives a mandatory
declassification review request for records in its possession that were
originated by another agency, it shall forward the request to that agency.
The forwarding agency shall include a copy of the records requested together
with its recommendations for action. Upon receipt, the originating agency
shall process the request in accordance with section 2001.32(a)(2)(i). Upon
request, the originating agency shall communicate its declassification
determination to the referring agency.
(iii) Appeals of denials of mandatory declassification review requests.
The agency appellate authority shall normally make a determination within 30
working days following the receipt of an appeal. If additional time is
required to make a determination, the agency appellate authority shall
notify the requester of the additional time needed and provide the requester
with the reason for the extension. The agency appellate authority shall
notify the requester in writing of the final determination and of the
reasons for any denial.
(b) Foreign government information. Except as provided in this
paragraph, agency heads shall process mandatory declassification review
requests for classified records containing foreign government information in
accordance with section 2001.32(a). The agency that initially received or
classified the foreign government information shall be responsible for
making a declassification determination after consultation with concerned
agencies. If the agency receiving the request is not the agency that
received or classified the foreign government information, it shall refer
the request to the appropriate agency for action. Consultation with the
foreign originator through appropriate channels may be necessary prior to
final action or the request.
(c) Cryptologic and intelligence information. Mandatory declassification
review requests for cryptologic information and information concerning
intelligence activities (including special activities) or intelligence
sources or methods shall be processed solely in accordance with special
procedures issued by the Secretary of Defense and the Director of Central
Intelligence, respectively.
(d) Fees. In responding to mandatory declassification review requests
for classified records, agency heads may charge fees in accordance with
section 483a of title 31, United States Code. The schedules of fees
published in the Federal Register by agencies in implementation of Executive
Order 12065 shall remain in effect until they are revised.
Section 2001.33 Assistance to the Department of State [3.3(b)].
Heads of agencies should assist the Department of State in its preparation
of the Foreign Relations of the United States (FRUS) series by facilitating
access to appropriate classified material in their custody and by expediting
declassification review of documents proposed for inclusion in the FRUS.
Section 2001.34 FOIA and Privacy Act requests [3.4].
Agency heads shall process requests for declassification that are
submitted under the provisions of the Freedom of Information Act, as
amended, or the Privacy Act of 1974, in accordance with the provisions of
those Acts.
Subpart D--Safeguarding
Section 2001.40 General [4.1].
Information classified pursuant to this Order or predecessor orders shall
be afforded a level of protection against unauthorized disclosure
commensurate with its level of classification. For information in special
access programs established under the provisions of section 1.2 of the
Order, the safeguarding requirements of Subpart D may be modified by the
agency head responsible for creating the special access program as long as
the modified requirements provide appropriate protection for the
information.
Section 2001.41 Standards for security equipment [4.1(b) and 5.1(b)].
The Administrator of General Services shall, in coordination with agencies
originating classified information, establish and publish uniform standards,
specifications, and supply schedules for security equipment designed to
provide secure storage for and to destroy classified information. Any
agency may establish more stringent standards for its own use. Whenever new
security equipment is procured, it shall be in conformance with the
standards and specifications referred to above and shall, to the maximum
extent practicable, be of the type available through the Federal Supply
System.
Section 2001.42 Accountability [4.1(b)].
(a) Top Secret. Top Secret control officials shall be designated to
receive, transmit, and maintain current access and accountability records
for Top Secret information. An inventory of Top Secret documents shall be
made at least annually. Agency heads may waive the requirement for an
annual inventory of storage systems containing large volumes of Top Secret
information upon a determination that the safeguarding of this information
is not jeopardized by the inventory waiver. Waivers shall be in writing and
be available for review by the Information Security Oversight Office.
(b) Secret and Confidential. Agency heads shall prescribe accountability
or control requirements for Secret and Confidential information.
Section 2001.43 Storage [4.1(b)].
Classified information shall be stored only in facilities or under
conditions designed to prevent unauthorized persons from gaining access to
it.
(a) Minimum requirements for physical barriers. (1) Top Secret. Top
Secret information shall be stored in a GSA-approved security container with
an approved, built-in, three-position, dial-type changeable combination
lock; in a vault protected by an alarm system and response force; or in
other types of storage facilities that meet the standards for Top Secret
established under the provisions of section 2001.41. In addition, heads of
agencies shall prescribe those supplementary controls deemed necessary to
restrict unauthorized access to areas in which such information is stored.
(2) Secret and Confidential. Secret and Confidential information shall
be stored in a manner and under the conditions prescribed for Top Secret
information, or in a container, vault, or alarmed area that meets the
standards for Secret or Confidential information established under the
provisions of section 2001.41. Secret and Confidential information may also
be stored in a safe-type filing cabinet having a built-in, three-position,
dial-type changeable combination lock, or a steel filing cabinet equipped
with a steel lock bar secured by a GSA-approved three-position changeable
combination padlock. Heads of agencies shall prescribe supplementary
controls for storage of Secret information in cabinets equipped with a steel
lock bar. Access to bulky Secret and Confidential material in weapons
storage areas, strong rooms, closed areas or similar facilities shall be
controlled in accordance with requirements established by the appropriate
agency head. At a minimum, such requirements shall prescribe the use of
key-operated, high-security padlocks approved by the General Services
Administration.
