10.9.1  National Security Information

Manual Transmittal

August 14, 2012

Purpose

(1) This transmits revised IRM 10.9.1, National Security Information.

Background

This revision addresses new executive orders, directives, federal regulations, policy, and guidance which implemented changes to related policy and guidance for the handling of classified national security Information.

Material Changes

(1) IRM 10.9.1 was revised as follows:

  • Applicable updates based on new/revised executive orders, directives, federal regulations, policy, and guidance related to handling classified national security information.

  • Various grammatical and editorial changes throughout, and renumbered and/or renamed sections where applicable, to improve the flow of information.

Effect on Other Documents

This IRM supersedes IRM 10.9.1, dated September 30, 2008.

Audience

This IRM shall be distributed to all personnel responsible for handling, processing, storing, transmitting, accounting for/tracking and/or destruction of classified information.

Effective Date

(08-14-2012)

Norris L. Walker
Director, Physical Security and Emergency Preparedness

10.9.1.1  (08-14-2012)
Overview

  1. It is the policy of the IRS to establish and manage a process for properly identifying, protecting, marking, handling, accounting, storing, sharing, reproducing, and destroying classified national security information within the Service.

  2. This IRM provides policy and guidance to be used by IRS personnel responsible for marking, handling, processing, storing, transmitting, accounting for/tracking and/or destruction of classified national security information. It also provides security and protection measures for classified national security information. All classified national security information under the control of the IRS will be handled in accordance with its assigned classification level to prevent the unauthorized disclosure and/or compromise of the information.

  3. This IRM implements IRS minimum standards within the Service for classification, safeguarding, transmission, and destruction of classified national security information hereafter referred to as "classified information." It implements polices, and procedures for the handling of classified information and procedures for reporting violations, loss or compromise of the information.

  4. The IRS information security program for classified information will:

    1. Ensure there are sufficient protective measures (including technical, physical, and personnel control measures) in place to safeguard classified information

    2. Ensure individuals entrusted to handle classified information are properly trained and aware of their responsibilities when handling classified information;

    3. Ensure proper identification and reporting of possible classified information violations or infractions.

  5. The provisions in this manual apply to all offices, business, operating, and functional units within the IRS who handle classified information. This manual also applies to individuals and organizations having contractual arrangements with the IRS, including employees, contractors, vendors, and outsourcing providers, who handle classified information.

  6. For the purpose of this IRM, the terms IRS, Service, and Agency are interchangeable.

10.9.1.1.1  (08-14-2012)
Resources

  1. The following list includes authorities related to handling classified information:

    • Treasury Department Publication (TD P) 15-71, Department of the Treasury Security Manual, dated June 17, 2011.

    • Treasury Order (TO) 105-19, Delegation of Original Classification Authority; Requirements for Downgrading and Declassification, dated June 17, 2011.

    • Department of Treasury Security Classification Guide, dated March 2, 2012.

    • Information Security Oversight Office (ISOO) Directive No. 1, 32 CFR Parts 2001 and 2003, Classified National Security Information (implementing Executive Order 13526), dated June 22, 2010.

    • Executive Order (EO) 13526, Classified National Security Information, dated December 29, 2009.

    • Executive Order (EO) 12968, Access to Classified Information, dated August 2, 1995.

  2. Additional resources include:

    • IRM 10.23.3, Personnel Security/Suitability Program.

    • Treasury Directive Publication 85-01, Volume 1, Unclassified (Non-National Security) Systems.

    • Treasury Directive Publication 85-01, Volume II Classified (National Security) Systems.

10.9.1.2  (08-14-2012)
Roles and Responsibilities

  1. The IRS will implement roles and accompanying responsibilities in accordance with federal laws, executive orders, and guidelines that are appropriate for their specific mission and operations.

10.9.1.2.1  (08-14-2012)
Agency Head

  1. In accordance with EO 13526, Classified National Security Information, as the agency head, the IRS Commissioner will:

    1. Demonstrate personal commitment and commit senior management to the successful implementation of the Service's information security program for classified information;

    2. Commit necessary resources to the effective implementation of the information security program;

    3. Ensure that IRS records systems are designed and maintained to optimize the appropriate sharing and safeguarding of classified information, and to facilitate its declassification under the terms of EO 13526 when it no longer meets the standards for continued classification;

    4. Designate a senior agency official to direct and administer the information security program under which information is classified, safeguarded, and declassified.

