20 May 2006

Source: http://www.gpoaccess.gov/cfr/index.html

-----------------------------------------------------------------------

[Code of Federal Regulations]
[Title 31, Volume 1]
[Revised as of July 1, 2003]
From the U.S. Government Printing Office via GPO Access
[CITE: 31CFR2]

[Page 83-109]
 
                  TITLE 31--MONEY AND FINANCE: TREASURY
 
PART 2--NATIONAL SECURITY INFORMATION

                   Subpart A--Original Classification

Sec.
2.1  Classification levels [1.1(a)].
2.2  Classification Authority.
2.3  Listing of original classification authorities.
2.4  Record requirements.
2.5  Classification categories.
2.6  Duration of classification.
2.7  Identification and markings [1.5(a), (b) (c)].
2.8  Limitations on classification [1.6(c)].

                  Subpart B--Derivative Classification

2.9  Derivative Classification Authority.
2.10  Listing derivative classification authorities.
2.11  Use of derivative classification [2.1].
2.12  Classification guides.
2.13  Derivative identification and markings [1.5(c) and 2.1(b)].

               Subpart C--Downgrading and Declassification

2.14  Listing downgrading and declassification authorities [3.1(b)].
2.15  Declassification policy [3.1].
2.16  Downgrading and declassification markings.
2.17  Systematic review for declassification [3.3].
2.18  Mandatory declassification review [3.4].
2.19  Assistance to the Department of State [3.3(b)].
2.20  Freedom of Information/Privacy Act requests [3.4].

                         Subpart D--Safeguarding

2.21  General [4.1].
2.22  General restrictions on access [4.1].
2.23  Access by historical researchers and former presidential 
          appointees [4.3].
2.24  Dissemination [4.1(d)].
2.25  Standards for security equipment [4.1(b) and 5.1(b)].
2.26  Accountability procedures [4.1(b)].
2.27  Storage [4.1(b)].
2.28  Transmittal [4.1(b)].
2.29  Telecommunications and computer transmissions.
2.30  Special access programs [1.2(a) and 4.2(a)].
2.31  Reproduction controls [4.1(b)].
2.32  Loss or possible compromise [4.1(b)].
2.33  Responsibilities of holders [4.1(b)].
2.34  Inspections [4.1(b)].
2.35  Security violations.
2.36  Disposition and destruction [4.1(b)].
2.37  National Security Decision Directive 197.

                  Subpart E--Implementation and Review

2.38  Departmental management.
2.39  Bureau administration.
2.40  Emergency planning [4.1(b)].
2.41  Emergency authority [4.1(b)].
2.42  Security education [5.3(a)].

                      Subpart F--General Provisions

2.43  Definitions [6.1].

    Authority: 31 U.S.C. 321; E.O. 12958, 60 FR 19825, 3 CFR, 1995 
Comp., p. 333.

    Source: 55 FR 1644, Jan. 17, 1990, unless otherwise noted.

[[Page 84]]

                   Subpart A--Original Classification

Sec. 2.1  Classification levels [1.1(a)].\1\
---------------------------------------------------------------------------

    \1\ Related references are related to sections of Executive Order 
12356, 47 FR 14874, April 6, 1982.
---------------------------------------------------------------------------

    (a) National security information (hereinafter also referred to as 
``classified information'') shall be classified at one of the following 
three levels:
    (1) Top Secret shall be applied to information, the unauthorized 
disclosure of which reasonably could be expected to cause exceptionally 
grave damage to the national security.
    (2) Secret shall be applied to information, the unauthorized 
disclosure of which reasonably could be expected to cause serious damage 
to the national security.
    (3) Confidential shall be applied to information, the unauthorized 
disclosure of which reasonably could be expected to cause damage to the 
national security.
    (b) Limitations [1.1(b)]. Markings other than ``Top Secret,'' 
``Secret,'' and ``Confidential,'' shall not be used to identify national 
security information. No other terms or phrases are to be used in 
conjunction with these markings to identify national security 
information, such as ``Secret/Sensitive'' or ``Agency Confidential''. 
The terms ``Top Secret,'' ``Secret,'' and ``Confidential'' are not to be 
used to identify non-classified Executive Branch information. The 
administrative control legend, ``Limited Official Use'', is authorized 
in Treasury Directive 71-02, ``Safeguarding Officially Limited 
Information,'' which requires that information so marked is to be 
handled, safeguarded and stored in a manner equivalent to national 
security information classified Confidential.
    (c) Reasonable Doubt [1.1(c)]. When there is reasonable doubt about 
the need to classify information, the information shall be safeguarded 
as if it were ``Confidential'' information in accordance with subpart D 
of this regulation, pending a determination about its classification. 
Upon a final determination of a need for classification, the information 
that is classified shall be marked as provided in Sec. 2.7. When there 
is reasonable doubt about the appropriate classification level, the 
information shall be safeguarded at the higher level in accordance with 
subpart D, pending a determination of its classification level. Upon a 
final determination of its classification level, the information shall 
be marked as provided in Sec. 2.7.

Sec. 2.2  Classification Authority.

    Designations of original classification authority for national 
security information are contained in Treasury Order (TO) 102-19 (or 
successor order), which is published in the Federal Register. The 
authority to classify inheres within the office and may be exercised by 
a person acting in that capacity. There may be additional redelegations 
of original classification authority made pursuant to TO 102-19 (or 
successor order). Officials with original classification authority may 
derivatively classify at the same classification level.

[63 FR 14357, Mar. 25, 1998]

Sec. 2.3  Listing of original classification authorities.

    Delegations of original Top Secret, Secret and Confidential 
classification authority shall be in writing and be reported annually to 
the Departmental Director of Security, who shall maintain such 
information on behalf of the Assistant Secretary (Management). These 
delegations are to be limited to the minimum number absolutely required 
for efficient administration. Periodic reviews and evaluations of such 
delegations shall be made by the Departmental Director of Security to 
ensure that the officials so designated have demonstrated a continuing 
need to exercise such authority. If, after reviewing and evaluating the 
information, the Departmental Director of Security determines that such 
officials have not demonstrated a continuing need to exercise such 
authority, the Departmental Director of Security shall recommend to the 
Assistant Secretary (Management), as warranted, the reduction or 
elimination of such authority. The Assistant Secretary (Management) 
shall take appropriate action in consultation with the affected 
official(s) and the Departmental Director of Security. Such action may

[[Page 85]]

include relinquishment of this authority where the Assistant Secretary 
(Management) determines that a firm basis for retention does not exist.

Sec. 2.4  Record requirements.

    The Departmental Director of Security shall maintain a listing by 
name, position title and delegated classification level, of all 
officials in the Departmental Offices who are authorized under this 
regulation to originally classify information as Top Secret, Secret or 
Confidential. Officials within the Departmental Offices with Top Secret 
classification authority shall report in writing on TD F 71-01.14 
(Report of Authorized Classifiers) to the Departmental Director of 
Security, the names, position titles and authorized classification 
levels of the officials designated by them in writing to have original 
Secret or Confidential classification authority. The head of each bureau 
shall maintain a similar listing of all officials in his or her bureau 
authorized to apply original Secret and Confidential classification and 
shall provide a copy of TD F 71-01.14, reflecting the list of officials 
so authorized, to the Departmental Director of Security. These listings 
shall be compiled and reported no less than annually each October 15th 
as required by Treasury Directive 71-01, ``Agency Information Security 
Program Data''.

Sec. 2.5  Classification categories.

    (a) Classification in Context of Related Information [1.3(b)]. 
Certain information which would otherwise be unclassified may require 
classification when combined or associated with other unclassified or 
classified information. Such classification on an aggregate basis shall 
be supported by a written explanation that, at a minimum, shall be 
maintained with the file or referenced on the record copy of the 
information.
    (b) Unofficial Publication or Disclosure [1.3(d)]. Following an 
inadvertent or unauthorized publication or disclosure of information 
identical or similar to information that has been classified in 
accordance with the Order or predecessor Orders, the agency of primary 
interest shall determine the degree of damage to the national security, 
the need for continued classification, and, in coordination with the 
agency in which the disclosure occurred, what action must be taken to 
prevent similar occurrences under procedures contained in Sec. 2.32.

Sec. 2.6  Duration of classification.

    (a) Information Not Marked for Declassification [1.4]. Information 
classified under predecessor orders that is not subject to automatic 
declassification shall remain classified until reviewed for possible 
declassification.
    (b) Authority to Extend Automatic Declassification Determinations 
[1.4(b)]. The authority to extend classification of information subject 
to automatic declassification under any predecessor Executive Order to 
the Order is limited to those officials who have classification 
authority over the information and are designated in writing to have 
original classification authority at the level of the information to 
remain classified. Any decision to extend the classification on other 
than a document-by-document basis shall be reported to the Assistant 
Secretary (Management) who shall, in turn, report this fact to the 
Director of the Information Security Oversight Office.

Sec. 2.7  Identification and markings [1.5(a), (b) and (c)].

    The information security system requires that standard markings be 
applied to classified information. Except in extraordinary circumstances 
as provided in section 1.5(a) of the Order, or as indicated herein, the 
marking of paper and electronically created documents shall not deviate 
from the following prescribed formats. These markings shall also be 
affixed to material other than paper and electronically created 
documents, including file folders, film, tape, etc., or the originator 
shall provide holders or recipients of the information with written 
instructions for protecting the information.
    (a) Classification Level. The markings ``Top Secret,'' ``Secret,'' 
and ``Confidential'' are used to indicate: information that requires 
protection as classified information under the Order;

[[Page 86]]

the highest level of classification contained in a document; the 
classification level of each page and, in abbreviated form, the 
classification of each portion of a document.
    (1) Overall Marking. The highest level of classification of 
information in a document shall be marked in such a way as to 
distinguish it clearly from the informational text. Markings shall 
appear at the top and bottom of the outside of the front cover (if any), 
on the title page (if any), on the first and last pages bearing text, 
and on the outside of the back cover (if any).
    (2) Page Marking. Each interior page of a classified document is to 
be marked at the top and bottom, either according to the highest 
classification of the content of the page, including the designation 
``UNCLASSIFIED'' when it is applicable, or with the highest overall 
classification of the document.
    (3) Portion Marking. Only the Secretary of the Treasury may waive 
the portion marking requirement for specified classes of documents or 
information upon a written determination that:
    (i) There will be minimal circulation of the specified documents or 
information and minimal potential usage of the documents or information 
as a source for derivative classification determinations; or
    (ii) There is some other basis to conclude that the potential 
benefits of portion marking are clearly outweighed by the increased 
administrative burdens.
    (b) Unless the portion marking requirement has been waived as 
authorized, each portion of a document, including subjects and titles, 
shall be marked by placing a parenthetical designation either 
immediately preceding or following the text to which it applies. The 
symbols, ``(TS)'' for Top Secret, ``(S)'' for Secret, ``(C)'' for 
Confidential, and ``(U)'' for Unclassified shall be used for this 
purpose. The symbol, ``(LOU)'' shall be used for Limited Official Use 
information. If the application of parenthetical designations is not 
practicable, the document shall contain a statement sufficient to 
identify the information that is classified and the level of such 
classification, as well as the information that is not classified. If 
all portions of a document are classified at the same level, this fact 
may be indicated by a statement to that effect, e.g. ``Entire Text is 
Classified Confidential.'' If a subject or title requires 
classification, an unclassified identifier may be applied to facilitate 
reference.
    (c) Classification Authority. If the original classifier is other 
than the signer or approver of the document, his or her indentity shall 
be shown at the bottom of the first and last pages as follows: 
``CLASSIFIED BY (identification of original classification authority)''.
    (d) Bureau and Office of Origin. If the identity of the originating 
bureau or office is not apparent on the face of the document, it shall 
be clearly indicated below the ``CLASSIFIED BY'' line.
    (e) Downgrading and Declassification Instructions. Downgrading and, 
as applicable, declassification instructions shall be shown as follows:
    (1) For information to be declassified automatically on a specific 
date:

Classified by___________________________________________________________
Office__________________________________________________________________
Declassify on (date)____________________________________________________

    (2) For information to be declassified automatically upon the 
occurrence of a specific event:

Classified by __________________________________________________________
Office _________________________________________________________________
Declassify on (description of event) ___________________________________

    (3) For information not to be declassified automatically:

Classified by __________________________________________________________
Office _________________________________________________________________
Declassify on Origination Agency's Determination Required or ``OADR''

    (4) For information to be downgraded automatically on a specific 
date or upon occurrence of a specific event:

Classified by __________________________________________________________
Office _________________________________________________________________
Downgrade to ___________________________________________________________
on (date or description of event) ______________________________________

    (f) Special Markings--(1) Transmittal Documents [1.5(c)]. A 
transmittal document shall indicate on its first page and last page, if 
any, the highest classification of any information transmitted by it. It 
shall also include on

[[Page 87]]

the first and last pages the following or similar instruction:
    (i) For an unclassified transmittal document:

Unclassified When Classified
Enclosure(s) Detached.

    (ii) For a classified transmittal document:

Upon Removal of Attachment(s)
this Document is _______________________________________________________


(classification level of the transmittal document alone), or:

This Document is Classified ____________________________________________
with Unclassified Attachment(s).

    (2) Restricted Data or Formerly Restricted Data [6.2(a)]. Restricted 
Data or Formerly Restricted Data shall be marked in accordance with 
regulations issued under the Atomic Energy Act of 1954, as amended. 
Restricted Data is information dealing with the design, manufacture, or 
utilization of atomic weapons, production of special nuclear material or 
use of special nuclear material in the production of energy. Formerly 
Restricted Data is classified information that has been removed from the 
``restricted data'' category but still remains classified. It relates 
primarily to the military utilization of atomic weapons.
    (3) <strong>Intelligence</strong> Sources or Methods [1.5(c)]. Documents that contain 
information relating to <strong>intelligence</strong> sources or methods shall include 
the following marking unless otherwise prescribed by the Director of 
Central <strong>Intelligence</strong>: ``WARNING NOTICE--<strong>INTELLIGENCE</strong> SOURCES OR METHODS 
INVOLVED'' To avoid confusion as to the extent of dissemination and use 
restrictions governing the information involved, this marking may not be 
used in conjunction with special access or sensitive compartmented 
information controls.
    (4) Foreign Government Information (FGI) [1.5(c)]. Documents that 
contain FGI shall include either the marking ``FOREIGN GOVERNMENT 
INFORMATION,'' or a marking that otherwise indicates that the 
information is foreign government information. If the information is 
foreign government information that must be concealed, given the 
relationship or understanding with the foreign government providing the 
information, the marking shall not be used and the document shall be 
marked as if it were wholly of United States origin. However, such a 
marking must be supported by a written explanation that, at a minimum, 
shall be maintained with the file or referenced on the original or 
record copy of the document or information.
    (5) National Security Information [4.1(c)]. Classified information 
furnished outside the Executive Branch shall show the following marking:

NATIONAL SECURITY INFORMATION
Unauthorized Disclosure Subject to
Administrative and Criminal Sanctions

    (6) Automated Data Processing (ADP) and Computer Output [1.5(c)]. 
(i) Documents that are generated via ADP or as computer output may be 
marked automatically by systems software. If automatic marking is not 
practicable, such documents must be marked manually.
    (ii) Removable information storage media, however, will bear 
external labels indicating the security classification of the 
information and associated security markings, as applicable, such as 
handling caveats and dissemination controls. Examples of such media 
include magnetic tape reels, cartridges, and cassettes; removable disks, 
disk cartridges, disk packs, and diskettes, including ``floppy'' or 
flexible disks; paper tape reels; and magnetic and punched cards. Two 
labels may be required on each medium: a color coded security 
classification label, i.e., orange Standard Form 706 (Top Secret label), 
red SF 707 (Secret label), blue SF 708 (Confidential label), purple SF 
709 (Classified label), green SF 710 (Unclassified label); and a white 
SF 711 (Data Descriptor label). National stock numbers of the labels, 
which are available through normal Federal Supply channels, are as 
follows: SF 706, 7540-01-207-5536; SF 707, 7450-01-207-5537; SF 708, 
7450-01-207-5538; SF 709, 7540-01-207-5540; SF 710, 7540-01-207-5539 and 
SF 711, 7540-01-207-5541. Treasury Directive 71-02 provides for the use 
of a green ``Officially Limited Information'' label, TD F 71-05.2, to 
identify information so marked.
    (iii) In a mixed environment in which classified and unclassified 
information in processed or stored, the ``Unclassified'' label must be 
used to identify the

[[Page 88]]

media containing unclassified information. In environments in which only 
unclassified information is processed or stored, the use of the 
``Unclassified'' label is not required. Unclassified media, however, 
that are on loan from (and must be returned to) vendors do not require 
the ``Unclassified'' label, but each requires a Data Descriptor label 
with the words, ``Unclassified Vendor Medium'' entered on it.
    (iv) Each medium shall be appropriately affixed with a 
classification label and, as applicable, with a Data Descriptor label at 
the earliest practicable time as soon as the proper security 
classification or control has been established. Labels shall be 
conspicuously placed on media in a manner that will not adversely affect 
operation of the equipment in which the media is used. Once applied, the 
label is not to be removed. A label to identify a higher level of 
classification may, however, be applied on top of a lower classification 
level in the event that the content of the media changes, e.g., from 
Confidential to Secret. A lower classification label may not be applied 
to media already bearing a higher classification label. Personnel shall 
be responsible for appropriately labeling and controlling ADP and 
computer storage media within their possession.
    (g) Electronically Transmitted Information (Messages) [1.5(c)]. 
Classified information that is transmitted electronically shall be 
marked as follows:
    (1) The highest level of classification shall appear before the 
first line of text;
    (2) A ``CLASSIFIED BY'' line is not required;
    (3) The duration of classification shall appear as follows:
    (i) For information to be declassified automatically on a specific 
date: ``DECL: (date)'';
    (ii) For information to be declassified upon occurrence of a 
specific event: ``DECL: (description of event)'';
    (iii) For information not to be automatically declassified which 
requires the originating agency's determination (see also 
Sec. 2.7(e)(3)): ``DECL: OADR'';
    (iv) For information to be automatically downgraded: ``DOWNGRADE TO 
(classification level to which the information is to be downgraded) ON 
(date or description of event on which downgrading is to occur)''.
    (4) Portion marking shall be as prescribed in Sec. 2.7(a)(3);
    (5) Specially designated markings as prescribed in Sec. 2.7(f) (2), 
(3), and (4) shall appear after the marking for the highest level of 
classification. These include:
    (i) Restricted Data or Formerly Restricted Data;
    (ii) Information concerning <strong>intelligence</strong> sources or methods: 
``WNINTEL,'' unless otherwise prescribed by the Director of Central 
<strong>Intelligence</strong>; and
    (iii) Foreign Government Information (FGI).
    (6) Paper copies of electronically transmitted messages shall be 
marked as provided in Sec. 2.7(a) (1), (2), and (3).
    (h) Changes in Classification Markings [4.1(b)]. When a change is 
made in the duration of classified information, all holders of record 
shall be promptly notified. If practicable, holders of record shall also 
be notified of a change in the level of classification. Holders shall 
alter the markings on their copy of the information to conform to the 
change, citing the authority for it. If the remarking of large 
quantities of information is unduly burdensome, the holder may attach a 
change of classification notice to the storage unit in lieu of the 
marking action otherwise required. Items withdrawn from the collection 
for purposes other than transfer for storage shall be marked promptly in 
accordance with the change notice.

Sec. 2.8  Limitations on classification [1.6(c)].

    (a) Before reclassifying information as provided in section 1.6(c) 
of the Order, authorized officials, who must have original 
classification authority and jurisdiction over the information involved, 
shall consider the following factors which shall be addressed in a 
report to the Assistant Secretary (Management) who shall in turn forward 
a report to the Director of the Information Security Oversight Office:
    (1) The elapsed time following disclosure;
    (2) The nature and extent of disclosure;

[[Page 89]]

    (3) The ability to bring the fact of reclassification to the 
attention of persons to whom the information was disclosed;
    (4) The ability to prevent further disclosure; and
    (5) The ability to retrieve the information voluntarily from persons 
not authorized access in its reclassified state.
    (b) Information may be classified or reclassified after it has been 
requested under the Freedom of Information Act (5 U.S.C. 552), the 
Privacy Act of 1974 (5 U.S.C. 552a), or the mandatory declassification 
review provisions of the Order if such classification meets the 
requirements of the Order and is accomplished personally and on a 
document-by-document basis by the Secretary of the Treasury, the Deputy 
Secretary, the Assistant Secretary (Management) or an official with 
original Top Secret classification authority. Such reclassification 
actions shall be reported in writing to the Departmental Director of 
Security.
    (c) In no case may information be classified or reclassified in 
order to conceal violations of law, inefficiency, or administrative 
error; to prevent embarrassment to a person, organization, or agency; to 
restrain competition; or to prevent or delay the release of information 
that does not require protection in the interest of national security.

                  Subpart B--Derivative Classification

Sec. 2.9  Derivative Classification Authority.

    Designations of derivative classification authority for national 
security information are contained in Treasury Order 102-19 (or 
successor order). The authority to derivatively classify inheres within 
the office and may be exercised by a person acting in that capacity. 
There may be additional redelegations of derivative classification 
authority made pursuant to TO 102-19 (or successor order). Officials 
identified in Treasury Order 102-19 (or successor order) may also 
administratively control and decontrol sensitive but unclassified 
information using the legend ``Limited Official Use'' and may redelegate 
their authority to control and decontrol. Such redelegations shall be in 
writing on TD F 71-01.20 ``Designation of Controlling/Decontrolling 
Officials'' (or successor form).

[63 FR 14357, Mar. 25, 1998]

Sec. 2.10  Listing derivative classification authorities.

    Delegations of derivative classification authority to officials not 
otherwise identified in Sec. 2.9, shall be in writing and reported 
annually each October 15th to the Departmental Director of Security on 
TD F 71-01.18 (Report of Authorized Derivative Classifiers). Such 
delegations shall be limited to the minimum number absolutely required 
for efficient administration. Periodic reviews and evaluations of such 
delegations shall be made by the Departmental Director of Security to 
ensure that officials so designated have demonstrated a continuing need 
to exercise such authority. If after reviewing and evaluating the 
information the Departmental Director of Security determines that such 
officials have not demonstrated a continuing need to exercise such 
authority, the Departmental Director of Security shall recommend to the 
Assistant Secretary (Management), as warranted, the reduction or 
elimination of such authority. The Assistant Secretary (Management) 
shall take appropriate action in consultation with the affected 
official(s) and the Departmental Director of Security. Such action may 
include relinquishment of this authority where the Assistant Secretary 
(Management) determines that a firm basis for retention does not exist.