(b) Combinations. (1) Equipment in service. Combinations to dial-type
locks shall be changed only by persons having an appropriate security
clearance, and shall be changed whenever such equipment is placed in use;
whenever a person knowing the combination no longer requires access to it;
whenever a combination has been subjected to possible compromise; whenever
the equipment is taken out of service; or at least once every year.
Knowledge of combinations shall be limited to the minimum number of persons
necessary for operating purposes. Records of combinations shall be
classified no lower than the highest level of classified information that is
protected by the lock.
(2) Equipment out of service. When security equipment is taken out of
service it shall be inspected to ensure that no classified information
remains, and the built-in combination lock shall be reset to the standard
combination 50-25-50. Combination padlocks shall be reset to the standard
combination 10-20-30.
(c) Keys. Heads of agencies shall establish administrative procedures
for the control and accountability of keys and locks whenever key-operated,
high-security padlocks are utilized. The level of protection provided such
keys shall be equivalent to that afforded the classified information being
protected by the padlock.
Section 2001.44 Transmittal [4.1(b)].
(a) Preparation and receipting. Classified information to be transmitted
outside of a facility shall be enclosed in opaque inner and outer covers.
The inner cover shall be a sealed wrapper or envelope plainly marked with
the assigned classification and addresses of both sender and addressee. The
outer cover shall be sealed and addressed with no identification of the
classification of its contents. A receipt shall be attached to or enclosed
in the inner cover, except that Confidential information shall require a
receipt only if the sender deems it necessary. The receipt shall identify
the sender, the addressee, and the document, but shall contain no classified
information. It shall be immediately signed by the recipient and returned
to the sender. Any of these wrapping and receipting requirements may be
waived by agency heads if conditions provide at least equivalent protection
to prevent access by unauthorized persons.
(b) Transmittal of Top Secret. The transmittal of Top Secret information
outside of a facility shall be by specifically designated personnel, by
State Department diplomatic pouch, by a messenger-courier system authorized
for the purpose, or over authorized secure communications circuits.
(c) Transmittal of Secret. The transmittal of Secret information shall
be effected in the following manner:
(1) The 50 States, the District of Columbia, and Puerto Rico. Secret
information may be transmitted within and between the 50 States, the
District of Columbia, and the Commonwealth of Puerto Rico by one of the
means authorized for Top Secret information, by the U.S. Postal Service
registered mail, or by protective services provided by U.S. air or surface
commercial carriers under such conditions as may be prescribed by the head
of the agency concerned.
(2) Other areas. Secret information may be transmitted from, to, or
within areas other than those specified in section 2001.44(c)(1) by one of
the means established for Top Secret information, or by U.S. registered mail
through Military Postal Service facilities provided that the information
does not at any time pass out of U.S. citizen control and does not pass
through a foreign postal system. Transmittal outside such areas may also be
accomplished under escort of appropriately cleared personnel aboard U.S.
Government and U.S. Government contract vehicles or aircraft, ships of the
United States Navy, civil service manned U.S. Naval ships, and ships of U.S.
registry. Operators of vehicles, captains or masters of vessels, and pilots
of aircraft who are U.S. citizens and who are appropriately cleared may be
designated as escorts.
(d) Transmittal of Confidential. Confidential information shall be
transmitted within and between the 50 States, the District of Columbia, the
Commonwealth of Puerto Rico, and U.S. territories or possessions by one of
the means established for higher classifications, or by the U.S. Postal
Service certified, first class, or express mail service when prescribed by
an agency head. Outside these areas, Confidential information shall be
transmitted only as is authorized for higher classifications.
(e) Hand carrying of classified information. Agency regulations shall
prescribe procedures and appropriate restrictions concerning the escort or
hand carrying of classified information, including the hand carrying of
classified information on commercial carriers.
Section 2001.45 Special access programs [1.2(a) and 4.2(a)].
Agency heads designated pursuant to section 1.2(a) of the Order may create
or continue a special access program if:
(a) Normal management and safeguarding procedures do not limit access
sufficiently; and
(b) The number of persons with access is limited to the minimum necessary
to meet the objective of providing extra protection for the information.
Section 2001.46 Reproduction controls [4.1(b)].
(a) Top Secret documents, except for the controlled initial distribution
of information processed or received electrically, shall not be reproduced
without the consent of the originator.
(b) Unless restricted by the originating agency, Secret and Confidential
documents may be reproduced to the extent required by operational needs.
