Welcome to ISOO's derivative classification
training.
This briefing covers the minimum
requirements outlined in Executive Order 13526
and 32 CFR 2001 and fulfills the requirements
for mandatory derivative classification training.
Agency personnel are welcome to use this briefing
and add agency-specific requirements.
My name is Peggy Ushman and I am a Senior
Program Analyst in Classification Management
at the Information Security Oversight Office.
With me today, is one of our Program Analysts,
Evan Coren, who also works in Classification
Management and with the Interagency Security
Classification Appeals Panel.
Let's begin our discussion with identifying
the differences between original classification
and derivative classification.
Original Classification is the initial determination
that information requires, in the interest
of the national security, protection against
unauthorized disclosure.
Derivative Classification is the incorporating,
paraphrasing, restating, or generating in
and marking the newly developed material consistent
with the classification markings that apply
to the source information.
Original classification authorities (OCA)
are required to have training every year.
Derivative classifiers are required to have
training every two years.
We have three primary references that we use
for derivative classification -
-Executive Order 13526, titled Classified
National Security Information, prescribes
a uniform system for classifying, safeguarding,
declassifying national security information;
-32 CFR part 2001, also titled Classified
National Security Information, is the implementing
directive for the executive order; and Our
marking book provides additional marking guidance.
All of these documents are available on the
ISOO web page at www.archives.gov/isoo.
The principles of derivative classification
include
-Avoiding over-classification,
-Information sharing,
-Classification levels,
-Reasons for classification,
-Duration of classification,
-Prohibitions and limitations,
-Classification challenges,
Identification and markings,
-Security classification guides'
And sanctions.
Each one will be discussed throughout this
presentation.
The Reducing Over-Classification Act was signed
in October 2010 and is legislation designed
to decrease over-classification and promote
information sharing across the federal government
and with state, local, tribal, and private
sector entities.
President Obama noted while signing this act
that protecting national security information
and demonstrating our commitment to open government
through the proper application of classification
standards are equally important and compatible
priorities.
The Reducing Over-Classification Act takes
concrete action to implement the lessons learned
from 9/11 where the failure to share information
prevented detection of the terror plot ahead
of time.
It does this by establishing procedures
to promote information sharing with state,
local, tribal, and private sector entities,
and by providing training and incentives to
promote accurate classification of information
by federal employees.
Simply put, over-classification occurs when
information is incorrectly marked at the wrong
level.
For example, you mark a portion as Top Secret,
when it should be Secret.
Or you mark a paragraph
as Secret when it should be unclassified.
Or you've marked the overall classification
as Top Secret, but there is no Top Secret
information in the document.
Or you've put
incorrect dissemination and control markings
on a document.
Not only does this make the document difficult
to use as a source document for other classification
actions, it also makes the sharing of that
information more difficult.
Information sharing with other agencies and
other governments has become an important
factor in the way we do business today.
Agency Inspector General offices are responsible
for implementing this program.
Before an individual can have access to classified
information, there must first be a favorable
determination of eligibility for access.
The
individual must sign an approved nondisclosure
agreement.
And the individual must have a
need-to-know the information.
Simply having
a security clearance is not sufficient reason
to have access to classified information.
Our office used to be responsible for the
Standard Form 312, but it was handed over
to the Office of the Director of National
Intelligence a few years ago.
However, we
still receive a lot of questions about it.
So we put this notice on our web page directing
people to the appropriate place for any questions
regarding the SF 312.
The SF 312 is the non-disclosure agreement
that is signed by everyone who has a security
clearance.
ODNI provided these guidelines.
Previously executed SF 312s do not need
to be re-signed simply because the form was
updated, and
Electronic signatures are prohibited on
the SF 312.
This determination was made in
response to a query made by ISOO to the Department
of Justice.
ODNI has not changed that policy.
Any questions regarding this form should be
directed to SECEA@dni.gov.
In accordance with the executive order, there
are three levels of classification: top
secret, secret, and confidential.
The criteria
for assigning a classification level is dependent
upon the level of damage that may be caused
if this information is disclosed in an unauthorized
manner.
This determination is made by the
original classification authority who has
jurisdiction over the information.
In order to understand derivative classification,
you must first understand the basic principles
of original classification - the initial
determination that information requires protection
in the interest of national security.
