DoD security manual addresses classification policies


A new information security mandate effective immediately brings the Defense Department in compliance with a December 2009 Executive Order on classified national security information. Defense Department Manual 52001.01, issued Feb. 25 and obtained by the Federation of American Scientists, replaces the 15-year-old Information Security Regulation 5200.1-R.

The Obama administration order laid out classification standards, levels and authorities, which are reinforced in the DoD regulation. But the manual includes additional guidance on data breaches and whistle blowers.

An 18-page section titled "Security Incidents Involving Classified Information" outlines the process for inquiring about a possible breach, reporting, investigating a breach and assessing the consequences of a breach. A section advising on classified information appearing in the media also lumps in public websites--possibly a nod to WikiLeaks--and appropriate processes for responding to inquiries related to leaked information. The appendix for this section provides a security incident reporting form.

Data breach prevention efforts are also emphasized in the manual. It instructs the assistant secretary of defense for networks and information integration to provide technical solutions that will prevent unauthorized accessing, handling and downloading of digital classified information. Who exactly is responsible for fulfilling this task, however, is a mystery. The DoD dissolved the ASD-NII position on Jan. 11.

The manual also indicates DoD may be encouraging the correction of improperly classified national security information.

"If holders of information have substantial reason to believe that the information is improperly or unnecessarily classified, they shall communicate that belief to their security manager or the [original classification authority] to bring about any necessary correction," instructs the manual.

The manual offers a whistle blower-like provision, saying that leadership "shall ensure" individuals are not punished for questioning or challenging a classification. Components are also required to internally audit their classification performance to ensure it complies with the rule.

For more:
- see the index to download each volume
- read the Secrecy News blog post

Related Articles:
DoD publishes manual for public to request declassification
NARA releases proposed rule on automatic declassification
Government classification system cost $11.42 billion last year
ISOO report says federal agencies are impediments to classification system reform