  2. The IRS Commissioner will:

    1. Establish procedures in accordance with applicable law and consistent with directives issued pursuant to EO 13526 to ensure that classified information is accessible to the maximum extent possible by individuals who meet the prescribed access criteria for classified information;

    2. Carry out the policies and procedures set forth in Treasury Department Publication (TD P) 15-71, Department of the Treasury Security Manual.

10.9.1.2.2  (08-14-2012)
Senior Agency Official

  1. The Chief, Agency-Wide Shared Services (AWSS) serves as the Senior Agency Official (SAO) for the Service's information security program for classified information. The SAO responsibilities include:

    1. Overseeing the information security program;

    2. Designating an information security manager;

    3. Promulgating implementing directives and regulations;

    4. Establishing and maintaining security education and training programs;

    5. Establishing and maintaining an ongoing self-inspection program, which will include periodic review and assessment of the Service's classification products;

    6. Establishing procedures to prevent unnecessary access to classified information, including procedures that: require that a need for access to classified information be established before initiating administrative clearance procedures; and ensure that the number of persons granted access to classified information meets the mission needs while also satisfying operational and security requirements and needs;

    7. Developing special contingency plans for the safeguarding of classified information used in or near hostile or potentially hostile areas;

    8. Ensuring that the performance contract or other system used to rate personnel performance includes the designation and management of classified information as a critical element or item to be evaluated in the rating of original classification authorities, security managers or security specialists, and all others whose duties significantly involve the creation or handling of classified information, including personnel who regularly apply derivative classification markings;

    9. Accounting for the costs associated with the implementation of EO 13526;

    10. Assigning in a prompt manner Service personnel to respond to any request, appeal, challenge, complaint, or suggestion arising out of EO 13526 that pertains to classified information that originated in an organizational component of the Service that no longer exists and for which there is no clear successor in function;

    11. Establishing a secure capability to receive information, allegations, or complaints regarding over-classification or incorrect classification within the Service and to provide guidance to personnel on proper classification as needed;

    12. Taking appropriate and prompt corrective action when a classified information violation or infraction occurs;

    13. Approving requests on behalf of the Commissioner from Service officials for derivative classification authority.

10.9.1.2.3  (08-14-2012)
Director, Physical Security and Emergency Preparedness

  1. Director, Physical Security and Emergency Preparedness (PSEP), manages and administers the Service's information security program for classified information for the SAO. The Director's responsibilities include:

    1. Implementing an information security program for classified information within the Service;

    2. Formulating Service policy and procedures, issuing directives, and monitoring, inspecting, and reporting on the status of administration of the Service's information security program for classified information;

    3. Managing the communications security (COMSEC) program;

    4. Serving as the Service's primary official and liaison with Department of the Treasury and other Federal agencies for the information security program for classified information;

    5. Coordinating and performing audits and reviews of the information security program for classified information.

10.9.1.2.4  (08-14-2012)
Senior Management/Executive

  1. The senior management/executive responsible for an office or a business, operating, or functional unit, is responsible for the effective management of classified information within their organization.

  2. Effective management includes:

    1. Ensuring that classified information within their organization is appropriately marked, protected, handled, stored, reproduced, shared, and destroyed;

    2. Designating in writing Classified Document Custodians (CDC) at facilities storing and handling classified information;

    3. Ensuring that CDCs are trained and provided the appropriate resources to protect classified information;

    4. Issuing local security instructions and procedures for handling classified information;

    5. Ensuring CDCs conduct self-inspections;

    6. If Top Secret information is held by the organization, appointing in writing, a Top Secret Control Officer (TSCO).

    Note:

    CDC and TSCO duties may be assigned to the same person.

    Note:

    See Exhibit 10.9.1-1 Classified Document Custodian (CDC) Duties and Responsibilities and Exhibit 10.9.1-2, Top Secret Control Officer (TSCO) Responsibilities.

10.9.1.2.5  (08-14-2012)
Holders and Handlers of Classified Information

  1. Authorized persons who have access to classified information are responsible for:

    1. Protecting it from persons without authorized access to that information, to include securing it in approved equipment or facilities whenever it is not under the direct control of an authorized person;

    2. Meeting safeguarding requirements prescribed in this IRM; and

    3. Ensuring that classified information is not communicated over unsecured voice or data circuits, in public conveyances or places, or in any other manner that permits interception by unauthorized persons.

