Computer Security
Course: Derivative Classification
Lesson: Course Introduction
Course Information
Purpose Provide a thorough understanding of the responsibilities associated with derivative classification and the procedures to follow to correctly derivatively classify documents.
Audience Military, civilian, and contractor personnel responsible for oversight or application of derivative classification.
POC GeneralSecurity.Training@dss.mil Pass/Fail % 75%
Estimated completion time
120 minutes
Course Overview
In the course of working with classified information, individuals sometimes generate or create new documents and materials based on that information. These individuals are responsible for maintaining the protection of that classified information. These individuals are called derivative classifiers. They must carefully analyze their work product to determine what classified information it contains or reveals, and evaluate that information against official classification guidance.
Based on that evaluation, derivative classifiers must ensure that the information in the new material is identified as classified by applying the appropriate markings to the material. This process of determining whether information has been previously classified and properly marking it is called derivative classification.
Derivative classifiers need to understand what their responsibilities are, what processes to follow, and what resources to consult to safeguard information that, if revealed, could cause damage to the national security.
mailto:GeneralSecurity.Training@dss.mil
Derivative Classification Course Introduction
Student Guide
Course Objectives
• Identify the responsibilities associated with derivatively classifying information
• Identify the process and methods for derivatively classifying information
• Identify authorized sources to use when derivatively classifying information
• Applying authorized sources, derivatively classify information based on the concepts of "contained in,” "revealed by,” and "compilation"
Lessons in the Course
• Course Introduction
• Derivative Classification Basics
• Classification Concepts
• Practical Exercise
• Course Conclusion
Page 2
Student Guide
Course: Derivative Classification
Lesson: Derivative Classification Basics
Introduction
Because protecting classified information from improper disclosure is so critical, there are responsibilities and procedures to follow when using classified information to create new documentation. You must be familiar with these responsibilities and procedures as well as where to go for guidance so you can successfully implement and execute them at your activity or facility.
Lesson Objectives
• Define derivative classification
• Identify the requirement for and importance of derivative classification
• Identify who will have derivative classification responsibilities and the requirements he or she must meet
• Identify the steps involved in the derivative classification process
• Identify authorized sources to use when derivatively classifying information
Derivative Classification Overview
1. What is Derivative Classification?
The initial decision about what information should be classified is called original classification. Because this is a very important, sensitive decision, the Government has granted only a limited number of government officials the authority to perform original classification.
Derivative classification is different. It is the process of using existing classified information to create new material, and marking that newly-developed material consistent with the classification markings that apply to the source information. Copying or duplicating existing classified information is not derivative classification.
Whereas only authorized government officials can perform original classification, no specific delegation of authority is required to be a derivative classifier. In fact, all cleared DoD and authorized contractor personnel who generate or create material from classified sources are derivative classifiers.
Like original classification, derivative classification has far-reaching effects on the Department of Defense and industry. Classifying information helps protect our national security. It limits access to only those individuals with the appropriate clearance level
Derivative Classification Derivative Classification Basics
Student Guide
and a legitimate need to know the information. Classification also impacts resources; it imposes costs for things like security clearances, physical security measures, and countermeasures. Because of the importance of classification, but also its inherent limitations and costs, it is crucial that derivative classifiers follow appropriate procedures and observe all requirements.
2. Derivative Classification Responsibilities
In general, derivative classifiers are responsible for ensuring that they apply the highest possible standards when derivatively classifying information. Derivative classifiers who generate new products bear the principal responsibility for the accuracy of the derivative classification. For this reason, it is important to follow DoD policy requirements.
Derivative classifiers have a variety of responsibilities they must meet in order to properly perform derivative classification. First, they must understand derivative classification policies and procedures. Before derivative classification can be accomplished, the classifier must have received the required training. Training must be accomplished in the proper application of the derivative classification principles of as specified in EO 13526, as well as emphasizing the avoidance of over-classification. At a minimum, the training shall cover the principles of derivative classification, classification levels, duration of classification, identification and markings, classification prohibitions and limitations, sanctions, classification challenges, security classification guides, and information sharing. Personnel shall receive this training prior to derivatively classifying information. In addition to this preparatory training, derivative classifiers shall receive such training at least once every two years. Derivative classifiers who do not receive such mandatory training at least once every two years shall have their authority to apply derivative classification markings suspended until they have received such training. They must also have expertise in the subject matter on which they are creating documentation, as well as on classification management and marking techniques. Derivative classifiers must also have access to classification guidance. This helps meet the responsibility of analyzing and evaluating information to identify elements that require classification.