Original classification authorities are designated
by the President and in some cases, further
delegated by agency heads and senior agency
officials.
The OCA makes the determination
that information be classified, why it is
classified, and for how long it should remain
classified.
Section 1.4 of the executive order lists the
reasons for which information may be classified.
When making an original classification decision,
the information must fall under one of these
categories:
Military plans, weapons systems, or operations,
Foreign government information,
Intelligence activities, intelligence
sources or methods, or cryptology,
Foreign relations or foreign activities
of the United States,
Scientific, technological, or economic
matters relating to national security,
Safeguarding nuclear materials and facilities,
Vulnerabilities or capabilities of systems,
installations, infrastructures, projects,
plans or protection services relating to the
national security
And the development, production, or use
of weapons of mass destruction.
An original classification authority must
establish an initial duration of classification
not to exceed 25 years and a derivative classifier
cannot change that duration.
A change in E.O. 13526 from previous executive
orders is that this order specifically states
that no information may remain classified
indefinitely.
Under no circumstances shall information be
classified, continue to be classified, or
fail to be declassified in order to:
Conceal violations of law, inefficiency,
or administrative error,
Prevent embarrassment to a person, organization,
or agency,
Restrain competition,
Or prevent or delay the release of information
that does not require protection in the interest
of national security.
In accordance with E.O. 13526, everyone is
encouraged to question the classification
of a document if they, in good faith, believe
that the classification is incorrect.
Classification challenges can be either informal
or formal.
An informal challenge is as easy
as calling up the office that sent you the
document and asking for clarification on the
classification of a document.
A formal challenge must be in writing.
A strong classification challenge program
in every agency is vital to the success of
classification management.
It is a system
of checks and balances to maintain the integrity
of the classification system.
It is much better
to challenge a classification using established
guidelines than for something to be sent to
the Washington Post because someone believed
it shouldn't be classified and wanted to
make a point.
Agency heads and senior agency officials are
required to establish procedures under which
authorized holders of information are encouraged
and expected to challenge the classification
of information that they believe is improperly
classified or unclassified while not being
subject to retribution.
The agency must establish and publicize the
review process as well as appeal processes.
An important distinction to make is that documents
that are required to be submitted for prepublication
review or other administrative process pursuant
to an approved non-disclosure agreement are
not covered by this section, but are covered
as a separate process.
The implementing directive, 32 CFR part 2001,
reiterates the information from the Order
and adds information requiring agencies establish
a system for processing, tracking and recording
formal classification challenges.
Whenever an agency receives a classification
challenge to information that has been the
subject of a challenge within the past two
years, or that is the subject of pending litigation,
the agency is not required to process the
challenge beyond informing the challenger
of this fact and of the challenger's appeal
rights, if any.
The classification challenge provision is
not intended to prevent an authorized holder
from informally questioning the classification
status of particular information.
Such informal
inquiries should be encouraged as a means
of holding down the number of formal challenges
and to ensure the integrity of the classification
process.
32 CFR 2001 also lays out the timeline for
initial responses and appeals submission.
The agency has 60 days to provide an initial
written response to the classification challenge.
If they cannot provide a response within 60
days, the agency must acknowledge receipt
of the challenge and provide a date by which
the agency will respond.
The agency must also
advise the challenger that if no agency response
is received within 120 days, the challenger
has the right to appeal the challenge to the
Interagency Security Classification Appeals
Panel, or ISCAP.
So why do we have to mark everything?
Markings identify what information must be
protected, the level of protection that is
required, and who the classification authority
is, why it's being classified, and how long
the document must remain classified.
As a side note, and as a good trivia question,
portion marking was first mandated under E.O.
11652, signed in 1972 by President Nixon.
Derivative classification is incorporating,
paraphrasing, restating, or generating in
new form information that has been previously
classified.
In other words, you are taking
something from another document and using
that same information in your new document.
It is important to note that simply making
a copy of a document is not derivative classification.
Source documents for your derivative classification
action includes other documents or security
classification guides.
There are three steps to be taken when derivatively
classifying a document.
After you have created your document, the
first step is to apply portion marks to every
portion - title, subject, paragraphs, bullet
points, pictures, maps, photos, etc.
The second step is to apply the overall classification
marking - this will be the highest level
of classification of any of your portion markings.