    4. Reporting the loss or compromise of classified information.

10.9.1.3  (08-14-2012)
Original Classification

  1. Classified information, also known as "classified National Security Information" is information that has been determined pursuant to EO 13526, Classified National Security Information or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.

  2. Information may be classified only if its unauthorized disclosure could reasonably be expected to result in least damage to the national security, which includes defense against transnational terrorism, and that the original classification authority is able to identify or describe the damage.

    Note:

    By definition, national security is the national defense or foreign relations of the United States. The unauthorized disclosure of foreign government information is presumed to cause damage to the national security.

10.9.1.3.1  (08-14-2012)
Classification Standards

  1. Information may be originally classified under the terms of EO 13526, Classified National Security Information, only if all of the following conditions are met:

    1. An original classification authority (OCA) is classifying the information;

    2. The information is owned by, produced by or for, or is under the control of the United States Government;

    3. The information falls within one or more of the categories of information listed in section 1.4 of EO 13526; and

    4. The OCA determines that the unauthorized disclosure of the information reasonably could be expected to result in damage to the national security, which includes defense against transnational terrorism, and the OCA is able to identify or describe the damage.

  2. If there is significant doubt about the need to classify information, it will not be classified. However, when there is still reasonable doubt, it will be safeguarded as if it were at least Confidential, pending a determination by an OCA.

    1. When such determination affirms the initial protection, the information will be marked to reflect its final classified status in compliance with TD P 15-71, Department of the Treasury Security Manual.

    2. When such determination results in a decision by an OCA that the information does not warrant classification, the tentative Confidential markings will be obliterated. The OCA decisions will be final.

10.9.1.3.2  (08-14-2012)
Classification Levels

  1. Classified information will be identified by one of the following three levels: .

    1. "Top Secret" will be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the OCA is able to identify or describe.

    2. "Secret" will be applied to information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the OCA is able to identify or describe.

    3. "Confidential" will be applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the OCA is able to identify or describe.

  2. No terms other than Top Secret, Secret, or Confidential will be used to identify U. S. classified information, except as otherwise provided by statute.

    Note:

    If there is significant doubt about the appropriate level of classification, it will be classified at the lower level.

10.9.1.3.3  (08-14-2012)
Classification Authority

  1. The basis for classification is EO 13526, and the Information Security Oversight Office (ISOO) Directive No. 1, 32 CFR Parts 2001 and 2003, Classified National Security Information (implementing Executive Order 13526).

  2. Treasury Departmental Offices (DO)/bureau OCA officials are identified in Treasury Order (TO) 105-19, Delegation of Original Classification Authority; Requirements for Declassification and Downgrading.

  3. Additional OCAs require written designation by:

    1. The Secretary of the Treasury at the Top Secret, Secret, and Confidential levels or

    2. Treasury’s Senior Agency Official (SAO) at the Secret and Confidential levels.

    Note:

    Treasury’s Office of Security Programs (OSP) will coordinate the identification and designation of additional OCA officials.

  4. There are no IRS officials with OCA authority.

10.9.1.3.4  (08-14-2012)
Classification Categories

  1. Within the Department of Treasury context, the items below are the most frequently used rationale for classification:

    1. Military plans, weapons systems, or operations;

    2. Intelligence activities (including covert action), intelligence sources or methods or cryptology;

    3. Foreign relations or foreign activities of the United States, including confidential sources;

    4. Scientific, technological, or economic matters relating to the national security; or

    5. Vulnerabilities or capabilities of systems, installations, infrastructures, projects, plans, or protection services relating to the national security.

  2. The U.S. economic viability/well-being, market sensitivity, U.S. global competitiveness, tracking terrorist assets/financial crimes may be considered as rationale for classification.

10.9.1.3.5  (08-14-2012)
Duration of Classification

  1. At the time of original classification, the OCA will establish a specific date or event for declassification based on the duration of the national security sensitivity of the information.

    1. Upon reaching the date or event, the information will be automatically declassified.

    2. Except for information that should clearly and demonstrably be expected to reveal the identity of a confidential human source or a human intelligence source or key design concepts of weapons of mass destruction, the date or event will not exceed the time frame established below.

