SECURITY MATTERS: PROTECTING DOD NATIONAL SECURITY INFORMATION
The Under Secretary of Defense, Intelligence is the DoD senior security proponent reporting to the Secretary and Deputy Secretary of Defense for development and integration of risk-managed security policies and programs. DoD and OSD Components have designated Security Managers responsible for implementing security policy and procedures, assuring security procedures are followed, and assisting senior officials in carrying out their security responsibilities. The SM also addresses requirements in the areas of personnel, information, and physical (facilities) security, and coordinates with other technical specialists regarding information systems security, operations security, industrial security, and the Privacy Act.
SECURITY EDUCATION AND AWARENESS
Pursuant to Public Law 100-235, Computer Security Act of 1987, all personnel, including contractors and consultants, are required to receive initial and periodic computer security awareness training to obtain and maintain access to federal computer systems.
PROTECTION OF DOD CLASSIFIED INFORMATION
Authority to Classify Information
Classified information is official information that has been determined, in the interest of national security, to require protection against unauthorized disclosure and has been designated “classified” IAW Executive Order 13526 or other pertinent classification guide. Certain positions require the authority to make original classification decisions up to a specified level of classification (e.g., Top Secret). Original classification decisions are decisions about information whose classification status has not yet been determined. DoD Manual 5200.01Vol 1 contains information on original classification authorities (OCA) including the requirements and process to request OCA. Prior to exercising the authority, officials occupying these positions must certify in writing that they have completed OCA training.
Employees using derivative classification, i.e., extracting classified information, paraphrased, or otherwise taken from a document already determined to be classified, do not need specific delegation of authority. The original classification level and markings are maintained with the data and associated with them in its new location. However, annual derivative classification training is required. Your organizational Security Manager will assist you with these requirements.
Unauthorized Disclosure of Classified Information to the Public
Unauthorized disclosure of classified information to the public is a criminal offense and a lifetime responsibility. Unauthorized disclosure reduces the effectiveness of DoD management, and damages intelligence and operational capabilities, and lessens the DoD’s ability to protect critical information, technologies, and national security programs. Unauthorized disclosure of classified. information is subject to sanctions that may include, but are not limited to, warning, reprimand, loss or denial of access to classified information, discharge, and action under applicable criminal law.
Upon commencement of your service in DoD, the Security Manager of your organization will brief you on the appropriate procedures to protect classified information. Additionally, you will receive annual security awareness training. Only employees occupying a position that requires access to classified information, have been granted a clearance, and have signed the appropriate non-disclosure agreement will be provided access to classified information. Verify that a person has the necessary clearance and need-to-know before you share or grant access to classified information. Classified information must always be properly marked and stored (in a safe or a room in which “open-storage” is authorized). Never accept possession of any classified material above your clearance level. Specific questions about how to handle classified information should be directed to your Organizational Security Manager.
Your leadership and direct involvement in preventing the unauthorized disclosure of information is essential to the success of the Department and its mission. You are responsible for ensuring the personnel under your authority and control have the resources and training necessary to understand their individual responsibilities to safeguard classified information and prevent unauthorized disclosures. You must also ensure all known or suspected instances of unauthorized disclosure of classified information to the public are promptly reported and investigated, and that appropriate corrective action is taken.
Back to Top
SECURITY REVIEW OF DOD INFORMATION PRIOR TO RELEASE TO THE PUBLIC
Any official DoD information intended to be presented or published in the public domain, regardless of medium or format must undergo security and policy pre-publication review. The DoD requires reviews to ensure sensitive or security-compromising information is not present.
Documents Involving News Media and DoD Press Releases
The Assistant Secretary of Defense for Public Affairs ATSD (PA) is the sole release authority for official DoD information. In accordance with DoD policy ATSD (PA) is responsible for ensuring dealings with the news media and general public are conducted in a manner that safeguards information protected by law and maintains the integrity of the government’s decision making processes. Writers, authors, and speakers are responsible for ensuring information involving the news media or public engagement, such as an official DoD news release or public affairs related information like non-technical speeches, are submitted for content review and clearance authority prior to release to the public.
Background remarks are remarks that may be reported only if attributed to an unnamed source—for example, “An OSD official who asked to remain anonymous revealed that…” A background discussion or briefing is generally held to give news media representatives a better understanding of a situation. Many service schools and other organizations have adopted a non-attribution policy as a means of encouraging speakers to be as open and frank as possible. However, records of background media briefings are not protected from disclosure under the FOIA. Any speaker whose presentation is rendered in an official capacity should be aware that copies of non-attribution remarks in office files may be subject to disclosure.
The form of attribution must be agreed upon in advance between the press officer on behalf of the OSD official and the media representative or host organization. Cameras cannot be used in background sessions. The host organization bears the primary responsibility for ensuring that background remarks will not be recorded, that the information is appropriate for public release, and that the audience is aware of this precondition.
For more information, check with your Administrative Officer, Security Manager, or ATSD (PA) at 703-697-9312.
DoD Technical Presentations, Articles, Papers, and Book Manuscripts
Official information originating within the Department, or from a former or retired DoD member, is reviewed by the Defense Office of Prepublication and Security Review (DOPSR) in accordance with the DoD Security and Policy Review Program. DoDI 5230.29 contains examples of the type of information that meets submittal requirements.