Sec. 2.11  Use of derivative classification [2.1].

    The application of derivative classification markings is a 
responsibility of those who incorporate, paraphrase, restate, or 
generate in new form information that is already classified, and of 
those who apply markings in accordance with instructions from an 
authorized original classifier or in accordance with an approved 
classification guide. If an individual who applies derivative 
classification markings believes that the paraphrasing, restating or 
summarizing of classified information has

[[Page 90]]

changed the level of or removed the basis for classification, that 
person must consult an appropriate official of the originating agency or 
office of origin who has the authority to upgrade, downgrade or 
declassify the information for a final determination. A sample marking 
of derivatively classified documents is set forth in Sec. 2.13.

Sec. 2.12  Classification guides.

    (a) General [2.2(a)]. A classification guide is a reference manual 
which assists document drafters and document classifiers in determining 
what types or categories of material have already been classified. The 
classification guide shall, at a minimum:
    (1) Identify and categorize the elements of information to be 
protected;
    (2) State which classification level applies to each element or 
category of information; and
    (3) Prescribe declassification instructions for each element or 
category of information in terms of:
    (i) A period of time,
    (ii) The occurrence of an event, or
    (iii) A notation that the information shall not be declassified 
automatically without the approval of the originating agency i.e., 
``OADR''.
    (b) Review and Record Requirements [2.2(a)]. (1) Each classification 
guide shall be kept current and shall be reviewed at least once every 
two years and updated as necessary. Each office within the Departmental 
Offices and the respective offices of each Treasury bureau possessing 
original classification authority for national security information 
shall maintain a list of all classification guides in current use by 
them. A copy of each such classification guide in current use shall be 
furnished to the Departmental Director of Security who shall maintain 
them on behalf of the Assistant Secretary (Management).
    (2) Each office and bureau that prepares and maintains a 
classification guide shall also maintain a record of individuals 
authorized to apply derivative classification markings in accordance 
with a classification guide. This record shall be maintained on TD F 71-
01.18 (Report of Authorized Derivative Classifiers) which shall be 
reported annually each October 15th to the Departmental Director of 
Security.
    (c) Waivers [2.2(c)]. Any authorized official desiring a waiver of 
the requirement to issue a classification guide shall submit in writing 
to the Assistant Secretary (Management) a request for approval of such a 
waiver. Any request for a waiver shall contain, at a minimum, an 
evaluation of the following factors:
    (1) The ability to segregate and describe the elements of 
information;
    (2) The practicality of producing or disseminating the guide because 
of the nature of the information;
    (3) The anticipated usage of the guide as a basis for derivative 
classification; and
    (4) The availability of alternative sources for derivatively 
classifying the information in a uniform manner.

Sec. 2.13  Derivative identification and markings [1.5(c) and 2.1(b)].

    Information classified derivatively on the basis of source documents 
or classification guides shall bear all markings prescribed in Sec. 2.7 
(a) through (f), as are applicable. Information for these markings shall 
be taken from the source document or instructions in the appropriate 
classification guide.
    (a) Classification Authority. The authority for classification shall 
be shown as follows:

Derivatively Classified by _____________________________________________
Office _________________________________________________________________
Derived from____________________________________________________________
Declassify on___________________________________________________________


If a document is classified on the basis of more than one source 
document or classification guide, the authority for classification shall 
be shown on the ``DERIVED FROM'' line as follows: ``MULTIPLE CLASSIFIED 
SOURCES''. In these cases, the derivative classifier must maintain the 
identification of each source with the file or record copy of the 
derivatively classified document. A document derivatively classified on 
the basis of a source document that is marked ``MULTIPLE CLASSIFIED 
SOURCES'' shall cite the source document on its ``DERIVED FROM'' line 
rather than the term: ``MULTIPLE CLASSIFIED

[[Page 91]]

SOURCES''. Preparers of such documentation shall ensure that the 
identification of the derivative classifier is indicated. Use of the 
term ``MULTIPLE CLASSIFIED SOURCES,'' is not to be a substitute for the 
identity of the derivative classification authority.
    (b) Downgrading and Declassification Instructions. Dates or events 
for automatic downgrading or declassification shall be carried forward 
from the source document. This includes the notation ``ORIGINATING 
AGENCY'S DETERMINATION REQUIRED'' to indicate that the document is not 
to be downgraded or declassified automatically, or instructions as 
directed by a classification guide, which shall be shown on a 
``DOWNGRADE TO'' or ``DECLASSIFY ON'' line as follows:

DOWNGRADE TO____________________________________________________________
ON (date, description of event, or OADR) or,
DECLASSIFY ON (date, description of event, or OADR)

               Subpart C--Downgrading and Declassification

Sec. 2.14  Listing downgrading and declassification authorities 3.1(b)].

    Downgrading and declassification authority may be exercised by the 
official authorizing the original classification, if that official is 
still serving in the same position; a successor in that capacity; a 
supervisory official of either; or officials delegated such authority in 
writing by the Secretary of the Treasury or the Assistant Secretary 
(Management). Such officials may not downgrade or declassify information 
which is classified at a level exceeding their own designated 
classification authority. A listing of officials delegated such 
authority, in writing, shall be identified on TD F 71-01.11 (Report of 
Authorized Downgrading and Declassification Officials) and reported 
annually each October 15th to the Departmental Director of Security who 
shall maintain them on behalf of the Assistant Secretary (Management). 
Current listings of officials so designated shall be maintained by 
Treasury bureaus and offices within the Departmental Offices.

[55 FR 1644, Jan. 17, 1990; 55 FR 13134, Apr. 9, 1990]

Sec. 2.15  Declassification policy [3.1].

    In making determinations under section 3.1(a) of the Order, 
officials shall respect the intent of the Order to protect foreign 
government information and confidential foreign sources.

Sec. 2.16  Downgrading and declassification markings.

    Whenever a change is made in the original classification or in the 
dates of downgrading or declassification of any classified information, 
it shall be promptly and conspicuously marked to indicate the change, 
the authority for the action, the date of the action, and the identity 
of the person taking the action. Earlier classification markings shall 
be cancelled or otherwise obliterated when practicable. See also 
Sec. 2.7(h).

Sec. 2.17  Systematic review for declassification [3.3].

    (a) Permanent Records. Systematic review is applicable only to those 
classified records and presidential papers or records that the Archivist 
of the United States, acting under the Federal Records Act, has 
determined to be of sufficient historical or other value to warrant 
permanent retention.
    (b) Non-Permanent Classified Records. Non-permanent classified 
records shall be disposed of in accordance with schedules approved by 
the Administrator of General Services under the Records Disposal Act. 
These schedules shall provide for the continued retention of records 
subject to an ongoing mandatory declassification review request.
    (c) Systematic Declassification Review Guidelines [3.3(a)]. As 
appropriate, guidelines for systematic declassification review shall be 
issued by the Assistant Secretary (Management) in consultation with the 
Archivist of the United States, the Director of the Information Security 
Oversight Office and Department officials, to assist the Archivist in 
the conduct of systematic reviews. Such guidelines shall be reviewed and 
updated at least every five years unless earlier review is requested by 
the Archivist.
    (d) Foreign Government Systematic Declassification Review Guidelines 
[3.3(a)]. As appropriate, guidelines for systematic declassification 
review of foreign

[[Page 92]]

government information shall be issued by the Assistant Secretary 
(Management) in consultation with the Archivist of the United States, 
the Director of the Information Security Oversight Office, Department 
officials and other agencies having declassification authority over the 
information. These guidelines shall be reviewed and updated every five 
years unless earlier review is requested by the Archivist.
    (e) Special Procedures. The Department shall be bound by the special 
procedures for systematic review of classified cryptologic records and 
classified records pertaining to <strong>intelligence</strong> activities (including 
special activities), or <strong>intelligence</strong> sources or methods issued by the 
Secretary of Defense and the Director of Central <strong>Intelligence</strong>, 
respectively.

Sec. 2.18  Mandatory declassification review [3.4].

    (a) Except as provided by section 3.4 (b) of the Order, all 
information classified by the Department under the Order or any 
predecessor Executive Order shall be subject to declassification review 
by the Department, if:
    (1) The request is made by a United States citizen or permanent 
resident alien, a Federal agency, or a state or local government;
    (2) The request describes the document or material containing the 
information with sufficient specificity to enable the Department to 
locate it with a reasonable amount of effort; and
    (3) The requester provides substantial proof as to his or her United 
States citizenship or status as a permanent resident alien, e.g., a copy 
of a birth certificate, a certificate of naturalization, official 
passport or some other means of identity which sufficiently describes 
the requester's status. A permanent resident alien is any individual, 
who is not a citizen or national of the United States, who has been 
lawfully accorded the privilege of residing permanently in the United 
States as an immigrant in accordance with the immigration laws, such 
status not having changed. Permanent means a relationship of continuing 
or lasting nature, as distinguished from temporary, but a relationship 
may be permanent even though it is one that may be dissolved eventually 
at the instance either of the United States or of the individual, in 
accordance with law.
    (b) Processing--(1) Initial Requests for Classified Records 
Originated by the Department. Requests for mandatory declassification 
review shall be directed to the Departmental Office of Security, 1500 
Pennsylvania Avenue, NW., Washington, DC 20220. Upon receipt of each 
request for declassification, pursuant to section 3.4 of the Order, the 
following procedures shall apply:
    (i) The Departmental Office of Security shall acknowledge the 
receipt of the request in writing.
    (ii) A valid mandatory declassification review request need not 
identify the requested information by date or title of the responsive 
records, but must be of sufficient particularity to allow Treasury 
personnel to locate the records containing the information sought with a 
reasonable amount of effort. Whenever a request does not reasonably 
describe the information sought, the requester shall be notified by the 
Departmental Office of Security that unless additional information is 
provided or the scope of the request is narrowed, no further action will 
be undertaken.
    (iii) The Departmental Office of Security shall determine the 
appropriate office or bureau to take action on the request and shall 
forward the request to that office or bureau.
    (iv) In responding to mandatory declassification review requests, 
the appropriate reviewing officials shall make a prompt declassification 
determination. The Departmental Office of Security shall notify the 
requester if additional time is needed to process the request. Reviewing 
officials shall also identify the amount of search and/or review time 
required to process the request. The Department shall make a final 
determination within one year from the date of receipt except in unusual 
circumstances. When information cannot be declassified in its entirety, 
reasonable efforts, consistent with other applicable laws, will be made 
to release those declassified portions of the requested information 
which constitute a coherent segment. Upon the denial or partial denial 
of an

