20 May 2006
-----------------------------------------------------------------------[Code of Federal Regulations] [Title 31, Volume 1] [Revised as of July 1, 2003] From the U.S. Government Printing Office via GPO Access [CITE: 31CFR2] [Page 83-109] TITLE 31--MONEY AND FINANCE: TREASURY PART 2--NATIONAL SECURITY INFORMATION Subpart A--Original Classification Sec. 2.1 Classification levels [1.1(a)]. 2.2 Classification Authority. 2.3 Listing of original classification authorities. 2.4 Record requirements. 2.5 Classification categories. 2.6 Duration of classification. 2.7 Identification and markings [1.5(a), (b) (c)]. 2.8 Limitations on classification [1.6(c)]. Subpart B--Derivative Classification 2.9 Derivative Classification Authority. 2.10 Listing derivative classification authorities. 2.11 Use of derivative classification [2.1]. 2.12 Classification guides. 2.13 Derivative identification and markings [1.5(c) and 2.1(b)]. Subpart C--Downgrading and Declassification 2.14 Listing downgrading and declassification authorities [3.1(b)]. 2.15 Declassification policy [3.1]. 2.16 Downgrading and declassification markings. 2.17 Systematic review for declassification [3.3]. 2.18 Mandatory declassification review [3.4]. 2.19 Assistance to the Department of State [3.3(b)]. 2.20 Freedom of Information/Privacy Act requests [3.4]. Subpart D--Safeguarding 2.21 General [4.1]. 2.22 General restrictions on access [4.1]. 2.23 Access by historical researchers and former presidential appointees [4.3]. 2.24 Dissemination [4.1(d)]. 2.25 Standards for security equipment [4.1(b) and 5.1(b)]. 2.26 Accountability procedures [4.1(b)]. 2.27 Storage [4.1(b)]. 2.28 Transmittal [4.1(b)]. 2.29 Telecommunications and computer transmissions. 2.30 Special access programs [1.2(a) and 4.2(a)]. 2.31 Reproduction controls [4.1(b)]. 2.32 Loss or possible compromise [4.1(b)]. 2.33 Responsibilities of holders [4.1(b)]. 2.34 Inspections [4.1(b)]. 2.35 Security violations. 2.36 Disposition and destruction [4.1(b)]. 2.37 National Security Decision Directive 197. Subpart E--Implementation and Review 2.38 Departmental management. 2.39 Bureau administration. 2.40 Emergency planning [4.1(b)]. 2.41 Emergency authority [4.1(b)]. 2.42 Security education [5.3(a)]. Subpart F--General Provisions 2.43 Definitions [6.1]. Authority: 31 U.S.C. 321; E.O. 12958, 60 FR 19825, 3 CFR, 1995 Comp., p. 333. Source: 55 FR 1644, Jan. 17, 1990, unless otherwise noted. [[Page 84]] Subpart A--Original Classification Sec. 2.1 Classification levels [1.1(a)].\1\ --------------------------------------------------------------------------- \1\ Related references are related to sections of Executive Order 12356, 47 FR 14874, April 6, 1982. --------------------------------------------------------------------------- (a) National security information (hereinafter also referred to as ``classified information'') shall be classified at one of the following three levels: (1) Top Secret shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security. (2) Secret shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security. (3) Confidential shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. (b) Limitations [1.1(b)]. Markings other than ``Top Secret,'' ``Secret,'' and ``Confidential,'' shall not be used to identify national security information. No other terms or phrases are to be used in conjunction with these markings to identify national security information, such as ``Secret/Sensitive'' or ``Agency Confidential''. The terms ``Top Secret,'' ``Secret,'' and ``Confidential'' are not to be used to identify non-classified Executive Branch information. The administrative control legend, ``Limited Official Use'', is authorized in Treasury Directive 71-02, ``Safeguarding Officially Limited Information,'' which requires that information so marked is to be handled, safeguarded and stored in a manner equivalent to national security information classified Confidential. (c) Reasonable Doubt [1.1(c)]. When there is reasonable doubt about the need to classify information, the information shall be safeguarded as if it were ``Confidential'' information in accordance with subpart D of this regulation, pending a determination about its classification. Upon a final determination of a need for classification, the information that is classified shall be marked as provided in Sec. 2.7. When there is reasonable doubt about the appropriate classification level, the information shall be safeguarded at the higher level in accordance with subpart D, pending a determination of its classification level. Upon a final determination of its classification level, the information shall be marked as provided in Sec. 2.7. Sec. 2.2 Classification Authority. Designations of original classification authority for national security information are contained in Treasury Order (TO) 102-19 (or successor order), which is published in the Federal Register. The authority to classify inheres within the office and may be exercised by a person acting in that capacity. There may be additional redelegations of original classification authority made pursuant to TO 102-19 (or successor order). Officials with original classification authority may derivatively classify at the same classification level. [63 FR 14357, Mar. 25, 1998] Sec. 2.3 Listing of original classification authorities. Delegations of original Top Secret, Secret and Confidential classification authority shall be in writing and be reported annually to the Departmental Director of Security, who shall maintain such information on behalf of the Assistant Secretary (Management). These delegations are to be limited to the minimum number absolutely required for efficient administration. Periodic reviews and evaluations of such delegations shall be made by the Departmental Director of Security to ensure that the officials so designated have demonstrated a continuing need to exercise such authority. If, after reviewing and evaluating the information, the Departmental Director of Security determines that such officials have not demonstrated a continuing need to exercise such authority, the Departmental Director of Security shall recommend to the Assistant Secretary (Management), as warranted, the reduction or elimination of such authority. The Assistant Secretary (Management) shall take appropriate action in consultation with the affected official(s) and the Departmental Director of Security. Such action may [[Page 85]] include relinquishment of this authority where the Assistant Secretary (Management) determines that a firm basis for retention does not exist. Sec. 2.4 Record requirements. The Departmental Director of Security shall maintain a listing by name, position title and delegated classification level, of all officials in the Departmental Offices who are authorized under this regulation to originally classify information as Top Secret, Secret or Confidential. Officials within the Departmental Offices with Top Secret classification authority shall report in writing on TD F 71-01.14 (Report of Authorized Classifiers) to the Departmental Director of Security, the names, position titles and authorized classification levels of the officials designated by them in writing to have original Secret or Confidential classification authority. The head of each bureau shall maintain a similar listing of all officials in his or her bureau authorized to apply original Secret and Confidential classification and shall provide a copy of TD F 71-01.14, reflecting the list of officials so authorized, to the Departmental Director of Security. These listings shall be compiled and reported no less than annually each October 15th as required by Treasury Directive 71-01, ``Agency Information Security Program Data''. Sec. 2.5 Classification categories. (a) Classification in Context of Related Information [1.3(b)]. Certain information which would otherwise be unclassified may require classification when combined or associated with other unclassified or classified information. Such classification on an aggregate basis shall be supported by a written explanation that, at a minimum, shall be maintained with the file or referenced on the record copy of the information. (b) Unofficial Publication or Disclosure [1.3(d)]. Following an inadvertent or unauthorized publication or disclosure of information identical or similar to information that has been classified in accordance with the Order or predecessor Orders, the agency of primary interest shall determine the degree of damage to the national security, the need for continued classification, and, in coordination with the agency in which the disclosure occurred, what action must be taken to prevent similar occurrences under procedures contained in Sec. 2.32. Sec. 2.6 Duration of classification. (a) Information Not Marked for Declassification [1.4]. Information classified under predecessor orders that is not subject to automatic declassification shall remain classified until reviewed for possible declassification. (b) Authority to Extend Automatic Declassification Determinations [1.4(b)]. The authority to extend classification of information subject to automatic declassification under any predecessor Executive Order to the Order is limited to those officials who have classification authority over the information and are designated in writing to have original classification authority at the level of the information to remain classified. Any decision to extend the classification on other than a document-by-document basis shall be reported to the Assistant Secretary (Management) who shall, in turn, report this fact to the Director of the Information Security Oversight Office. Sec. 2.7 Identification and markings [1.5(a), (b) and (c)]. The information security system requires that standard markings be applied to classified information. Except in extraordinary circumstances as provided in section 1.5(a) of the Order, or as indicated herein, the marking of paper and electronically created documents shall not deviate from the following prescribed formats. These markings shall also be affixed to material other than paper and electronically created documents, including file folders, film, tape, etc., or the originator shall provide holders or recipients of the information with written instructions for protecting the information. (a) Classification Level. The markings ``Top Secret,'' ``Secret,'' and ``Confidential'' are used to indicate: information that requires protection as classified information under the Order; [[Page 86]] the highest level of classification contained in a document; the classification level of each page and, in abbreviated form, the classification of each portion of a document. (1) Overall Marking. The highest level of classification of information in a document shall be marked in such a way as to distinguish it clearly from the informational text. Markings shall appear at the top and bottom of the outside of the front cover (if any), on the title page (if any), on the first and last pages bearing text, and on the outside of the back cover (if any). (2) Page Marking. Each interior page of a classified document is to be marked at the top and bottom, either according to the highest classification of the content of the page, including the designation ``UNCLASSIFIED'' when it is applicable, or with the highest overall classification of the document. (3) Portion Marking. Only the Secretary of the Treasury may waive the portion marking requirement for specified classes of documents or information upon a written determination that: (i) There will be minimal circulation of the specified documents or information and minimal potential usage of the documents or information as a source for derivative classification determinations; or (ii) There is some other basis to conclude that the potential benefits of portion marking are clearly outweighed by the increased administrative burdens. (b) Unless the portion marking requirement has been waived as authorized, each portion of a document, including subjects and titles, shall be marked by placing a parenthetical designation either immediately preceding or following the text to which it applies. The symbols, ``(TS)'' for Top Secret, ``(S)'' for Secret, ``(C)'' for Confidential, and ``(U)'' for Unclassified shall be used for this purpose. The symbol, ``(LOU)'' shall be used for Limited Official Use information. If the application of parenthetical designations is not practicable, the document shall contain a statement sufficient to identify the information that is classified and the level of such classification, as well as the information that is not classified. If all portions of a document are classified at the same level, this fact may be indicated by a statement to that effect, e.g. ``Entire Text is Classified Confidential.'' If a subject or title requires classification, an unclassified identifier may be applied to facilitate reference. (c) Classification Authority. If the original classifier is other than the signer or approver of the document, his or her indentity shall be shown at the bottom of the first and last pages as follows: ``CLASSIFIED BY (identification of original classification authority)''. (d) Bureau and Office of Origin. If the identity of the originating bureau or office is not apparent on the face of the document, it shall be clearly indicated below the ``CLASSIFIED BY'' line. (e) Downgrading and Declassification Instructions. Downgrading and, as applicable, declassification instructions shall be shown as follows: (1) For information to be declassified automatically on a specific date: Classified by___________________________________________________________ Office__________________________________________________________________ Declassify on (date)____________________________________________________ (2) For information to be declassified automatically upon the occurrence of a specific event: Classified by __________________________________________________________ Office _________________________________________________________________ Declassify on (description of event) ___________________________________ (3) For information not to be declassified automatically: Classified by __________________________________________________________ Office _________________________________________________________________ Declassify on Origination Agency's Determination Required or ``OADR'' (4) For information to be downgraded automatically on a specific date or upon occurrence of a specific event: Classified by __________________________________________________________ Office _________________________________________________________________ Downgrade to ___________________________________________________________ on (date or description of event) ______________________________________ (f) Special Markings--(1) Transmittal Documents [1.5(c)]. A transmittal document shall indicate on its first page and last page, if any, the highest classification of any information transmitted by it. It shall also include on [[Page 87]] the first and last pages the following or similar instruction: (i) For an unclassified transmittal document: Unclassified When Classified Enclosure(s) Detached. (ii) For a classified transmittal document: Upon Removal of Attachment(s) this Document is _______________________________________________________ (classification level of the transmittal document alone), or: This Document is Classified ____________________________________________ with Unclassified Attachment(s). (2) Restricted Data or Formerly Restricted Data [6.2(a)]. Restricted Data or Formerly Restricted Data shall be marked in accordance with regulations issued under the Atomic Energy Act of 1954, as amended. Restricted Data is information dealing with the design, manufacture, or utilization of atomic weapons, production of special nuclear material or use of special nuclear material in the production of energy. Formerly Restricted Data is classified information that has been removed from the ``restricted data'' category but still remains classified. It relates primarily to the military utilization of atomic weapons. (3) <strong>Intelligence</strong> Sources or Methods [1.5(c)]. Documents that contain information relating to <strong>intelligence</strong> sources or methods shall include the following marking unless otherwise prescribed by the Director of Central <strong>Intelligence</strong>: ``WARNING NOTICE--<strong>INTELLIGENCE</strong> SOURCES OR METHODS INVOLVED'' To avoid confusion as to the extent of dissemination and use restrictions governing the information involved, this marking may not be used in conjunction with special access or sensitive compartmented information controls. (4) Foreign Government Information (FGI) [1.5(c)]. Documents that contain FGI shall include either the marking ``FOREIGN GOVERNMENT INFORMATION,'' or a marking that otherwise indicates that the information is foreign government information. If the information is foreign government information that must be concealed, given the relationship or understanding with the foreign government providing the information, the marking shall not be used and the document shall be marked as if it were wholly of United States origin. However, such a marking must be supported by a written explanation that, at a minimum, shall be maintained with the file or referenced on the original or record copy of the document or information. (5) National Security Information [4.1(c)]. Classified information furnished outside the Executive Branch shall show the following marking: NATIONAL SECURITY INFORMATION Unauthorized Disclosure Subject to Administrative and Criminal Sanctions (6) Automated Data Processing (ADP) and Computer Output [1.5(c)]. (i) Documents that are generated via ADP or as computer output may be marked automatically by systems software. If automatic marking is not practicable, such documents must be marked manually. (ii) Removable information storage media, however, will bear external labels indicating the security classification of the information and associated security markings, as applicable, such as handling caveats and dissemination controls. Examples of such media include magnetic tape reels, cartridges, and cassettes; removable disks, disk cartridges, disk packs, and diskettes, including ``floppy'' or flexible disks; paper tape reels; and magnetic and punched cards. Two labels may be required on each medium: a color coded security classification label, i.e., orange Standard Form 706 (Top Secret label), red SF 707 (Secret label), blue SF 708 (Confidential label), purple SF 709 (Classified label), green SF 710 (Unclassified label); and a white SF 711 (Data Descriptor label). National stock numbers of the labels, which are available through normal Federal Supply channels, are as follows: SF 706, 7540-01-207-5536; SF 707, 7450-01-207-5537; SF 708, 7450-01-207-5538; SF 709, 7540-01-207-5540; SF 710, 7540-01-207-5539 and SF 711, 7540-01-207-5541. Treasury Directive 71-02 provides for the use of a green ``Officially Limited Information'' label, TD F 71-05.2, to identify information so marked. (iii) In a mixed environment in which classified and unclassified information in processed or stored, the ``Unclassified'' label must be used to identify the [[Page 88]] media containing unclassified information. In environments in which only unclassified information is processed or stored, the use of the ``Unclassified'' label is not required. Unclassified media, however, that are on loan from (and must be returned to) vendors do not require the ``Unclassified'' label, but each requires a Data Descriptor label with the words, ``Unclassified Vendor Medium'' entered on it. (iv) Each medium shall be appropriately affixed with a classification label and, as applicable, with a Data Descriptor label at the earliest practicable time as soon as the proper security classification or control has been established. Labels shall be conspicuously placed on media in a manner that will not adversely affect operation of the equipment in which the media is used. Once applied, the label is not to be removed. A label to identify a higher level of classification may, however, be applied on top of a lower classification level in the event that the content of the media changes, e.g., from Confidential to Secret. A lower classification label may not be applied to media already bearing a higher classification label. Personnel shall be responsible for appropriately labeling and controlling ADP and computer storage media within their possession. (g) Electronically Transmitted Information (Messages) [1.5(c)]. Classified information that is transmitted electronically shall be marked as follows: (1) The highest level of classification shall appear before the first line of text; (2) A ``CLASSIFIED BY'' line is not required; (3) The duration of classification shall appear as follows: (i) For information to be declassified automatically on a specific date: ``DECL: (date)''; (ii) For information to be declassified upon occurrence of a specific event: ``DECL: (description of event)''; (iii) For information not to be automatically declassified which requires the originating agency's determination (see also Sec. 2.7(e)(3)): ``DECL: OADR''; (iv) For information to be automatically downgraded: ``DOWNGRADE TO (classification level to which the information is to be downgraded) ON (date or description of event on which downgrading is to occur)''. (4) Portion marking shall be as prescribed in Sec. 2.7(a)(3); (5) Specially designated markings as prescribed in Sec. 2.7(f) (2), (3), and (4) shall appear after the marking for the highest level of classification. These include: (i) Restricted Data or Formerly Restricted Data; (ii) Information concerning <strong>intelligence</strong> sources or methods: ``WNINTEL,'' unless otherwise prescribed by the Director of Central <strong>Intelligence</strong>; and (iii) Foreign Government Information (FGI). (6) Paper copies of electronically transmitted messages shall be marked as provided in Sec. 2.7(a) (1), (2), and (3). (h) Changes in Classification Markings [4.1(b)]. When a change is made in the duration of classified information, all holders of record shall be promptly notified. If practicable, holders of record shall also be notified of a change in the level of classification. Holders shall alter the markings on their copy of the information to conform to the change, citing the authority for it. If the remarking of large quantities of information is unduly burdensome, the holder may attach a change of classification notice to the storage unit in lieu of the marking action otherwise required. Items withdrawn from the collection for purposes other than transfer for storage shall be marked promptly in accordance with the change notice. Sec. 2.8 Limitations on classification [1.6(c)]. (a) Before reclassifying information as provided in section 1.6(c) of the Order, authorized officials, who must have original classification authority and jurisdiction over the information involved, shall consider the following factors which shall be addressed in a report to the Assistant Secretary (Management) who shall in turn forward a report to the Director of the Information Security Oversight Office: (1) The elapsed time following disclosure; (2) The nature and extent of disclosure; [[Page 89]] (3) The ability to bring the fact of reclassification to the attention of persons to whom the information was disclosed; (4) The ability to prevent further disclosure; and (5) The ability to retrieve the information voluntarily from persons not authorized access in its reclassified state. (b) Information may be classified or reclassified after it has been requested under the Freedom of Information Act (5 U.S.C. 552), the Privacy Act of 1974 (5 U.S.C. 552a), or the mandatory declassification review provisions of the Order if such classification meets the requirements of the Order and is accomplished personally and on a document-by-document basis by the Secretary of the Treasury, the Deputy Secretary, the Assistant Secretary (Management) or an official with original Top Secret classification authority. Such reclassification actions shall be reported in writing to the Departmental Director of Security. (c) In no case may information be classified or reclassified in order to conceal violations of law, inefficiency, or administrative error; to prevent embarrassment to a person, organization, or agency; to restrain competition; or to prevent or delay the release of information that does not require protection in the interest of national security. Subpart B--Derivative Classification Sec. 2.9 Derivative Classification Authority. Designations of derivative classification authority for national security information are contained in Treasury Order 102-19 (or successor order). The authority to derivatively classify inheres within the office and may be exercised by a person acting in that capacity. There may be additional redelegations of derivative classification authority made pursuant to TO 102-19 (or successor order). Officials identified in Treasury Order 102-19 (or successor order) may also administratively control and decontrol sensitive but unclassified information using the legend ``Limited Official Use'' and may redelegate their authority to control and decontrol. Such redelegations shall be in writing on TD F 71-01.20 ``Designation of Controlling/Decontrolling Officials'' (or successor form). [63 FR 14357, Mar. 25, 1998] Sec. 2.10 Listing derivative classification authorities. Delegations of derivative classification authority to officials not otherwise identified in Sec. 2.9, shall be in writing and reported annually each October 15th to the Departmental Director of Security on TD F 71-01.18 (Report of Authorized Derivative Classifiers). Such delegations shall be limited to the minimum number absolutely required for efficient administration. Periodic reviews and evaluations of such delegations shall be made by the Departmental Director of Security to ensure that officials so designated have demonstrated a continuing need to exercise such authority. If after reviewing and evaluating the information the Departmental Director of Security determines that such officials have not demonstrated a continuing need to exercise such authority, the Departmental Director of Security shall recommend to the Assistant Secretary (Management), as warranted, the reduction or elimination of such authority. The Assistant Secretary (Management) shall take appropriate action in consultation with the affected official(s) and the Departmental Director of Security. Such action may include relinquishment of this authority where the Assistant Secretary (Management) determines that a firm basis for retention does not exist. Sec. 2.11 Use of derivative classification [2.1]. The application of derivative classification markings is a responsibility of those who incorporate, paraphrase, restate, or generate in new form information that is already classified, and of those who apply markings in accordance with instructions from an authorized original classifier or in accordance with an approved classification guide. If an individual who applies derivative classification markings believes that the paraphrasing, restating or summarizing of classified information has [[Page 90]] changed the level of or