Largely prescribed in a series of successive presidential executive orders (EO) issued over the past 50 years, security classification policy and procedure provide the rationale and arrangements for designating information officially secret for reasons of national security, and for its declassification as well. President Franklin D. Roosevelt issued the first EO in 1940. Contents of this report: (1) Background; (2) Clinton¿s EO 12958 as Issued: Prescribing Declassification; Controversial Areas; Classification Challenges; A Balancing Test; Program Direction; New Organizations; (3) Bush¿5s Amendments to EO 12958; (4) Obama¿s Review of EO 12958; () Obama Revokes EO 12958 and Issues a New EO.

The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and org. Individual harms may include identity theft, embarrassment, or blackmail. Organ. harms may include a loss of public trust, legal liability, or remediation costs. To protect the confidentiality of PII, org. should use a risk-based approach. This report provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommend. here are intended primarily for U.S. Fed. gov¿t. agencies and those who conduct business on behalf of the agencies, but other org. may find portions of the publication useful.

Computers at Risk presents a comprehensive agenda for developing nationwide policies and practices for computer security. Specific recommendations are provided for industry and for government agencies engaged in computer security activities. The volume also outlines problems and opportunities in computer security research, recommends ways to improve the research infrastructure, and suggests topics for investigators. The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.

The publication of secret information by WikiLeaks and multiple media outlets, followed by news coverage of leaks involving high-profile national security operations, has heightened interest in the legal framework that governs security classification and declassification, access to classified information, agency procedures for preventing and responding to unauthorized disclosures, and penalties for improper disclosure. Classification authority generally rests with the executive branch, although Congress has enacted legislation regarding the protection of certain sensitive information. While the Supreme Court has stated that the President has inherent constitutional authority to control access to sensitive information relating to the national defense or to foreign affairs, no court has found that Congress is without authority to legislate in this area. This report provides an overview of the relationship between executive and legislative authority over national security information, and summarizes the current laws that form the legal framework protecting classified information, including current executive orders and some agency regulations pertaining to the handling of unauthorized disclosures of classified information by government officers and employees. The report also summarizes criminal laws that pertain specifically to the unauthorized disclosure of classified information, as well as civil and administrative penalties. Finally, the report describes some recent developments in executive branch security policies and legislation currently before Congress (S. 3454).

The security classification regime in use within the fed. executive branch traces its origins to armed forces info. protection practices of the WWI era. The system designates info. according to prescribed criteria and procedures, protected in accordance with one of three levels of sensitivity, and is based on the amount of harm to the national security that would result from its disclosure. Contents of this report: Classification Background; Control Markings Discovered; Control Markings Today; Comparison of Sensitive Security Info. Policies: USDA Marking; USDA Mgmt.; TSA/DOT Marking; TSA/DOT Mgmt.; Mgmt. Regime Comparison; Implications for Info. Sharing; Improving Classified Info. Life Cycle Mgmt.; Remedial Legislation; Related Literature.