When Derivatively Classifying Information Where Can You Find A Listing

When derivatively classifying information, locating the proper guidance is crucial for maintaining security standards and ensuring that classified information is handled correctly. Derivative classification involves incorporating, paraphrasing, restating, or generating in a new form information that is already classified. It requires a thorough understanding of the source material and the application of proper markings and dissemination controls. In this comprehensive guide, we will explore where to find a listing when derivatively classifying information, focusing on key resources and practical steps.

Understanding Derivative Classification

Before diving into the resources, it's essential to understand what derivative classification entails. Derivative classification is the act of using existing classified information to create new documents or materials. This process must adhere strictly to the guidelines provided by the original classification authority. The goal is to ensure that the new material is protected at the same level as the source information.

Key principles of derivative classification include:

• Accuracy: Ensuring that the new document accurately reflects the classified source material.
• Completeness: Including all necessary markings and control measures.
• Consistency: Maintaining uniform application of classification guidance.

Core Resources for Derivative Classifiers

1. Security Classification Guides

Security Classification Guides (SCGs) are the primary resources for derivative classifiers. These guides are detailed documents that provide specific instructions on what information should be classified, at what level, and for how long.

What are Security Classification Guides?

SCGs are issued by Original Classification Authorities (OCAs) and serve as the blueprint for derivative classification. They provide a comprehensive overview of the classification decisions made by the OCA, ensuring that derivative classifiers apply these decisions consistently.

Key components of an SCG:

• Identification of Classifiable Information: Clearly identifies what types of information require classification.
• Classification Level: Specifies the level of classification (Confidential, Secret, Top Secret) required for the information.
• Declassification Instructions: Provides instructions on when and how the information can be declassified.
• Downgrading Instructions: Details any downgrading instructions for the information.
• Control Markings: Specifies any additional control markings (e.g., Special Access Required) that must be applied.

Where to Find SCGs:

• Your Organization's Security Office: The most direct route is to contact your organization's security office. They maintain a repository of SCGs relevant to your work.
• Government Websites: Many SCGs are available on secure government websites, accessible through a Common Access Card (CAC) or other authorized means.
• National Archives and Records Administration (NARA): NARA provides guidance on classified national security information and may have links to relevant SCGs.
• Department of Defense (DoD) Information Security Program: If working with DoD information, this program provides resources and guidance on classification.

2. Original Classification Authority (OCA)

The Original Classification Authority (OCA) is the individual responsible for the initial decision to classify information. Understanding who the OCA is for a particular piece of information can be invaluable.

Role of the OCA:

• Determining Classification: The OCA determines whether information requires classification in the first place.
• Setting Classification Level: They decide the appropriate level of classification (Confidential, Secret, Top Secret).
• Establishing Declassification Dates: The OCA sets the date or event for when the information can be declassified.

How to Find the OCA:

• Source Document: The source document from which you are derivatively classifying should identify the OCA.
• Security Classification Guide: The SCG often lists the OCA or the office responsible for the classification guidance.
• Your Security Office: Your organization's security office can assist in identifying the OCA if it is not readily apparent.

3. Training Programs

Mandatory training programs on derivative classification are essential for anyone handling classified information. These programs provide a foundational understanding of the principles, policies, and procedures involved in derivative classification.

Benefits of Training Programs:

• Comprehensive Knowledge: Training programs cover all aspects of derivative classification, from identifying classifiable information to applying proper markings.
• Compliance: Completion of training programs ensures compliance with government regulations and organizational policies.
• Best Practices: Training programs highlight best practices for handling classified information, reducing the risk of security breaches.

Where to Find Training Programs:

• Your Organization's Security Office: They typically offer regular training sessions on derivative classification.
• Government Agencies: Agencies like the DoD and NARA provide online training resources.
• Online Platforms: Various online platforms offer certified training courses on information security and derivative classification.

4. Executive Orders and Directives

Executive Orders (EOs) and Directives issued by the President of the United States set the framework for the classification and declassification of national security information. These documents outline the policies and procedures that federal agencies must follow.

Key Executive Orders:

• Executive Order 13526: This is the primary EO governing the classification of national security information. It provides guidance on classification levels, declassification procedures, and the roles and responsibilities of classification authorities.
• Executive Order 13556: This EO addresses controlled unclassified information (CUI) and provides a framework for managing and safeguarding sensitive information that does not meet the threshold for classification.

Where to Find Executive Orders and Directives:

• The White House Website: Official White House website provides access to all Executive Orders.
• National Archives and Records Administration (NARA): NARA maintains a collection of EOs and directives related to national security information.
• Federal Register: The Federal Register publishes EOs and other federal agency documents.

5. DoD Manuals and Instructions

The Department of Defense (DoD) has specific manuals and instructions that provide detailed guidance on information security and derivative classification. These resources are essential for anyone working with DoD classified information.

Key DoD Resources:

• DoD Manual 5200.01, Volumes 1-4, "DoD Information Security Program": This manual provides comprehensive guidance on all aspects of information security, including classification, safeguarding, and declassification.
• DoD Instruction 5200.48, "Controlled Unclassified Information (CUI)": This instruction outlines the policies and procedures for managing CUI within the DoD.

Where to Find DoD Manuals and Instructions:

• DoD Issuances Website: The official website for DoD issuances provides access to all current manuals, instructions, and directives.
• Your Security Office: Your organization's security office will have copies of relevant DoD manuals and instructions.

