sential that the public be informed concerning the activities of its government, but that the interests of the United States and its citizens require that certain information concerning the national defense and foreign relations be protected against unauthorized disclosure. With this object, the Order prescribes a uniform system for classifying, declassifying, and safeguarding national security information.

(b) The purpose of these regulations is to assist in the implementation of the Order and Information Security Oversight Office (hereinafter referred to as ISOO), Directive No. 1, (hereinafter called "the Directive"), and users of these regulations may refer to the Order and Directive for additional guidance.

§ 9.2 Implementation and oversight responsibilities.

The Order requires each agency that originates or handles classified information to promulgate implementing regulations. The Order further requires that each agency originating or handling classified material shall designate a senior official to direct and administer its information security program. This official shall be responsible for actively overseeing the agency's program, including a security education program, to ensure effective implementation of the Order.

(a) In addition, this official shall have the following responsibilities:

(1) To establish and monitor agency policies and procedures to prevent over or under classification, to ensure the protection from unauthorized disclosure of properly classified information, including intelligence information, and to ensure orderly and effective declassification of agency documents which no longer require protection, in accordance with the terms of the Order.

(2) To review proposed classified disclosures of an exceptional nature bearing upon issues of concern to the Congress and the public.

(3) To issue any needed guidelines for classification or declassification.

(4) To recommend to the agency head the following:

(i) Proposals for reclassification in accordance with section 1.6(c) of the Order;

(ii) Other categories of information, as defined in section 1.3(a)(10) of the Order, which require protection against unauthorized disclosure but which are not specifically protected by sections 1.3(a) (1) through (9) of the Order;

(iii) Waivers, for specified classes of documents or information of the requirement to indicate which portions of documents are classified and which are not, as provided by section 1.5(b) of the Order; and

(iv) Waivers for specified classes of documents or information, of the requirement to prepare derivative classification guides, as provided by section 2.2(c) of the Order.

(5) To prepare a list of officials, by name or position, delegated Top Secret, Secret, and Confidential classification authority.

(6) To receive, and if necessary act on, suggestions and complaints with respect to that agency's administration of its information security program.

(7) To provide guidance concerning corrective or disciplinary action in unusually important cases involving unauthorized disclosure or refusal to declassify.

(8) To maintain liaison with the Director of ISOO and to furnish reports and information as required by section 5.2 of the Order.

(b) Department of State. Within the Department of State, the senior official is the Deputy Assistant Secretary, Classification/Declassification Center, hereinafter referred to as (DAS/CDC). (c) AID. Within AID (a component of the International Development Cooperation Agency), the senior official is the Inspector General.

(d) USIA. Within USIA, the senior official is the Director, Office of the Public Liaison.

§ 9.3 Responsibility for safeguarding classified information.

(a) Primary. The specific responsibility for the maintenance of the security of classified information rests with each person having knowledge or

physical custody thereof, no matter how obtained.

(b) Individual. Each employee is responsible for becoming familiar with and adhering to all security regulations.

(c) Supervisory. The ultimate responsibility for safeguarding classified information rests upon each supervisor to the same degree that the supervisor is charged with functional responsibility for the organizational unit. While certain employees may be assigned specific security responsibilities, such as Top Secret Control Officer or Unit Security Officer, it is nevertheless the basic responsibility of supervisors to ensure that classified material entrusted to their organizational units is handled in accordance with the procedures prescribed in these regulations. Each supervisor should ensure that no one employee is assigned unreasonable security responsibilities in addition to usual administrative or functional duties.

(d) Organizational. The Offices of Security in State, AID, and USIA are responsible for physical, procedural, and personnel security in their respective agencies. In the Department of State, the Office of Communications (COMSEC) is responsible for communications security.

§ 9.4 Classification.

(a) When there is reasonable doubt about the need to classify information, the information shall be safeguarded as if it were "Confidential" pending a determination about its classification by an original classification authority. When there is reasonable doubt about the appropriate classification level, the information shall be safeguarded at the higher level pending the determination of its classification level by an original classification authority. Determinations hereunder shall be made within 30 days.