(c) Reproduced copies of classified documents shall be subject to the
same accountability and controls as the original documents.
(d) Paragraphs (a) and (b) of this section shall not restrict the
reproduction of documents to facilitate review for declassification.
Section 2001.47 Loss or possible compromise [4.1(b)].
Any person who has knowledge of the loss or possible compromise of
classified information shall immediately report the circumstances to an
official designated for this purpose by the person's agency or organization.
The agency that originated the information shall be notified of the loss or
possible compromise so that a damage assessment may be conducted and
appropriate measures taken to negate or minimize any adverse effect of the
compromise. The agency under whose cognizance the loss or possible
compromise occurred shall initiate an inquiry to (a) determine cause, (b)
place responsibility, and (c) take corrective measures and appropriate
administrative, disciplinary, or legal, action.
Section 2001.48 Disposition and destruction [4.1(b)].
Classified information no longer needed in current working files or for
reference or record purposes shall be processed for appropriate disposition
in accordance with the provisions of chapters 21 and 33 of title 44, United
States Code, which govern disposition of Federal records. Classified
information approved for destruction shall be destroyed in accordance with
procedures and methods prescribed by the head of the agency. The method of
destruction must preclude recognition or reconstruction of the classified
information or material.
Section 2001.49 Responsibilities of holders [4.1(b)].
Any person having access to and possession of classified information is
responsible for: (a) Protecting it from persons not authorized access to
it, to include securing it in approved equipment or facilities whenever it
is not under the direct supervision of authorized persons; and (b) meeting
accountability requirements prescribed by the head of the agency.
Section 2001.50 Emergency planning [4.1(b)].
Agencies shall develop plans for the protection, removal, or destruction
of classified material in case of fire, natural disaster, civil disturbance,
or enemy action. These plans shall include the disposition of classified
information located in foreign countries.
Section 2001.51 Emergency authority [4.1(b)].
Those officials delegated original classification authority by the
President may prescribe by regulation special provisions for the
dissemination, transmittal, destruction, and safeguarding of national
security information during combat or other emergency situations which pose
an imminent threat to national security information.
Subpart E--Implementation and Review
Section 2001.60 Agency regulations [5.3(b)].
Each head of an agency shall issue regulations in accordance with 5 U.S.C.
552(a) to implement the Order and 32 CFR Part 2001 no later than December
31, 1982. Those portions that affect members of the public shall include,
at a minimum, information relating to the agency's mandatory
declassification review program and instructions for submitting suggestions
or complaints regarding the agency's information security program.
Section 2001.61 Security education [5.3(a)].
Each agency that creates or handles national security information is
required under the Order to establish a security education program. The
program established shall be sufficient to familiarize all necessary
personnel with the provisions of the Order and its implementing directives
and regulations and to impress upon them their individual security
responsibilities. The program shall also provide for initial, refresher,
and termination briefings.
Section 2001.62 Oversight [5.3(a)].
Agency heads shall require that periodic formal reviews be made to ensure
compliance with the provisions of the Order and ISOO directives.
Subpart F--General Provisions
Section 2001.70 Definitions [6.1].
(a) Original classification authority. The authority vested in an
executive branch official to make an initial determination that information
requires protection against unauthorized disclosure in the interest of
national security.
(b) Classification guide. A document issued by an authorized original
classifier that prescribes the level of classification and appropriate
declassification instructions for specified information to be classified on
a derivative basis.
(c) Originating agency. The agency responsible for the initial
determination that particular information is classified.
(d) Multiple sources. The term used to indicate that a document is
derivatively classified when it contains classified information derived from
more than one source.
(e) Portion. A segment of a document for purposes of expressing a unified
theme; ordinarily a paragraph.
(f) Special access program. Any program imposing "need-to-know" or
access controls beyond those normally provided for access to Confidential,
Secret, or Top Secret information. Such a program may include, but is not
limited to, special clearance, adjudication, or investigative requirements,
special designations of officials authorized to determine "need-to-know," or
special lists of persons determined to have a "need-to-know."
(g) Intelligence activity. An activity that an agency within the
Intelligence Community is authorized to conduct pursuant to Executive Order
12333.
(h) Special activity. An activity conducted in support of national
foreign policy objectives abroad which is planned and executed so that the
role of the United States Government is not apparent or acknowledged
publicly, and functions in support of such activity, but which is not
intended to influence United States political processes, public opinion,
policies, or media and does not include diplomatic activities or the
collection and production of intelligence or related support functions.
(i) Unauthorized disclosure. A communication or physical transfer of
classified information to an unauthorized recipient.
Section 2001.71 Publication and effective date [6.2(e)].
Part 2001 shall be published in the Federal Register. It shall become
effective August 1, 1982.
Steven Garfinkel,
Director, Information Security Oversight Office.
June 23, 1982.
[FR Doc. 82-17295 Filed 6-23-82; 10:37 a.m.]
BILLING CODE 6820-AF-M