10 June 1999 Restored

12 April 1997
Source: http://www.dtic.mil:80/c3i/52001.html

DOCI: DODD 5200.1
DATE: January 1997 by ASD(C3I)<
TITL: DODD 5200.1 DoD Information Security Program

SUBJECT: DoD Information Security Program

References:

• (a) DoD Directive 5200.1, subject as above, June 7, 1982 (hereby canceled)
  (b) Executive Order 12958, "Classified National Security Information," April 20, 1995, as amended
  (c) Information Security Oversight Office Directive, "Classified National Security Information," October 13, 1995
  (d) DoD Instruction 5230.21, "Protection of Classified National Security Council and Intelligence Information," March 15, 1982 (hereby canceled)
  (e) through (i), see enclosure l

A. REISSUANCE AND PURPOSE

This Directive:

• 1. Reissues reference (a) to update policy and responsibilities for the DoD Information Security Program under references (b) and (c).
  2. Replaces references (d) through (f).
  3. Continues to authorize the publication of DoD 5200.1-R (reference (g)), in accordance with DoD 5025.1-M (reference (h)).

B. APPLICABILITY

This Directive applies to the Office of the Secretary of Defense, the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Inspector General of the Department of Defense, the Defense Agencies, and the DoD Field Activities (hereafter referred to collectively as "the DoD Components").

C. DEFINITIONS

• 1. Compromise. A communication or physical transfer of classified information to an unauthorized recipient.
  2. Information. Any knowledge that may be communicated or documentary material, regardless of its physical form or characteristics, that is owned by, produced by or for, or is under the control of, the Department of Defense.
  3. National Security. The national defense or foreign relations of the United States.

D. POLICY

It is DoD policy that:

• 1. National security information shall be classified, declassified and safeguarded, in accordance with national-level policy issuances. Misclassification shall be avoided.
  2. Declassification of information shall receive equal attention with classification to ensure that information remains classified only as long as required by national security considerations.
  3. The volume of classified national security information shall be reduced to the minimum necessary to meet operational requirements.
  4. An active security education and training program shall be established and maintained to ensure that DoD military and civilian personnel who require access to classified national security information in the conduct of official business are familiar with their responsibilities for protecting such information from unauthorized disclosure.

E. RESPONSIBILITIES

l. The Assistant Secretary of Defense for Command, Control, Communications, and Intelligence shall:

• a. Serve as the Senior Agency Official for the Department of Defense under subsection 5.6.(c) of E.O. 12958, as amended (reference (b)).
  b. Direct, administer, and oversee the DoD Information Security Program to ensure that the program is efficient, recognizes assigned authorities and responsibilities, and that appropriate management safeguards are in place to prevent fraud, waste, and abuse.
  c. Approve, when appropriate, requests for exceptions to DoD Information Security Program policies and procedures.
  d. Approve and publish DoD Instructions and Publications, as necessary, to guide, direct, or help DoD Information Security Program activities, consistent with DoD 5025.1-M (reference (h)).
  e. Encourage liaison between the DoD Components and industry; professional associations; academia; Federal, State, and local government organizations; and international organizations to acquire information that may be of use in improving the DoD Information Security Program.
  f. Assist the Under Secretary of Defense for Acquisition and Technology, as required, in implementing the DoD Acquisition Systems Protection Program, both by establishing security policy and providing technical security support to that program.

2. The Under Secretary of Defense for Policy shall:

• a. Direct, administer and oversee that portion of the DoD Information Security Program pertaining to Special Access Programs, foreign government (including North Atlantic Treaty Organization) classified information, the National Disclosure Policy and security arrangements for international programs.
  b. Approve, when appropriate, requests for exception to policy involving any programs listed in paragraph E.2.a., above.

3. The Assistant Secretary of Defense for Public Affairs shall:

• a. Direct and administer a DoD Mandatory Declassification Review Program under subsection 3.6. of E.O. 12958 (reference (b)).
  b. Establish policies and procedures for processing mandatory declassification review requests, including appeals consistent with subsection 3.6.(d) of reference (b) and Section 2001.13 of the Information Security Oversight Office Directive (reference (c)), which make maximum use of DoD Component resources and systems established to implement DoD Directive 5400.7 (reference (i)).

4. The Under Secretary of Defense for Acquisition and Technology shall serve as the office of primary responsibility and provide day-to-day direction and management of the DoD Acquisition Systems Protection Program.

5. The Secretaries of the Military Departments, as Agency Heads under reference (b), and the Heads of the Other DoD Components, shall:

• a. Designate a senior agency official for their respective Departments who shall be responsible for the direction and administration of the Department's information security program, to include active oversight, classification, declassification and security education and training programs to ensure effective implementation of reference (b) and DoD 5200.1-R (reference (g)).
  b. Ensure that funding and resources are adequate to carry out such oversight, classification, declassification and security education and training programs.
  c. Consider and take action on complaints and suggestions from persons in or outside the Government regarding the Department's Information Security Program.

6. The Director, National Security Agency, shall, as the designee of the Secretary of Defense, when necessary, impose special requirements on the classification, declassification, marking, reproduction, distribution, accounting, and protection of and access to classified cryptologic information.

F. EFFECTIVE DATE

This Directive is effective immediately.

Enclosure

References

(e) DoD Instruction O-5230.22, "Security Controls on the Dissemination of Intelligence Information," August 17, 1988 (hereby canceled)

(f) DoD Directive 5200.12, "Conduct of Classified Meetings," July 27, 1992 (hereby canceled)

(g) DoD 5200.1-R, "Department of Defense Information Security Program Regulation," January 17, 1997 authorized by this Directive

(h) DoD 5025.1-M, "DoD Directives System Procedures," August 1994, authorized by DoD Directive 5025.1, June 24, 1994

(i) DoD Directive 5400.7, "DoD Freedom of Information Act Program," May 13, 1988