removed the basis for classification, that person must consult an appropriate official of the originating agency or office of origin who has the authority to upgrade, downgrade or declassify the information for a final determination. A sample marking of derivatively classified documents is set forth in Sec. 2.13. Sec. 2.12 Classification guides. (a) General [2.2(a)]. A classification guide is a reference manual which assists document drafters and document classifiers in determining what types or categories of material have already been classified. The classification guide shall, at a minimum: (1) Identify and categorize the elements of information to be protected; (2) State which classification level applies to each element or category of information; and (3) Prescribe declassification instructions for each element or category of information in terms of: (i) A period of time, (ii) The occurrence of an event, or (iii) A notation that the information shall not be declassified automatically without the approval of the originating agency i.e., ``OADR''. (b) Review and Record Requirements [2.2(a)]. (1) Each classification guide shall be kept current and shall be reviewed at least once every two years and updated as necessary. Each office within the Departmental Offices and the respective offices of each Treasury bureau possessing original classification authority for national security information shall maintain a list of all classification guides in current use by them. A copy of each such classification guide in current use shall be furnished to the Departmental Director of Security who shall maintain them on behalf of the Assistant Secretary (Management). (2) Each office and bureau that prepares and maintains a classification guide shall also maintain a record of individuals authorized to apply derivative classification markings in accordance with a classification guide. This record shall be maintained on TD F 71- 01.18 (Report of Authorized Derivative Classifiers) which shall be reported annually each October 15th to the Departmental Director of Security. (c) Waivers [2.2(c)]. Any authorized official desiring a waiver of the requirement to issue a classification guide shall submit in writing to the Assistant Secretary (Management) a request for approval of such a waiver. Any request for a waiver shall contain, at a minimum, an evaluation of the following factors: (1) The ability to segregate and describe the elements of information; (2) The practicality of producing or disseminating the guide because of the nature of the information; (3) The anticipated usage of the guide as a basis for derivative classification; and (4) The availability of alternative sources for derivatively classifying the information in a uniform manner. Sec. 2.13 Derivative identification and markings [1.5(c) and 2.1(b)]. Information classified derivatively on the basis of source documents or classification guides shall bear all markings prescribed in Sec. 2.7 (a) through (f), as are applicable. Information for these markings shall be taken from the source document or instructions in the appropriate classification guide. (a) Classification Authority. The authority for classification shall be shown as follows: Derivatively Classified by _____________________________________________ Office _________________________________________________________________ Derived from____________________________________________________________ Declassify on___________________________________________________________ If a document is classified on the basis of more than one source document or classification guide, the authority for classification shall be shown on the ``DERIVED FROM'' line as follows: ``MULTIPLE CLASSIFIED SOURCES''. In these cases, the derivative classifier must maintain the identification of each source with the file or record copy of the derivatively classified document. A document derivatively classified on the basis of a source document that is marked ``MULTIPLE CLASSIFIED SOURCES'' shall cite the source document on its ``DERIVED FROM'' line rather than the term: ``MULTIPLE CLASSIFIED [[Page 91]] SOURCES''. Preparers of such documentation shall ensure that the identification of the derivative classifier is indicated. Use of the term ``MULTIPLE CLASSIFIED SOURCES,'' is not to be a substitute for the identity of the derivative classification authority. (b) Downgrading and Declassification Instructions. Dates or events for automatic downgrading or declassification shall be carried forward from the source document. This includes the notation ``ORIGINATING AGENCY'S DETERMINATION REQUIRED'' to indicate that the document is not to be downgraded or declassified automatically, or instructions as directed by a classification guide, which shall be shown on a ``DOWNGRADE TO'' or ``DECLASSIFY ON'' line as follows: DOWNGRADE TO____________________________________________________________ ON (date, description of event, or OADR) or, DECLASSIFY ON (date, description of event, or OADR) Subpart C--Downgrading and Declassification Sec. 2.14 Listing downgrading and declassification authorities 3.1(b)]. Downgrading and declassification authority may be exercised by the official authorizing the original classification, if that official is still serving in the same position; a successor in that capacity; a supervisory official of either; or officials delegated such authority in writing by the Secretary of the Treasury or the Assistant Secretary (Management). Such officials may not downgrade or declassify information which is classified at a level exceeding their own designated classification authority. A listing of officials delegated such authority, in writing, shall be identified on TD F 71-01.11 (Report of Authorized Downgrading and Declassification Officials) and reported annually each October 15th to the Departmental Director of Security who shall maintain them on behalf of the Assistant Secretary (Management). Current listings of officials so designated shall be maintained by Treasury bureaus and offices within the Departmental Offices. [55 FR 1644, Jan. 17, 1990; 55 FR 13134, Apr. 9, 1990] Sec. 2.15 Declassification policy [3.1]. In making determinations under section 3.1(a) of the Order, officials shall respect the intent of the Order to protect foreign government information and confidential foreign sources. Sec. 2.16 Downgrading and declassification markings. Whenever a change is made in the original classification or in the dates of downgrading or declassification of any classified information, it shall be promptly and conspicuously marked to indicate the change, the authority for the action, the date of the action, and the identity of the person taking the action. Earlier classification markings shall be cancelled or otherwise obliterated when practicable. See also Sec. 2.7(h). Sec. 2.17 Systematic review for declassification [3.3]. (a) Permanent Records. Systematic review is applicable only to those classified records and presidential papers or records that the Archivist of the United States, acting under the Federal Records Act, has determined to be of sufficient historical or other value to warrant permanent retention. (b) Non-Permanent Classified Records. Non-permanent classified records shall be disposed of in accordance with schedules approved by the Administrator of General Services under the Records Disposal Act. These schedules shall provide for the continued retention of records subject to an ongoing mandatory declassification review request. (c) Systematic Declassification Review Guidelines [3.3(a)]. As appropriate, guidelines for systematic declassification review shall be issued by the Assistant Secretary (Management) in consultation with the Archivist of the United States, the Director of the Information Security Oversight Office and Department officials, to assist the Archivist in the conduct of systematic reviews. Such guidelines shall be reviewed and updated at least every five years unless earlier review is requested by the Archivist. (d) Foreign Government Systematic Declassification Review Guidelines [3.3(a)]. As appropriate, guidelines for systematic declassification review of foreign [[Page 92]] government information shall be issued by the Assistant Secretary (Management) in consultation with the Archivist of the United States, the Director of the Information Security Oversight Office, Department officials and other agencies having declassification authority over the information. These guidelines shall be reviewed and updated every five years unless earlier review is requested by the Archivist. (e) Special Procedures. The Department shall be bound by the special procedures for systematic review of classified cryptologic records and classified records pertaining to <strong>intelligence</strong> activities (including special activities), or <strong>intelligence</strong> sources or methods issued by the Secretary of Defense and the Director of Central <strong>Intelligence</strong>, respectively. Sec. 2.18 Mandatory declassification review [3.4]. (a) Except as provided by section 3.4 (b) of the Order, all information classified by the Department under the Order or any predecessor Executive Order shall be subject to declassification review by the Department, if: (1) The request is made by a United States citizen or permanent resident alien, a Federal agency, or a state or local government; (2) The request describes the document or material containing the information with sufficient specificity to enable the Department to locate it with a reasonable amount of effort; and (3) The requester provides substantial proof as to his or her United States citizenship or status as a permanent resident alien, e.g., a copy of a birth certificate, a certificate of naturalization, official passport or some other means of identity which sufficiently describes the requester's status. A permanent resident alien is any individual, who is not a citizen or national of the United States, who has been lawfully accorded the privilege of residing permanently in the United States as an immigrant in accordance with the immigration laws, such status not having changed. Permanent means a relationship of continuing or lasting nature, as distinguished from temporary, but a relationship may be permanent even though it is one that may be dissolved eventually at the instance either of the United States or of the individual, in accordance with law. (b) Processing--(1) Initial Requests for Classified Records Originated by the Department. Requests for mandatory declassification review shall be directed to the Departmental Office of Security, 1500 Pennsylvania Avenue, NW., Washington, DC 20220. Upon receipt of each request for declassification, pursuant to section 3.4 of the Order, the following procedures shall apply: (i) The Departmental Office of Security shall acknowledge the receipt of the request in writing. (ii) A valid mandatory declassification review request need not identify the requested information by date or title of the responsive records, but must be of sufficient particularity to allow Treasury personnel to locate the records containing the information sought with a reasonable amount of effort. Whenever a request does not reasonably describe the information sought, the requester shall be notified by the Departmental Office of Security that unless additional information is provided or the scope of the request is narrowed, no further action will be undertaken. (iii) The Departmental Office of Security shall determine the appropriate office or bureau to take action on the request and shall forward the request to that office or bureau. (iv) In responding to mandatory declassification review requests, the appropriate reviewing officials shall make a prompt declassification determination. The Departmental Office of Security shall notify the requester if additional time is needed to process the request. Reviewing officials shall also identify the amount of search and/or review time required to process the request. The Department shall make a final determination within one year from the date of receipt except in unusual circumstances. When information cannot be declassified in its entirety, reasonable efforts, consistent with other applicable laws, will be made to release those declassified portions of the requested information which constitute a coherent segment. Upon the denial or partial denial of an [[Page 93]] initial request, the Departmental Office of Security shall also notify the requester of the right of an administrative appeal which must be filed with the Assistant Secretary (Management) within 60 days of receipt of the denial. (v) When the Department receives a mandatory declassification review request for records in its possession that were originated by another agency, the Departmental Office of Security shall forward the request to that agency. The Departmental Office of Security shall include a copy of the records requested together with the Department's recommendations for action. Upon receipt, the originating agency shall process the request in accordance with the Directive 32 CFR 2001.32(a)(2)(i). The originating agency shall also be requested to communicate its declassification determination to Treasury. (vi) When another agency forwards to the Department a request for information in that agency's custody that has been classified by Treasury, the Departmental Office of Security shall: (A) Advise the other agency as to whether it can notify the requester of the referral; (B) Review the classified information in coordination with other agencies that have a direct interest in the subject matter; and (C) Respond to the requester