FAS Homepage | Government Secrecy | S&G Bulletin ||| Index | Search | Join FAS

Information Security Oversight Office
National Archives and Records Administration
700 Pennsylvania Avenue, NW
Washington, DC 20408

The President
The White House
Washington, DC 20500

September 16, 1996

Dear Mr. President:

We are pleased to submit the Information Security Oversight Office's 1995 Report to the President.

As we note at the beginning of our report, fiscal year 1995 was indeed an extraordinary year. You issued three Executive orders that were the first to bring the security classification system into the post-cold war era. Moreover, the agencies of the executive branch classified far fewer documents than in any other year for which we have data, and in conjunction with your Executive Order 12937, "Declassification of Selected Records Within the National Archives of the United States," they declassified in a year more than one-quarter of all the formerly classified pages opened to the public since 1979.

With the effective date of your Executive Order 12958, "Classified National Security Information," commencing in fiscal year 1996, we can anticipate a continuation of these positive trends. Already, preliminary data suggest that many agencies will meet the very high standards you have established in Executive Order 12958. However, our initial exposure to implementation also suggests that compliance will be uneven. Top management support of the reforms you have called for remains critical to their accomplishment.

Our next report will document the first year's experience under Executive Order 12958. As before, we expect to benefit from the commitment of thousands of individuals throughout the executive branch and industry toward achieving its lofty goals.


Steven Garfinkel

The "Fiscal Year 1995 Report to the President" is the 13th report and the last to examine the security classification program under Executive Order 12356. The following data highlight ISOO's findings.





Fiscal year 1995 was a year without peer for the security classification system. At the policy level, the President issued three Executive orders that established a bold demarcation between the past and the future with respect to the classification and declassification of national security information. At the operations level the agencies of the executive branch established record lows for new classification actions and record highs for the number of pages declassified in a year.

I. Executive Order 12958, "Classifted National Security Information"

On April 17, 1995 President Clinton issued Executive Order 12958, "Classified National Security Information." Effective in fiscal year 1996, the Order implements the commitment that the President called for early in his administration to bring the security classification system into the post-cold war era. The statement that the President issued in signing Executive Order 1 2958, reprinted below, highlights the scope of its reforms. For a copy of the complete Order, please refer to ISOO's Report to the President for 1994, or contact ISOO.

April 17, 1995

Statement by the President

II. Executive Order 12937, "Declassification of Selected Records Within the Nationai Archives of the United States"

On November 10, 1994, President Clinton issued an Executive order that declassified, in bulk, a selection of classified records within the National Archives of the United States maintained by NARA. This unprecedented order declassified approximately 45 million pages or 14 percent of the NARA permanent holdings of classified material, including clas- sified holdings through the end of World War II and an equal number dating into the 1970s. For a copy of this Executive order, please refer to ISOO's Report to the President for 1994, or contact ISOO.

III. Executive Order 12951, "Release of Imagery Acquired by Space-Based National Intelligence Reconnaissance Systems"

On February 22, 1995, President Clinton issued an Executive order that, for the first time, will result in the declassification and public availability of historical intelligence imagery, Specifically, before the end of 1996, the public will have access to imagery from Corona, Argon, and Lanyard rnissions. For a copy of this Executive order, please refer to ISOO's Report to the President for 1994, or contact ISOO.

IV. Classification Actions and Pages Declassified

Overshadowed, perhaps, by the extraordinary policy developments during fiscal year 1995, the classifiers and declassifiers of the executive branch also made their mark in record- breaking fashion during the same year. Classification actions reached record low levels, and the nurnber of pages declassified in a year reached record high levels. These charts illustrate the magnitude of these accomplishments.

