Auditors praise DHS classification management


Auditors find that Homeland Security Department components are doing a good job implementing a 2009 executive order against over classification and subsequent law that specifically requires the homeland security secretary to develop strategy against over classification.

In an Aug. 2 report (.pdf), auditors say the 13 DHS components with classification authority have "adopted and successfully implemented all policies and procedures required by applicable federal regulations and intelligence community directives." President Obama issued executive order 13526 on Dec. 29, 2009  and signed the Reducing Over Classification Act of 2010 (P.L. 111-258) act into law on Oct. 7, 2010.

Auditors did see areas for improvement. For example, not all DHS components use a classification management tool to automatically apply classification markings to electronic documents, and not all that do have updated the markings to comply with E.O. 13526.

Specifically, the executive order retired  the marking "25X1-human," which denoted information that would reveal the identity of confidential human sources. But some DHS classifiers haven't updated their classification tools to the new marking introduced by the executive order, "50X1-HUM."

The Information Security Oversight within the National Archives and Records Administration says (.pdf) agencies ended up applying the 25X1-human marking more broadly than intended, and that Obama's executive order instructs classifiers that information with the new marking should  clearly and demonstrably reveal the identity of a confidential human source or human intelligence source. Such information is exempt from the automatically declassification rule that takes effect after 50 years.

Still, a review by auditors of 372 classified documents found what they say is evidence of "a good job of applying classification." In the review, auditors found that only about 16 percent of the documents contained classification errors. Of those, 23 has incorrect declassification dates and 14 lacks information on the classifier.

For more:
- download the report, OIG-13-106 (.pdf)

Related Articles:
DHS information sharing program finally gets a governance document
DoD looks to quarantine employees from leaked documents
DoD reissues directive to safeguard technical documents