10 June 1999 Restored
12 April 1997
DOCI: DODD 5200.1
DATE: January 1997 by ASD(C3I)<
TITL: DODD 5200.1 DoD Information Security
SUBJECT: DoD Information Security Program
(a) DoD Directive 5200.1, subject as above, June 7, 1982 (hereby canceled)
(b) Executive Order 12958, "Classified National Security Information," April
20, 1995, as amended
(c) Information Security Oversight Office Directive, "Classified National
Security Information," October 13, 1995
(d) DoD Instruction 5230.21, "Protection of Classified National Security
Council and Intelligence Information," March 15, 1982 (hereby canceled)
(e) through (i), see enclosure l
A. REISSUANCE AND PURPOSE
1. Reissues reference (a) to update policy and responsibilities for the DoD
Information Security Program under references (b) and (c).
2. Replaces references (d) through (f).
3. Continues to authorize the publication of
DoD 5200.1-R (reference (g)),
in accordance with DoD 5025.1-M (reference (h)).
This Directive applies to the Office of the Secretary of Defense, the Military
Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands,
the Inspector General of the Department of Defense, the Defense Agencies,
and the DoD Field Activities (hereafter referred to collectively as "the
1. Compromise. A communication or physical transfer of classified
information to an unauthorized recipient.
2. Information. Any knowledge that may be communicated or documentary
material, regardless of its physical form or characteristics, that is owned
by, produced by or for, or is under the control of, the Department of Defense.
3. National Security. The national defense or foreign relations of
the United States.
It is DoD policy that:
1. National security information shall be classified, declassified and
safeguarded, in accordance with national-level policy issuances.
Misclassification shall be avoided.
2. Declassification of information shall receive equal attention with
classification to ensure that information remains classified only as long
as required by national security considerations.
3. The volume of classified national security information shall be reduced
to the minimum necessary to meet operational requirements.
4. An active security education and training program shall be established
and maintained to ensure that DoD military and civilian personnel who require
access to classified national security information in the conduct of official
business are familiar with their responsibilities for protecting such information
from unauthorized disclosure.
l. The Assistant Secretary of Defense for Command, Control,
Communications, and Intelligence shall:
a. Serve as the Senior Agency Official for the Department of Defense under
subsection 5.6.(c) of E.O. 12958, as amended (reference (b)).
b. Direct, administer, and oversee the DoD Information Security Program to
ensure that the program is efficient, recognizes assigned authorities and
responsibilities, and that appropriate management safeguards are in place
to prevent fraud, waste, and abuse.
c. Approve, when appropriate, requests for exceptions to DoD Information
Security Program policies and procedures.
d. Approve and publish DoD Instructions and Publications, as necessary, to
guide, direct, or help DoD Information Security Program activities, consistent
with DoD 5025.1-M (reference (h)).
e. Encourage liaison between the DoD Components and industry; professional
associations; academia; Federal, State, and local government organizations;
and international organizations to acquire information that may be of use
in improving the DoD Information Security Program.
f. Assist the Under Secretary of Defense for Acquisition and Technology,
as required, in implementing the DoD Acquisition Systems Protection Program,
both by establishing security policy and providing technical security support
to that program.
2. The Under Secretary of Defense for Policy shall:
a. Direct, administer and oversee that portion of the DoD Information Security
Program pertaining to Special Access Programs, foreign government (including
North Atlantic Treaty Organization) classified information, the National
Disclosure Policy and security arrangements for international programs.
b. Approve, when appropriate, requests for exception to policy involving
any programs listed in paragraph E.2.a., above.
3. The Assistant Secretary of Defense for Public Affairs shall:
a. Direct and administer a DoD Mandatory Declassification Review Program
under subsection 3.6. of E.O. 12958 (reference (b)).
b. Establish policies and procedures for processing mandatory declassification
review requests, including appeals consistent with subsection 3.6.(d) of
reference (b) and Section 2001.13 of the Information Security Oversight Office
Directive (reference (c)), which make maximum use of DoD Component resources
and systems established to implement DoD Directive 5400.7 (reference (i)).
4. The Under Secretary of Defense for Acquisition and
Technology shall serve as the office of primary responsibility and
provide day-to-day direction and management of the DoD Acquisition Systems
5. The Secretaries of the Military Departments, as Agency Heads under
reference (b), and the Heads of the Other DoD Components, shall:
a. Designate a senior agency official for their respective Departments who
shall be responsible for the direction and administration of the Department's
information security program, to include active oversight, classification,
declassification and security education and training programs to ensure effective
implementation of reference (b) and DoD 5200.1-R (reference (g)).
b. Ensure that funding and resources are adequate to carry out such oversight,
classification, declassification and security education and training programs.
c. Consider and take action on complaints and suggestions from persons in
or outside the Government regarding the Department's Information Security
6. The Director, National Security Agency, shall, as the designee
of the Secretary of Defense, when necessary, impose special requirements
on the classification, declassification, marking, reproduction, distribution,
accounting, and protection of and access to classified cryptologic information.
F. EFFECTIVE DATE
This Directive is effective immediately.
S/s John P. White, Deputy Secretary of Defense
(e) DoD Instruction O-5230.22, "Security Controls on the Dissemination of
Intelligence Information," August 17, 1988 (hereby canceled)
(f) DoD Directive 5200.12, "Conduct of Classified Meetings," July 27, 1992
(g) DoD 5200.1-R, "Department
of Defense Information Security Program Regulation," January 17, 1997 authorized
by this Directive
(h) DoD 5025.1-M, "DoD Directives System Procedures," August 1994, authorized
by DoD Directive 5025.1, June 24, 1994
(i) DoD Directive 5400.7, "DoD Freedom of Information Act Program," May 13,