[[Page 93]]

initial request, the Departmental Office of Security shall also notify 
the requester of the right of an administrative appeal which must be 
filed with the Assistant Secretary (Management) within 60 days of 
receipt of the denial.
    (v) When the Department receives a mandatory declassification review 
request for records in its possession that were originated by another 
agency, the Departmental Office of Security shall forward the request to 
that agency. The Departmental Office of Security shall include a copy of 
the records requested together with the Department's recommendations for 
action. Upon receipt, the originating agency shall process the request 
in accordance with the Directive 32 CFR 2001.32(a)(2)(i). The 
originating agency shall also be requested to communicate its 
declassification determination to Treasury.
    (vi) When another agency forwards to the Department a request for 
information in that agency's custody that has been classified by 
Treasury, the Departmental Office of Security shall:
    (A) Advise the other agency as to whether it can notify the 
requester of the referral;
    (B) Review the classified information in coordination with other 
agencies that have a direct interest in the subject matter; and
    (C) Respond to the requester in accordance with the procedures in 
Sec. 2.18(b)(1)(iv). If requested, Treasury's determination shall be 
communicated to the referring agency.
    (vii) Appeals of denials of a request for declassification shall be 
referred to the Assistant Secretary (Management) who shall normally make 
a determination within 30 working days following the receipt of an 
appeal. If additional time is required to make a determination, the 
Assistant Secretary (Management) shall notify the requester of the 
additional time needed and provide the requester with the reason for the 
extension. The Assistant Secretary (Management) shall notify the 
requester in writing of the final determination and, as applicable, the 
reasons for any denial.
    (viii) Except as provided in this paragraph, the Department shall 
process mandatory declassification review requests for classified 
records containing foreign government information in accordance with 
Sec. 2.18(a). The agency that initially received or classified the 
foreign government information shall be responsible for making a 
declassification determination after consultation with concerned 
agencies. If upon receipt of the request, the Department determines that 
Treasury is not the agency that received or classified the foreign 
government information, it shall refer the request to the appropriate 
agency for action. Consultation with the foreign originator through 
appropriate channels may be necessary prior to final action on the 
request.
    (ix) Mandatory declassification review requests for cryptologic 
information and/or information concerning <strong>intelligence</strong> activities 
(including special activities) or <strong>intelligence</strong> sources or methods shall 
be processed solely in accordance with special procedures issued by the 
Secretary of Defense and the Director of Central <strong>Intelligence</strong>, 
respectively.
    (x) The fees to be charged for mandatory declassification review 
requests shall be for search and/or review and duplication. The fee 
charges for services of Treasury personnel involved in locating and/or 
reviewing records shall be at the rate of a GS-10, Step 1, for each hour 
or fraction thereof, except that no charge shall be imposed for search 
and/or review consuming less than one hour.
    (A) Photocopies per page up to 8\1/2\&lt;gr-thn-eq&gt; by 14&lt;gr-thn-eq&gt; 
shall be charged at the rate of 10 cents each except that no charge will 
be imposed for reproducing ten (10) pages or less when search and/or 
review time requires less than one hour.
    (B) When it is estimated that the costs associated with the 
mandatory declassification review request will exceed $100.00, the 
Departmental Office of Security shall notify the requester of the likely 
cost and obtain satisfactory written assurance of full payment or may 
require the requester to make an advance payment of the entire fee 
before continuing to process the request. The Department reserves the 
right to request prepayment after a mandatory declassification review 
request is processed and before documents are released. In the event the 
requester does

[[Page 94]]

not agree to pay the actual charges, he or she shall advise how to 
proceed with the mandatory declassification review request. Failure of a 
requester to pay charges after billing will result in future requests 
not being honored.
    (C) In order for a requester's initial request to be processed it 
shall be accompanied by a statement that he or she is agreeable to 
paying fees for search and/or review and copying. In the event the 
initial request does not include this statement, processing of the 
request will be held in abeyance until such time as the required 
statement is received. Failure to provide a response within a reasonable 
amount of time will serve as the basis for administratively terminating 
the mandatory declassification review request.
    (D) Payment of fees shall be made by check or money order payable to 
the Treasurer of the United States. Fees levied by the Department of the 
Treasury for mandatory declassification review requests are separate and 
distinct from any other fees which might be imposed by a Presidential 
Library, the National Archives and Records Administration or another 
agency or department.

Sec. 2.19  Assistance to the Department of State [3.3(b)].

    The Secretary of the Treasury shall assist the Department of State 
in its preparation of the ``Foreign Relations of the United States'' 
series by facilitating access to appropriate classified material in 
Treasury custody and by expediting declassification review of documents 
proposed for inclusion in the series.

Sec. 2.20  Freedom of Information/Privacy Act requests [3.4].

    The Department of the Treasury shall process requests for records 
containing classified national security information that are submitted 
under the provisions of the Freedom of Information Act, as amended, or 
the Privacy Act of 1974, as amended, in accordance with the provisions 
of those Acts.

                         Subpart D--Safeguarding

Sec. 2.21  General [4.1].

    Information classified pursuant to this Order or predecessor Orders 
shall be afforded a level of protection against unauthorized disclosure 
commensurate with its level of classification.

Sec. 2.22  General restrictions on access [4.1].

    (a) Determination of Need-To-Know. Classified information shall be 
made available to a person only when the possessor of the classified 
information establishes in each instance, except as provided in section 
4.3 of the Order, that access is essential to the accomplishment of 
official United States Government duties or contractual obligations.
    (b) Determination of Trustworthiness. A person is eligible for 
access to classified information only after a showing of trustworthiness 
as determined by the Secretary of the Treasury based upon appropriate 
investigations in accordance with applicable standards and criteria.
    (c) Classified Information Nondisclosure Agreement. Standard Form 
312 (Classified Information Nondisclosure Agreement) or the prior SF 
189, bearing the same title, are nondisclosure agreements between the 
United States and an individual. The execution of either the SF 312 or 
SF 189 agreement by an individual is necessary before the United States 
Government may grant the individual access to classified information. 
Bureaus and the Departmental Offices must retain executed copies of the 
SF 312 or prior SF 189 in file systems from which the agreements can be 
expeditiously retrieved in the event the United States must seek their 
enforcement. Copies or legally enforceable facsimiles of the SF 312 or 
SF 189 must be retained for 50 years following their date of execution. 
The national stock number for the SF 312 is 7540-01-280-5499.

[[Page 95]]

Sec. 2.23  Access by historical researchers and former presidential 
          appointees [4.3].

    (a) Access to classified information may be granted only as is 
essential to the accomplishment of authorized and lawful United States 
Government purposes. This requirement may be waived, however, for 
persons who:
    (1) Are engaged in historical research projects, or
    (2) Previously have occupied policymaking positions to which they 
were appointed by the President.
    (b) Access to classified information may be granted to historical 
researchers and to former Presidential appointees upon a determination 
of trustworthiness; a written determination that such access is 
consistent with the interests of national security; the requestor's 
written agreement to safeguard classified information; and the 
requestor's written consent to have his or her notes and manuscripts 
reviewed to ensure that no classified information is contained therein. 
The conferring of historial researcher status does not include 
authorization to release foreign government information or other 
agencies' classified information per Sec. 2.24 of this part. By the 
terms of section 4.3(b)(3) of the Order, former Presidential appointees 
not engaged in historical research may only be granted access to 
classified documents which they ``originated, reviewed, signed or 
received while serving as a Presidential appointee.'' Coordination shall 
be made with the Departmental Director of Security with respect to the 
required written agreements to be signed by the Department and such 
historical researchers or former Presidential appointees, as a condition 
of such access and to ensure the safeguarding of classified information.
    (c) If the access requested by historical researchers and former 
Presidential appointees requires the rendering of services for which 
fair and equitable fees may be charged pursuant to 31 U.S.C. 9701, the 
requestor shall be so notified and the fees may be imposed. Treasury's 
fee schedule identified in Sec. 2.18(b)(1)(x), applicable to mandatory 
declassification review, shall also apply to fees charged for services 
provided to historical researchers and former Presidential appointees 
for search and/or review and copying.

Sec. 2.24  Dissemination [4.1(d)].

    Except as otherwise provided by section 102 of the National Security 
Act of 1947, 61 Stat. 495, 50 U.S.C. 403, classified information 
originating in another agency may not be disseminated outside the 
Department without the consent of the originating agency.

Sec. 2.25  Standards for security equipment [4.1(b) and 5.1(b)].

    The Administrator of General Services issues (in coordination with 
agencies originating classified information), establishes and publishes 
uniform standards, specifications, and supply schedules for security 
equipment designed to provide for secure storage and to destroy 
classified information. Treasury bureaus and the Departmental Offices 
may establish more stringent standards for their own use. Whenever new 
security equipment is procured, it shall be in conformance with the 
standards and specifications referred to above and shall, to the maximum 
extent practicable, be of the type available through the Federal Supply 
System.

Sec. 2.26  Accountability procedures [4.1(b)].

    (a) Top Secret Control Officers. Each Treasury bureau and the 
Departmental Offices shall designate a primary and alternate Top Secret 
Control Officer. Within the Departmental Offices, the Top Secret Control 
Officer function will be established in the Office of the Executive 
Secretary for collateral Top Secret information and in the Office of the 
Special Assistant to the Secretary (National Security) with respect to 
sensitive compartmented information. The term ``collateral'' refers to 
national security information classified Confidential, Secret, or Top 
Secret under the provisions of Executive Order 12356 or prior Orders, 
for which special <strong>intelligence</strong> community systems of compartmentation 
(such as sensitive compartmented information) or special access programs 
are not formally established. Top Secret Control Officers so designated 
must have a Top Secret security clearance and shall:

[[Page 96]]

    (1) Initially receive all Top Secret information entering their 
respective bureau, including the Departmental Offices. Any Top Secret 
information received by a Treasury bureau or Departmental Offices 
employee shall be immediately hand carried to the designated Top Secret 
Control Officer for proper accountability.
    (2) Maintain current accountability records of Top Secret 
information received within their bureau or office.
    (3) Ensure that Top Secret information is properly stored and that 
Top Secret information under their control is personally destroyed, when 
required. Top Secret information must be destroyed in the presence of an 
appropriately cleared official who shall actually witness such 
destruction. Accordingly, the use of burnbags to store Top Secret 
information, pending final destruction at a later date, is not 
authorized.
    (4) Ensure that prohibitions against reproduction of Top Secret 
information are strictly followed.
    (5) Conduct annual physical inventories of Top Secret information. 
An inventory shall be conducted in the presence of an individual with an 
appropriate security clearance. The inventory shall be completed 
annually and signed by the Top Secret Control Officer and the witnessing 
individual.
    (6) Ensure that Top Secret documents are downgraded, declassified, 
retired or destroyed as required by regulations or other markings.
    (7) Attach a TD F 71-01.7 (Top Secret Document Record) to the first 
page or cover of each copy of Top Secret information. The Top Secret 
Document Record shall be completed by the Top Secret Control Officer and 
shall serve as a permanent record.
    (8) Ensure that all persons having access to Top Secret information 
sign the Top Secret Document Record. This also includes persons to whom 
oral disclosure of the contents is made.
    (9) Maintain receipts concerning the transfer and destruction of Top 
Secret information. Record all such actions on the Top Secret Document 
Record which shall be retained for a minimum of three years.
    (10) As received, number in sequence each Top Secret document in a 
calendar year series (e.g. TS 89-001). This number shall be posted on 
the face of the document and on all forms required for control of Top 
Secret information.
    (11) Attach a properly executed TD F 71-01.5 (Classified Document 
Record of Transmittal) when a Top Secret document is transmitted 
internally or externally.
    (12) Verify, prior to releasing Top Secret information, that the 
recipient has both a security clearance and is authorized access to such 
information.
    (13) Report, in writing, all Top Secret documents unaccounted for to 
the Assistant Secretary (Management) who shall take appropriate action 
in conjunction with the Departmental Director of Security.
    (14) Assure that no individual within his or her office or bureau 
transmits Top Secret information to another individual or office without 
the knowledge and consent of the Top Secret Control Officer.
    (15) Ensure upon receipt that a Standard Form 703 (Top Secret Cover 
Sheet) is affixed to such information.
    (16) Notify office and/or bureau employees annually in writing of 
the designated control point for all incoming and outgoing Top Secret 
information.
    (17) Be notified as to the transmission, per Sec. 2.28(b), whenever 
Top Secret information is sent outside of a Treasury bureau or office 
within the Departmental Offices.
    (b) Top Secret Control Officer Listings. In order for the 
Departmental Director of Security to maintain a current listing of Top 
Secret Control Officers within the Department, each Treasury bureau and 
the Departmental Offices shall annually report each October 15th in 
writing to the Departmental Office of Security, the identities of the 
office(s) and names of the officials designated as their primary and 
alternate Top Secret Control Officers. Any changes in these designations 
shall be reported to the Departmental Director of Security within thirty 
days.
    (c) Top Secret Document Record. Upon receipt in the Department a 
green, color coded, TD F 71-01.7 (Top Secret Document Record) shall be 
attached by the Top Secret Control Officer to the first page or cover of 
the original and each copy of Top Secret information.

