SECURITY MATTERS: PROTECTING DOD NATIONAL SECURITY INFORMATION
The Under Secretary of Defense, Intelligence is the DoD senior security proponent reporting to
the Secretary and Deputy Secretary of Defense for development and integration of risk-managed
security policies and programs. DoD and OSD Components have designated Security Managers
responsible for implementing security policy and procedures, assuring security procedures are
followed, and assisting senior officials in carrying out their security responsibilities. The SM also
addresses requirements in the areas of personnel, information, and physical (facilities) security,
and coordinates with other technical specialists regarding information systems security, operations
security, industrial security, and the Privacy Act.
SECURITY EDUCATION AND AWARENESS
Pursuant to Public Law 100-235, Computer Security Act of 1987, all personnel, including
contractors and consultants, are required to receive initial and periodic computer security
awareness training to obtain and maintain access to federal computer systems.
PROTECTION OF DOD CLASSIFIED INFORMATION
Authority to Classify Information
Classified information is official information that has been determined, in the interest of national
security, to require protection against unauthorized disclosure and has been designated “classified”
IAW Executive Order 13526 or other pertinent classification guide. Certain positions require the
authority to make original classification decisions up to a specified level of classification (e.g.,
Original classification decisions are decisions about information whose classification
status has not yet been determined. DoD Manual 5200.01Vol 1 contains information on original
classification authorities (OCA) including the requirements and process to request OCA. Prior to
exercising the authority, officials occupying these positions must certify in writing that they have
completed OCA training.
Employees using derivative classification, i.e., extracting classified information, paraphrased,
or otherwise taken from a document already determined to be classified, do not need specific
delegation of authority. The original classification level and markings are maintained with the data
and associated with them in its new location. However, annual derivative classification training is
required. Your organizational Security Manager will assist you with these requirements.
Unauthorized Disclosure of Classified Information to the Public
Unauthorized disclosure of classified information to the public is a criminal offense and a lifetime
responsibility. Unauthorized disclosure reduces the effectiveness of DoD management, and
damages intelligence and operational capabilities, and lessens the DoD’s ability to protect critical
information, technologies, and national security programs. Unauthorized disclosure of classified.
information is subject to sanctions that may include, but are not limited to, warning, reprimand, loss
or denial of access to classified information, discharge, and action under applicable criminal law.
Upon commencement of your service in DoD, the Security Manager of your organization will
brief you on the appropriate procedures to protect classified information. Additionally, you will
receive annual security awareness training. Only employees occupying a position that requires
access to classified information, have been granted a clearance, and have signed the appropriate
non-disclosure agreement will be provided access to classified information. Verify that a person
has the necessary clearance and need-to-know before you share or grant access to classified
information. Classified information must always be properly marked and stored (in a safe or a
room in which “open-storage” is authorized). Never accept possession of any classified material
above your clearance level. Specific questions about how to handle classified information should
be directed to your Organizational Security Manager.
Your leadership and direct involvement in preventing the unauthorized disclosure of information
is essential to the success of the Department and its mission. You are responsible for ensuring
the personnel under your authority and control have the resources and training necessary to
understand their individual responsibilities to safeguard classified information and prevent
unauthorized disclosures. You must also ensure all known or suspected instances of unauthorized
disclosure of classified information to the public are promptly reported and investigated, and that
appropriate corrective action is taken.
Back to Top
SECURITY REVIEW OF DOD INFORMATION PRIOR TO RELEASE TO
Any official DoD information intended to be presented or published in the public domain,
regardless of medium or format must undergo security and policy pre-publication review. The
DoD requires reviews to ensure sensitive or security-compromising information is not present.
Documents Involving News Media and DoD Press Releases
The Assistant Secretary of Defense for Public Affairs ATSD (PA) is the sole release authority for
official DoD information. In accordance with DoD policy ATSD (PA) is responsible for ensuring
dealings with the news media and general public are conducted in a manner that safeguards
information protected by law and maintains the integrity of the government’s decision making
processes. Writers, authors, and speakers are responsible for ensuring information involving the
news media or public engagement, such as an official DoD news release or public affairs related
information like non-technical speeches, are submitted for content review and clearance authority
prior to release to the public.
Background remarks are remarks that may be reported only if attributed to an unnamed
source—for example, “An OSD official who asked to remain anonymous revealed that…” A
background discussion or briefing is generally held to give news media representatives a better
understanding of a situation. Many service schools and other organizations have adopted a
non-attribution policy as a means of encouraging speakers to be as open and frank as possible.
However, records of background media briefings are not protected from disclosure under the
FOIA. Any speaker whose presentation is rendered in an official capacity should be aware that
copies of non-attribution remarks in office files may be subject to disclosure.
The form of attribution must be agreed upon in advance between the press officer on behalf of
the OSD official and the media representative or host organization. Cameras cannot be used in
background sessions. The host organization bears the primary responsibility for ensuring that background remarks will not be recorded, that the information is appropriate for public release,
and that the audience is aware of this precondition.
For more information, check with your Administrative Officer, Security Manager, or ATSD (PA)
DoD Technical Presentations, Articles, Papers, and Book Manuscripts
Official information originating within the Department, or from a former or retired DoD
member, is reviewed by the Defense Office of Prepublication and Security Review (DOPSR) in
accordance with the DoD Security and Policy Review Program. DoDI 5230.29 contains examples
of the type of information that meets submittal requirements.
