Guidelines and Regulations

Guidelines and Regulations

The U.S. Classified National Security Information Program has undergone significant changes over the past decade, reflecting shifts in classification policy, information sharing, and security measures.

On December 29, 2009, President Obama signed Executive Order 13526, replacing E.O. 12958 and establishing the current baseline for classifying, safeguarding, and declassifying national security information. This order introduced the concept of automatic declassification after 25 years unless marked for continued classification, clarified classification levels (Top Secret, Secret, Confidential), and mandated specific agency responsibilities for classification guidance and security programs.

In 2010, several key Executive Orders were issued. Executive Order 13549 focused on the safeguarding of classified information on portable electronic devices and media, recognizing emerging cybersecurity threats and the need for enhanced protection of classified data in digital and mobile contexts. Executive Order 13556 established the Controlled Unclassified Information (CUI) program to standardize the handling of sensitive but unclassified information across agencies, promoting uniform policies to protect information that does not meet classification criteria but requires safeguarding or dissemination controls.

Later in 2010, Executive Order 13587 improved the security of classified networks and government information, emphasizing insider threat mitigation and enhancing information sharing protocols while safeguarding classified national security information from unauthorized disclosure.

In 2015, Executive Order 13691 established a framework to promote the sharing of classified cyber threat information with private sector entities and other stakeholders, balancing the need for security with collaboration to defend against cyber threats.

These orders were implemented with accompanying directives and policies from the National Archives, the Information Security Oversight Office (ISOO), and agency-specific implementing regulations, harmonizing classification standards, declassification procedures, and information security practices across the federal government.

The evolution through 2009–2022 reflects increasing emphasis on:

• Standardization and oversight (E.O. 13526, E.O. 13556),
• Addressing technological advances and cyber threats (E.O. 13549, E.O. 13587, E.O. 13691),
• Enhancing transparency and responsible declassification (E.O. 13526),
• Promoting secure information sharing beyond traditional government boundaries (E.O. 13691).

Together, these changes modernized the national security classification system to better safeguard information in a digital era, while also improving processes for sharing and declassifying information as appropriate.

In 2011, the Defense Security Enterprise (DSE) Strategy 2021-2025 was published, aiming to elevate, integrate, and optimize the DSE in partnership with other federal and industry stakeholders. The Office of the Undersecretary of Defense (Intelligence & Security)(OUSD(I&S)) Counterintelligence, Law Enforcement, & Security (CL&S) also published a strategy to communicate the Department's continuing intent for the DSE.

On January 3, 2011, a guidance memorandum was released to assist agencies in complying with the assessment requirements of the implementation of safeguarding procedures. The link for guidance on NCCS implementation can be found at https://www.dcsa.mil/is/nccs/gov_onboarding/. The memo for the implementation of the National Background Investigation Services Electronic Application (eApp) provides detailed information on the transition to the eApp component by October 1, 2023.

Executive Order 13526, 32 CFR Part 2001, prescribes a uniform system for classifying, safeguarding, and declassifying national security information. Executive Order 13556, 32 CFR Part 2002, establishes an open and uniform program for managing unclassified information that requires safeguarding or dissemination controls.

The NISP Contract Classification System Memo requires DoD Components to prepare for NCCS implementation using guidance established by DCSA. For more information on the NCCS implementation, please visit the provided link.

These updates reflect a commitment to enhancing national security while adapting to the evolving digital landscape and the need for collaboration across various sectors.

1. The changes in the U.S. Classified National Security Information Program over the past decade, as reflected in Executive Orders like 13526, 13549, 13556, 13587, and 13691, have significantly influenced political discussions about war-and-conflicts, policy-and-legislation, and general-news, given their impact on information security, national security, and digital era challenges.
2. The evolution of the national security classification system, particularly with the implementation of Executive Orders 13526, 13556, and 13691, has not only emphasized information sharing beyond traditional government boundaries but also generated general-news about the redefined policies and legislation concerning politics and war-and-conflicts.

Read also: