Author Elizabeth Wilmot

Classified Information Workshop Part 2

Classified Information Workshop Part 2

 

The following exert from Wikipedia discusses the levels of classification used by the U.S. government. This classified information workshop part 2 will help our loyal readers, existing customers and new customers alike to understand the various levels of classified information here in the United States.

 

Levels of classification used by the U.S. government

 

“The United States government classifies information according to the degree which the unauthorized disclosure would damage national security. Having Top Secret clearance does not allow one to view all Top Secret documents. The user of the information must possess the clearance necessary for the sensitivity of the information, as well as a legitimate to need to obtain the information. For example, all US military pilots are required to obtain at least a Secret clearance, but they may only access documents directly related to their orders. Secret information might have additional access controls that could prevent someone with a Top Secret clearance from seeing it.

 

Core secrets

The highest level of classification. Information at this level is released only to select government individuals.

 

Top Secret

The second highest security level. Information is classified Top Secret if unauthorized disclosure would cause “exceptionally grave damage” to national security. It is believed that 1.4 million Americans have top secret clearances.

 

Secret

This is the second-highest classification. Information is classified Secret when its unauthorized disclosure would cause “serious damage” to national security. Most information that is classified is held at the secret sensitivity.

Confidential

This is the lowest classification level of information obtained by the government. It is defined as information that would “damage” national security if publicly disclosed, again, without the proper authorization.

 

Public Trust

Despite common misconception, a public trust position is not a security clearance, and is not the same as the confidential clearance. Certain positions which require access to sensitive information, but not information which is classified, must obtain this designation through a background check. Public Trust Positions can either be moderate-risk or high-risk.

 

Unclassified

Unclassified is not technically a classification; this is the default and refers to information that can be released to individuals without a clearance. Information that is unclassified is sometimes restricted in its dissemination as Sensitive But Unclassified (SBU) or For Official Use Only (FOUO). For example, the law enforcement bulletins reported by the U.S. media when the United States Department of Homeland Security raised the U.S. terror threat level were usually classified as “U//LES”, or “Unclassified – Law Enforcement Sensitive”. This information is supposed to be released only to law enforcement agencies (sheriff, police, etc.), but, because the information is unclassified, it is sometimes released to the public as well. Information that is unclassified but which the government does not believe should be subject to Freedom of Information Act requests is often classified as U//FOUO—”Unclassified—For Official Use Only”. In addition to FOUO information, information can be categorized according to its availability to be distributed (e.g., Distribution D may only be released to approved Department of Defense and U.S. Department of Defense contractor personnel). Also, the statement of NOFORN (meaning “no foreign nationals”) is applied to any information that may not be released to any non-U.S. citizen. NOFORN and distribution statements are often used in conjunction with classified information or alone on SBU information. Documents subject to export controls have a specific warning to that effect. Information which is “personally identifiable” is governed by the Privacy Act of 1974 and is also subject to strict controls regardless of its level of classification.

 

Finally, information at one level of classification may be “upgraded by aggregation” to a higher level. For example, a specific technical capability of a weapons system might be classified Secret, but the aggregation of all technical capabilities of the system into a single document could be deemed top secret.

 

Use of information restrictions outside the classification system is growing in the U.S. government. In September 2005 J. William Leonard, director of the U.S. National Archives Information Security Oversight Office, was quoted in the press as saying, “No one individual in government can identify all the controlled, unclassified [categories], let alone describe their rules.”

 

Controlled Unclassified Information (CUI)

One of the 9/11 Commission findings was that “the government keeps too many secrets. To address this problem, the Commission recommended that ‘[t]he culture of agencies feeling they own the information they gathered at taxpayer expense must be replaced by a culture in which the agencies instead feel they have a duty … to repay the taxpayers’ investment by making that information available.'”

 

Due to over 100 designations in use by the U.S. government for unclassified information at the time, President George W. Bush issued a Presidential memorandum on May 9, 2008, in an attempt to consolidate the various designations in use into a new category known as Controlled Unclassified Information (CUI). The CUI categories and subcategories were hoped to serve as the exclusive designations for identifying unclassified information throughout the executive branch not covered by Executive Order 12958 or the Atomic Energy Act of 1954 (as amended) but still required safeguarding or dissemination controls, pursuant to and consistent with any applicable laws, regulations, and government-wide policies in place at the time. CUI would replace categories such as For Official Use Only (FOUO), Sensitive But Unclassified (SBU) and Law Enforcement Sensitive (LES).

 

The Presidential memorandum also designated the National Archives as responsible for overseeing and managing the implementation of the new CUI framework.

 

This memorandum has since been rescinded by Executive Order 13556 of November 4, 2010 and the guidelines previously outlined within the memo were expanded upon in a further attempt to improve the management of information across all federal agencies as well as establish a more standard, government-wide program regarding the controlled un-classification designation process itself.

 

The U.S. Congress has also taken steps to address this still evolving issue. The U.S. House of Representatives passed the Reducing Information Control Designations Act H.R. 1323 on March 17, 2009. The bill is now pending before the U.S. Senate.

 

Restricted

During and before World War II, the U.S. had a category of classified information called Restricted, which was below confidential. The U.S. no longer has a restricted classification, but many other nations and NATO do. The U.S. treats restricted information it receives from other governments as Confidential. The U.S. does use the term restricted data in a completely different way to refer to nuclear secrets, as described below.

 

Classified classifications

Executive Order 13526, which forms the legal basis for the U.S. classification system, states that “information may be classified at one of the following three levels”, with Top Secret as the highest level. However, this executive order provides for special access programs that further restricted access to a small number of individuals and permit additional security measures. These practices can be compared with (and may have inspired) the concepts multilevel security and role-based access control. U.S. law also has special provisions protecting information related to cryptography, nuclear weapons and atomic energy and the identity of covert intelligence agents”

 
As a leading provider in the data destruction industry, Data Killers is routinely cleared for all levels of classified destruction. In addition, our internal processes are fully compliant with all physical destruction criteria as set forth by various laws and regulations, including but not limited to: NIST standards; DoD regulations; HIPAA; PCI Data Security Standard; etc. Our sales representatives are knowledgeable in all the protocols and regularly assist our customer’s with planning their classified data destruction projects.