Overview
A security clearance is a privilege, not a right. When you accept the privilege of access to classified information, you are also accepting the responsibilities that accompany this privilege. This guide informs you of your responsibilities and provides information to help you fulfill them.
Your responsibility to protect the classified information that you learn about is a LIFELONG obligation. It continues even after you no longer have an active security clearance.
The Nondisclosure Agreement you signed when accepting your clearance is a legally binding agreement between you and the U.S. Government in which you agreed to comply with procedures for safeguarding classified information and acknowledged that there are legal sanctions for violating this agreement. Deliberate violation for profit may be prosecuted. This agreement assigned to the U.S. Government the legal right to any payments, royalties or other benefits you might receive as a result of unauthorized disclosure of classified information. Your signed Nondisclosure Agreement is the only form held on file long after you retire (50 years!).
The various topics in this module of the Security Guide discuss procedures for handling, marking, safeguarding, and communicating classified information. The regulatory basis for these procedures is Executive Order 12985, Classified National Security Information, dated October 13, 1995, as amended March 28, 2003. National guidance for implementing this order is in the Information Security Oversight Office (ISOO) Classified National Security Information Directive No. 1, September 22, 2003. Many individual departments, agencies, and offices also have their own implementing regulations, for example, Department of Defense Regulation 5200.1, Information Security Program.
Failure to comply with these procedures may result in adverse administration action including revocation of your security clearance. When we study the history of foreign intelligence activities against the United States, one thing becomes very clear. When our adversaries or competitors are successful in obtaining classified or other sensitive information, it is usually due to negligence, willful disregard for security, or betrayal of trust by our own personnel.
The Bottom Line
Pogo, a popular cartoon character from the 1960s, coined an oft-quoted phrase: "We have met the enemy, and he is us." That sums it up. We – not our foreign adversaries or competitors – are the principal source of the problem, but we can also become the solution. You and I and all others who hold a security clearance are the first line of defense against espionage and other loss of sensitive information. Together, if we fulfill our responsibilities, we have the power to protect our national security and economic interests.
Need-to-Know
Your security clearance does not give you approved access to all classified information. It gives you access only to:
-
Information at the same or lower level of classification as the level of the clearance granted; AND that you have a "need-to-know" in order to perform your work.
Need-to-know is one of the most fundamental security principles. The practice of need-to-know limits the damage that can be done by a trusted insider who goes bad. Failures in implementing the need-to-know principle have contributed greatly to the damage caused by a number of recent espionage cases.
Need-to-know imposes a dual responsibility on you and all other authorized holders of classified information:
-
When doing your job, you are expected to limit your requests for information to that which you have a genuine need-to-know. Under some circumstances, you may be expected to explain and justify your need-to-know when asking others for information.
-
Conversely, you are expected to ensure that anyone to whom you give classified information has a legitimate need to know that information. You are obliged to ask the other person for sufficient information to enable you to make an informed decision about their need-to-know, and the other person is obliged to justify their need-to-know.
-
You are expected to refrain from discussing classified information in hallways, cafeterias, elevators, rest rooms or smoking areas where the discussion may be overheard by persons who do not have a need-to-know the subject of conversation.
You are also obliged to report to your security office any co-worker who repeatedly violates the need-to-know principle.
|
Need-to-know is difficult to implement as it conflicts with our natural desire to be friendly and helpful. It also requires a level of personal responsibility that many of us find difficult to accept. The importance of limiting sensitive information to those who have a need to know is underscored, however, every time a trusted insider is found to have betrayed that trust.
|
Here are some specific circumstances when you need to be particularly careful:
-
An individual from another organization may contact you and ask for information about your classified project. Even though you have reason to believe this person has the appropriate clearance, you are also obliged to confirm the individual’s need-to-know before providing information. If you have any doubt, consult your supervisor or security officer.
-
Difficult situations sometimes arise when talking with friends who used to be assigned to the same classified program where you are now working. The fact that a colleague formerly had a need-to-know about this program does not mean he or she may have access to the information. There is no "need" to keep up to date on sensitive developments after being transferred to a different assignment.
-
The need-to-know principle also applies to placing classified information on computer networks. Before doing so, make sure it is appropriate for this information to be seen by all persons with access to the system. Although every individual gaining access to a particular computer network is cleared for the clearance level of that system, they may not have a need to know all of the information posted on the system.
Share with your friends: |