(b) Information may not be classified unless its disclosure reasonably could be expected to cause damage to the national security. Information may not be classified to conceal violations of law, inefficiency, or administrative error; to prevent embarrassment to a person, organization, or

agency; to restrain competition; or to prevent or delay the release of information that does not require protection in the interest of national security.

(c) The President or an agency head or official designated under section 1.2 (a)(2), 1.2 (b)(1), or 1.2 (c)(1) of the Order may reclassify information previously declassified and disclosed if it is determined in writing that (1) the information requires protection in the interest of national security, and (2) the information may reasonably be recovered. These reclassification actions shall be reported promptly to the Director of ISOO.

(d) It is permitted to classify or reclassify information after an agency has received a request for it under the Freedom of Information Act or the Privacy Act, or the mandatory review provisions of the Order, provided that such classification meets the requirements of the Order and is accomplished personally and on a documentby-document basis by the agency head, the deputy agency head, the senior official, or an official with original Top Secret classification authority. Every effort should be made to classify properly at the time of origin. When a determination is made that a document requires classification or reclassification, however, all holders of the document should be notified and, in the Department of State, a copy of the classification or reclassification memorandum should be sent to the Foreign Affairs Information Management Center (FAIM). In addition, if the classification or reclassification was done in any office other than the DAS/CDC, that office should send a copy of the pertinent memorandum to the CDC.

(e) For the Department of State, these functions will be performed by the DAS/CDC.

(f) For AID, the function will be performed by the Administrator.

(g) For USIA, the function will be performed by the Director of Public Liaison.

(h) Information classified in accordance with these regulations shall not be declassified automatically as a result of any unofficial publication or inadvertent or unauthorized disclosure

in the United States or abroad of identical or similar information.

§ 9.5 Classification designations.

(a) Only three (3) designations of classification are authorized: "Top Secret," "Secret," and "Confidential." (1) Top Secret. Information may be classified "Top Secret" if its unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to the national security. This classification should be used with the utmost restraint. Examples of "exceptionally grave damage" include armed hostilities against the United States or its allies; disruption of foreign relations vitally affecting the national security; the compromise of vital national defense plans or complex cryptologic and communications intelligence systems; the revelation of sensitive intelligence operations; and the disclosure of scientific or technological developments vital to national security.

(2) Secret. Information may be classified "Secret" if its unauthorized disclosure could reasonably be expected to cause serious damage to the national security. This classification should be used sparingly. Examples of "serious damage" include disruption of foreign relations significantly affecting the national security; significant impairment of a program or policy directly related to the national security; revelation of significant military plans or intelligence operations; and compromise of significant scientific or technological developments relating to national security.

(3) Confidential. Information may be classified "Confidential" if its unauthorized disclosure could reasonably be expected to cause damage to the national security. Except as otherwise provided by statute, no other terms shall be used to identify classified information. Terms or phrases such as "For Official Use Only" or "Limited Official Use" shall not be used to identify national security information. No other term or phrase shall be used in conjunction with these national security information designations, such as "Secret Sensitive" or "Agency Confidential" to identify national security information.

(b) Foreign government information. If classified by the foreign government, the information shall either retain its original classification or be assigned a U.S. classification designation which will ensure a degree of protection at least equivalent to that required by the entity that furnished the information. If not given a specific classification by the foreign government, the information will be assigned an appropriate classification dependent on the sensitivity of the subject matter and the degree of damage its unauthorized disclosure could reasonably be expected to cause to the national security. Classification designations assigned by the U.S. agency shall be marked on the foreign government information in accordance with the provisions of § 9.12.

§ 9.6 Requirements for classification.

With the exception of the Atomic Energy Act of 1954, as amended, these regulations are the only basis for classifying information in the agencies named herein. To be eligible for classification, information must meet the two following requirements:

(a) First, it must deal with one of the following criteria:

(1) Military plans, weapons, or operations;

(2) The vulnerabilities or capabilities of systems, installations, projects, or plans relating to the national security;

(3) Foreign government information; (4) Intelligence activities (including special activities), or intelligence sources or methods;

(5) Foreign relations or foreign activities of the United States;

(6) Scientific, technological, or economic matters relating to the national security;

(7) U.S. Government programs for safeguarding nuclear materials or facilities;

(8) Cryptology;

(9) Confidential sources; or

(10) Other categories of information that are related to the national security and that require protection against unauthorized disclosure as determined by the President or by agency heads or other officials who have been delegated original classification authority by the President. In the Department

of State, the DAS/CDC, as the senior official, shall recommend such other categories of information to the Secretary. Any determination made under this subsection shall be reported promptly to the Director of ISOO.

(b) Second, an official with original classification authority must determine that the unauthorized disclosure of the information, either by itself or in the context of other information, reasonably could be expected to cause damage to the national security. Unauthorized disclosure of foreign government information, the identity of a confidential foreign source, or intelligence sources or methods is presumed to cause damage to the national security.

(c) Certain information which would otherwise be unclassified may require classification when combined or associated with other classified or unclassified information. Classification on this basis shall be supported by a written explanation that, at a minimum, shall be maintained with the file or record copy of the information.

§ 9.7 Classification authority.

(a) In the Department of State authority for original classification of information as "Top Secret" may be exercised only by the Secretary of State and those officials delegated this authority in writing, by position or by name, by the Secretary or the DAS/ CDC, as the senior official, on the basis of their frequent need to exercise such authority. Normally these will not be below the level of Deputy Assistant Secretary in the Department; or Chief of Mission, Charge d'Affairs, or principal officer at an autonomous consular post overseas.

(b) Authority for original classification of information as "Secret" may be exercised by officials with Top Secret authority, the Administrator of AID, and the Director of USIA. This authority may be delegated to such subordinate officials as the senior official in the Department, the administrator of AID or the Director of USIA may designate in writing, by position or by name, on the basis of their frequent need to exercise such authority. Normally, these will not be below the level

of office director, section head (in a mission abroad), country public affairs officer, or equivalent.

(c) Authority for original classification of information as "Confidential" may be exercised by officials with Top Secret or Secret classification authority, and the President of the Overseas Private Investment Corporation; and may be delegated to such subordinate officials as the senior official in the Department, the Administrator of AID, the Director of USIA, or the President of OPIC may designate in writing, by position or by name, on the basis of their frequent need to exercise such authority.

(d) Delegated original classification authority at any level may not be redelegated.

(e) In the absence of an authorized classifier, the person designated to act for that official may exercise the classifying authority.

(f) In the Department of State the Classification/Declassification Center, and in AID and USIA the Office of Security, shall maintain a current listing, by classification designation, of the positions or officials carrying original classification authority. The listing shall be reviewed as needed to ensure that such delegations have been held to a minimum, and that officials so designated have a continuing need to exercise such authority.

(c) Automatic declassification determinations under predecessor orders shall remain valid unless the classification is extended by an authorized official of the originating agency. These extensions may be by individual documents or categories of information. The agency shall be responsible for notifying holders of the information of such extensions as soon as possible. The authority to extend the classification of information subject to automatic declassification under predecessor orders is limited to those officials who have classification authority over the information and are designated in writing to have original classification authority at the level of the information to remain classified. Any decision to extend this classification on other than a document-by-document basis shall be reported to the Director of the ISOO.

§ 9.10 Derivative classification.

(a) Derivative classification is made by a person, not necessarily having original classification authority, based on an originally classified document or as directed by a classification guide. The derivative classifier may be one who reproduces, extracts, restates, paraphrases, or summarizes classified materials, or applies markings in accordance with source material or a classification guide.

(b) Derivative classifiers must respect original classification markings. Only if the derived document, by means of paraphrasing, excising, etc., has clearly lost the original grounds for classification, may its original classification be removed or lowered.

(c) Subject to paragraph (b) of this section, markings on derivatively classified material, including declassification instructions, shall be carried forward from the original material, or shall be as directed by the classification guide.