The third step will be to apply the classification
authority block.
This block is usually placed
at the bottom of the first page of the document
and includes the name and position, or personal
identifier, of the person who created the
document; the source information - where
the information was derived from; and the
declassification instruction which is usually
carried over from the source document.
In this example, we have your source document
to the left and your derivatively classified
document to the right.
We have taken a paragraph
from the source document and copied it into
our new memo.
As you can see in this example, portion markings
are carried forward with the section of the
source document that is carried over into
the derivative document.
Again, all portions
must be marked as shown in this example.
Focusing now only on your derivatively classified
document on the right, you must apply the
overall classification of this memo.
Based
on the fact that the highest level of classification
of any of the portions in the derivative document
is Secret, the overall classification of this
document will be Secret.
This will be annotated at the top and bottom
of the page and will be readily apparent.
There is no requirement to use certain colors
when annotating the overall classification.
That is a holdover from the days when we used
to stamp the classification on documents that
were typed on a typewriter.
Once your document is properly marked, you
will apply the three-line classification authority
block.
The "Classified By:" line will identify
the person who created the document by name
and position or personal identifier.
If it
is not readily apparent in the document, the
agency should also be identified on this line.
The "Derived From:" line in the derivative
document shows where the information came
from.
The source document must be identified
with enough information that it can be located
if necessary.
If you were using a security
classification guide as your source document,
you would identify the title of the guide,
the office or organization it belongs to,
and the specific location of the information
in the guide.
For example, chapter 3, item
#7.
Be as specific as you can to make it easier
for someone to go back to the source document
if they need to review it.
The final step of the classification authority
block is to identify the declassification
instruction.
If using a single source document,
the declassification date will be carried
over to your new document.
If using a security
classification guide, the declassification
date you will use will be annotated in the
guide.
For example, a lot of guides state
"declassify at 25 years."
This means that
you will add 25 years to the date that you
created your document.
For example, you create a document on March
22, 2017.
You use a classification guide as
your source document and it states "25 years."
You will add 25 years to 2017, making your
declassification date March 22, 2042.
To recap, when using a single source for your
new derivatively classified document, be as
specific as you can when annotating the Derived
From line and carry over the Declassify On
line as seen here in this example.
Security classification guides can also be
used as a source document for derivative classification
decisions.
Security classification guides are a record
of original classification decisions made
by an original classification authority.
They
must be approved and signed by the appropriate
OCA who has ownership of that information.
Most agencies that handle classified information
have one or more OCAs that approve guides
that fall under their purview.
Guides must be reviewed and updated as necessary,
but at least every 5 years.
E.O. 13526 and
32 CFR 2001 have established a Fundamental
Classification Guidance Review program whereby
all classification guides go through an extensive
review process every 5 years.
We suggest to
agencies that have a large number of guides
to set up a review process so that 20 percent
of their guides are reviewed each year.
In this example, we have shown what the "Derived
From:" line and "Declassify On:" line
would look like when using a classification
guide as your source document.
Again, be as
specific as possible when describing your
source document.
You don"t always have just a single source
for your document, so here we show how your
document would be annotated if you were using
more than one source document.
The "Derived From:" line would be annotated
Multiple sources.
However, there must be a
list of those sources on, or attached to,
your document, as shown in this example.
This
list should annotate the same information
that would be placed in the "Derived From:"
line for a single source.
The fun part is determining the declassification
instruction for your derivatively classified
document.
The rule is that the declassification
instruction on your new document will be the
most restrictive date from the source documents
- the date that will keep the information
classified for the longest period of time.
This ensures that information will not be
inadvertently released earlier than it should
be.
Now that we have covered how to appropriately
apply a declassification instruction, let's
cover declassification instructions that can
no longer be used, but may still appear on
older documents.
Some of you may remember using X1-X8.
These
were exemptions from automatic declassification,
but were eliminated under E.O. 12958, as amended,
in 2003.
We now use 25X categories that will
be discussed later, which extends the duration
of classification another 25 years beyond
the original 25 years determined by the OCA.
OADR - originating agency determination
required.
This was an open-ended declassification
instruction and allowed agencies to make declassification
decisions when they determined it was best
and not on a specific schedule.
This was eliminated
in 1995.