in accordance with the procedures in Sec. 2.18(b)(1)(iv). If requested, Treasury's determination shall be communicated to the referring agency. (vii) Appeals of denials of a request for declassification shall be referred to the Assistant Secretary (Management) who shall normally make a determination within 30 working days following the receipt of an appeal. If additional time is required to make a determination, the Assistant Secretary (Management) shall notify the requester of the additional time needed and provide the requester with the reason for the extension. The Assistant Secretary (Management) shall notify the requester in writing of the final determination and, as applicable, the reasons for any denial. (viii) Except as provided in this paragraph, the Department shall process mandatory declassification review requests for classified records containing foreign government information in accordance with Sec. 2.18(a). The agency that initially received or classified the foreign government information shall be responsible for making a declassification determination after consultation with concerned agencies. If upon receipt of the request, the Department determines that Treasury is not the agency that received or classified the foreign government information, it shall refer the request to the appropriate agency for action. Consultation with the foreign originator through appropriate channels may be necessary prior to final action on the request. (ix) Mandatory declassification review requests for cryptologic information and/or information concerning <strong>intelligence</strong> activities (including special activities) or <strong>intelligence</strong> sources or methods shall be processed solely in accordance with special procedures issued by the Secretary of Defense and the Director of Central <strong>Intelligence</strong>, respectively. (x) The fees to be charged for mandatory declassification review requests shall be for search and/or review and duplication. The fee charges for services of Treasury personnel involved in locating and/or reviewing records shall be at the rate of a GS-10, Step 1, for each hour or fraction thereof, except that no charge shall be imposed for search and/or review consuming less than one hour. (A) Photocopies per page up to 8\1/2\<gr-thn-eq> by 14<gr-thn-eq> shall be charged at the rate of 10 cents each except that no charge will be imposed for reproducing ten (10) pages or less when search and/or review time requires less than one hour. (B) When it is estimated that the costs associated with the mandatory declassification review request will exceed $100.00, the Departmental Office of Security shall notify the requester of the likely cost and obtain satisfactory written assurance of full payment or may require the requester to make an advance payment of the entire fee before continuing to process the request. The Department reserves the right to request prepayment after a mandatory declassification review request is processed and before documents are released. In the event the requester does [[Page 94]] not agree to pay the actual charges, he or she shall advise how to proceed with the mandatory declassification review request. Failure of a requester to pay charges after billing will result in future requests not being honored. (C) In order for a requester's initial request to be processed it shall be accompanied by a statement that he or she is agreeable to paying fees for search and/or review and copying. In the event the initial request does not include this statement, processing of the request will be held in abeyance until such time as the required statement is received. Failure to provide a response within a reasonable amount of time will serve as the basis for administratively terminating the mandatory declassification review request. (D) Payment of fees shall be made by check or money order payable to the Treasurer of the United States. Fees levied by the Department of the Treasury for mandatory declassification review requests are separate and distinct from any other fees which might be imposed by a Presidential Library, the National Archives and Records Administration or another agency or department. Sec. 2.19 Assistance to the Department of State [3.3(b)]. The Secretary of the Treasury shall assist the Department of State in its preparation of the ``Foreign Relations of the United States'' series by facilitating access to appropriate classified material in Treasury custody and by expediting declassification review of documents proposed for inclusion in the series. Sec. 2.20 Freedom of Information/Privacy Act requests [3.4]. The Department of the Treasury shall process requests for records containing classified national security information that are submitted under the provisions of the Freedom of Information Act, as amended, or the Privacy Act of 1974, as amended, in accordance with the provisions of those Acts. Subpart D--Safeguarding Sec. 2.21 General [4.1]. Information classified pursuant to this Order or predecessor Orders shall be afforded a level of protection against unauthorized disclosure commensurate with its level of classification. Sec. 2.22 General restrictions on access [4.1]. (a) Determination of Need-To-Know. Classified information shall be made available to a person only when the possessor of the classified information establishes in each instance, except as provided in section 4.3 of the Order, that access is essential to the accomplishment of official United States Government duties or contractual obligations. (b) Determination of Trustworthiness. A person is eligible for access to classified information only after a showing of trustworthiness as determined by the Secretary of the Treasury based upon appropriate investigations in accordance with applicable standards and criteria. (c) Classified Information Nondisclosure Agreement. Standard Form 312 (Classified Information Nondisclosure Agreement) or the prior SF 189, bearing the same title, are nondisclosure agreements between the United States and an individual. The execution of either the SF 312 or SF 189 agreement by an individual is necessary before the United States Government may grant the individual access to classified information. Bureaus and the Departmental Offices must retain executed copies of the SF 312 or prior SF 189 in file systems from which the agreements can be expeditiously retrieved in the event the United States must seek their enforcement. Copies or legally enforceable facsimiles of the SF 312 or SF 189 must be retained for 50 years following their date of execution. The national stock number for the SF 312 is 7540-01-280-5499. [[Page 95]] Sec. 2.23 Access by historical researchers and former presidential appointees [4.3]. (a) Access to classified information may be granted only as is essential to the accomplishment of authorized and lawful United States Government purposes. This requirement may be waived, however, for persons who: (1) Are engaged in historical research projects, or (2) Previously have occupied policymaking positions to which they were appointed by the President. (b) Access to classified information may be granted to historical researchers and to former Presidential appointees upon a determination of trustworthiness; a written determination that such access is consistent with the interests of national security; the requestor's written agreement to safeguard classified information; and the requestor's written consent to have his or her notes and manuscripts reviewed to ensure that no classified information is contained therein. The conferring of historial researcher status does not include authorization to release foreign government information or other agencies' classified information per Sec. 2.24 of this part. By the terms of section 4.3(b)(3) of the Order, former Presidential appointees not engaged in historical research may only be granted access to classified documents which they ``originated, reviewed, signed or received while serving as a Presidential appointee.'' Coordination shall be made with the Departmental Director of Security with respect to the required written agreements to be signed by the Department and such historical researchers or former Presidential appointees, as a condition of such access and to ensure the safeguarding of classified information. (c) If the access requested by historical researchers and former Presidential appointees requires the rendering of services for which fair and equitable fees may be charged pursuant to 31 U.S.C. 9701, the requestor shall be so notified and the fees may be imposed. Treasury's fee schedule identified in Sec. 2.18(b)(1)(x), applicable to mandatory declassification review, shall also apply to fees charged for services provided to historical researchers and former Presidential appointees for search and/or review and copying. Sec. 2.24 Dissemination [4.1(d)]. Except as otherwise provided by section 102 of the National Security Act of 1947, 61 Stat. 495, 50 U.S.C. 403, classified information originating in another agency may not be disseminated outside the Department without the consent of the originating agency. Sec. 2.25 Standards for security equipment [4.1(b) and 5.1(b)]. The Administrator of General Services issues (in coordination with agencies originating classified information), establishes and publishes uniform standards, specifications, and supply schedules for security equipment designed to provide for secure storage and to destroy classified information. Treasury bureaus and the Departmental Offices may establish more stringent standards for their own use. Whenever new security equipment is procured, it shall be in conformance with the standards and specifications referred to above and shall, to the maximum extent practicable, be of the type available through the Federal Supply System. Sec. 2.26 Accountability procedures [4.1(b)]. (a) Top Secret Control Officers. Each Treasury bureau and the Departmental Offices shall designate a primary and alternate Top Secret Control Officer. Within the Departmental Offices, the Top Secret Control Officer function will be established in the Office of the Executive Secretary for collateral Top Secret information and in the Office of the Special Assistant to the Secretary (National Security) with respect to sensitive compartmented information. The term ``collateral'' refers to national security information classified Confidential, Secret, or Top Secret under the provisions of Executive Order 12356 or prior Orders, for which special <strong>intelligence</strong> community systems of compartmentation (such as sensitive compartmented information) or special access programs are not formally established. Top Secret Control Officers so designated must have a Top Secret security clearance and shall: [[Page 96]] (1) Initially receive all Top Secret information entering their respective bureau, including the Departmental Offices. Any Top Secret information received by a Treasury bureau or Departmental Offices employee shall be immediately hand carried to the designated Top Secret Control Officer for proper accountability. (2) Maintain current accountability records of Top Secret information received within their bureau or office. (3) Ensure that Top Secret information is properly stored and that Top Secret information under their control is personally destroyed, when required. Top Secret information must be destroyed in the presence of an appropriately cleared official who shall actually witness such destruction. Accordingly, the use of burnbags to store Top Secret information, pending final destruction at a later date, is not authorized. (4) Ensure that prohibitions against reproduction of Top Secret information are strictly followed. (5) Conduct annual physical inventories of Top Secret information. An inventory shall be conducted in the presence of an individual with an appropriate security clearance. The inventory shall be completed annually and signed by the Top Secret Control Officer and the witnessing individual. (6) Ensure that Top Secret documents are downgraded, declassified, retired or destroyed as required by regulations or other markings. (7) Attach a TD F 71-01.7 (Top Secret Document Record) to the first page or cover of each copy of Top Secret information. The Top Secret Document Record shall be completed by the Top Secret Control Officer and shall serve as a permanent record. (8) Ensure that all persons having access to Top Secret information sign the Top Secret Document Record. This also includes persons to whom oral disclosure of the contents is made. (9) Maintain receipts concerning the transfer and destruction of Top Secret information. Record all such actions on the Top Secret Document Record which shall be retained for a minimum of three years. (10) As received, number in sequence each Top Secret document in a calendar year series (e.g. TS 89-001). This number shall be posted on the face of the document and on all forms required for control of Top Secret information. (11) Attach a properly executed TD F 71-01.5 (Classified Document Record of Transmittal) when a Top Secret document is transmitted internally or externally. (12) Verify, prior to releasing Top Secret information, that the recipient has both a security clearance and is authorized access to such information. (13) Report, in writing, all Top Secret documents unaccounted for to the Assistant Secretary (Management) who shall take appropriate action in conjunction with the Departmental Director of Security. (14) Assure that no individual within his or her office or bureau transmits Top Secret information to another individual or office without the knowledge