Classification Actions - Fiscal Years 1980 - 1995
	Fiscal Year		Actions in Millions

	1980			8.8
	1981			10.2
	1982			10.3
	1983			10.9
	1984			12.5
	1985			15
	1986			10.8
	1987			11.9
	1988			10.5
	1989			6.8
	1990			6.8
	1991			7.1
	1992			6.3
	1993			6.4
	1994			4.8
	1995			3.6

Pages Declassified - Fiscal Years 1980 - 1995

	Fiscal Year		Pages in Millions

	1980			24.6
	1981			28.7
	1982			16.8
	1983			8
	1984			11.5
	1985			8.5
	1986			14.5
	1987			9.2
	1988			5.1
	1989			7.2
	1990			12.3
	1991			14.1
	1992			9.5
	1993			6.8
	1994			11.5
	1995			24
	1995			45 (additional under executive order 12937)





Roslyn A. Mazer, Chair
Department of Justice

Joan A. Dempsey
Department of Defense

Michael J. Kurtz
National Archives and Records Administration

William H. Leary
National Security Council

Frank M. Machak
Department of State

Richard J. Wilhelm
Intelligence Community

Support Staff

Information Security Oversight Office

For copies of the ISCAP's bylaws or other information, contact ISOO:

Telephone: 202-219-5250 Fax 202-219-5385 E-mail isoo@archl.nara.gov


Accomplishments Next Steps

Responses to "Next Steps"


In an environment of cost cutting and downsizing, any function or program in Government is subject to the question, 'What does it cost?" The security classification system is no exception. Congress first requested security classification cost estimates from the executive branch in 1994. OMB reported those cost estimates to Congress and worked with the executive branch to develop a method to collect security classification cost estimates. ISOO was tasked through Executive Order 12958 to report these costs to the President. Executive Order 12829, "National Industrial Security Program," also requires that industry or contrac- tor costs be collected and reported by ISOO to the President. This is the first reporting of security classification cost estimates. Executive branch agencies and industry will be required to provide these data annually. ISOO will continue to report them in its reports to the President.


The data presented below were collected by categories based on common definitions developed by an executive branch working group. The categories are defined below. Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a Government or contractor employee's eligibility and ensure suitability for the continued access to classified information.

Physical Security: That portion of security concerned with physical measures designed to safeguard and protect classified facilities and information, domestic or foreign.

Information Security: includes two subcategories. Classification Management: The system of administrative policies and procedures for identifying, controlling, and protecting from unauthorized disclosure classified information the protection of which is authorized by Executive order or statute. Classification management encompasses those resources used to identify, control transfer, transmit retrieve, inventory, archive, declassify, or destroy classified information. Information Systems Security: Measures and controls that ensure confi- dentiality, integrity and availability of the classified information processed and stored by a computer or information technology system. It can include, but is not limited to the provi- sion of all security features needed to provide an accredited system of protection for com- puter hardware and software and classified information, material or processes in auto- mated systems.

Professional Education, Training, and Awareness: The establishment, maintenance, direction, support, and assessment of a security training and awareness program; the certi- fication and approval of the training program; the development, management, and mainte- nance of training records; the training of personnel to perform tasks associated with their duties; and qualification and/or certification of personnel before assignment of security responsibilities related to classified information.

Security Management and Planning: Development and implementation of plans, procedures, and actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational activities, and respond to management requests related to classified information.

Unique Items: Those department- or agency-specific activities that are not reported in any of the primary categories but are nonetheless significant and need to be included.

The total security classification costs estimate for fiscal year 1995 was $2.7 billion. This figure encompasses estimates provided by 32 executive branch agencies, including DOD, whose estimate incorporates the National Foreign Intelligence Program. It does not include, however, the cost estimates of CIA.

Government Security Classification Costs Estimate FY 1995

	TOTAL				$2.7 billion

	Personnel Security		$633 million
	Physical Security		$175 million
	Information Security		$1.5 billion
						$312 million for Classification Management
						$1.2 billion for Information Systems Security
	Professional Education,
		Training, Awareness	$67 million
	Security Management		$257 million
	Unique Items			$6.4 million

Total Security Classification Costs Estimate FY 1995
	TOTAL				$5.6 billion

	Government			$2.7 billion
	Industry			$2.9 billion


A joint DOD and industry group developed a cost collection methodology for those costs associated with the use and protection of classified information within industry. Because industry accounts for its costs differently than Government, cost estimate data were not provided by category. Rather a sampling method was applied that included volunteer com- panies from four different categories of facilities. The category of facility is based on the complexity of security requirements a particular company must meet in order to hold a classified contract with a Government agency.

The 1995 cost estimate totals for industry pertain to the 12-month accounting period for the most recently completed fiscal year of each company that was part of the industry sample. For most of the companies included in the sample, December 31, 1995 was the end of their fiscal year. The estimate of total security costs for 1995 within industry was $2.9 billion.