    If the OCA cannot determine an earlier specific date or event for declassification, the information will be marked for declassification 10 years from the date of the original decision, unless the OCA otherwise determines that the sensitivity of the information requires that it be marked for declassification for up to 25 years from the date of the original decision.

  2. An OCA may extend the duration of classification up to 25 years from the date of origin of the document, change the level of classification, or reclassify specific information only when the standards and procedures for classifying information under EO 13526 are followed.

    Note:

    No information may remain classified indefinitely.

10.9.1.3.6  (08-14-2012)
Limits to Classification and Reclassification

  1. Markings other than Top Secret, Secret, and Confidential will not be used to identify classified information. No other terms or phrases such as "Secret/Sensitive" or "Administratively Confidential" will be used in conjunction with these markings to identify classified information.

  2. In no case will information be classified in order to:

    1. Conceal violations of law, inefficiency, or administrative error;

    2. Prevent embarrassment to a person, organization, or agency;

    3. Restrain competition; or

    4. Prevent or delay the release of information that does not require protection in the interest of the national security.

  3. Basic scientific research information not clearly related to the national security will not be classified.

  4. Information may not be reclassified after declassification and released to the public under proper authority unless:

    1. The reclassification action is personally approved in writing by the Secretary of the Treasury based on a document-by-document determination by that official that reclassification is required to prevent significant and demonstrable damage to the national security;

    2. The information may be reasonably recovered without bringing undue attention to the information;

    3. The reclassification action is reported promptly by the Treasury's Director, Office of Security Programs (OSP) to the National Archives' Director, Information Security Oversight Office (ISOO) and the Assistant to the President for National Security Affairs (National Security Advisor).

10.9.1.3.7  (08-14-2012)
Record Requirements and Chronological Files

  1. Every original and derivative classification action must be accounted for annually and reported to Treasury’s OSP for consolidation into an overall report for the National Archives' ISOO at the end of each fiscal year.

  2. Employees, consultants and contractor personnel are responsible for keeping a record each fiscal year of all original and derivative classification decisions on Standard Form 311– Agency Security Classification Management Program Data. This accounting includes classified email (equivalent to final documents or position papers) prepared on equipment approved for processing classified information.

  3. An effective way to account for the volume of classified documents is to establish a classified chronological file.

    1. Whenever a final document (or equivalent classified email message is created) a hard paper copy is inserted in the dedicated chronological file. That file is properly marked with the level of the classified content and stored in a General Services Administration (GSA)-approved security container.

    2. When the OSP data call is sent out to report that year’s information security statistics, the file documents are counted by original/derivative classification and respective classification levels.

    3. Retention of the file after its contents are accounted for is at the discretion of the file custodian; the key is to use this collection methodology throughout the year.

    4. Chronological files might be maintained by individual employee, supervisor, office, division, section, etc., or centralized as befits the efficiency of the Service.

10.9.1.3.8  (08-14-2012)
Classification Challenges

  1. Information classified under EO 13526 and prior Orders is subject to challenge by any authorized recipient of the information.

  2. An authorized holder of information who in good faith believes the classified status of particular information is improper is encouraged and expected to challenge the classification status of the information.

  3. Only the following personnel qualify as authorized holders for purposes of making a classification challenge:

    1. Cleared U.S. Government employee who is a recipient of the particular classified information in the course of conducting official business.

    2. Agency security official who is responsible for properly safeguarding classified information.

    3. Cleared contractor personnel or consultant who is performing work or providing services involving access to classified information.

  4. Challenges of classification decisions are intended to bring about corrective action(s) that ensures only information legitimately warranting protection based upon criteria in EO 13526 is classified. The decision to challenge will be based on one of the following assumptions:

    1. Information should/should not be classified.

    2. Information should be classified at a lower/higher level (under/over-classification).

    3. Information is improperly classified (including an overly restrictive period of time or without proper authority).

    4. Information is improperly marked.

  5. Having been authorized access to classified information it is the responsibility of all cleared employees to ensure such information is adequately safeguarded. This task includes noting and reporting to appropriate classifiers any conditions that lead an employee, contractor personnel, or consultant to feel the actual classification or exercise thereof is improper, needless, or restrictive.

  6. Those who exercise a classification challenge will not be subjected to adverse action, reprisal, retribution, or retaliation based on their election to engage the challenge provision.

10.9.1.3.8.1  (08-14-2012)
Challenge Requirement and Handling

  1. Challenges to classification decisions will sufficiently describe the particular information being challenged to enable the classifier (or his or her designee) to locate it and respond with a reasonable amount of effort.