and consent of the Top Secret Control Officer. (15) Ensure upon receipt that a Standard Form 703 (Top Secret Cover Sheet) is affixed to such information. (16) Notify office and/or bureau employees annually in writing of the designated control point for all incoming and outgoing Top Secret information. (17) Be notified as to the transmission, per Sec. 2.28(b), whenever Top Secret information is sent outside of a Treasury bureau or office within the Departmental Offices. (b) Top Secret Control Officer Listings. In order for the Departmental Director of Security to maintain a current listing of Top Secret Control Officers within the Department, each Treasury bureau and the Departmental Offices shall annually report each October 15th in writing to the Departmental Office of Security, the identities of the office(s) and names of the officials designated as their primary and alternate Top Secret Control Officers. Any changes in these designations shall be reported to the Departmental Director of Security within thirty days. (c) Top Secret Document Record. Upon receipt in the Department a green, color coded, TD F 71-01.7 (Top Secret Document Record) shall be attached by the Top Secret Control Officer to the first page or cover of the original and each copy of Top Secret information. [[Page 97]] The Top Secret Document Record shall remain attached to the Top Secret information until it is either transferred to another United States Government agency, downgraded, declassified or destroyed. The Top Secret Document Record, which shall initially be completed by the Top Secret Control Officer, shall identify the Top Secret information attached, and shall serve as a permanent record of the information. All persons, including stenographic and clerical personnel, having access to the information attached to the Top Secret Document Record must list their name and the date on the TD F 71-01.7 prior to accepting responsibility for its custody. The TD F 71-01.7 shall also indicate those individuals to whom only oral disclosure of the contents is made. Whenever any Top Secret information is transferred to another United States Government agency, downgraded, declassified or destroyed, the Top Secret Control Officer shall record the action on the Top Secret Document Record and retain it for a minimum or three years after which time it may be destroyed. In order to maintain the integrity of the color coding process the photocopying and use of non-color coded Top Secret Document Record forms is prohibited. (d) Classified Document Record of Transmittal. TD F 71-01.5 (Classified Document Record of Transmittal) shall be the exclusive classified document accountability record for use within the Department of the Treasury. No other logs or records shall be required except for the use of TD F 71-01.7 which is applicable to Top Secret information. TD F 71-01.5 shall be used for single or multiple document receipting and for internal and external routing. The inclusion of classified information on TD F 71-01.5 is to be avoided. In the event the subject title is classified, a recognizable short title shall be used, e.g., first letter of each word in the subject title. Several items may be transmitted to the same addressee with one TD F 71-01.5. TD F's 71-01.5 shall be maintained for a three year period after which the form may be destroyed. No record of the actual destruction of the TD F 71-01.5 is necessary. (1) Top Secret Information. Top Secret information shall be subject to a continuous receipt system regardless of how brief the period of custody. TD F 71-01.5 shall be used for this purpose. Top Secret accountability records shall be maintained by Top Secret Control Officers separately from the accountability records of other classified information. (2) Secret Information. Receipt on TD F 71-01.5 shall be required for transmission of Secret information between bureaus, offices and separate agencies. Responsible office heads shall determine administrative procedures required for the internal control within their respective offices. The volume of classified information handled and personnel resources available must be considered in determining the level of adequate security measures while at the same time maintaining operational efficiency. (3) Confidential and Limited Official Use Information. Receipts for Confidential and Limited Official Use information shall not be required unless the originator indicates that receipting is necessary. [55 FR 1644, Jan. 17, 1990; 55 FR 13134, Apr. 9, 1990] Sec. 2.27 Storage [4.1(b)]. Classified information shall be stored only in facilities or under conditions designed to prevent unauthorized persons from gaining access to it. (a) Minimum Requirements for Physical Barriers--(1) Top Secret. Top Secret information shall be stored in a GSA-approved security container with an approved, built-in, three-position, dial-type, changeable, combination lock; in a vault protected by an alarm system and response force; or in other types of storage facilities that meet the standards for Top Secret information established under the provisions of Sec. 2.25. Top Secret information stored outside the United States must be in a facility afforded diplomatic status. One or more of the following supplementary controls is required: (i) The area that houses the security container or vault shall be subject to the continuous protection of U.S. guard or duty personnel; (ii) U.S. Guard or duty personnel shall inspect the security container or vault at least once every two hours; or [[Page 98]] (iii) The security container or vault shall be controlled by an alarm system to which a force will respond in person within 15 minutes. Within the United States, the designated security officer in each Treasury bureau and the Department Offices shall prescribe those supplementary controls deemed necessary to restrict unauthorized access to areas in which such information is stored. Any vault used for the storage of sensitive compartmented information shall be configured to the specifications of the Director of Central <strong>Intelligence</strong>. Prior to an office or bureau operating such a vault, formal written certification for its use must first be obtained from the Special Assistant to the Secretary (National Security) as the senior Treasury official of the <strong>Intelligence</strong> Community. (2) Secret and Confidential. Secret and Confidential information shall be stored in a manner and under the conditions prescribed for Top Secret information, or in a container, vault, or alarmed area that meets the standards for Secret or Confidential information established under the provisions of Sec. 2.25. Secret and Confidential information may also be stored in a safe-type filing cabinet having a built-in, three- position, dial-type, changeable, combination lock, and may continue to be stored in a steel filing cabinet equipped with a steel lock-bar secured by a GSA-approved three-position, dial-type, changeable, combination padlock. The modification, however, of steel filing cabinets to barlock-type as storage equipment for classified information and material is prohibited and efforts are to be made to selectively phase out the use of such barlock cabinets for storage of Secret information. Exceptions may be authorized only by the Departmental Director of Security upon written request from the designated bureau security officer. The designated security officer in each Treasury bureau and the Departmental Offices shall prescribe those supplementary controls deemed necessary to restrict unauthorized access to areas in which such information is stored. Access to bulky Secret and Confidential material in weapons storage areas, strong rooms, evidence vaults, closed areas or similar facilities shall be controlled in accordance with requirements approved by the Department. At a minimum, such requirements shall prescribe the use of GSA-approved, key-operated, high-security padlocks. For Secret and Confidential information stored outside the United States, it shall be stored in the manner authorized for Top Secret, in a GSA-approved safe file, or in a barlick cabinet equipped with a security-approved combination padlock if the cabinet is located in a security-approved vault and/or in a restricted area to which access is controlled by United States citizen personnel on a 24-hour basis. (b) Combinations--(1) Equipment in Service. Combinations to dial- type, changeable, combination locks shall be changed only by persons having an appropriate security clearance, and shall be changed, (i) Whenever such equipment is placed in use; (ii) Whenever a person knowing the combination no longer requires access to it; (iii) Whenever a combination has been subjected to possible compromise; (iv) Whenever the equipment is taken out of service: or (v) At least once each year. Knowledge of combinations shall be limited to the minimum number of persons necessary for operating purposes. Records of combinations shall be classified no lower than the highest level of classified information that is protected by the combination lock. When securing a combination lock, the dial must be turned at least four (4) complete times in the same direction after closing. Defects in or malfunctioning of storage equipment protecting classified national security or officially limited information must be reported immediately to the designated office or bureau security official for appropriate action. (2) Equipment Out of Service. When security equipment, used for the storage of classified national security or officially limited information, is taken out of service, it shall be physically inspected to ensure that no classified information or officialy limited information remains therein. Built-in, three-position, dial-type, changeable, combination locks shall be reset to the [[Page 99]] standard combination 50-25-50 and combination padlocks shall be reset to the standard combination 10-20-30. The designated security officer in each Treasury bureau and the Departmental Offices shall prescribe such supplementary controls deemed necessary to fulfill their individual needs to be consistent with Sec. 2.27. (3) Security Container Check Sheet. Each piece of security equipment used for the storage of classified information will have attached conspicuously to the outside a Standard Form 702 (Security Container Check Sheet) on which an authorized person will record the date and actual time each business day that they initially unlock and finally lock the security equipment, followed by their initials. Users of this form are to avoid citations which reflect the opening, locking and checking of the security equipment at standardized (non-actual) times, e.g., opened at 8:00 a.m. and closed/checked at 4:00 p.m. Bureaus and the Departmental Offices may continue to use Optional Form 62 (Safe or Cabinet Security Record) in lieu of the SF 702 until September 30, 1990, or such time as their supplies of Optional Form 62 are exhausted. The reprinting or photostatic reproduction and use of Optional Form 62 is not authorized. On each normal workday, regardless of whether the security equipment was opened on that particular day, the security equipment shall be checked by authorized personnel to assure that no surreptitious attempt has been made to penetrate the security equipment. Such examinations normally consist of a quick or casual visual check to note either any obvious marks or gashes, or defects or malfunction of the security equipment which are different from their prior observations or experience in operating the equipment concerned. Any such discrepancies in the appearance of or functioning of the security equipment, based upon this visual check, should be reported to appropriate security officials. The ``Checked By'' column of the SF 702 or Optional Form 62 shall be annotated to reflect the date and time of this action followed by that person's initials. Security equipment used for the storage of classified information that has been opened on a particular day shall not be left unattended at the end of that day until it has been locked by an authorized person and checked by a second person. In the event a second person is not available within the office, the individual who locked the equipment shall also annotate the ``Checked By'' column of the SF 702 or Optional Form 62. Reversible ``OPEN-CLOSED'' or ``LOCKED-UNLOCKED'' signs, available through normal supply channels, shall also be used on such security equipment. The respective side of the sign shall be displayed to indicate when the container is open or closed. Except for the SF 702 or Optional Form 62, the top surface area of security equipment is not to be used for storage and must be kept free of extraneous material. SF 702 and/or Optional Form 62 shall be utilized on all security equipment used for storing information bearing the control legend ``Limited Official Use''. The designated security officer in each Treasury bureau and the Department Offices may, as warranted, prescribe supplementary use of the SF 702 or Optional Form 62 to apply to other authorized legends approved by the Department for officially limited information. (4) Safe Combination Records. Combinations to security equipment containing classified information shall be recorded on Standard Form 700 (Security Container Information), national stock number 7540-01-214- 5372. Bureaus and the Departmental Offices may continue to use Treasury Form 4032 (Security Container Information) in lieu of the SF 700 until September 30, 1990, or such time as their supplies of Treasury Form 4032 are exhausted. The reprinting of Treasury Form 4032 is not authorized. Each part