Because this was Government and industry's first attempt at estimating security classification costs, we expect the collection methods and the reliability of the data to improve with each year. Certainly, there are many lessons to be learned from this effort, Knowing "what it costs" shouid, in the long run, help considerably in the management of the security classification program.


ISOO is repeatedly asked two questions that, despite all the data we collect and analyze, we cannot definitively answer: (1) How much classified information is out there (i e , how big is the classified mountain)? (2) Which was greater this year: the buildup of the classified mountain through classification or the erosion of the mountain through declassification? Central to our inability to answer these questions with any statisti cal support is the lack of data concerning the duplication of classified information.

While ISOO collects, analyzes, and reports data on classification actions or decisions-- and has done so since 1979-- a classification action is not readily convertible into a measurement that denotes size (e.g , a certain number of pages or even an estimated number of pages). A classification action may apply to a single word or two, or it may apply to a report hundreds of pages long.

Even if an archivist, records manager or statistician were able to tell us that the "average" classified document is a certain number of pages long, we could not multiply this number by the number of classification actions and arrive at the number of classified pages produced in that year. This is because of the widespread duplication that accompanies the production of almost every document, whether classified or unclassified and whether the document exists in paper form electronically or both. Today, the producer of a document routinely creates it on a computer and can distribute hundreds of "copies" electronically by pushing a single button, and the producer and receiver of the electronic document are usually only a few steps away from a printer and copier that can produce hundreds of paper copies in a few minutes.

Therefore in terms of the size of the classified mountain, classification actions are the apples, and pages declassified are the oranges. Knowing about each enriches our understanding and monitorship of the security classification system. However, comparing 10 classification actions to 10 pages of information declassified tells us little or nothing about the overall size of the classified universe.


Original classification authorities, also called original classifiers, are those individuals designated in writing, either by the President or by selected agency heads, to classify information in the first instance. Under Executive Order 12958 and its predecessor, Executive Order 12356, only original classifiers determine what information, if disclosed without authority, could reasonably be expected to result in damage to the national security. Under Executive Order 12958, original classifiers must also be able to identify or describe the damage.

For fiscal year 1995, the number of original classifiers throughout the executive branch was 5,379, which represents a reduction of 82 classifiers from the previous year. This figure, for the fifth consecutive year, represents the lowest number of original classifiers ever reported by ISOO. Since 1990, the number of original classifiers has decreased by more than 17 percent, which ISOO primarily attributes to the end of the cold war and the ongoing efforts to downsize Government. However, since disparities exist among agencies with comparable original classification authority, ISOO believes additional reductions are possible without having a negative impact on agency operations.

Original Classifiers FY 1995
	TOTAL			5,379

	Top Secret		1,336
	Secret			3,031
	Confidential		1,102

Executive Order12958 placesmore stringent accountability on original classifiers than previous orders did. For this reason, ISOO anticipates further reductions in the number of original classifiers. These reductions should enhance the credibility of the classification system as a whole by improving the quality and reducing the number of classification decisions.

In fiscal year 1995, agencies reported decreases in the number of original classifiers for all three classification levels. At the Top Secret and Secret levels, agencies reported decreases of 0.6 percent, while the number of Confidential original classifiers decreased by 5 percent. ISOO wishes to recognize several agencies for their efforts to reduce the number of original classifiers. Most impressive were the efforts of FEMA, NASA, and DOE which reported decreases of 25 percent, 22 percent and 16 percent, respectively. Although the reductions in the number of original classifiers are not as significant as in those agencies mentioned above, ISOO also wishes to recognize NRC, DOD, AID and CIA for reducing their number of original classifiers.


Original classification is an initial determination by an authorized classifier that information requires extraordinary protection because unauthorized disclosure of the information could reasonably be expected to cause damage to national security. The process of original classification ordinarily includes both the determination of the need to protect the information and the placement of markings to identify the information as classified. By definition, original classification precedes all other aspects of the security classification system: derivative classification, safeguarding, and declassification. Therefore, ISOO often refers to the number of original classification actions as the most important figure that it reports.