DOPSR reviews documents for inadvertent classified information, the correct portrayal of any
DoD policy, and for unclassified but export-controlled technical data on defense articles. Review
outcomes include cleared for public release with no objection, recommended changes, as amended
(mandatory changes), or an objection to publication (with appeal rights). Control markings
indicating classification level, “For Official Use Only” (FOUO) or Controlled Unclassified
Information (CUI) (once officially implemented by the Department) may be required depending
upon the review outcome.
Individual technical speechwriters, authors, and speakers are responsible for ensuring content
review and clearance of official speeches and writings prior to release to the public. Please discuss
the particulars with your Security Manager.
Questions may also be addressed to the Defense Office of Prepublication and Security Review at
(703) 614-5001 or via the web at http://www.dtic.mil/whs/esd/osr/.
Back to Top
GUIDELINES FOR THE PROTECTION OF FEDERAL RECORDS AND
Federal records may not be removed from DoD custody. DoD records and non-record materials,
including drafts, working papers, emails, calendars and contact lists (regardless of format) are
government-owned, proprietary to the DoD component to which you are assigned. Federal Records
cannot be copied, removed from DoD custody, transferred (internally or interagency) or destroyed
except as authorized in accordance with DoD policy. The transfer or removal of non-record copies
of federal records is a privilege allowed only when in the best interest of the Department and does
not interfere with day-to-day operations. The DoD Component head, DoD Component Senior
Agency Official for Records Management, and the Component Records Officer have the authority
to approve or deny the transfer or removal of DoD records and information. Federal records must
be managed in accordance with the agency’s records disposition schedule. Email and electronic files
are considered records until reviewed by your agency’s records manager.
In accordance with the Federal Records Act, Agency heads must establish policies on
safeguarding official Federal records. Such safeguards include ensuring all DoD officials and
employees are made aware of their responsibilities concerning the records created or received in
the conduct of Government business. The unlawful removal or destruction of Federal records
could result in penalties that include monetary fines or imprisonment for not more than three
years, or both. In some cases, the penalty may also include disqualification from holding any
U.S. Government office. To forestall violations, it is important that DoD officials are able to
distinguish between Federal records and personal files. The security of classified information is fundamentally everyone’s responsibility. Proactively seek and adhere to advice and guidance from
your Component/organizational Security Manager, diligently use burn bags, and take advantage
of regular refresher security training.
Federal records include all recorded information, regardless of physical form or characteristics,
made or received by a Federal agency under Federal law or in connection with the transaction
of public business and preserved, or appropriate for preservation, by that agency or its legitimate
successor as evidence of the organization, functions, policies, decisions, procedures, operations,
or other activities of the United States Government. Federal records cannot be removed from
Government custody and are often referred to as official records.
Recorded information includes all traditional forms of records, regardless of physical form or
characteristics, including information created, manipulated, communicated, or stored in digital or
electronic form. This includes email, text messages, instant messages and social media.
Records may be either originals or copies, such as file copies of outgoing correspondence or
copies forwarded for action. Multiple copies of the same document and documents containing
duplicative information may have record status if each serves a separate administrative purpose,
and if they are kept in separate filing or record-keeping systems. Preliminary drafts and working
papers are Federal records if they explain how the agency formulated and executed significant
program policies, decisions, actions, or responsibilities—or if they contain unique information
such as annotations or comments.
Electronic records including electronic mail and attachments, word processing, spreadsheet,
presentation slides, etc. that meet the above definition, when possible, should be maintained
in their original electronic format. If electronically created records are maintained in a paper
recordkeeping system, the information necessary for a complete record must be printed.
All Federal employees are required to take Records Management training annually in accordance with
the Federal Records Act, Federal Regulations, Office of Management and Budget, and DoD Policy.
Personal, Non-Government Email Accounts
Federal employees should avoid the use of personal, non-government email accounts to conduct
government business. DoD policy prohibits the use of non-official electronic messaging accounts
to conduct official DoD communications except in rare circumstances. The use of personal email,
social media, instant messaging and other Web 2.0 applications, programs and systems to conduct
government business must comply with the DoD Joint Ethics Regulation (DoD 5500.07 Para
2-301). Should you use a non-official email account to conduct government business, you must
forward your message to your government account within 20 days per Public Law 113-187.
Personal Files, Personal Papers, and Personal Records
Personal files are documentary materials, or any reasonably segregable portion thereof, of a
private or nonpublic character that do not relate to, or have an effect upon, the conduct of agency
business. Personal files are excluded from the definition of Federal records and are not owned by
the Government. Documentary materials is a collective term for records and non-record material
that refers to all media on which information is recorded, regardless of the nature of the medium
or the method or circumstances of recording.
Back to Top
Examples of personal files include:
Materials accumulated by an official before entering Government service that are not used
subsequently in the transaction of Government business.
Materials relating solely to an individual’s private affairs, such as outside business pursuits,
professional affiliations, or private political associations that do not relate to agency business.
Diaries, journals, personal correspondence, or other personal notes that are not prepared or used for,
or circulated or communicated in the course of, transacting Government business.
The last category is the most difficult to distinguish from Federal records due to its work-related
content. Officials should be mindful of the requirement to maintain personal files separately from
the records of the agency. Classified materials may not be removed. Personal files may be removed
after review by the agency.
More information concerning the maintenance, access, and disposition of Federal records,
information and personal files may be obtained from your designated records management official
Back to Top