Handling Classified Information

When it comes to classified information that is vital to national security, there are specific rules for how to handle it. The DOD Information Security Program establishes policy guidance for classifying, protecting, sharing, downgrading, declassifying, and destroying classified. This article will give an overview of safeguarding, disseminating, and destroying classified information.

SAFEGUARDING?

Safeguarding refers to using prescribed measures and controls to protect classified information. The first safeguarding measure is ensuring that only authorized personnel have access to classified information. The three requirements for individual access to classified information are national security eligibility, a need-to-know the information, and a completed Standard Form (SF) 312, Classified Information Nondisclosure Agreement.

There also must be established access control measures, which detect and deter unauthorized access. These security countermeasures can include fences, badges, guards, security containers, locks, intrusion detection systems, and other countermeasures. For more information on access control measures, visit the Physical Security Toolkit.

Classified information in an authorized person’s head or hands cannot be disclosed to another individual unless they meet the three criteria mentioned earlier. When hand-carrying classified information, the individual should use a classified document cover sheet (SF-703 - Top Secret/ SF-704 – Secret/SF-705 – Confidential). This is to alert holders to the presence of classified information and to prevent the viewing of classified information by unauthorized personnel.?

When not directly in an authorized individual’s possession, classified information must be stored in a GSA-approved security container such as a two or four drawer cabinet, a safe, or a vault. View the Classified Storage Requirements Short to assist with identifying the appropriate storage requirements for different types and levels of classified information. All locks for GSA-approved security containers must conform to Federal Specification FF-L2740. Visit the CDSE Physical Security Job Aids and Physical Security Training Videos webpages for information and demonstrations on operating the different GSA approved security container locks.

When using information technology to access classified information, users must follow cybersecurity policies related to accessing or sharing classified information on classified systems such as the Secure Internet Protocol Router Network (SIPRNET).

DISSEMINATION?

Dissemination refers to the sharing or transmitting of classified information to others who have authorized access to that information. Some of the methods include transmission, transportation, and classified meetings. Transmission is the act of sharing classified information via a phone, information system, or fax. Those sharing classified information with authorized individuals via the phone must use approved Secure Terminal Equipment (STE). Individuals who use STE must be vigilant about their surroundings to ensure no one can overhear their conversation.

Transporting classified information requirements vary based upon the level of classification. The more sensitive the information the more restrictions there are. The primary factor you need to consider when selecting a method is the classification level of the information you need to move (Confidential, Secret Top Secret). There are also special types of information that have special controls on dissemination. Access the CDSE job aid, Transmission and Transportation for DOD: Dissemination of Special Types of Information to learn more. Classified information can be transported via hand-carrying or an escort, courier, or mail. Download a copy of the Transmission and Transportation Authorized Methods by Classification Level job aid for quick reference.

There are special rules for wrapping and packaging classified material to reduce the risk of loss or compromise during transporting. DoDM 5200.01, Volume 3 outlines the mandatory baseline policies and procedures to protect classified information during transportation. Additionally, the DOD components are responsible for establishing procedures for transmission and transportation of classified information reduce the risk of compromise while permitting use of the most cost-effective means. View CDSE’s Packaging Classified Documents Video for step-by-step instructions.

For a classified meeting or conference, the sponsoring DOD activity will assign an official to act as the security manager for the event. The security manager is responsible for multiple security provisions, including briefing attendees on safeguarding procedures, controlling the entrance so that only authorized personnel gain entry to the area, and controlling the perimeter to ensure unauthorized personnel cannot overhear classified discussions or introduce prohibited devices. View the CDSE Classified Meetings and Conferences Short to learn more about the procedures to follow and related potential security risks.

DESTRUCTION?

The last step in the Information Security Program life cycle is destruction. Destruction refers to destroying classified information so that it cannot be recognized or reconstructed. Authorized methods for destroying classified information include burning, shredding, pulverizing, disintegrating, wet pulping, melting, chemical decomposition, and mutilation. Destruction of classified information must be done on approved equipment. The National Security Agency (NSA) maintains an evaluated products lists (EPL), which contain destruction products that have been tested and meet performance requirements.?

The NSA EPL also contains a list of approved devices to destroy optical media devices such as compact and digital video disks. Other storage media such as thumb drives, zip disks, or computers should be destroyed in coordination with local, approved methods. View the Disposal and Destruction of Classified Information Short for more information.?

In conclusion, classified information must be protected in every step of its life cycle to protect national security. Properly safeguarding, disseminating, and destroying classified information are important components of an effective information security program. Understanding requirements and procedures is a shared responsibility for individuals and security personnel within DOD. CDSE information security training and resources are available all year round to support the DOD workforce in protecting classified information.

To read the full newsletter, visit https://www.cdse.edu/Portals/124/Documents/publications/pulse/CDSE_Pulse_March2023.pdf