For fiscal year 1995, agencies reported a total of 167,840 original classification decisions This figure represents a decrease of 18 percent from the number of original classification decisions reported in fiscal year 1994 and replaces last year's figures as the lowest number of original classification actions ever reported by ISOO. ISOO maintains that the decrease in the number of original classification decisions over the past several years is a result of ongoing efforts to downsize Government and the end of cold war tensions and the increased use of classification guides as the source for classification. ISOO also attributes the decrease to efforts by several agencies to keep original classification to a minimum. By classification level, both Secret and Confidential decisions decreased by 31 percent and 17 percent respectively. However, the number of Top Secret original classification actions increased by 211 percent. Justice, through the FBI, is the primary contributor to this increase. ISOO is examining why the FBI had such a large increase from the fiscal year 1994 figure of 5,216 to the fiscal year 1995 figure of 21,871. Over the past 4 years, the FBI has been transitioning into an automated collection process, which may partially account for the increase. In fiscal year 1993, Justice reported 15,108 original Top Secret decisions. It appears that the fiscal year 1994 figure is the anomaly for the 3 fiscal years. Nevertheless, ISOO will need to closely monitor this area of Justice's program.

Four agencies-- Justice, CIA, DOD, and State-- continue to account for almost 96 percent of ali original classification decisions. Of these agencies, CIA reported the highest number, with a total of 55,822 actions. However, this number represents a decrease of 3 percent in original classification decisions at CIA from the figure reported in fiscal year 1994. DOD reported a total of 43,542 original classification decisions, which represents an increase of less than 1 percent from the previous year. Whiie Justice's Top Secret original classification actions significantly increased, its total number of actions decreased by 46 percent to 39,678. State reported 1,252 actions, a 5-percent decrease in the number of its original classification decisions.

For several of the agencies with smaller information security classification programs, the data collected show a marked decrease in the number of original classification decisions. In particular, ISOO commends DOT, FEMA, NASA, ONDCP, PFIAB, and Treasury, which reported decreases of 89 percent, 100 percent, 50 percent, 100 percent, 58 percent, and 35 percent, respectively, in the number of original classification decisions.

As part of the original classification process, the classifiers must determine a timeframe for the protection of the information. This is commonly called the "duration" of classification. Executive Order 12356, superseded by Executive Order 12958, provided classifiers with two means of designating the duration of classification for national security information. First, the information could be marked for declassification upon a specific date or event. For example, a classifier could determine that the information's sensitivity would lapse upon the completion of a particular project. The event would be noted on the face of the document, and when the project had been completed, the information would automatically be declassified. Only if a specific date or event could not be determined at the time of classification would the classifier be authorized to use the second means, marking the document with the notation "Originating Agency's Determination Required" (OADR). OADR indicated that the information had to be reviewed by the originating agency before declassification action could be taken. Executive Order 12958 eliminates the use of OADR.

During fiscal year1995, the last year that OADR was an acceptable marking for original classification decisions, 9 percent of all original classification decisions were marked for declassification with a specific date or event, compared to 8 percent of all actions reported in fiscal year 1994.


Derivative classification is the act of incorporating, paraphrasing, restating, or generating in a new form classified source information. Information may be classified in two ways: (1) through the use of a source document, usually correspondence or publications generated by an original classification authority, or (2) through the use of a classification guide. A classification guide is a set of instructions issued by an original classification authority. It pertains to a particular subject and describes the elements of information about that subject that must be classified and the level and duration of classification. Only executive branch or Government contractor employees with the appropriate security clearance, who are required by their work to restate classified source information, may classify derivatively.

For fiscal year1995, agencies reported 3,411,665 derivative classification actions. This figure represents a significant decrease of just over 25 percent from that reported in fiscal year 1994, which at the time was the lowest number ever reported by ISOO. Again, ISOO attributes this significant decrease to the continuing efforts to downsize Government programs, operations and personnel and the absence of any major international conflict involving the United States.

Derivative Activity FY 1995
	TOTAL			3,411,665

	Top Secret		374,244
	Secret			2,344,629
	Confidential		692,792
During fiscal year 1995, the four major classifying agencies reported significant reductions in the number of derivative classification actions. Among these agencies, Justice led the way reporting a 26-percent reduction in derivative classification actions. DOD reported a 38-percent reduction. State reported an 18-percent reduction, and CIA reported a 3-percent reduction from fiscal year 1994. ISOO applauds Justice, DOD State, and CIA for their efforts in reducing significantly the number of derivative classification actions. All other agencies reported 42,759 derivative classification actions, a 4-percent reduction from the year before. Among those agencies JSOO commends the following agencies for reducing the number of derivative classification actions for fiscal year 1995: NSC (58 percent), NRC (54 percent), FRS (40 percent), NASA (32 percent), and USDA (29 percent).