The most important responsibilities derivative classifiers have is to observe and respect the original classification authority’s decision and to use only authorized sources to determine derivative classification.
The information in boxes like the one below is supplemental content that you may find useful; however, it will not be addressed in the course examination.
To understand derivative classification policies and procedures:
• Complete the online course: Derivative Classification • Complete the Marking Classified Information online training course offered by CDSE • Consult DoDM 5200.01, Volumes 1-4 and/or DoD 5220.22-M • Contact your government security official or Facility Security Officer (FSO)________
3. Policy Guidance
There are two primary sources of policy guidance for derivative classification.
Page 2
Derivative Classification Derivative Classification Basics
Student Guide
Within the Department of Defense, DoDM 5200.01, Volumes 1-4, Information Security Program, provides the basic guidance and regulatory requirements for the Department of Defense Information Security Program. For industry, DoD 5220.22-M, the National Information Security Program Operating Manual (NISPOM) contains information on derivative classification responsibilities.
How Does Derivative Classification Work?
1. Derivative Classification Concepts
So how do you determine whether the information contained in a new product is classified? As a derivative classifier, you are responsible for checking whether the content of the information already exists in one of the acceptable forms of classification guidance. If the guidance tells you the information in your new product is classified, you must classify and treat it as such. Note that for derivative classification purposes, the term "document" refers to any physical medium in or on which information is recorded or stored. This includes written or printed matter, audiovisual materials, and electromagnetic storage media. Let's take a closer look at these authorized sources for derivative classification.
2. Authorized Sources fo r Derivative Classification
To ensure that the original classification of information is maintained, derivative classifiers must use only authorized sources of classification guidance to derivatively classify information. While it might be tempting, derivative classifiers must not rely on their memories or general rules about classification.
There are only three authorized sources for derivative classification. The first source is a Security Classification Guide (SCG). An SCG is a collection of precise, comprehensive guidance about a specific program, system, operation, or weapon system telling what elements of information are classified. For each element of information, the SCG includes its classification level, the reasons for that classification, and information about when that classification will be downgraded or terminated. For this reason, SCGs are the primary source for derivative classification.
A second authorized source is an existing, properly marked source document from which information is extracted, paraphrased, restated, and/or generated in a new form for inclusion in another document. You must carry the classification of that existing material forward into your new end product.
The third authorized source is the DD Form 254, the DoD Contract Security Classification Specification. DD Form 254 provides classification guidance to contractors performing on classified contracts. It informs them of the level of information they will need to access, the required level of security clearance for access, and the performance requirements; for example, safeguarding and special security requirements.
These three sources are the only authorized sources for derivative classification. Any other source is unauthorized, and must not be used as the basis for derivative classification. Some examples of such unauthorized sources appear in the box below:
Page 5
Derivative Classification Derivative Classification Basics
Student Guide
Examples of unauthorized sources of classification:
0 Memory: "I remember that project was classified Secret 5 years ago, so it must be Secret now."
0 Unconfirmed source: "Someone told me this document can be declassified."
0 Just because: "I am going to classify this document Top Secret because that is how we have always done it."
0 Media/Internet: "I saw it on the news last night so it must be declassified."________
3. Process Overview
Derivative classifiers must carefully analyze the material they are classifying to determine what information it contains or reveals, and evaluate that information against the instructions provided by the classification guidance or the markings on source documents.
To perform that evaluation, derivative classifiers may use only authorized sources of guidance about the classification of the information in question.
If the authorized sources do not provide sufficient guidance, you may need to refer to other officials, such as the Security Manager or Original Classification Authority for DoD personnel, or the Facility Security Officer or Government Contracting Authority for contractors. Your chain-of-command or appropriate reporting channels will provide specific guidance about who you should consult.