MR, or manual review, was never a valid declassification
instruction.
It first appeared in the banner
line, or the overall classification line,
and indicated that there was information in
the document that was not covered by E.O.
13526 and required a separate review process.
A good example of this is Restricted Data
and Formerly Restricted Data which fall under
the Atomic Energy Act.
Subject to treaty or international agreement
is essentially the same as 25X9 which will
be covered in more detail.
For consistency,
it is preferable to use the exemption code
rather than a description of the exemption
category.
DNI Only or DCI Only refers to the fact that
space-based imagery was in the document and
we will cover that on the next slide.
25X-1 human has been changed to 50X1-HUM,
and is used for information that clearly and
demonstrably could be expected to reveal the
identity of a confidential human source or
a human intelligence source.
If you see X1-X8, OADR, MR, or the phrase
subject to treaty or international agreement
on your source document, the general rule
of thumb is to calculate a date that is 25
years from the date on the source document.
This will become the declassification instruction
on your new document.
Otherwise, ignore any MR markings.
Don't
carry them over, don't agonize over them,
simply ignore them.
However, you should always
check the appropriate security classification
guide to ensure you have the latest classification
information.
If your source document contains DNI (Director
of National Intelligence) or DCI (Director
of Central Intelligence) Only, you should
follow the instructions annotated in this
attachment which shows the classification
authority block for both originally classified
and derivatively classified documents.
Space-based imagery belongs to the National
Geospatial-Intelligence Agency and the DNI
has declassification authority over this information.
I will now turn this over to Evan Coren.
Thank you, Peggy.
25X1-25X9 indicates the information is exempt
from automatic declassification at 25 years.
If any agency needs to keep information classified
past 25 years, they must apply to the Interagency
Security Classification Appeals Panel (ISCAP)
for approval.
The agency OCA only has authority
to classify information up to 25 years.
When
using an approved exemption, a date or independently
verifiable event must be included with the
marking and will not exceed 50 years from
the date of the document.
Detailed elements of information are approved
for exemption by the ISCAP in the form of
a declassification guide and most of these
are applied when documents are 25 years old.
A very limited number of these elements are
approved to be used at document creation.
It is extremely rare for an agency to have
the authority to mark at creation a declassification
date later than 25 years.
When doing so please
confirm that authority has been granted for
that specific piece of information.
Simply put, the exemptions work like this:
- The OCA classifies information for the
first 25 years.
- An ISCAP-approved 25X exemption keeps
information classified for another 25 years,
or 50 years total.
- There are also 50X exemption which will
keep information classified for an additional
25 years beyond that, up to 75 years total.
All exemptions other than 50X1-HUM and 50X2-WMD
must be approved by ISCAP.
The example here shows how it is properly
annotated.
The declassification line will
show the appropriate 25X category and a declassification
date carried forward from the source document,
or if classifying off a classification guide
50 years from the date of document creation.
If an original classification authority is
classifying information that should clearly
and demonstrably be expected to reveal the
identity of a confidential human source or
a human intelligence source, the duration
shall be up to 75 years and shall be designated
with the following marking, "50X1"HUM".
If an original classification authority is
classifying information that should clearly
and demonstrably be expected to reveal key
design concepts of weapons of mass destruction,
the duration shall be up to 75 years and shall
be designated with the following marking,
"50X2"WMD."
These are the only two exemptions that can
be used on originally classified documents
and do not required an associated date with
the exemption category.
These exemptions can
be carried over to a derivatively classified
document.
This is a list of the exemption categories.
Agencies only get approval for much more detailed
pieces of information, so use this only as
a list of potential categories, and consult
the appropriate classification guide to determine
if you have the authority to use one of these
markings at initial classification.
- 25X1 covers confidential human sources,
human intelligence sources, and relationships
with an intelligence service of a foreign
government or international organization.
- 25X2 covers development, production, or
use of weapons of mass destruction.
- 25X3 covers cryptologic systems
- 25X4 covers state-of-the-art weapons technology
- 25X5 covers formally named or numbered
U.S. war plans that remain in effect
- 25X6 covers foreign relations
- 25X7 covers protection of the President,
Vice President, or others
- 25X8 covers vulnerabilities
- 25X9 covers instances where the unauthorized
release of information would violate a statute,
treaty, or international agreement that does
not permit the automatic or unilateral declassification
of information at 25 years.