Together, original and derivative classification decisions make up what is called combined classification activity. In fiscal year 1995, combined classification activity significantly decreased by 1,194,392 (25 percent) to a total of 3,579,505 actions. Since derivative actions outnumbered original actions by a ratio of more than 21 to 1, they had a much greater impact on combined classification activity. For the third consecutive year, both derivative and original classification activity reached all time reported lows. The fiscal year 1995 figure represents an all-time reported low for combined classification activity.

Combined Classification Activity FY 1995
  	TOTAL			3,579,505

	Top Secret		396,115
	Secret			2,434,824
	Confidential		748,566

DOD accounted for 47 percent of all combined classification activity reported for fiscal year 1995; CIA 40 percent; Justice, 8 percent; and State, 4 percent. As in the past, the remainirg agencies accounted for only 1 percent of the combined classification activity.


Started in 1972, "Systematic Review for Declassification" is the program under which classified permanently valuable (archival) records are reviewed for purposes of declassification after the records reach a specific age. Under Executive Order 12356, NARA was the only agency required to conduct a systematic review of its classified holdings.

ISOO is pleased to report that during fiscal year1995, the product of the systematic review program showed a tremendous increase. During fiscal year 1995, agencies reviewed slightly over 25 million pages, 11.7 million (89 percent) more than reviewed in fiscal year 1994. Of the pages reviewed, 94 percent were declassified, a significant increase from the 84 percent declassification rate reported in fiscal year 1994. As a result of the number of pages reviewed and the improved declassification rate, 23 million pages were declassified under the systematic review program in fiscal year 1995, over 11 million more pages than in fiscal year 1994.

ISOO believes that this dramatic increase is due to the agencies' anticipation of the declassification reforms contained in Executive Order 12958. As predicted in last year's Report, the new approach to deal with the buildup of older permanently valuable classified records is redefining the future of declassification.

Although the efforts of several agencies contributed to the increase, DOD, State, and NARA account for much of the program's substantial improvement. State accounted for the highest volume of pages reviewed in fiscal year 1995. State reviewed over 10 million pages, 5 million more than in fiscal year 1994, and declassified 9.7 million pages. DOD accounted for the second highest volume of pages reviewed in fiscal year 1995 8.6 million pages, a 2-million-page increase from fiscal year 1994. Of the 8.6 million pages reviewed DOD declassified 7.6 million pages.

In fiscal year 1995, the number of pages NARA reviewed increased from 2,320,531 in fiscal year 1994 to 6,136,000, with a slightly increased declassification rate of 97 percent. NARA's primary explanation for the increase in its systematic review activity was its retention of experienced document reviewers throughout the fiscal year.

Fiscal year 1995 saw an exceptional increase in the amount of declassification activity flowing out of three programs: (1) Executive Order 12937, "Declassification of Selected Records Within the National Archives of the United States," issued by the President early in fiscal year 1995 and described and reproduced in ISOO's last Annual Report; (2) systematic declassification review; and (3) mandatory declassification review. In a year, almost 70 million pages of formerly classified information were declassified. This represents an unprecedented ard extraordinary achievement in the area of declassification and bodes well for the future of the program as we begin implefnenting the declassification reforms of Executive Order 12958.


Under both Executive Order12356 and its successor, Executive Order12958, the mandatory review process allows agencies or citizens to require an agency to review specified national security information for purposes of seeking its declassification. Requests must be in writing and describe the information with sufficient detail to permit the agency to retrieve it with a reasonable amount of effort. Mandatory review remains popular with some researchers as a less contentious alternative to Freedom of Information Act (FOIA) requests. It is also used to seek the declassification of Presidential papers or records which are not subject to the FOIA. The 4,099 cases processed under mandatory review during fiscal year 1995 comprised 42,257 documents totaling 502,550 pages. The number of pages processed represents a 55 percent increase from the previous year. The percentage of pages declassified in whole or in part (94 percent) increased significantly from last year's rate (83 percent). Given the high proportion and number of pages declassified, mandatory review remains a highly successful mechanism for the declassification of information. With the advent of the Interagency Security Classification Appeals Panel under Executive Order 12958, mandatory review is likely to become a far more popular option than in the past.