[[Page 97]]

The Top Secret Document Record shall remain attached to the Top Secret 
information until it is either transferred to another United States 
Government agency, downgraded, declassified or destroyed. The Top Secret 
Document Record, which shall initially be completed by the Top Secret 
Control Officer, shall identify the Top Secret information attached, and 
shall serve as a permanent record of the information. All persons, 
including stenographic and clerical personnel, having access to the 
information attached to the Top Secret Document Record must list their 
name and the date on the TD F 71-01.7 prior to accepting responsibility 
for its custody. The TD F 71-01.7 shall also indicate those individuals 
to whom only oral disclosure of the contents is made. Whenever any Top 
Secret information is transferred to another United States Government 
agency, downgraded, declassified or destroyed, the Top Secret Control 
Officer shall record the action on the Top Secret Document Record and 
retain it for a minimum or three years after which time it may be 
destroyed. In order to maintain the integrity of the color coding 
process the photocopying and use of non-color coded Top Secret Document 
Record forms is prohibited.
    (d) Classified Document Record of Transmittal. TD F 71-01.5 
(Classified Document Record of Transmittal) shall be the exclusive 
classified document accountability record for use within the Department 
of the Treasury. No other logs or records shall be required except for 
the use of TD F 71-01.7 which is applicable to Top Secret information. 
TD F 71-01.5 shall be used for single or multiple document receipting 
and for internal and external routing. The inclusion of classified 
information on TD F 71-01.5 is to be avoided. In the event the subject 
title is classified, a recognizable short title shall be used, e.g., 
first letter of each word in the subject title. Several items may be 
transmitted to the same addressee with one TD F 71-01.5. TD F's 71-01.5 
shall be maintained for a three year period after which the form may be 
destroyed. No record of the actual destruction of the TD F 71-01.5 is 
necessary.
    (1) Top Secret Information. Top Secret information shall be subject 
to a continuous receipt system regardless of how brief the period of 
custody. TD F 71-01.5 shall be used for this purpose. Top Secret 
accountability records shall be maintained by Top Secret Control 
Officers separately from the accountability records of other classified 
information.
    (2) Secret Information. Receipt on TD F 71-01.5 shall be required 
for transmission of Secret information between bureaus, offices and 
separate agencies. Responsible office heads shall determine 
administrative procedures required for the internal control within their 
respective offices. The volume of classified information handled and 
personnel resources available must be considered in determining the 
level of adequate security measures while at the same time maintaining 
operational efficiency.
    (3) Confidential and Limited Official Use Information. Receipts for 
Confidential and Limited Official Use information shall not be required 
unless the originator indicates that receipting is necessary.

[55 FR 1644, Jan. 17, 1990; 55 FR 13134, Apr. 9, 1990]

Sec. 2.27  Storage [4.1(b)].

    Classified information shall be stored only in facilities or under 
conditions designed to prevent unauthorized persons from gaining access 
to it.
    (a) Minimum Requirements for Physical Barriers--(1) Top Secret. Top 
Secret information shall be stored in a GSA-approved security container 
with an approved, built-in, three-position, dial-type, changeable, 
combination lock; in a vault protected by an alarm system and response 
force; or in other types of storage facilities that meet the standards 
for Top Secret information established under the provisions of 
Sec. 2.25. Top Secret information stored outside the United States must 
be in a facility afforded diplomatic status. One or more of the 
following supplementary controls is required:
    (i) The area that houses the security container or vault shall be 
subject to the continuous protection of U.S. guard or duty personnel;
    (ii) U.S. Guard or duty personnel shall inspect the security 
container or vault at least once every two hours; or

[[Page 98]]

    (iii) The security container or vault shall be controlled by an 
alarm system to which a force will respond in person within 15 minutes.

Within the United States, the designated security officer in each 
Treasury bureau and the Department Offices shall prescribe those 
supplementary controls deemed necessary to restrict unauthorized access 
to areas in which such information is stored. Any vault used for the 
storage of sensitive compartmented information shall be configured to 
the specifications of the Director of Central <strong>Intelligence</strong>. Prior to an 
office or bureau operating such a vault, formal written certification 
for its use must first be obtained from the Special Assistant to the 
Secretary (National Security) as the senior Treasury official of the 
<strong>Intelligence</strong> Community.
    (2) Secret and Confidential. Secret and Confidential information 
shall be stored in a manner and under the conditions prescribed for Top 
Secret information, or in a container, vault, or alarmed area that meets 
the standards for Secret or Confidential information established under 
the provisions of Sec. 2.25. Secret and Confidential information may 
also be stored in a safe-type filing cabinet having a built-in, three-
position, dial-type, changeable, combination lock, and may continue to 
be stored in a steel filing cabinet equipped with a steel lock-bar 
secured by a GSA-approved three-position, dial-type, changeable, 
combination padlock. The modification, however, of steel filing cabinets 
to barlock-type as storage equipment for classified information and 
material is prohibited and efforts are to be made to selectively phase 
out the use of such barlock cabinets for storage of Secret information. 
Exceptions may be authorized only by the Departmental Director of 
Security upon written request from the designated bureau security 
officer. The designated security officer in each Treasury bureau and the 
Departmental Offices shall prescribe those supplementary controls deemed 
necessary to restrict unauthorized access to areas in which such 
information is stored. Access to bulky Secret and Confidential material 
in weapons storage areas, strong rooms, evidence vaults, closed areas or 
similar facilities shall be controlled in accordance with requirements 
approved by the Department. At a minimum, such requirements shall 
prescribe the use of GSA-approved, key-operated, high-security padlocks. 
For Secret and Confidential information stored outside the United 
States, it shall be stored in the manner authorized for Top Secret, in a 
GSA-approved safe file, or in a barlick cabinet equipped with a 
security-approved combination padlock if the cabinet is located in a 
security-approved vault and/or in a restricted area to which access is 
controlled by United States citizen personnel on a 24-hour basis.
    (b) Combinations--(1) Equipment in Service. Combinations to dial-
type, changeable, combination locks shall be changed only by persons 
having an appropriate security clearance, and shall be changed,
    (i) Whenever such equipment is placed in use;
    (ii) Whenever a person knowing the combination no longer requires 
access to it;
    (iii) Whenever a combination has been subjected to possible 
compromise;
    (iv) Whenever the equipment is taken out of service: or
    (v) At least once each year.

Knowledge of combinations shall be limited to the minimum number of 
persons necessary for operating purposes. Records of combinations shall 
be classified no lower than the highest level of classified information 
that is protected by the combination lock. When securing a combination 
lock, the dial must be turned at least four (4) complete times in the 
same direction after closing. Defects in or malfunctioning of storage 
equipment protecting classified national security or officially limited 
information must be reported immediately to the designated office or 
bureau security official for appropriate action.
    (2) Equipment Out of Service. When security equipment, used for the 
storage of classified national security or officially limited 
information, is taken out of service, it shall be physically inspected 
to ensure that no classified information or officialy limited 
information remains therein. Built-in, three-position, dial-type, 
changeable, combination locks shall be reset to the

[[Page 99]]

standard combination 50-25-50 and combination padlocks shall be reset to 
the standard combination 10-20-30. The designated security officer in 
each Treasury bureau and the Departmental Offices shall prescribe such 
supplementary controls deemed necessary to fulfill their individual 
needs to be consistent with Sec. 2.27.
    (3) Security Container Check Sheet. Each piece of security equipment 
used for the storage of classified information will have attached 
conspicuously to the outside a Standard Form 702 (Security Container 
Check Sheet) on which an authorized person will record the date and 
actual time each business day that they initially unlock and finally 
lock the security equipment, followed by their initials. Users of this 
form are to avoid citations which reflect the opening, locking and 
checking of the security equipment at standardized (non-actual) times, 
e.g., opened at 8:00 a.m. and closed/checked at 4:00 p.m. Bureaus and 
the Departmental Offices may continue to use Optional Form 62 (Safe or 
Cabinet Security Record) in lieu of the SF 702 until September 30, 1990, 
or such time as their supplies of Optional Form 62 are exhausted. The 
reprinting or photostatic reproduction and use of Optional Form 62 is 
not authorized. On each normal workday, regardless of whether the 
security equipment was opened on that particular day, the security 
equipment shall be checked by authorized personnel to assure that no 
surreptitious attempt has been made to penetrate the security equipment. 
Such examinations normally consist of a quick or casual visual check to 
note either any obvious marks or gashes, or defects or malfunction of 
the security equipment which are different from their prior observations 
or experience in operating the equipment concerned. Any such 
discrepancies in the appearance of or functioning of the security 
equipment, based upon this visual check, should be reported to 
appropriate security officials. The ``Checked By'' column of the SF 702 
or Optional Form 62 shall be annotated to reflect the date and time of 
this action followed by that person's initials. Security equipment used 
for the storage of classified information that has been opened on a 
particular day shall not be left unattended at the end of that day until 
it has been locked by an authorized person and checked by a second 
person. In the event a second person is not available within the office, 
the individual who locked the equipment shall also annotate the 
``Checked By'' column of the SF 702 or Optional Form 62. Reversible 
``OPEN-CLOSED'' or ``LOCKED-UNLOCKED'' signs, available through normal 
supply channels, shall also be used on such security equipment. The 
respective side of the sign shall be displayed to indicate when the 
container is open or closed. Except for the SF 702 or Optional Form 62, 
the top surface area of security equipment is not to be used for storage 
and must be kept free of extraneous material. SF 702 and/or Optional 
Form 62 shall be utilized on all security equipment used for storing 
information bearing the control legend ``Limited Official Use''. The 
designated security officer in each Treasury bureau and the Department 
Offices may, as warranted, prescribe supplementary use of the SF 702 or 
Optional Form 62 to apply to other authorized legends approved by the 
Department for officially limited information.
    (4) Safe Combination Records. Combinations to security equipment 
containing classified information shall be recorded on Standard Form 700 
(Security Container Information), national stock number 7540-01-214-
5372. Bureaus and the Departmental Offices may continue to use Treasury 
Form 4032 (Security Container Information) in lieu of the SF 700 until 
September 30, 1990, or such time as their supplies of Treasury Form 4032 
are exhausted. The reprinting of Treasury Form 4032 is not authorized. 
Each part of the SF 700 shall be completed in its entirety. The names, 
addresses and home telephone numbers of personnel responsible for the 
combination, and the classified information stored therein, must be 
indicated on part 1 of the SF 700. The completed part 1 shall be posted 
in the front interior of the top, control or locking drawer of the 
security equipment concerned. Part 2 shall be inserted in the envelop 
(part 2A) provided, and forwarded via appropriate secure means to the 
designated bureau