of the SF 700 shall be completed in its entirety. The names, addresses and home telephone numbers of personnel responsible for the combination, and the classified information stored therein, must be indicated on part 1 of the SF 700. The completed part 1 shall be posted in the front interior of the top, control or locking drawer of the security equipment concerned. Part 2 shall be inserted in the envelop (part 2A) provided, and forwarded via appropriate secure means to the designated bureau [[Page 100]] or Departmental Offices central repository for security combinations. Part 2 shall have the highest level of classified information, stored in the security equipment concerned, annotated in both the top and bottom border areas of the completed SF 700. Part 2A shall have the highest level of classified information, stored in the security equipment concerned, annotated in the blank space immediately above the word, ``WARNING'' which appears on the SF 700. The completion of the SF 700 or Treasury Form 4032 does not constitute a classification action but serves as an administrative requirement to ensure the protection of classified information stored in such security equipment. SF 700 shall be utilized on all security equipment used for storing information bearing the control legend ``Limited Official Use''. The designated security officer in each Treasury bureau and the Departmental Offices may prescribe supplementary use of the SF 700 to apply to other authorized legends approved by the Department for officially limited information, as warranted. (c) Keys. The designated security officer in each Treasury bureau and the Departmental Offices shall establish administrative procedures for the control and accountability of keys and locks whenever key- operated, high-security padlocks are utilized. The level of protection provided such keys shall be equivalent to that afforded the information being protected by the padlock. (d) Classified Document Cover Sheets. Classified document cover sheets alert personnel that documents or folders are classified and require protection from unauthorized scrutiny. Individuals who prepare or package classified documents are responsible for affixing the appropriate document cover sheet. Orange Standard Form 703 (Top Secret Cover Sheet), red SF 704 (Secret Cover Sheet) and blue SF 706 (Confidential Cover Sheet) are the only authorized cover sheets for collateral classified information. The national stock numbers of these cover sheets are as follows: SF 703, 7540-01-213-7901; SF 704, 7540-01- 213-7902; and SF 705, 7540-01-213-7903. In order to maintain the integrity of the color coding process the photocopying and use of non- color coded classified document cover sheets is prohibited. Bureaus and offices shall maintain a supply of classified document cover sheets appropriate for their needs. Classified document cover sheets are designed to be reused and will be removed before classified information is filed to conserve filing space and prior to the destruction of classified information. Document cover sheets are to be used to shield classified documents while in use and particularly when the transmission is made internally within a headquarters by courier, messenger or by personal contact. File folders containing classified information should be otherwise marked, e.g., at the top and bottom of the front and back covers, to indicate the overall classification of the contents rather than permanently affixing the respective classified document cover sheet. Treasury Directive 71-02 provides for the use of a green cover sheet, TD F 71-01.6 (Limited Official Use Document Cover Sheet) for information bearing the control legend ``Limited Official Use''. Bureaus or offices electing to create and use other cover sheets for officially limited information must obtain prior written approval from the Departmental Director of Security. (e) Activity Security Checklist. Standard Form 701 (Activity Security Checklist) provides a systematic means to make a thorough end- of-day security inspection for a particular work area and to allow for employee accountability in the event that irregularities are discovered. Bureaus and the Departmental Offices may include additional information on the SF 701 to suit their unique needs. The SF 701, available through normal supply channels has a national stock number of 7540-01-213-7900. It shall be the only form used in situations that call for use of an activity security checklist. Completion, storage and disposition of SF 701 will be determined by each bureau and the Departmental Offices. Sec. 2.28 Transmittal [4.1(b)]. (a) Preparation. Classified information to be transmitted outside of a Treasury facility shall be enclosed in opaque inner and outer covers. The inner cover shall be a sealed wrapper or [[Page 101]] envelope plainly marked with the assigned security classification and addresses of both sender and addressee. The outer cover shall be sealed and addressed with no identification of the classification of its contents. Whenever classified material is to be transmitted and the size of the material is not suitable for use of envelopes or similar wrappings, it shall be enclosed in two opaque sealed containers, such as boxes or heavy wrappings. Material used for packaging such bulk classified information shall be of sufficient strength and durability as to provide security protection while in transit, to prevent items from breaking out of the container, and to facilitate detection of any tampering therewith. (b) Receipting. A receipt, Treasury Department Form 71-01.5 (Classified Document Record of Transmittal), shall be enclosed in the inner cover, except that Confidential and Limited Official Use information shall require a receipt only if the sender deems it necessary. The receipt shall identify the sender, addressee and describe the document, but shall contain no classified information. It shall be immediately signed by the recipient and returned to the sender. Within a Treasury facility, such information may be transmitted between offices by direct contact of the officials concerned in a single sealed opaque envelope with no security classification category being shown on the outside of the envelope. Classified information shall never be delivered to unoccupied offices or rooms. Senders of classified information should maintain appropriate records of outstanding receipts for which return of the original signed copy is still pending. TD F's 71-01.5 shall be maintained for a three year period after which they may be destroyed. No record of the actual destruction of the TD F 71-01.5 is required. (c) Transmittal of Top Secret. The transmittal of Top Secret information outside of a Treasury facility shall be by specifically designated personnel, by State Department diplomatic pouch, by a messenger-courier system authorized for that purpose, e.g., Defense Courier Service, or over authorized secure communications circuits. Top Secret information may not be sent via registered mail. (d) Transmittal of Secret. The transmittal of Secret information shall be effected in the following manner: (1) The 50 States, District of Columbia and Puerto Rico. Secret information may be transmitted within and between the 50 States, the District of Columbia, and the Commonwealth of Puerto Rico by one of the means authorized for Top Secret information, by the United States Postal Service registered mail or express mail service; or by protective services provided by United States air or surface commercial carriers under such conditions as may be prescribed by the Departmental Director of Security. United States Postal Service express mail service shall be used only when it is the most effective means to accomplish a mission within security, time, cost and accountability constraints. To ensure direct delivery to the addressee, the ``Waiver of Signature and Indemnity'' block on the United States Postal Service Express Mail Label 11-B may not be executed under any circumstances. All Secret express mail shipments are to be processed through mail distribution centers or delivered directly to a United States Postal Service facility or representative. The use of external (street side) express mail collection boxes is prohibited. Only the express mail services of the United States Postal Service are authorized. (2) Other Areas. Secret information may be transmitted from, to, or within areas other than those specified in Sec. 2.28(d)(1) by one of the means established for Top Secret information, or by United States registered mail through Military Postal Service facilities provided that the information does not at any time pass out of United States citizen control and does not pass through a foreign postal system. Transmittal outside such areas may also be accomplished under escort of appropriately cleared personnel aboard United States Government owned and United States Government contract vehicles or aircraft, ships of the United States Navy, civil service manned United States Naval ships, and ships of United States Registry. Operators of [[Page 102]] vehicles, captains or masters of vessels, and pilots of aircraft who are United States citizens, and who are appropriately cleared, may be designated as escorts. Secret information may not be sent via certified mail. (e) Transmittal of Confidential and Limited Official Use Information. Confidential and Limited Official Use information shall be transmitted within and between the 50 States, the District of Columbia, the Commonwealth of Puerto Rico, and United States territories or possessions by one of the means established for higher classifications, or by the United States Postal Service registered mail. Outside these areas, confidential and Limited Official Use information shall be transmitted only as is authorized for higher classifications. Confidential and Limited Official Use information may not be sent via certified mail. (f) Hand Carrying of Classified Information in Travel Status--(1) General Provisions. Personnel in travel status shall physically transport classified information across international boundaries only when absolutely essential. Whenever possible, and when time permits, the most desirable way to transmit classified information to the location being visited is by other authorized means identified in Sec. 2.28 (c), (d) and (e). The physical transportation of classified information on non-United States flag aircraft should be avoided if possible. Treaury Directive 71-03, ``Screening of Airline Passengers Carrying Classified Information or Material'' provides specifics on the requirements for transporting classified information. (2) Specific Safeguards. If it is determined that the transportation of classified information by an individual in travel status is in the best interest of the United States Government, the following specific safeguards shall be fulfilled: (i) Classified information shall be in the physical possession of the individual and shall have adequate safeguards at all times if proper storage at a United States Government facility is not available. Under no circumstances shall classified information be stored in a hotel safe or room, locked in automobiles, private residences, train compartments, or any vehicular detachable storage compartments. (ii) An inventory of all Top Secret classified information, including teletype messages, shall be made prior to departure and a copy of same shall be retained by the traveller's office until the traveller's return at which time all Top Secret classified information shall be accounted for. These same procedures are recommended for information classified Secret, Confidential or Limited Official Use. (iii) Classified information shall never be displayed or used in any manner in public conveyances or rooms. First class or business travel is not authorized when the justification for commercially available transportation is based on the need for reviewing classified materials while enroute. Travelers are responsible for reviewing and familiarizing themselves with required classified materials, under appropriately secure circumstances, in advance of their travel and not during such travel. (iv) In order to avoid unnecessary delays in the screening process prior to boarding commercial air carriers, the traveler shall have in his or her possession written authorization, on Treasury or bureau letterhead, to transport classified information and either an identification card or credential bearing both a photograph and descriptive data. Courier authorizations shall be signed by an appropriate security representative authorized to direct official travel. This courier authorization, along with official travel orders, shall, in most instances, permit the individual to exempt the classified information from inspection. If difficulty is encountered, the traveler should tactfully refuse to exhibit or disclose the classified information to inspection and should insist on the assistance of the local United States diplomatic representative at the port of entry or departure. (v) Upon completion of the visit, the traveler shall have the information returned to his or her office by approved means. All Top Secret and Secret classified information, including teletype messages transported for the purpose of the visit shall be accounted for. It is highly recommended that Confidential [[Page 103]] and Limited Official Use information also be accounted for. If any Top Secret or Secret classified items are left with the office being visited for its retention and use, the individual shall obtain a receipt. [55 FR 1644, Jan. 17, 1990, as amended at 55 FR 50321, Dec. 6, 1990] Sec. 