In addition to assigning the appropriate classification level to information, derivative classifiers are also responsible for carrying forward guidance about when the classification of that information may be downgraded, and when it may be declassified altogether. This is an important part of the derivative classification task.
Every time information is classified, a determination must be made regarding how long the information will be protected. This is an essential part of the classification and declassification process. For derivatively classified information, the classifier must specify one of the following on the "Declassify on" line:
1. A specific date or event for declassification, within 25 years of the document’s origin; or
2. Absent a declassification instruction or other declassification guidance from the OCA, a calculated date 25 years from the date of the document’s origin; or
3. 25X1 through 25X9, and a specific date or event for declassification taken from the source document; or
4. 50X1-HUM or 50X2-WMD (Does not require a date or event for declassification)
5. An approved 75-year exemption (i.e., 75X2 through 75X9) with date or event for declassification
Page 4
Derivative Classification Derivative Classification Basics
Student Guide
Finally, once you have determined the derivative classification of the new material, you are responsible for marking it appropriately.
For information on marking, refer to DoDM 5200.01, Volumes 1-4, Information Security Program, and the Marking Classified Information web-based training course offered by the DSS CDSE.
Review Activity
Question 1
Which of the following is NOT a function of derivative classification? Select the best answer.
O Creating new classified materials from properly marked, existing classified source materials and marking them accordingly
O Making an initial determination that information requires protection against unauthorized disclosure in the interest of national security
O The process of extracting, paraphrasing, restating, or generating in a new form, information that is already classified
O Carrying forward the correct classification level for classified information used to generate new materials or documents
Question 2
Which of the following are authorized sources for derivative classification? Select all that apply.
□ Security Classification Guides (SCG) □ DoD 5220.22-M (NISPOM) □ Your level of expertise with the content □ DoDM 5200.01, Volumes 1-4 (Information Security Program) □ A properly marked classified source document □ DD Form 254 (Department of Defense Contract Security Classification
Specification) □ The Facility Security Officer (Industry) or Security Manager (DoD)
Page 5
Derivative Classification Derivative Classification Basics
Student Guide
Question 3
Select True or False for each statement.
True False Photocopying a Secret document and marking the photocopy Secret is derivative classification. O O
Only government officials may perform derivative classification. O O
Consulting your FSO or security manager is always the first step in the derivative classification process. O O
Derivative classifiers are responsible for analyzing and evaluating information to identify elements that require classification. O O
Lesson Conclusion
In this lesson, you learned about the importance of derivative classification and how it is different from original classification. You also learned about the responsibilities of derivative classifiers. You learned about the three authorized sources for derivatively classifying information, and you learned the basic process for derivatively classifying information.
Page 6
Derivative Classification Derivative Classification Basics
Student Guide
Answer Key
Question 1
Making an initial determination that information requires protection against unauthorized disclosure in the interest of national security describes original classification, not derivative classification.
Derivative classification involves all of the other listed activities: • Creating new classified materials from properly marked, existing classified
source materials and marking them accordingly • The process of extracting, paraphrasing, restating, or generating in a new form,
information that is already classified • Carrying forward the correct classification level for classified information used to
generate new materials or documents
Question 2
The only authorized sources for derivative classification are SCGs, properly marked classified source materials, and DD Form 254.
Question 3
True False Photocopying a Secret document and marking the photocopy Secret is derivative classification. o
•
Only government officials may perform derivative classification. o •
Consulting your FSO or security manager is always the first step in the derivative classification process. o
•
Derivative classifiers are responsible for analyzing and evaluating information to identify elements that require classification.
• o
Page 7
Classification Markings in This Document Are for Training Purposes Only
Student Guide
Course: Derivative Classification
Lesson: Classification Concepts
Introduction
Government and contractor personnel who extract, paraphrase, restate, or generate classified information in a new form are derivatively classifying the new content. When information is clearly identified as classified, it is marked as Top Secret, Secret, or Confidential. However, there are times in the derivative classification process when the classification of information is not clearly stated or obvious. This does not mean that the information is unclassified. Derivative classifiers must carefully analyze the material they are classifying to determine the information it contains or reveals and evaluate that information against authorized classification guidance.