During fiscal year 1995, agencies processed 101 appeals that comprised 568 documents totaling 1,658 pages. Of these, 80 percent of the pages were granted in whole or in part.

Although the rate is 8-percent lower than last year, this rate still suggests that researchers can continue to anticipate greater returns in declassified information if they pursue an appeal.


Executive Order 12356 requires that each executive branch agency that originates or handles classified information establish and maintain "an active oversight and security education program." Self-inspections are an important part of an agency's program and allow it to identify infractions (minor violations) of the Executive order, the implementing ISOO directive, or agency regulations. Agencies are required to report to ISOO the number and results of these self-inspections each year.

For the fifth year in a row, agencies reported a decrease in the number of self-inspections, For fiscal year1995, agencies reported 2,517 fewer self-inspections, a 20-percent decrease from the number reported in fiscal year 1994. This decrease is largely attributed to DOD, which conducted 2,550 fewer self-inspections. Other agencies with significant decreases include GSA, HUD, Justice, NARA, NRC, State, Treasury, and USIA. These reductions in self-inspections are primarily attributed to the continued downsizing and reorganizations throughout the Government. Other factors that contributed to the reductions in self-inspections are the Government shutdowns and extended periods without authorized appropriation bills for some agencies that occurred during fiscal year 1996. Those agencies reporting major increases in self-inspections, thus enhancing their oversight capability, include AID, CIA, DOE, FEMA, and DOT.

In fiscal year 1995, agencies detected a total of 8,622 infractions. Compared to fiscal year 1994, this figure represents a 33-percent decrease. The average number of infractions discovered per inspection significantly decreased from 1.02 in fiscal year 1994 to 0.84 in fiscal year 1995. These figures are not encouraging, and they suggest that not all agencies have effective self-inspection programs. ISOO has consistently held that agencies would identify a far greater number of infractions if agencies conducted more quality self-inspections. ISOO believes that the uniform standards for comprehensive self-inspections in subpart C of the implementirig directive for Executive order 12958, if consistently implemented, will help to improve the quality of agency self-inspections.


ExecutiveOrder12958 bringswith it many changes in principles, practice, and procedures. Security education is more critical than ever. Familiarizing those who have access to classified information with the requirements of the new classification system is a major undertaking for security professionals in both Government and industry. ISOO is currently exploring ways to coordinate or develop the dissemination of as many security education tools as possible within the context of budgetary considerations. As for now, ISOO has developed a new marking pamphlet to serve as a general guide for use by both original and derivative classifiers. We have also revised our popular Standard Form (SF) 312 briefing booklet by including the new Executive order and updating the "Questions ard Answers" segment.

New Marking Booklet

This booklet, fresh off the presses, is a general, illustrated guide on how to mark classified documents in accordance with the requirements of Executive Order 12958 and its implementing directives. Authorized original and derivative classifiers as well as administrative personnel who prepare classified documents can rely on this booklet whenever there is a question about the marking of a classified document.

Updated SF 312 Briefing Booklet

This booklet remains popular with agency ard industry security managers who are tasked with providing briefings on the SF 312, "Classified Information Nondisclosure Agreement." It includes the complete text of all the laws and regulations that must be available if requested by someone signing the SF 312, including the text of Executive Order 12958, a copy of the SF 312, and updated answers to almost all the questions that employees are likely to raise about the nondisclosure agreement.

The SF 312 Video

This 13-minute video provides an entertaining but informative approach to answering most of the questions that employees raise about the purpose of the nondisclosure agreement and their obligations under it. It provides an excellent base for an employee briefing on the SF 312.

Executive Order 12958 and Implementing Directive Packet

This packet is a three-hole punched, shrink-wrapped document that includes Executive Order 12958, its implementing directives, the President's Original Ciassification Authority designations, and amendment. Tabs identify each of these items. They are all printed in a very clear and very easy to read format. This is one of the most "user-friendly" versions of the Order and its related documents.

FAS Homepage | Government Secrecy S&G Bulletin||| Index | Search | Join FAS