2.29 Telecommunications and computer transmissions. Classified information shall not be communicated by telecommunications or computer transmissions except as may be authorized with respect to the transmission of classified information over authorized secure communications circuits or systems. Sec. 2.30 Special access programs [1.2(a) and 4.2(a)]. Only the Secretary of the Treasury may create or continue a special access program if: (a) Normal management and safeguarding procedures do not limit access sufficiently; and (b) The number of persons with access is limited to the minimum necessary to meet the objective of providing extra protection for the information. Sec. 2.31 Reproduction controls [4.1(b)]. (a) Top Secret documents, except for the controlled initial distribution of information processed or received electronically, shall not be reproduced without the consent of the originator. (b) Unless restricted by the originating agency, Secret, Confidential and Limited Official Use documents may be reproduced to the extent required by operational needs. (c) Reproductions of classified documents shall be subject to the same accountability and controls as the original documents. (d) Paragraphs (a) and (b) of this section shall not restrict the reproduction of documents to facilitate review for possible declassification. Sec. 2.32 Loss or possible compromise [4.1(b)]. (a) Report of Loss or Possible Compromise. Any Treasury employee who has knowledge of the loss or possible compromise or classified information shall immediately report the circumstances to their designated office or bureau security officer who shall take appropriate action to assess the degree of damage. In turn, the Departmental Director of Security shall be immediately notified by the affected office or bureau security officer of such reported loss or possible compromise. The Departmental Director of Security shall also notify the department or agency which originated the information and any other interested department or agency so that a damage assessment may be conducted and appropriate measures taken to negate or minimize any adverse effect of the loss or possible compromise. Compromises may occur through espionage, unauthorized disclosures to the press or other members of the public, publication of books and treatises, the known loss of classified information or equipment to foreign powers, or through various other circumstances. (b) Inquiry. The Departmental Director of Security shall notify the Assistant Secretary (Management) who shall then direct an immediate inquiry to be conducted for the purpose of taking corrective measures and assessing damages. Based on the results of this inquiry, it may be deemed appropriate to notify the Inspector General who shall determine whether the Office of the Inspector General or a Treasury bureau will conduct any additional investigation. Upon completion of the investigation by the Inspector General, the Inspector General shall recommend to the Assistant Secretary (Management) and concurrently to the Departmental Director of Security, the appropriate administrative, disciplinary, or legal action to be taken based upon jurisdictional authority of the Treasury components involved. (c) Content of Damage Assessments. At a minimum, damage assessments shall be in writing and contain the following: (1) Identification of the source, date and circumstances of the compromise. (2) Classification and description of the specific information which has been lost. [[Page 104]] (3) An analysis and statement of the known or probable damage to the national security that has resulted or may result. (4) An assessment of the possible advantage to foreign powers resulting from the compromise. (5) An assessment of whether, (i) The classification of the information involved should be continued without change; (ii) The specific information, or parts thereof, shall be modified to minimize or nullify the effects of the reported compromise and the classification retained; (iii) Downgrading, declassification, or upgrading is warranted, and if so, confirmation of prompt notification to holders of any change, and (6) An assessment of whether countermeasures are appropriate and feasible to negate or minimize the effect of the compromise. (d) System for Control of Damage Assessments. Each Treasury bureau and the Departmental Offices shall establish a system of control and internal procedures to ensure that damage assessments are performed in all cases described in Sec. 2.32(a) and that records are maintained in a manner that facilitates their retrieval and use within the Department. (e) Cases Involving More Than One Agency. (1) Whenever a compromise involves the classified information or interests of more than one agency, the Departmental Director of Security shall advise the other affected agencies of the circumstances and findings that affect their information or interests. Whenever a damage assessment, incorporating the product of two or more agencies is needed, the affected agencies shall agree upon the assignment of responsibility for the assessment and Treasury components will provide all data pertinent to the compromise to the agency responsible for conducting the assessment. (2) Whenever a compromise of United States classified information is the result of actions taken by foreign nationals, by foreign government officials, or by United States nationals in the employ of international organizations, the agency performing the damage assessment shall endeavor to ensure through appropriate intergovernmental liaison channels, that information pertinent to the assessment is obtained. Whenever more than one agency is responsible for the assessment, those agencies shall coordinate the request prior to transmittal through appropriate channels. (3) Whenever an action is contemplated against any person believed responsible for the loss or compromise of classified information, damage assessments shall be coordinated with appropriate legal counsel. Whenever a violation of criminal law appears to have occured and a criminal prosecution is contemplated, coordination shall be made with the Department of Justice. (4) The designated representative of the Director of Central <strong>Intelligence</strong>, or other appropriate officials with responsibility for the information involved, will be consulted whenever a compromise of sensitive compartmented information has occurred. Sec. 2.33 Responsibilities of holders [4.1(b)]. Any person having access to and possession of classified information is responsible for protecting it from persons not authorized access, i.e., persons who do not possess an appropriate security clearance, and who do not possess the required need-to-know. This includes keeping classified documents under constant observation and turned face-down or covered when not in use and securing such information in approved security equipment or facilities whenever it is not under the direct supervision of authorized persons. In all instances, such protective means must meet accountability requirements prescribed by the Department. Sec. 2.34 Inspections [4.1(b)]. Individuals charged with the custody of classified information shall conduct the necessary inspections within their areas to ensure adherence to procedural safeguards prescribed to protect classified information. Security officers shall ensure that periodic inspections are made to determine whether procedural safeguards prescribed by this regulation and any bureau implementing regulation are in effect at all [[Page 105]] times. At a minimum such checks shall ensure that all classified information is stored in approved security containers, including removable storage media, e.g., floppy disks used by word processors that contain classified information; burn bags, if utilized, are either stored in approved security containers or destroyed; and classified shorthand notes, carbon paper, carbon and plastic typewriter ribbons, rough drafts and similar papers have been properly stored or destroyed. Sec. 2.35 Security violations. Any individual, at any level of employment, determined to have been responsible for the unauthorized release or disclosure or potential release or disclosure of classified national security information, whether it be knowingly, willfully or through negligence, shall be notified on TD F 71-21.1 (Record of Security Violation) that his or her action is in violation of this regulation, the Order, the Directive, and Executive Order 10450, as amended. Treasury Directive 71-04, entitled, ``Administration of Security Violations'' sets forth provisions concerning security violations which shall apply to each Treasury employee and persons under contract or subcontract to the Department authorized access to Treasury classified national security information. (a) Repeated abuse of the classification process, either by unnecessary or over-classification, or repeated failure, neglect or disregard of established requirements for safeguarding classified information by any employee shall be grounds for appropriate adverse or disciplinary action. Such actions may include, but are not necessarily limited to, a letter of warning, a letter of reprimand, suspension without pay, or dismissal, as appropriate in the particular case, under applicable personnel rules, regulations and procedures. Where a violation of criminal statutes may be involved, any such case shall be promptly referred to the Department of Justice. (b) After an affirmative adjudication of a security violation, and as the occasion demands, reports of accountable security violations shall be placed in the employee's personnel security file, and as appropriate, in the employee's official personnel folder. The security official of the office or bureau concerned shall recommend to the respective management official or bureau head that disciplinary action be taken when such action is indicated. Sec. 2.36 Disposition and destruction [4.1(b)]. Classified information no longer needed in current working files or for reference or record purposes shall be processed for appropriate disposition in accordance with the provisions of Title 44, United States Code, Chapters 21 and 33, which govern disposition of Federal records. Classified information approved for destruction shall be destroyed by either burning, melting, chemical decomposition, pulping, mulching, pulverizing, cross-cut shredding or other mutilation in the presence of appropriately cleared and authorized persons. The method of destruction must preclude recognition or reconstruction of the classified information. The residue from cross-cut shredding of Top Secret, Secret, and Confidential classified, non-Communications Security (COMSEC), information contained in paper media may not exceed \3/32\<gr-thn-eq> by \1/2\<gr-thn-eq> with a \1/64\<gr-thn-eq> tolerance. (a) Diskettes or Floppy Disks. Diskettes or floppy disks containing information or data classified up to and including Top Secret may be destroyed by the use of an approved degausser, burning, pulverizing, and chemical decomposition, or by first reformatting or reinitializing the diskette then physically removing the magnetic disk from its protective sleeve and using an approved cross-cut shredder to destroy the magnetic media. Care must be exercised to ensure that the destruction of magnetic disks does not damage the cross-cut shredder. The residue from such destruction, however, may not exceed \1/32\<gr-thn-eq> by \1/ 2\<gr-thn-eq> with a \1/64\<gr-thn-eq> tolerance. The destruction of classified COMSEC information on diskettes or floppy disks may only be effected by burning followed by crushing of the ash residue. (b) Hard Disks. Hard disks, including removable hard disks, disk packs, drums or single disk platters that contain classified information must first [[Page 106]] be degaussed prior to physical destruction. The media must be destroyed by incineration, chemical decomposition or the entire magnetic disk pack, drum, or platter recording surface must be obliterated by use of an emery wheel or disk sander. (c) Approval of Use of Mulching and Cross-cut Shredding Equipment. Prior to obtaining mulching or cross-cut shredding equipment, the Departmental Director of Security shall approve the use of such equipment. (d) Use of Burnbags. Any classified information to be destroyed by burning shall be torn and placed in opaque containers, commonly designated as burnbags, which shall be clearly and distinctly labeled ``BURN'' or ``CLASSIFIED WASTE''. Burnbags awaiting destruction are to be protected by security safeguards commensurate with the classification or control designation of the information involved. (e) Records of Destruction. Appropriate accountability records shall be maintained on TD F 71-01.17 (Classified Document Certificate of Destruction) to reflect the destruction of all Top Secret and Secret information. As deemed necessary by the originator, or as required by special regulations, the TD F 71-01.17 shall be executed for the destruction of information classified Confidential or marked Limited Official Use. TD F's 71-01.17 shall be maintained for a three-year period after which the form may be destroyed. No record of the actual destruction of the TD F 71-01.17 is required. (f) Destruction of non-record Classified Information. Non-record classified information such as extra copies and duplicates, including shorthand notes, preliminary drafts, used carbon paper and other material of similar temporary nature, shall also be destroyed by burning, mulching, or cross-cut shredding as soon as it has served its purpose, but no records of such destruction need be maintained. [55 FR 