6. National Industrial Security Program Operating Manual (NISPOM)

The National Industrial Security Program Operating Manual (NISPOM) provides guidelines for contractors who handle classified information. It outlines the security requirements that contractors must meet to protect classified information.

Key Aspects of NISPOM:

• Security Requirements: NISPOM specifies the security requirements for facilities, personnel, and information systems.
• Classification Guidance: It provides guidance on derivative classification for contractors.
• Reporting Requirements: NISPOM outlines the reporting requirements for security incidents and violations.

Where to Find NISPOM:

• Defense Counterintelligence and Security Agency (DCSA) Website: DCSA is responsible for overseeing the National Industrial Security Program and provides access to the NISPOM.
• Your Company's Security Office: Your company's security office will have a copy of the NISPOM and can provide guidance on compliance.

7. Intelligence Community Directives (ICDs)

The Intelligence Community Directives (ICDs) provide policy direction and guidance for the Intelligence Community (IC). These directives cover a wide range of topics, including information sharing, security, and intelligence oversight.

Key ICDs Related to Classification:

• ICD 710, "Classification Management and Control": This directive establishes the policies and procedures for managing classified information within the IC.
• ICD 503, "Intelligence Community Information Technology Systems Security Risk Management": This directive provides guidance on securing IT systems that process classified information.

Where to Find ICDs:

• Office of the Director of National Intelligence (ODNI) Website: The ODNI website provides access to unclassified versions of ICDs.
• Your Agency's Security Office: Your agency's security office will have access to classified and unclassified ICDs relevant to your work.

Steps for Locating Classification Guidance

To effectively locate classification guidance when derivatively classifying information, follow these steps:

1. Identify the Source Document: Determine the source document from which you are derivatively classifying.
2. Check for a Security Classification Guide: Look for an SCG that covers the information you are working with. The SCG should be your primary source of guidance.
3. Identify the Original Classification Authority (OCA): Determine who the OCA is for the source information. This information should be included in the source document or the SCG.
4. Consult Your Security Office: If you cannot find an SCG or identify the OCA, consult your organization's security office for assistance.
5. Review Relevant Executive Orders and Directives: Familiarize yourself with the relevant EOs and directives that govern the classification of national security information.
6. Check DoD Manuals and Instructions (if applicable): If you are working with DoD information, consult the relevant DoD manuals and instructions.
7. Refer to NISPOM (if you are a contractor): If you are a contractor, refer to the NISPOM for guidance on security requirements.
8. Review Intelligence Community Directives (if applicable): If you are working within the Intelligence Community, review the relevant ICDs.

Common Challenges and How to Overcome Them

1. Outdated or Missing Security Classification Guides

Challenge: SCGs can become outdated or may be missing altogether.

Solution:

• Regularly Update SCGs: Ensure that SCGs are reviewed and updated regularly to reflect changes in classification policy.
• Contact the OCA: If an SCG is missing, contact the OCA or the originating agency to request a current version.
• Use the "Need-to-Know" Principle: In the absence of an SCG, apply the "need-to-know" principle and classify the information based on your best judgment, erring on the side of caution.

2. Conflicting Guidance

Challenge: Different sources may provide conflicting guidance on classification.

Solution:

• Prioritize SCGs: SCGs should be the primary source of guidance.
• Consult Your Security Office: If there is conflicting guidance, consult your organization's security office for clarification.
• Document Your Decisions: Document the basis for your classification decisions, including the sources you consulted and the rationale for your choices.

3. Difficulty Identifying the OCA

Challenge: It can be difficult to identify the OCA for certain types of information.

Solution:

• Check the Source Document: The source document should identify the OCA.
• Consult Your Security Office: Your organization's security office can assist in identifying the OCA.
• Contact the Originating Agency: If the OCA cannot be identified, contact the originating agency for assistance.

4. Over-Classification

Challenge: There is a tendency to over-classify information to avoid the risk of under-classification.

Solution:

• Apply the Principles of Classification: Carefully apply the principles of classification, considering the potential damage to national security that could result from unauthorized disclosure.
• Review Classification Decisions: Regularly review classification decisions to ensure that information is not over-classified.
• Promote a Culture of Responsible Classification: Foster a culture of responsible classification within your organization, emphasizing the importance of balancing security with transparency.

Best Practices for Derivative Classification

• Stay Informed: Keep up-to-date with changes in classification policy and guidance.
• Attend Training Regularly: Attend training programs on derivative classification regularly to refresh your knowledge and skills.
• Consult with Experts: Consult with security professionals and subject matter experts when in doubt.
• Document Your Decisions: Document your classification decisions, including the sources you consulted and the rationale for your choices.
• Apply Markings Consistently: Apply classification markings consistently and accurately.
• Protect Classified Information: Protect classified information from unauthorized disclosure.
• Report Security Incidents: Report any security incidents or violations immediately.

Conclusion

Successfully navigating the process of derivative classification requires a comprehensive understanding of the available resources and a commitment to following established guidelines. Security Classification Guides are the cornerstone of this process, providing specific instructions on classifying information. In addition to SCGs, it's crucial to be familiar with Original Classification Authorities, training programs, Executive Orders, DoD manuals, NISPOM, and Intelligence Community Directives.

By following the steps outlined in this guide and adhering to best practices, derivative classifiers can ensure that classified information is handled securely and in compliance with all applicable regulations. Staying informed, consulting with experts, and documenting decisions are essential for maintaining the integrity of the classification system and protecting national security. Remember, the responsibility of safeguarding classified information rests on every individual who handles it, making thorough knowledge and diligent application of these principles paramount.