[[Page 100]]

or Departmental Offices central repository for security combinations. 
Part 2 shall have the highest level of classified information, stored in 
the security equipment concerned, annotated in both the top and bottom 
border areas of the completed SF 700. Part 2A shall have the highest 
level of classified information, stored in the security equipment 
concerned, annotated in the blank space immediately above the word, 
``WARNING'' which appears on the SF 700. The completion of the SF 700 or 
Treasury Form 4032 does not constitute a classification action but 
serves as an administrative requirement to ensure the protection of 
classified information stored in such security equipment. SF 700 shall 
be utilized on all security equipment used for storing information 
bearing the control legend ``Limited Official Use''. The designated 
security officer in each Treasury bureau and the Departmental Offices 
may prescribe supplementary use of the SF 700 to apply to other 
authorized legends approved by the Department for officially limited 
information, as warranted.
    (c) Keys. The designated security officer in each Treasury bureau 
and the Departmental Offices shall establish administrative procedures 
for the control and accountability of keys and locks whenever key-
operated, high-security padlocks are utilized. The level of protection 
provided such keys shall be equivalent to that afforded the information 
being protected by the padlock.
    (d) Classified Document Cover Sheets. Classified document cover 
sheets alert personnel that documents or folders are classified and 
require protection from unauthorized scrutiny. Individuals who prepare 
or package classified documents are responsible for affixing the 
appropriate document cover sheet. Orange Standard Form 703 (Top Secret 
Cover Sheet), red SF 704 (Secret Cover Sheet) and blue SF 706 
(Confidential Cover Sheet) are the only authorized cover sheets for 
collateral classified information. The national stock numbers of these 
cover sheets are as follows: SF 703, 7540-01-213-7901; SF 704, 7540-01-
213-7902; and SF 705, 7540-01-213-7903. In order to maintain the 
integrity of the color coding process the photocopying and use of non-
color coded classified document cover sheets is prohibited. Bureaus and 
offices shall maintain a supply of classified document cover sheets 
appropriate for their needs. Classified document cover sheets are 
designed to be reused and will be removed before classified information 
is filed to conserve filing space and prior to the destruction of 
classified information. Document cover sheets are to be used to shield 
classified documents while in use and particularly when the transmission 
is made internally within a headquarters by courier, messenger or by 
personal contact. File folders containing classified information should 
be otherwise marked, e.g., at the top and bottom of the front and back 
covers, to indicate the overall classification of the contents rather 
than permanently affixing the respective classified document cover 
sheet. Treasury Directive 71-02 provides for the use of a green cover 
sheet, TD F 71-01.6 (Limited Official Use Document Cover Sheet) for 
information bearing the control legend ``Limited Official Use''. Bureaus 
or offices electing to create and use other cover sheets for officially 
limited information must obtain prior written approval from the 
Departmental Director of Security.
    (e) Activity Security Checklist. Standard Form 701 (Activity 
Security Checklist) provides a systematic means to make a thorough end-
of-day security inspection for a particular work area and to allow for 
employee accountability in the event that irregularities are discovered. 
Bureaus and the Departmental Offices may include additional information 
on the SF 701 to suit their unique needs. The SF 701, available through 
normal supply channels has a national stock number of 7540-01-213-7900. 
It shall be the only form used in situations that call for use of an 
activity security checklist. Completion, storage and disposition of SF 
701 will be determined by each bureau and the Departmental Offices.

Sec. 2.28  Transmittal [4.1(b)].

    (a) Preparation. Classified information to be transmitted outside of 
a Treasury facility shall be enclosed in opaque inner and outer covers. 
The inner cover shall be a sealed wrapper or

[[Page 101]]

envelope plainly marked with the assigned security classification and 
addresses of both sender and addressee. The outer cover shall be sealed 
and addressed with no identification of the classification of its 
contents. Whenever classified material is to be transmitted and the size 
of the material is not suitable for use of envelopes or similar 
wrappings, it shall be enclosed in two opaque sealed containers, such as 
boxes or heavy wrappings. Material used for packaging such bulk 
classified information shall be of sufficient strength and durability as 
to provide security protection while in transit, to prevent items from 
breaking out of the container, and to facilitate detection of any 
tampering therewith.
    (b) Receipting. A receipt, Treasury Department Form 71-01.5 
(Classified Document Record of Transmittal), shall be enclosed in the 
inner cover, except that Confidential and Limited Official Use 
information shall require a receipt only if the sender deems it 
necessary. The receipt shall identify the sender, addressee and describe 
the document, but shall contain no classified information. It shall be 
immediately signed by the recipient and returned to the sender. Within a 
Treasury facility, such information may be transmitted between offices 
by direct contact of the officials concerned in a single sealed opaque 
envelope with no security classification category being shown on the 
outside of the envelope. Classified information shall never be delivered 
to unoccupied offices or rooms. Senders of classified information should 
maintain appropriate records of outstanding receipts for which return of 
the original signed copy is still pending. TD F's 71-01.5 shall be 
maintained for a three year period after which they may be destroyed. No 
record of the actual destruction of the TD F 71-01.5 is required.
    (c) Transmittal of Top Secret. The transmittal of Top Secret 
information outside of a Treasury facility shall be by specifically 
designated personnel, by State Department diplomatic pouch, by a 
messenger-courier system authorized for that purpose, e.g., Defense 
Courier Service, or over authorized secure communications circuits. Top 
Secret information may not be sent via registered mail.
    (d) Transmittal of Secret. The transmittal of Secret information 
shall be effected in the following manner:
    (1) The 50 States, District of Columbia and Puerto Rico. Secret 
information may be transmitted within and between the 50 States, the 
District of Columbia, and the Commonwealth of Puerto Rico by one of the 
means authorized for Top Secret information, by the United States Postal 
Service registered mail or express mail service; or by protective 
services provided by United States air or surface commercial carriers 
under such conditions as may be prescribed by the Departmental Director 
of Security. United States Postal Service express mail service shall be 
used only when it is the most effective means to accomplish a mission 
within security, time, cost and accountability constraints. To ensure 
direct delivery to the addressee, the ``Waiver of Signature and 
Indemnity'' block on the United States Postal Service Express Mail Label 
11-B may not be executed under any circumstances. All Secret express 
mail shipments are to be processed through mail distribution centers or 
delivered directly to a United States Postal Service facility or 
representative. The use of external (street side) express mail 
collection boxes is prohibited. Only the express mail services of the 
United States Postal Service are authorized.
    (2) Other Areas. Secret information may be transmitted from, to, or 
within areas other than those specified in Sec. 2.28(d)(1) by one of the 
means established for Top Secret information, or by United States 
registered mail through Military Postal Service facilities provided that 
the information does not at any time pass out of United States citizen 
control and does not pass through a foreign postal system. Transmittal 
outside such areas may also be accomplished under escort of 
appropriately cleared personnel aboard United States Government owned 
and United States Government contract vehicles or aircraft, ships of the 
United States Navy, civil service manned United States Naval ships, and 
ships of United States Registry. Operators of

[[Page 102]]

vehicles, captains or masters of vessels, and pilots of aircraft who are 
United States citizens, and who are appropriately cleared, may be 
designated as escorts. Secret information may not be sent via certified 
mail.
    (e) Transmittal of Confidential and Limited Official Use 
Information. Confidential and Limited Official Use information shall be 
transmitted within and between the 50 States, the District of Columbia, 
the Commonwealth of Puerto Rico, and United States territories or 
possessions by one of the means established for higher classifications, 
or by the United States Postal Service registered mail. Outside these 
areas, confidential and Limited Official Use information shall be 
transmitted only as is authorized for higher classifications. 
Confidential and Limited Official Use information may not be sent via 
certified mail.
    (f) Hand Carrying of Classified Information in Travel Status--(1) 
General Provisions. Personnel in travel status shall physically 
transport classified information across international boundaries only 
when absolutely essential. Whenever possible, and when time permits, the 
most desirable way to transmit classified information to the location 
being visited is by other authorized means identified in Sec. 2.28 (c), 
(d) and (e). The physical transportation of classified information on 
non-United States flag aircraft should be avoided if possible. Treaury 
Directive 71-03, ``Screening of Airline Passengers Carrying Classified 
Information or Material'' provides specifics on the requirements for 
transporting classified information.
    (2) Specific Safeguards. If it is determined that the transportation 
of classified information by an individual in travel status is in the 
best interest of the United States Government, the following specific 
safeguards shall be fulfilled:
    (i) Classified information shall be in the physical possession of 
the individual and shall have adequate safeguards at all times if proper 
storage at a United States Government facility is not available. Under 
no circumstances shall classified information be stored in a hotel safe 
or room, locked in automobiles, private residences, train compartments, 
or any vehicular detachable storage compartments.
    (ii) An inventory of all Top Secret classified information, 
including teletype messages, shall be made prior to departure and a copy 
of same shall be retained by the traveller's office until the 
traveller's return at which time all Top Secret classified information 
shall be accounted for. These same procedures are recommended for 
information classified Secret, Confidential or Limited Official Use.
    (iii) Classified information shall never be displayed or used in any 
manner in public conveyances or rooms. First class or business travel is 
not authorized when the justification for commercially available 
transportation is based on the need for reviewing classified materials 
while enroute. Travelers are responsible for reviewing and familiarizing 
themselves with required classified materials, under appropriately 
secure circumstances, in advance of their travel and not during such 
travel.
    (iv) In order to avoid unnecessary delays in the screening process 
prior to boarding commercial air carriers, the traveler shall have in 
his or her possession written authorization, on Treasury or bureau 
letterhead, to transport classified information and either an 
identification card or credential bearing both a photograph and 
descriptive data. Courier authorizations shall be signed by an 
appropriate security representative authorized to direct official 
travel. This courier authorization, along with official travel orders, 
shall, in most instances, permit the individual to exempt the classified 
information from inspection. If difficulty is encountered, the traveler 
should tactfully refuse to exhibit or disclose the classified 
information to inspection and should insist on the assistance of the 
local United States diplomatic representative at the port of entry or 
departure.
    (v) Upon completion of the visit, the traveler shall have the 
information returned to his or her office by approved means. All Top 
Secret and Secret classified information, including teletype messages 
transported for the purpose of the visit shall be accounted for. It is 
highly recommended that Confidential

[[Page 103]]

and Limited Official Use information also be accounted for. If any Top 
Secret or Secret classified items are left with the office being visited 
for its retention and use, the individual shall obtain a receipt.