Lesson Objectives
• Define and distinguish the differences in the concepts of "contained in,” "revealed by,” and "compilation"
• Recognize examples of "contained in” derivative classification based on various authorized sources
• Recognize examples of "revealed by” derivative classification based on various authorized sources
• Recognize examples of compilation of information derivative classification guided by authorized sources
Derivative Classification Terms and Concepts
1. Key Terms
There are different ways in which derivative classifiers can create new content from authorized sources. They can extract information, paraphrase or restate it, or generate that information in a new form. As part of their derivative classification responsibilities, they must correctly identify the classification level of the new material and mark it accordingly. It is important, therefore, to understand what each of these terms means.
• Extracting occurs when information is taken directly from an authorized classification guidance source and is stated verbatim in a new or different document.
Classification Markings in This Document Are for Training Purposes Only
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
• Paraphrasing or restating occurs when information is taken from an authorized source and is re-worded in a new or different document. Derivative classifiers must be careful when paraphrasing or restating information to ensure that the classification has not been changed in the process.
• Generating is when information is taken from an authorized source and generated into another form or medium, such as a video, DVD, or CD.
Understanding the different ways of incorporating existing classified information into new material is only part of the picture, however. There are three key classification concepts you will need to apply in order to correctly classify your newly created materials.
2. Concepts Overview
There are three key concepts that you can use to determine the classification level of the material you create. Your new material may include classified information that is contained in the classification guidance. Or, because of the way it is organized or structured, your new material may reveal classified information that did not specifically appear in the classification guidance used to create it. Finally, your new material may aggregate, or bring together, pieces of information that are unclassified, or have one classification level, but when you present them together it either renders the new information classified or changes its classification level. This is called compilation. Let's take a closer look at each of these concepts.
"Contained In"
1. Definition
The concept of "contained in" applies when derivative classifiers incorporate classified information from an authorized source into a new document, and no additional interpretation or analysis is needed to determine the classification of that information. In other words, when classified information in a new document is contained in the authorized source, the new document's classification is derived directly from the classification of that source. The concept of "contained in" can apply when the information is extracted word-for-word or when the information is paraphrased or restated from the existing content.
Classification Markings in This Document Are for Training Purposes Only
Page 2
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
2. Examples
Let's review some examples of how the "contained in" concept determines the derivative classification of a new document.
Properly Marked Source Document
New Document
(S) The length of the (S) The length of the course is two hours. ---------------------------------------► course is two hours.
In this example, the classification guidance is a properly marked source document. It contains classified information that has been extracted word-for-word into the new document. Because the information contained in the classification source was Secret, you must classify the new document Secret.
Let's look at another example:
Properly Marked Source Document
New Document
(S) The length of the (S) This course is course is two hours. normally two hours in
length.
Here, the information from the classified source is paraphrased and incorporated in the new document. Even though it is worded differently, the information in the new document is contained in the classified source, where it is Secret. Therefore, you must classify the new document Secret.
The "contained in" concept also applies to the use of an SCG. Sometimes, the guidance in an SCG may explicitly apply to the content you incorporate into a new document:
Security Classification Guide New Document
U C S TS Length of course
X (S) The length of the course is two hours.
This SCG provides that the information about the length of the course is classified Secret. Because you have stated this exact information in your new document, you must apply this Secret classification as dictated by the SCG.
Classification Markings in This Document Are for Training Purposes Only
Page 3
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
1. Definition
The concept of "revealed by" applies when derivative classifiers incorporate classified information from an authorized source into a new document that is not clearly or explicitly stated in the source document. However, a reader can deduce the classified information from the new document by performing some level of additional interpretation or analysis. In this sense, the classified nature of the information in the new document is revealed by analysis of its contents, so it will need to be marked in accordance with that classification.
2. Example
Let's look at some examples of how the classification of information can be revealed through analysis.
Properly Marked New Document Source Document
The properly marked source document contains some Secret information. Your new document does not contain that same information. However, the information in your new document will allow a reader to deduce the classified information.
If the first half of the course is one hour long, it follows that the second half would be the same length -- one hour. Since the course has two one-hour halves, it must be two hours long. This information is classified Secret according to the properly marked source document, so you must apply the same classification markings to the information in your new document.
"Revealed by"
(S) The length of the course is two hours.
(S) The firs t half of the course is one hour and will define derivative classification. The second half of the course will provide an opportunity to practice derivatively classifying information.
Classification Markings in This Document Are for Training Purposes Only
Page 4
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
The concept of "revealed by" also applies when you are using an SCG as classification guidance. You need to look at what information can be deduced from what you have included in your new material and check whether that information is itself listed as classified in an SCG:
Security Classification New Document Guide
U C S TS Length of course
X
(S) The firs t half of the course is one hour and will define derivative classification. The second half of the course will provide an opportunity to practice derivatively classifying information.
"Classification by Compilation"
1. Definition
Sometimes combining two or more pieces of unclassified information can result in an aggregate that is classified. This occurrence is called compilation, or aggregation.
Classification by compilation involves combining or associating unclassified individual elements of information with one classification level to reveal an additional association or relationship that warrants a classified level of protection. Classification by compilation is not the norm when derivatively classifying information. However, because of the risks involved, it is critical to refer to classification guidance, such as SCGs, to ensure otherwise unclassified information does not become classified when you use it in a new document.
There are some special procedures to follow whenever you classify information by compilation. First, you must place a clearly-worded explanation of the basis for classification by compilation on the face of the new document or include it in the text. You must also mark each element of information individually according to its classified content. This will allow subsequent derivative classifiers to use the individual elements at their original classification level.
Classification Markings in This Document Are for Training Purposes Only
Page 5
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
2. Examples
Let's look at an example of classification by compilation. You have two Theater-Wide Operation Failure Reports, both of which are unclassified. When you refer to the SCG below, you can verify this fact in row 3.3.2.8:
Security Classification Guide
U C S TS
3.3.2.8 Single theater-wide operation failure report, outage report, problem report, or investigation report
X
3.3.2.9 Compilation of two or more theater- wide operation failure reports, outage reports, problem reports, or investigation reports within the same document
X
Therefore, if you create a new document that mentions either report alone, that new document will also be unclassified. But the next row in the SCG indicates that if you compile two or more of the listed report types into a single document, the classification level changes.
Imagine you need to create an Investigation Report that summarizes the contents of two Theater-Wide Operation Failure reports:
(U) Theater-wide Operation Failure (U) Theater-wide Operation Failure Report Report
(U) Table of Contents (U) Table of Contents
(U) Introduction............................... 1 (U) Introduction............................... 1 (U) Theater-wide outrage report 2 (U) Theater-wide outrage report 2
When you aggregate these unclassified pieces of information in a new document, the SCG indicates that the information taken together should be classified as Secret.
Classification Markings in This Document Are for Training Purposes Only
Page 6
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
SECRET
(U) Investigation Report
(U) Table of Contents
(U) Introduction...............................................................1 (U)* Theater-wide outage report....................................2 (U)* Theater-wide problem report.................................. 3
*Note that the compilation of two or more theater-wide operation failure reports, outage reports, problem reports, or investigation reports within the same document is classified as Secret.
SECRET
Note that the individual pieces of information should still be marked unclassified, consistent with their original classification. You are also required to explain the basis for your classification by compilation. The note on the report above is one example of how you might do so. If you think classification by compilation applies to your situation, refer to your classification guidance. Although classification by compilation may be rare, some types of information are more likely to be subject to it. Here are some examples:
Example: Budget and Tables of Distribution
U C S TS 3.3.3.7 Budget X 3.3.3.8 Tables of Distribution X 3.3.3.9 Compilation of both budget and tables of distribution within the same document
X
Example: Staffing and Equipment Allowances
U C S TS 3.3.4.7 Staffing X 3.3.4.8 Equipment allowances X 3.3.4.9 Compilation of both staffing and equipment allowances within the same document
X
Classification Markings in This Document Are for Training Purposes Only
Page 7
Example: Mission and Geographic Location
Derivative Classification Student Guide Classification Concepts
Classification Markings in This Document Are for Training Purposes Only
U C S TS 3.3.2.7 Mission X 3.3.2.8 Geographic Location X 3.3.2.9 Compilation of both mission and geographic location within the same document