Classification by compilation is a determination
that information is classified through the
compilation of unclassified information.
It
is a derivative classification action based
upon existing original classification guidance.
If the compilation of unclassified information
reveals a new aspect of information that meets
the criteria for classification, it shall
be referred to an original classification
authority with jurisdiction over the information
to make an original classification decision.
Basically, it is unclassified information
plus unclassified information that becomes
classified information.
When marking a document
- Each unclassified portion will be marked
appropriately with a capital U in parenthesis,
- The overall classification will reflect
the classification of the compiled information,
and
- A clear explanation will be provided on
the document as to why the compilation of
the unclassified information becomes classified.
This slide shows an example of how a classification
guide would be annotated with compilation
information and how you would mark your document
based on the information from the guide.
Earlier in 2017, based on feedback from agency
personnel, we expanded the definition of classification
by compilation to include information that
is classified at a lower level, that when
combined with other information, can become
classified at a higher level.
When marking a document -
- Each portion will be marked with its appropriate
classification,
- The overall classification will reflect
the classification of the compiled information,
- A clear explanation will be provided on
the document as to why the combination of
the classified portions become classified
at a higher level.
This slide shows an example of how a classification
guide would be annotated with compilation
information and how you would mark your document
based on the information from the guide.
I will now turn this back over to Peggy.
Thank you, Evan.
Okay, now we get into more specific marking
examples.
This example shows three different pages taken
from the same report.
As you can see, all
the portions are appropriately marked - the
title of the report, the headings, the bullet
points, the paragraph, the chart, and the
photo.
Now, we've added the overall classification
markings.
32 CFR 2001.21(b)(3), from the implementing
directive, states that each interior page
of a classified document shall be marked at
the top and bottom either with the highest
level of classification of information contained
on that page, or with the highest overall
classification of the document.
The first page, or cover, will always be marked
with the highest overall classification of
the document.
Here, we have added the classification authority
block - the "Classified By:" line, the
"Derived From:" line, and the "Declassify
On:" line.
This is an example of a slide presentation
and shows how the different slides would be
marked.
Slide 1, at the top, is your cover slide.
The title is portion marked and the overall
classification of the presentation as a whole
is annotated at the top and bottom.
The classification
authority block is on this slide.
Slide 2 shows an internal slide.
It contains
the appropriate portion markings and the overall
classification.
You have the option of marking
the internal slides with the overall classification
of the presentation, or marking the overall
classification of each individual slide.
Slide 3 is also an internal slide that contains
an embedded chart.
The text on the slide is
portion marked and the graph is portion marked.
The graph also is marked as an independent
object, so it contains the classification
of the graph itself.
One note - when adding graphs or charts
to a presentation, be cognizant of the classification
of the underlying data that is attached to
the graph or chart.
Word documents are marked the same way -
- Portion markings
-Overall classification
- Classification authority block on the
first page.
In this example, I want to demonstrate the
options available for portion marking.
This
was a change with 32 CFR 2001 in 2010 and
is meant to make portion marking slightly
easier on the user.
In the first paragraph example, it is implied
that the sub-paragraphs are the same classification
as the main paragraph, so you do not have
to portion mark each sub-paragraph.
In the other examples, at least one of the
sub-paragraphs is a different classification
from the main paragraph.
When that occurs,
every sub-paragraph must be appropriately
portion marked, as well as the main paragraph.
If in doubt, portion mark everything.
These are more examples of how to properly
mark different things.
The powerpoint slide
to the left shows portion markings of the
title, bullet points and sub-bullet points,
and the embedded picture.
The title of the
picture must also be portion marked.
This
slide also has the classification authority
block.
The beautiful cat photo shows the classification
of the photo itself as well as the classification
of the title of the photo.
The slide containing the chart shows the appropriate
portion marking, the overall classification,
and the classification authority block.
Portion marking can get difficult, but you
cannot correctly determine the overall classification
of a document without them.
Keep in mind, that while I have shown the
classification authority block on two of the
examples here, it is only required to be shown
on the first slide of a presentation or the
first page of a document.
If you need to handle documents that contain
sensitive compartmented information, or SCI,
this is an example of how they are marked.