[55 FR 1644, Jan. 17, 1990, as amended at 55 FR 50321, Dec. 6, 1990]

Sec. 2.29  Telecommunications and computer transmissions.

    Classified information shall not be communicated by 
telecommunications or computer transmissions except as may be authorized 
with respect to the transmission of classified information over 
authorized secure communications circuits or systems.

Sec. 2.30  Special access programs [1.2(a) and 4.2(a)].

    Only the Secretary of the Treasury may create or continue a special 
access program if:
    (a) Normal management and safeguarding procedures do not limit 
access sufficiently; and
    (b) The number of persons with access is limited to the minimum 
necessary to meet the objective of providing extra protection for the 
information.

Sec. 2.31  Reproduction controls [4.1(b)].

    (a) Top Secret documents, except for the controlled initial 
distribution of information processed or received electronically, shall 
not be reproduced without the consent of the originator.
    (b) Unless restricted by the originating agency, Secret, 
Confidential and Limited Official Use documents may be reproduced to the 
extent required by operational needs.
    (c) Reproductions of classified documents shall be subject to the 
same accountability and controls as the original documents.
    (d) Paragraphs (a) and (b) of this section shall not restrict the 
reproduction of documents to facilitate review for possible 
declassification.

Sec. 2.32  Loss or possible compromise [4.1(b)].

    (a) Report of Loss or Possible Compromise. Any Treasury employee who 
has knowledge of the loss or possible compromise or classified 
information shall immediately report the circumstances to their 
designated office or bureau security officer who shall take appropriate 
action to assess the degree of damage. In turn, the Departmental 
Director of Security shall be immediately notified by the affected 
office or bureau security officer of such reported loss or possible 
compromise. The Departmental Director of Security shall also notify the 
department or agency which originated the information and any other 
interested department or agency so that a damage assessment may be 
conducted and appropriate measures taken to negate or minimize any 
adverse effect of the loss or possible compromise. Compromises may occur 
through espionage, unauthorized disclosures to the press or other 
members of the public, publication of books and treatises, the known 
loss of classified information or equipment to foreign powers, or 
through various other circumstances.
    (b) Inquiry. The Departmental Director of Security shall notify the 
Assistant Secretary (Management) who shall then direct an immediate 
inquiry to be conducted for the purpose of taking corrective measures 
and assessing damages. Based on the results of this inquiry, it may be 
deemed appropriate to notify the Inspector General who shall determine 
whether the Office of the Inspector General or a Treasury bureau will 
conduct any additional investigation. Upon completion of the 
investigation by the Inspector General, the Inspector General shall 
recommend to the Assistant Secretary (Management) and concurrently to 
the Departmental Director of Security, the appropriate administrative, 
disciplinary, or legal action to be taken based upon jurisdictional 
authority of the Treasury components involved.
    (c) Content of Damage Assessments. At a minimum, damage assessments 
shall be in writing and contain the following:
    (1) Identification of the source, date and circumstances of the 
compromise.
    (2) Classification and description of the specific information which 
has been lost.

[[Page 104]]

    (3) An analysis and statement of the known or probable damage to the 
national security that has resulted or may result.
    (4) An assessment of the possible advantage to foreign powers 
resulting from the compromise.
    (5) An assessment of whether,
    (i) The classification of the information involved should be 
continued without change;
    (ii) The specific information, or parts thereof, shall be modified 
to minimize or nullify the effects of the reported compromise and the 
classification retained;
    (iii) Downgrading, declassification, or upgrading is warranted, and 
if so, confirmation of prompt notification to holders of any change, and
    (6) An assessment of whether countermeasures are appropriate and 
feasible to negate or minimize the effect of the compromise.
    (d) System for Control of Damage Assessments. Each Treasury bureau 
and the Departmental Offices shall establish a system of control and 
internal procedures to ensure that damage assessments are performed in 
all cases described in Sec. 2.32(a) and that records are maintained in a 
manner that facilitates their retrieval and use within the Department.
    (e) Cases Involving More Than One Agency. (1) Whenever a compromise 
involves the classified information or interests of more than one 
agency, the Departmental Director of Security shall advise the other 
affected agencies of the circumstances and findings that affect their 
information or interests. Whenever a damage assessment, incorporating 
the product of two or more agencies is needed, the affected agencies 
shall agree upon the assignment of responsibility for the assessment and 
Treasury components will provide all data pertinent to the compromise to 
the agency responsible for conducting the assessment.
    (2) Whenever a compromise of United States classified information is 
the result of actions taken by foreign nationals, by foreign government 
officials, or by United States nationals in the employ of international 
organizations, the agency performing the damage assessment shall 
endeavor to ensure through appropriate intergovernmental liaison 
channels, that information pertinent to the assessment is obtained. 
Whenever more than one agency is responsible for the assessment, those 
agencies shall coordinate the request prior to transmittal through 
appropriate channels.
    (3) Whenever an action is contemplated against any person believed 
responsible for the loss or compromise of classified information, damage 
assessments shall be coordinated with appropriate legal counsel. 
Whenever a violation of criminal law appears to have occured and a 
criminal prosecution is contemplated, coordination shall be made with 
the Department of Justice.
    (4) The designated representative of the Director of Central 
<strong>Intelligence</strong>, or other appropriate officials with responsibility for the 
information involved, will be consulted whenever a compromise of 
sensitive compartmented information has occurred.

Sec. 2.33  Responsibilities of holders [4.1(b)].

    Any person having access to and possession of classified information 
is responsible for protecting it from persons not authorized access, 
i.e., persons who do not possess an appropriate security clearance, and 
who do not possess the required need-to-know. This includes keeping 
classified documents under constant observation and turned face-down or 
covered when not in use and securing such information in approved 
security equipment or facilities whenever it is not under the direct 
supervision of authorized persons. In all instances, such protective 
means must meet accountability requirements prescribed by the 
Department.

Sec. 2.34  Inspections [4.1(b)].

    Individuals charged with the custody of classified information shall 
conduct the necessary inspections within their areas to ensure adherence 
to procedural safeguards prescribed to protect classified information. 
Security officers shall ensure that periodic inspections are made to 
determine whether procedural safeguards prescribed by this regulation 
and any bureau implementing regulation are in effect at all

[[Page 105]]

times. At a minimum such checks shall ensure that all classified 
information is stored in approved security containers, including 
removable storage media, e.g., floppy disks used by word processors that 
contain classified information; burn bags, if utilized, are either 
stored in approved security containers or destroyed; and classified 
shorthand notes, carbon paper, carbon and plastic typewriter ribbons, 
rough drafts and similar papers have been properly stored or destroyed.

Sec. 2.35  Security violations.

    Any individual, at any level of employment, determined to have been 
responsible for the unauthorized release or disclosure or potential 
release or disclosure of classified national security information, 
whether it be knowingly, willfully or through negligence, shall be 
notified on TD F 71-21.1 (Record of Security Violation) that his or her 
action is in violation of this regulation, the Order, the Directive, and 
Executive Order 10450, as amended. Treasury Directive 71-04, entitled, 
``Administration of Security Violations'' sets forth provisions 
concerning security violations which shall apply to each Treasury 
employee and persons under contract or subcontract to the Department 
authorized access to Treasury classified national security information.
    (a) Repeated abuse of the classification process, either by 
unnecessary or over-classification, or repeated failure, neglect or 
disregard of established requirements for safeguarding classified 
information by any employee shall be grounds for appropriate adverse or 
disciplinary action. Such actions may include, but are not necessarily 
limited to, a letter of warning, a letter of reprimand, suspension 
without pay, or dismissal, as appropriate in the particular case, under 
applicable personnel rules, regulations and procedures. Where a 
violation of criminal statutes may be involved, any such case shall be 
promptly referred to the Department of Justice.
    (b) After an affirmative adjudication of a security violation, and 
as the occasion demands, reports of accountable security violations 
shall be placed in the employee's personnel security file, and as 
appropriate, in the employee's official personnel folder. The security 
official of the office or bureau concerned shall recommend to the 
respective management official or bureau head that disciplinary action 
be taken when such action is indicated.

Sec. 2.36  Disposition and destruction [4.1(b)].

    Classified information no longer needed in current working files or 
for reference or record purposes shall be processed for appropriate 
disposition in accordance with the provisions of Title 44, United States 
Code, Chapters 21 and 33, which govern disposition of Federal records. 
Classified information approved for destruction shall be destroyed by 
either burning, melting, chemical decomposition, pulping, mulching, 
pulverizing, cross-cut shredding or other mutilation in the presence of 
appropriately cleared and authorized persons. The method of destruction 
must preclude recognition or reconstruction of the classified 
information. The residue from cross-cut shredding of Top Secret, Secret, 
and Confidential classified, non-Communications Security (COMSEC), 
information contained in paper media may not exceed \3/32\&lt;gr-thn-eq&gt; by 
\1/2\&lt;gr-thn-eq&gt; with a \1/64\&lt;gr-thn-eq&gt; tolerance.
    (a) Diskettes or Floppy Disks. Diskettes or floppy disks containing 
information or data classified up to and including Top Secret may be 
destroyed by the use of an approved degausser, burning, pulverizing, and 
chemical decomposition, or by first reformatting or reinitializing the 
diskette then physically removing the magnetic disk from its protective 
sleeve and using an approved cross-cut shredder to destroy the magnetic 
media. Care must be exercised to ensure that the destruction of magnetic 
disks does not damage the cross-cut shredder. The residue from such 
destruction, however, may not exceed \1/32\&lt;gr-thn-eq&gt; by \1/
2\&lt;gr-thn-eq&gt; with a \1/64\&lt;gr-thn-eq&gt; tolerance. The destruction of 
classified COMSEC information on diskettes or floppy disks may only be 
effected by burning followed by crushing of the ash residue.
    (b) Hard Disks. Hard disks, including removable hard disks, disk 
packs, drums or single disk platters that contain classified information 
must first

[[Page 106]]

be degaussed prior to physical destruction. The media must be destroyed 
by incineration, chemical decomposition or the entire magnetic disk 
pack, drum, or platter recording surface must be obliterated by use of 
an emery wheel or disk sander.
    (c) Approval of Use of Mulching and Cross-cut Shredding Equipment. 
Prior to obtaining mulching or cross-cut shredding equipment, the 
Departmental Director of Security shall approve the use of such 
equipment.
    (d) Use of Burnbags. Any classified information to be destroyed by 
burning shall be torn and placed in opaque containers, commonly 
designated as burnbags, which shall be clearly and distinctly labeled 
``BURN'' or ``CLASSIFIED WASTE''. Burnbags awaiting destruction are to 
be protected by security safeguards commensurate with the classification 
or control designation of the information involved.
    (e) Records of Destruction. Appropriate accountability records shall 
be maintained on TD F 71-01.17 (Classified Document Certificate of 
Destruction) to reflect the destruction of all Top Secret and Secret 
information. As deemed necessary by the originator, or as required by 
special regulations, the TD F 71-01.17 shall be executed for the 
destruction of information classified Confidential or marked Limited 
Official Use. TD F's 71-01.17 shall be maintained for a three-year 
period after which the form may be destroyed. No record of the actual 
destruction of the TD F 71-01.17 is required.
    (f) Destruction of non-record Classified Information. Non-record 
classified information such as extra copies and duplicates, including 
shorthand notes, preliminary drafts, used carbon paper and other 
material of similar temporary nature, shall also be destroyed by 
burning, mulching, or cross-cut shredding as soon as it has served its 
purpose, but no records of such destruction need be maintained.

