Classification Guidelines
And Distribution Controls

Original and Derivative Classification

Executive Order 12958, April 17, 1995, sets U.S. Government policy for classifying national security information that must be protected from unauthorized disclosure. Information is classified in one of two ways -- originally or derivatively.

Original classification is the initial determination that information requires protection. Only U.S. Government officials to whom this authority has been delegated in writing and who have been trained in classification requirements have the authority for original classification. Original classification authorities issue security classification guides that others use in making derivative classification decisions. Most government employees and contractors make derivative classification decisions.

Derivative classification is the act of classifying a specific item of information or material on the basis of an original classification decision already made by an authorized original classification authority. The source of authority for derivative classification ordinarily consists of a previously classified document or a classification guide issued by an original classification authority.

For example, Defense contractors make derivative classification decisions based on the Contract Security Classification Specification that is issued with each classified contract. If a contractor develops an unsolicited proposal or originates information not in the performance of a classified contract, the following rules apply. If the information was previously identified as classified, it should be classified derivatively. If the information was not previously classified, but the contractor believes the information may be or should be classified, the contractor should protect the information as though classified at the appropriate level and submit it to the agency that has an interest in the subject matter for a classification determination. In such a case, the material should be marked CLASSIFICATION DETERMINATION PENDING. Protect as though classified (TOP SECRET, SECRET, or CONFIDENTIAL).

The full text of Executive Order 12958 is available at DSS website at  Classification guidelines for defense contractors are in Chapter 4 of the National Industrial Security Program Operating Manual. Full text of the NISPOM is available on the Defense Security Service Internet site at,

Classification Levels

Information that must be controlled to protect the national security is assigned one of three levels of classification, as follows:

  • TOP SECRET information is information which, if disclosed without authorization, could reasonably be expected to cause exceptionally grave damage to the national security.
  • SECRET information is information which, if disclosed without authorization, could reasonably be expected to cause serious damage to the national security.
  • CONFIDENTIAL information is information which, if disclosed without authorization, could reasonably be expected to cause damage to the national security.

Atomic energy information is classified under the Atomic Energy Act of 1954, and the procedures differ from those prescribed for National Security Information. Atomic energy information is automatically classified and remains classified until a positive action is taken to declassify it. It may be declassified only by the Department of Energy. Consult your security officer for information on marking and handling atomic energy information. There are two types:

  • RESTRICTED DATA covers "all data concerning (1) design, manufacture, or utilization of atomic weapons; (2) the production of special nuclear material; or (3) the use of special nuclear material in the production of energy," except for data that has been declassified or removed from the Restricted Data category.
  • FORMERLY RESTRICTED DATA is information which has been removed from the Restricted Data category after Department of Energy and Department of Defense have jointly determined that the information relates primarily to the military utilization of atomic weapons and can be adequately safeguarded as National Security Information. The word "formerly" only means that such information is no longer subject to controls under the Atomic Energy Act. Formerly Restricted Data remains classified and subject to controls on National Security Information. Such data may not be given to any other nation except under specially approved agreements.  It is identified and handled as RESTRICTED DATA when sent outside the United States.

RESTRICTED DATA and FORMERLY RESTRICTED DATA should also be marked with one of the three classification levels -- TOP SECRET, SECRET, or CONFIDENTIAL.

Challenging a Classification

Any approved holder of classified information who believes the information is classified improperly or unnecessarily, or that current security considerations justify downgrading to a lower classification or upgrading to a higher classification, or that security classification guidance is improper or inadequate, is encouraged and expected to challenge the classification status.

Government employees should pursue such actions through established agency procedures that protect individuals from retribution for bringing such actions, provide an opportunity for review by an impartial official or panel, and provide a right of appeal to the Interagency Security Classification Appeals Panel. Contractors should appeal such issues through their pertinent government contracting authority.

Distribution Controls

In addition to its classification, intelligence information and certain scientific or technical information may also be subject to other controls on its distribution and handling. It is your responsibility to understand and comply with the control markings on classified information. If you are not sure, contact your security office. These control markings include:

  • Dissemination and Extraction of Information Controlled by Originator (ORCON) or (OC) means that any additional distribution or inclusion in another document must be approved by the originator of the document. It is used on intelligence information that could permit identification of a sensitive intelligence source or method.
  • Not Releasable to Contractors/Consultants (NOCONTRACT) has been discontinued but is still seen on older documents. Check with the originator of the document regarding any ongoing controls on the use of such a document.  This caveat was used on intelligence information that is provided by a source on the express or implied condition that it not be made available to contractors; or that, if disclosed to a contractor, would actually or potentially give him/her a competitive advantage or cause a conflict of interest with his/her obligation to protect the information.
  • Caution - Proprietary Information Involved (PROPIN) or (PR) is used with or without a security classification to identify information provided by a commercial firm or private source under an express or implied understanding that the information will be protected as a trade secret or proprietary data with actual value.
  • NOFORN is for intelligence information that may not be passed to foreign nationals.
  • Authorized for Release to ____ (REL TO) signifies intelligence information that is releasable to or has been released through proper disclosure channels to the named foreign government or international organization.
  • Sensitive Compartmented Information (SCI) applies to certain intelligence sources, methods, or analytical processes that are subject to a formal access control system established by the Director of Central Intelligence. Special approval is required for access to SCI.
  • Communications Security (COMSEC) is the protection of all elements of telecommunications -- encryption, transmission, emissions, and the physical security of equipment and materials.
  • Cryptographic Material (CRYPTO) identifies information or materials that must be handled through special cryptographic channels.
  • Warning Notice - Intelligence Sources or Methods Involved (WNINTEL) has been discontinued but is still seen on older documents.  It was used on intelligence information that identifies or would reasonably permit identification of an intelligence source or method that is susceptible to countermeasures that could nullify or reduce its effectiveness.
  • Critical Nuclear Weapons Design Information (CNWDI) or (N) applies to information that reveals the theory of operation or design of the components of a thermonuclear or fission bomb, warhead, demolition munition, or test device. Special handling procedures are required.

Department of Defense also uses the marking Alternative or Compensatory Control Measures (ACCM) for classified information that requires special security measures to safeguard classified intelligence or operations and support information when normal measures are insufficient to achieve strict need-to-know controls and where special access program (SAP) controls are not required. ACCM measures are defined as the maintenance of lists of personnel to whom the specific classified information has been or may be provided together with the use of an unclassified nickname. The ACCM designation is used in conjunction with the security classification to identify the portion, page, and document containing ACCM information.

Related Topics: Marking Classified Information, Handling Classified Information, For Official Use Only (FOUO), Foreign Government Classified Information.


<-- PrevNext -->