1644, Jan. 17, 1990; 55 FR 5118, Feb. 13, 1990] Sec. 2.37 National Security Decision Directive 197. National Security Decision Directive 197, Reporting Hostile Contacts and Security Awareness, provides that United States Government employees are responsible for reporting to their designated security officer: (a) Any suspected or apparent attempt by persons, regardless of nationality, to obtain unauthorized access to classified national security information, sensitive or proprietary information or technology and/or; (b) Instances in which they feel they are being targeted for possible exploitation. Contacts with representatives of designated countries of concern identified in Sec. 2.43(f) which involve requests for information which are not ordinarily provided in the course of an employee's job, regular or daily activity, and/or which might possibly lead to further requests for access to sensitive, proprietary or classified information or technology, are to be reported to designated security officers. Reports of such contacts are to be forwarded by the designated security officer to the Departmental Director of Security for appropriate action and coordination. Subpart E--Implementation and Review Sec. 2.38 Departmental management. (a) The Assistant Secretary (Management) shall: (1) Enforce the Order, the Directive and this regulation, and establish, coordinate and maintain active training, orientation and inspection programs for employees concerned with classified information. (2) Review suggestions and complaints regarding the administration of this regulation. (b) Pursuant to Treasury Directive 71-08, ``Delegation of Authority Concerning Physical Security Programs'', the Departmental Director of Security shall: (1) Review all bureau implementing regulations prior to publication and shall require any regulation to be changed, if it is not consistent with the Order, the Directive or this regulation. (2) Have the authority to conduct on-site reviews of bureau physical security programs and information security programs as they pertain to each Treasury bureau and to require such [[Page 107]] reports, information and assistance as may be necessary, and (3) Serve as the principal advisor to the Assistant Secretary (Management) with respect to Treasury physical and information security programs. Sec. 2.39 Bureau administration. Each Treasury bureau and the Departmental Offices shall designate, in writing to the Departmental Director of Security, an officer or official to direct, coordinate and administer its physical security and information security programs which shall include active oversight to ensure effective implementation of the Order, the Directive, this regulation. Bureaus and the Departmental Offices shall revise their existing implementing regulation on national security information to ensure conformance with this regulation. Time frames for bureau and Departmental Offices implementation shall be established by the Departmental Director of Security. Sec. 2.40 Emergency planning [4.1(b)]. Each Treasury bureau and the Departmental Offices shall develop plans for the protection, removal, or destruction of classified information in case of fire, natural disaster, civil disturbance, or possible enemy action. These plans shall include the disposition of classified information located in foreign countries. Sec. 2.41 Emergency authority [4.1(b)]. The Secretary of the Treasury may prescribe by regulation special provisions for the dissemination, transmittal, destruction, and safeguarding of national security information during combat or other emergency situations which pose an imminent threat to national security information. Sec. 2.42 Security education [5.3(a)]. Each Treasury bureau that creates, processes or handles national secutity information, including the Departmental Offices, is required to establish a security education program. The program shall be sufficient to familiarize all necessary personnel with the provisions of the Order, the Directive, this regulation and any other implementing directives and regulations to impress upon them their individual security responsibilities. The program shall also provide for initial, refresher, and termination briefings. (a) Briefing of Employees. All new employees concerned with classified information shall be afforded a security briefing regarding the Order, the Directive and this regulation and sign a security agreement as required in Sec. 2.22(c). Employees concerned with sensitive compartmented information shall be required to read and also sign a security agreement. Copies of applicable laws and pertinent security regulations setting forth the procedures for the protection and disclosure of classified information shall be available for all new employees afforded a security briefing. All employees given a security briefing shall be required to sign a TD F 71-01.16 (Physical Security Orientation Acknowledgment) which shall be maintained on file as determined by respective office or bureau security officials. (b) [Reserved] Subpart F--General Provisions Sec. 2.43 Definitions [6.1]. (a) Authorized Person. Those individuals who have a ``need-to-know'' the classified information involved and have been cleared for the receipt of such information. Responsibility for determining whether individuals' duties require that they possess, or have access to, any classified information and whether they are authorized to receive it rests on the individual who has possession, knowledge, or control of the information involved, and not on the prospective recipients. (b) Compromise. The loss of security enabling unauthorized access to classified information. Affected information or material is not automatically declassified. (c) Confidential Source. Any individual or organization that has provided, or that may reasonably be expected to provide, information to the United States on matters pertaining to the national security with the expectation, expressed or implied, that the information or relationship, or both, be held in confidence. [[Page 108]] (d) Declassification. The determination that particular classified information no longer requires protection against unauthorized disclosure in the interest of national security. Such determination shall be by specific action or occur automatically after the lapse of a requisite period of time or the occurrence of a specified event. If such determination is by specific action, the information or material shall be so marked with the new designation. (e) Derivative Classification. A determination that information is, in substance, the same as informaiton that is currently classified and a designation of the level of classification. (f) Designated Countries of Concern. For purposes of National Security Decision Directive 197 reporting: Afghanistan, Albania, Angola, Bulgaria, Cambodia (Kampuchea), the People's Republic of China (Communist China), Cuba, Czechoslovakia, Ethiopia, East Germany (German Democratic Republic including the Soviet sector of Berlin), Hungary, Iran, Iraq, Laos, Libya, Mongolian People's Republic (Outer Mongolia), Nicaragua, North Korea, Palestine Liberation Organization, Poland, Romania, South Africa, South Yemen, Syria, Taiwan, Union of Soviet Socialist Republics (Russia), Vietnam and Yugoslavia. (g) Document. Any recorded information regardless of its physical form or characteristics, including, without limitation, written or printed material; data processing cards and tapes; maps, charts; painting; drawings; engravings; sketches; working notes and papers; reproductions of such things by any means or process; and sound, voice, or electronic recordings in any form. (h) Foreign Government Information. (1) Information provided by a foreign government or governments, an international organization of governments, or any elements thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence; or (2) Information produced by the United States Government pursuant to or as a result of a joint arrangement with a foreign government or governments or an international organization of governments, or any element thereof, requiring that the information, the arrangement, or both, are to be held in confidence. (i) Information. Any data or material, regardless of its physical form or characteristics, that is owned by, produced by or for, or is under the control of the United States Government. (j) Information Security. The administrative policies and procedures for identifying, controlling, and safeguarding from unauthorized disclosure, information the protection of which is authorized by Executive Order or statute. (k) <strong>Intelligence</strong> Activity. An activity that an agency within the <strong>Intelligence</strong> Community is authorized to conduct pursuant to Executive Order 12333. (l) <strong>Intelligence</strong> Sources and Methods. A person, organization, or technical means or method which provides foreign <strong>intelligence</strong> or foreign counterintelligence to the United States and which, if its identity or capability is disclosed, is vulnerable to counteraction that could nullify or significantly reduce its effectiveness in providing foreign <strong>intelligence</strong> or foreign counterintelligence to the United States. An <strong>intelligence</strong> source also means a person or organization which provides foreign <strong>intelligence</strong> or foreign counterintelligence to the United States only on the condition that its identity remains undisclosed. <strong>Intelligence</strong> methods are that which, if disclosed, reasonably could lead to the disclosure of an <strong>intelligence</strong> source or operation. (m) Limited Official Use. The legend authorized for ``Officially Limited Information'' which provides that it be handled, safeguarded and stored in a manner equivalent to national security information classified Confidential. (n) Multiple Classified Sources. The term used to indicate that a document is derivatively classified when it contains classified information derived from other than one source. (o) National Security. The national defense or foreign relations of the United States. (p) National Security Information. Information that has been determined [[Page 109]] pursuant to the Order or any predecessor Executive Order to require protection against unauthorized disclosure and that is so designated. (q) Need-to-Know. A determination made by the possessor of classified information that a prospective recipient, in the interest of national security, has a requirement for access to, knowledge of, or possession of the classified information in order to perform tasks or services essential to the fulfillment of particular work, including performance on contracts for which such access is required. (r) Officially Limited Information. Information which does not meet the criterion that unauthorized disclosure would at least cause damage to the national security under the Order or a predecessor Executive Order, but which concerns important, delicate, sensitive or proprietary information which is utilized in the development of Treasury policy. This includes the enforcement of criminal and civil laws relating to Treasury operations, the making of decisions on personnel matters and the consideration of financial information provided in confidence. (s) Original Classification. An initial determination that information requires, in the interest of national security, protection against unauthorized disclosure, together with a classification designation signifying the level of protection required. (t) Original Classification Authority. The authority vested in an Executive Branch official to make an initial determination that information requires protection against unauthorized disclosure in the interest of national security. (u) Originating Agency. The agency responsible for the initial determination that particular information is classified. (v) Portion. A segment of a document for purposes of expressing a unified theme; ordinarily a paragraph. (w) Sensitive Compartmented Information. Information and material concerning or derived from <strong>intelligence</strong> sources, methods, or analytical processes, that requires special controls for restricting handling within compartmented <strong>intelligence</strong> systems established by the Director of Central <strong>Intelligence</strong> and for which compartmentation is established. (x) Special Access Program. Any program imposing ``need-to-know'' or access controls beyond those normally provided for access to Confidential, Secret, or Top Secret information. Such a program may include, but is not limited to, special clearance, adjudication, or investigative requirements, special designations of officials authorized to determine ``need-to-know'' or special lists of persons determined to have a ``need-to-know''. (y) Special Activity. An activity conducted in support of national foreign policy objectives abroad which is planned and executed so that the role of the United States Government is not apparent or acknowledged publicly, and functions in support of such activity, but which is not intended to influence United States political processes, public opinion, policies or media and does not include diplomatic activities or the collection and production of <strong>intelligence</strong> or related support functions. (z) Unauthorized Disclosure. A communication or physical transfer of classified information to an unauthorized recipient. It includes the unauthorized disclosure of classified information in a newspaper, journal, or other publication where such information is traceable due to a direct quotation or other uniquely identifiable fact.