They follow the same marking requirements
as everything else we have covered, however,
they also contain control and dissemination
markings.
Unless you work in Intelligence,
you may not need to worry about this, but
if you see it, you should be able to recognize
it for what it is.
ODNI has responsibility for SCI markings.
The Intelligence Community is required to
follow the basic marking requirements outlined
in E.O. 13526 and 32 CFR 2001, but they establish
additional marking requirements for SCI specifically.
Remember, if you are required to handle SCI
material, you must be read into the applicable
programs through your SSO.
E-mails seem to be one of the more difficult
documents to properly mark.
But once you break
it down, it's really not that bad.
Remember,
the same rules apply - portion markings,
overall classification, and classification
authority block.
This example shows your basic email and the
appropriate portion marking.
Here, we have added the overall classification
based on the portion markings.
Just like with
any other document, the overall classification
goes at the top and bottom of the e-mail.
In this example, we have added the classification
authority block.
It's the same block used
on all other documents and contains the classified
by line, the derived from line, and the declassification
instruction.
There are times when your e-mail is basically
a transmittal document for a classified attachment.
You are still required to portion mark the
e-mail, because everything that resides on
a classified system must be appropriately
marked, but you should also include the statement
"Upon removal of attachment, this document
is UNCLASSIFIED."
Here's where we add the overall classification.
In this case, because the e-mail itself is
unclassified, the overall classification is
based on the classification of the attachment.
Because the file name of the attachment doesn't
readily identify the classification of the
document, it is acceptable to indicate in
the text of the e-mail what the classification
of the attachment is.
And finally, we add the classification authority
block.
In this case, this is extra information
that applies to the attachment.
It is not
absolutely required that you place this on
the unclassified e-mail, as it should be on
the document itself.
If this were a classified e-mail with a classified
attachment, then the overall classification
would indicate the highest level of classification
of either the text in the e-mail or the attachment.
What happens to the markings when you reply
to this e-mail, but delete the classified
attachment?
The attachment has been removed.
The original e-mail retains its original markings.
The reply is portion marked and a new overall
classification is annotated.
Here is an example of an e-mail thread where
the original e-mail is classified, but your
response is unclassified.
And this is where
it starts to get confusing.
But if you think
of this as a stack of papers, it might be
easier to understand.
You can't change the markings on the earlier emails.
So begin by focusing on your e-mail.
Appropriately portion mark your e-mail and
add the overall classification of your e-mail
only at the beginning and end of your e-mail.
Then you need to determine the overall classification
of the entire e-mail thread which may or may
not change, depending on what you added to
the thread.
The overall classification is the classification
of the package as a whole.
So you need to
review the thread to see what classified information
remains in your response.
For example, if
you reply to an unclassified e-mail that had
a classified attachment, the attachment would
drop off the package.
Therefore, your new
overall classification would be UNCLASSIFIED.
However, if you forward the e-mail and the
classified attachment remains, then that would
factor into the overall classification of
the e-mail as a whole.
This is an example of an e-mail thread with
a classified reply to a classified e-mail.
Both the original e-mail and the reply are
marked as individual documents.
The overall
classification will indicate the overall classification
of the e-mail thread as a whole.
If you add
additional classified information to your
response, then you must add a new classification
authority block for the information you added.
Now that we have finished with markings, let's
talk about sanctions if you improperly release
classified information.
Employees are subject to the sanctions outlined
in E.O. 13526 if they willfully, knowingly,
or negligently:
- Disclose to unauthorized persons information
properly classified under this order or predecessor
orders;
- Classify or continue the classification
of information in violation of this order
or any implementing directive;
-Create or continue a special access program
contrary to the requirements of this order;
or
- Contravene any other provision of this
order or its implementing directives.
Those sanctions may include:
-Reprimand
- Suspension without pay
- Removal
- Termination of classification authority
- Loss or denial of access to classified
information, or
-Other sanctions in accordance with applicable
law and agency regulation.
This is a screen shot of the education and
training section of the ISOO web page, with
our URL at the top.
All of our policy documents
to include the applicable executive orders
and implementing directives can be found on
the ISOO page at www.archives.gov/isoo.
Our marking book can be found on the education
and training page along with a number of training
aids.
And finally, here is the contact information
for ISOO.
Please free to contact us with any
questions.
Thank you.