[55 FR 1644, Jan. 17, 1990; 55 FR 5118, Feb. 13, 1990]

Sec. 2.37  National Security Decision Directive 197.

    National Security Decision Directive 197, Reporting Hostile Contacts 
and Security Awareness, provides that United States Government employees 
are responsible for reporting to their designated security officer:
    (a) Any suspected or apparent attempt by persons, regardless of 
nationality, to obtain unauthorized access to classified national 
security information, sensitive or proprietary information or technology 
and/or;
    (b) Instances in which they feel they are being targeted for 
possible exploitation. Contacts with representatives of designated 
countries of concern identified in Sec. 2.43(f) which involve requests 
for information which are not ordinarily provided in the course of an 
employee's job, regular or daily activity, and/or which might possibly 
lead to further requests for access to sensitive, proprietary or 
classified information or technology, are to be reported to designated 
security officers. Reports of such contacts are to be forwarded by the 
designated security officer to the Departmental Director of Security for 
appropriate action and coordination.

                  Subpart E--Implementation and Review

Sec. 2.38  Departmental management.

    (a) The Assistant Secretary (Management) shall:
    (1) Enforce the Order, the Directive and this regulation, and 
establish, coordinate and maintain active training, orientation and 
inspection programs for employees concerned with classified information.
    (2) Review suggestions and complaints regarding the administration 
of this regulation.
    (b) Pursuant to Treasury Directive 71-08, ``Delegation of Authority 
Concerning Physical Security Programs'', the Departmental Director of 
Security shall:
    (1) Review all bureau implementing regulations prior to publication 
and shall require any regulation to be changed, if it is not consistent 
with the Order, the Directive or this regulation.
    (2) Have the authority to conduct on-site reviews of bureau physical 
security programs and information security programs as they pertain to 
each Treasury bureau and to require such

[[Page 107]]

reports, information and assistance as may be necessary, and
    (3) Serve as the principal advisor to the Assistant Secretary 
(Management) with respect to Treasury physical and information security 
programs.

Sec. 2.39  Bureau administration.

    Each Treasury bureau and the Departmental Offices shall designate, 
in writing to the Departmental Director of Security, an officer or 
official to direct, coordinate and administer its physical security and 
information security programs which shall include active oversight to 
ensure effective implementation of the Order, the Directive, this 
regulation. Bureaus and the Departmental Offices shall revise their 
existing implementing regulation on national security information to 
ensure conformance with this regulation. Time frames for bureau and 
Departmental Offices implementation shall be established by the 
Departmental Director of Security.

Sec. 2.40  Emergency planning [4.1(b)].

    Each Treasury bureau and the Departmental Offices shall develop 
plans for the protection, removal, or destruction of classified 
information in case of fire, natural disaster, civil disturbance, or 
possible enemy action. These plans shall include the disposition of 
classified information located in foreign countries.

Sec. 2.41  Emergency authority [4.1(b)].

    The Secretary of the Treasury may prescribe by regulation special 
provisions for the dissemination, transmittal, destruction, and 
safeguarding of national security information during combat or other 
emergency situations which pose an imminent threat to national security 
information.

Sec. 2.42  Security education [5.3(a)].

    Each Treasury bureau that creates, processes or handles national 
secutity information, including the Departmental Offices, is required to 
establish a security education program. The program shall be sufficient 
to familiarize all necessary personnel with the provisions of the Order, 
the Directive, this regulation and any other implementing directives and 
regulations to impress upon them their individual security 
responsibilities. The program shall also provide for initial, refresher, 
and termination briefings.
    (a) Briefing of Employees. All new employees concerned with 
classified information shall be afforded a security briefing regarding 
the Order, the Directive and this regulation and sign a security 
agreement as required in Sec. 2.22(c). Employees concerned with 
sensitive compartmented information shall be required to read and also 
sign a security agreement. Copies of applicable laws and pertinent 
security regulations setting forth the procedures for the protection and 
disclosure of classified information shall be available for all new 
employees afforded a security briefing. All employees given a security 
briefing shall be required to sign a TD F 71-01.16 (Physical Security 
Orientation Acknowledgment) which shall be maintained on file as 
determined by respective office or bureau security officials.
    (b) [Reserved]

                      Subpart F--General Provisions

Sec. 2.43  Definitions [6.1].

    (a) Authorized Person. Those individuals who have a ``need-to-know'' 
the classified information involved and have been cleared for the 
receipt of such information. Responsibility for determining whether 
individuals' duties require that they possess, or have access to, any 
classified information and whether they are authorized to receive it 
rests on the individual who has possession, knowledge, or control of the 
information involved, and not on the prospective recipients.
    (b) Compromise. The loss of security enabling unauthorized access to 
classified information. Affected information or material is not 
automatically declassified.
    (c) Confidential Source. Any individual or organization that has 
provided, or that may reasonably be expected to provide, information to 
the United States on matters pertaining to the national security with 
the expectation, expressed or implied, that the information or 
relationship, or both, be held in confidence.

[[Page 108]]

    (d) Declassification. The determination that particular classified 
information no longer requires protection against unauthorized 
disclosure in the interest of national security. Such determination 
shall be by specific action or occur automatically after the lapse of a 
requisite period of time or the occurrence of a specified event. If such 
determination is by specific action, the information or material shall 
be so marked with the new designation.
    (e) Derivative Classification. A determination that information is, 
in substance, the same as informaiton that is currently classified and a 
designation of the level of classification.
    (f) Designated Countries of Concern. For purposes of National 
Security Decision Directive 197 reporting: Afghanistan, Albania, Angola, 
Bulgaria, Cambodia (Kampuchea), the People's Republic of China 
(Communist China), Cuba, Czechoslovakia, Ethiopia, East Germany (German 
Democratic Republic including the Soviet sector of Berlin), Hungary, 
Iran, Iraq, Laos, Libya, Mongolian People's Republic (Outer Mongolia), 
Nicaragua, North Korea, Palestine Liberation Organization, Poland, 
Romania, South Africa, South Yemen, Syria, Taiwan, Union of Soviet 
Socialist Republics (Russia), Vietnam and Yugoslavia.
    (g) Document. Any recorded information regardless of its physical 
form or characteristics, including, without limitation, written or 
printed material; data processing cards and tapes; maps, charts; 
painting; drawings; engravings; sketches; working notes and papers; 
reproductions of such things by any means or process; and sound, voice, 
or electronic recordings in any form.
    (h) Foreign Government Information. (1) Information provided by a 
foreign government or governments, an international organization of 
governments, or any elements thereof with the expectation, expressed or 
implied, that the information, the source of the information, or both, 
are to be held in confidence; or
    (2) Information produced by the United States Government pursuant to 
or as a result of a joint arrangement with a foreign government or 
governments or an international organization of governments, or any 
element thereof, requiring that the information, the arrangement, or 
both, are to be held in confidence.
    (i) Information. Any data or material, regardless of its physical 
form or characteristics, that is owned by, produced by or for, or is 
under the control of the United States Government.
    (j) Information Security. The administrative policies and procedures 
for identifying, controlling, and safeguarding from unauthorized 
disclosure, information the protection of which is authorized by 
Executive Order or statute.
    (k) <strong>Intelligence</strong> Activity. An activity that an agency within the 
<strong>Intelligence</strong> Community is authorized to conduct pursuant to Executive 
Order 12333.
    (l) <strong>Intelligence</strong> Sources and Methods. A person, organization, or 
technical means or method which provides foreign <strong>intelligence</strong> or foreign 
counterintelligence to the United States and which, if its identity or 
capability is disclosed, is vulnerable to counteraction that could 
nullify or significantly reduce its effectiveness in providing foreign 
<strong>intelligence</strong> or foreign counterintelligence to the United States. An 
<strong>intelligence</strong> source also means a person or organization which provides 
foreign <strong>intelligence</strong> or foreign counterintelligence to the United States 
only on the condition that its identity remains undisclosed. 
<strong>Intelligence</strong> methods are that which, if disclosed, reasonably could lead 
to the disclosure of an <strong>intelligence</strong> source or operation.
    (m) Limited Official Use. The legend authorized for ``Officially 
Limited Information'' which provides that it be handled, safeguarded and 
stored in a manner equivalent to national security information 
classified Confidential.
    (n) Multiple Classified Sources. The term used to indicate that a 
document is derivatively classified when it contains classified 
information derived from other than one source.
    (o) National Security. The national defense or foreign relations of 
the United States.
    (p) National Security Information. Information that has been 
determined

[[Page 109]]

pursuant to the Order or any predecessor Executive Order to require 
protection against unauthorized disclosure and that is so designated.
    (q) Need-to-Know. A determination made by the possessor of 
classified information that a prospective recipient, in the interest of 
national security, has a requirement for access to, knowledge of, or 
possession of the classified information in order to perform tasks or 
services essential to the fulfillment of particular work, including 
performance on contracts for which such access is required.
    (r) Officially Limited Information. Information which does not meet 
the criterion that unauthorized disclosure would at least cause damage 
to the national security under the Order or a predecessor Executive 
Order, but which concerns important, delicate, sensitive or proprietary 
information which is utilized in the development of Treasury policy. 
This includes the enforcement of criminal and civil laws relating to 
Treasury operations, the making of decisions on personnel matters and 
the consideration of financial information provided in confidence.
    (s) Original Classification. An initial determination that 
information requires, in the interest of national security, protection 
against unauthorized disclosure, together with a classification 
designation signifying the level of protection required.
    (t) Original Classification Authority. The authority vested in an 
Executive Branch official to make an initial determination that 
information requires protection against unauthorized disclosure in the 
interest of national security.
    (u) Originating Agency. The agency responsible for the initial 
determination that particular information is classified.
    (v) Portion. A segment of a document for purposes of expressing a 
unified theme; ordinarily a paragraph.
    (w) Sensitive Compartmented Information. Information and material 
concerning or derived from <strong>intelligence</strong> sources, methods, or analytical 
processes, that requires special controls for restricting handling 
within compartmented <strong>intelligence</strong> systems established by the Director of 
Central <strong>Intelligence</strong> and for which compartmentation is established.
    (x) Special Access Program. Any program imposing ``need-to-know'' or 
access controls beyond those normally provided for access to 
Confidential, Secret, or Top Secret information. Such a program may 
include, but is not limited to, special clearance, adjudication, or 
investigative requirements, special designations of officials authorized 
to determine ``need-to-know'' or special lists of persons determined to 
have a ``need-to-know''.
    (y) Special Activity. An activity conducted in support of national 
foreign policy objectives abroad which is planned and executed so that 
the role of the United States Government is not apparent or acknowledged 
publicly, and functions in support of such activity, but which is not 
intended to influence United States political processes, public opinion, 
policies or media and does not include diplomatic activities or the 
collection and production of <strong>intelligence</strong> or related support functions.
    (z) Unauthorized Disclosure. A communication or physical transfer of 
classified information to an unauthorized recipient. It includes the 
unauthorized disclosure of classified information in a newspaper, 
journal, or other publication where such information is traceable due to 
a direct quotation or other uniquely identifiable fact.