DOPSR reviews documents for inadvertent classified information, the correct portrayal of any DoD policy, and for unclassified but export-controlled technical data on defense articles. Review outcomes include cleared for public release with no objection, recommended changes, as amended (mandatory changes), or an objection to publication (with appeal rights). Control markings indicating classification level, “For Official Use Only” (FOUO) or Controlled Unclassified Information (CUI) (once officially implemented by the Department) may be required depending upon the review outcome.
Individual technical speechwriters, authors, and speakers are responsible for ensuring content review and clearance of official speeches and writings prior to release to the public. Please discuss the particulars with your Security Manager.
Questions may also be addressed to the Defense Office of Prepublication and Security Review at (703) 614-5001 or via the web at http://www.dtic.mil/whs/esd/osr/.
Back to Top
GUIDELINES FOR THE PROTECTION OF FEDERAL RECORDS AND PERSONAL PAPERS
Federal records may not be removed from DoD custody. DoD records and non-record materials, including drafts, working papers, emails, calendars and contact lists (regardless of format) are government-owned, proprietary to the DoD component to which you are assigned. Federal Records cannot be copied, removed from DoD custody, transferred (internally or interagency) or destroyed except as authorized in accordance with DoD policy. The transfer or removal of non-record copies of federal records is a privilege allowed only when in the best interest of the Department and does not interfere with day-to-day operations. The DoD Component head, DoD Component Senior Agency Official for Records Management, and the Component Records Officer have the authority to approve or deny the transfer or removal of DoD records and information. Federal records must be managed in accordance with the agency’s records disposition schedule. Email and electronic files are considered records until reviewed by your agency’s records manager.
In accordance with the Federal Records Act, Agency heads must establish policies on safeguarding official Federal records. Such safeguards include ensuring all DoD officials and employees are made aware of their responsibilities concerning the records created or received in the conduct of Government business. The unlawful removal or destruction of Federal records could result in penalties that include monetary fines or imprisonment for not more than three years, or both. In some cases, the penalty may also include disqualification from holding any U.S. Government office. To forestall violations, it is important that DoD officials are able to distinguish between Federal records and personal files. The security of classified information is fundamentally everyone’s responsibility. Proactively seek and adhere to advice and guidance from your Component/organizational Security Manager, diligently use burn bags, and take advantage of regular refresher security training.
Federal records include all recorded information, regardless of physical form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved, or appropriate for preservation, by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the United States Government. Federal records cannot be removed from Government custody and are often referred to as official records.
Recorded information includes all traditional forms of records, regardless of physical form or characteristics, including information created, manipulated, communicated, or stored in digital or electronic form. This includes email, text messages, instant messages and social media.
Records may be either originals or copies, such as file copies of outgoing correspondence or copies forwarded for action. Multiple copies of the same document and documents containing duplicative information may have record status if each serves a separate administrative purpose, and if they are kept in separate filing or record-keeping systems. Preliminary drafts and working papers are Federal records if they explain how the agency formulated and executed significant program policies, decisions, actions, or responsibilities—or if they contain unique information such as annotations or comments.
Electronic records including electronic mail and attachments, word processing, spreadsheet, presentation slides, etc. that meet the above definition, when possible, should be maintained in their original electronic format. If electronically created records are maintained in a paper recordkeeping system, the information necessary for a complete record must be printed.
All Federal employees are required to take Records Management training annually in accordance with the Federal Records Act, Federal Regulations, Office of Management and Budget, and DoD Policy.
Personal, Non-Government Email Accounts
Federal employees should avoid the use of personal, non-government email accounts to conduct government business. DoD policy prohibits the use of non-official electronic messaging accounts to conduct official DoD communications except in rare circumstances. The use of personal email, social media, instant messaging and other Web 2.0 applications, programs and systems to conduct government business must comply with the DoD Joint Ethics Regulation (DoD 5500.07 Para 2-301). Should you use a non-official email account to conduct government business, you must forward your message to your government account within 20 days per Public Law 113-187.
Personal Files, Personal Papers, and Personal Records
Personal files are documentary materials, or any reasonably segregable portion thereof, of a private or nonpublic character that do not relate to, or have an effect upon, the conduct of agency business. Personal files are excluded from the definition of Federal records and are not owned by the Government. Documentary materials is a collective term for records and non-record material that refers to all media on which information is recorded, regardless of the nature of the medium or the method or circumstances of recording.
Back to Top
Examples of personal files include:
Materials accumulated by an official before entering Government service that are not used subsequently in the transaction of Government business.
Materials relating solely to an individual’s private affairs, such as outside business pursuits, professional affiliations, or private political associations that do not relate to agency business.
Diaries, journals, personal correspondence, or other personal notes that are not prepared or used for, or circulated or communicated in the course of, transacting Government business.
The last category is the most difficult to distinguish from Federal records due to its work-related content. Officials should be mindful of the requirement to maintain personal files separately from the records of the agency. Classified materials may not be removed. Personal files may be removed after review by the agency.
More information concerning the maintenance, access, and disposition of Federal records, information and personal files may be obtained from your designated records management official or https://www.archives.gov/records-mgmt/agency/departments/defense.html
Back to Top