  2. Authorized holders of the information:

    1. Will identify their rationale behind the challenge (under/over-classification, improper markings, etc.).

    2. Must ensure that the material in question is suitably protected to prevent unauthorized access commensurate with the level of classification initially assigned to the information.

    3. In the case of any material that holder believes should be classified (but has not been), will ensure the information will be protected at a level deemed appropriate pending the final decision.

  3. The original and any copies of the “questionable information” will be protected during the entire challenge in the same manner as other Top Secret, Secret, or Confidential information. This includes markings, packaging, transmittal, accountability, couriering, reproduction, etc., until such time as a decision is made.

  4. The SAO will complete the review of the challenge and report the results of the review in writing to the challenger.

  5. If the SAO is unable to resolve the issue to the satisfaction of the challenger, the challenger may appeal the SAO's decision to the Interagency Security Classification Appeals Panel in coordination with the Department of the Treasury.

    Note:

    Classification challenges will be considered separately from Freedom of Information Act (FOIA) or other requests and not processed in turn with pending FOIA or other access requests.

10.9.1.4  (08-14-2012)
Derivative Classification

  1. Derivative classification is the restatement of existing classified information by persons who reproduce, extract, or summarize, or apply classification markings derived from source material or as directed by a classification guide. It means incorporating, paraphrasing, restating, or generating in new form of information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source information.

  2. The basis for derivative classification actions involves use of one or more of the following types of information:

    1. Existing classified source document;

    2. Approved classification guide;

    3. Classified communication, e.g., information provided orally via secure phone or obtained/discussed during a classified meeting.

  3. Derivative classification may be exercised by any IRS employee, consultant or contractor (under the National Industrial Security Program (NISP)) with a security clearance.

10.9.1.4.1  (08-14-2012)
Use of Derivative Classification

  1. Individuals who reproduce, extract, or summarize classified information, or who apply classification markings derived from source material or as directed by a classification guide, need not possess original classification authority.

  2. Individuals who apply derivative classification markings will:

    1. Be identified by name and position, or by personal identifier, in a manner that is immediately apparent for each derivative classification action;

    2. Observe and respect original classification decisions; and

    3. Carry forward to any newly created documents the pertinent classification markings.

  3. For information derivatively classified based on multiple sources, the derivative classifier will carry forward:

    1. The date or event for declassification that corresponds to the longest period of classification among the sources, or the marking established pursuant to section 1.6(a)(4)(D) of EO 13526; and

    2. A listing of the source materials.

  4. Derivative classifiers will, whenever practicable, use a classified addendum whenever classified information constitutes a small portion of an otherwise unclassified document or prepare a product to allow for dissemination at the lowest level of classification possible or in unclassified form.

  5. Persons who apply derivative classification markings will receive training in the proper application of the derivative classification principles of the order, with an emphasis on avoiding over-classification, at least once every 2 years.

    1. Derivative classifiers who do not receive such training at least once every 2 years will have their authority to apply derivative classification markings suspended until they have received such training.

    2. A waiver may be granted by the agency head, the deputy agency head, or the senior agency official if an individual is unable to receive such training due to unavoidable circumstances. Whenever a waiver is granted, the individual will receive such training as soon as practicable.

    Note:

    See the Department of Treasury Security Classification Guide (http://intranet.treas.gov/security/publications/), a tool to aid Treasury agency/bureau employees in the proper and uniform derivative classification of information within the Department of Treasury.

10.9.1.5  (08-14-2012)
Downgrading and Declassification

  1. Per Treasury Order (TO) 105-19, Delegation of Original Classification Authority; Requirements for Downgrading and Declassification, the Secretary of the Treasury made the following delegations with respect to downgrading and declassification of classified information:

    1. The Deputy Secretary, Executive Secretary, Under Secretaries, General Counsel, Assistant Secretaries, and Bureau Heads (e.g., IRS Commissioner) are authorized to downgrade and/or declassify Treasury Department-originated classified information that was created by their own office or bureau or by a predecessor organization now under their jurisdiction.

    2. Any delegation of downgrading and declassification authority to officials other than those referenced above must be in writing on TD F 15-05.3, Report of Authorized Downgrading and Declassification Officials, and forwarded to the Director, OSP for signature by the Secretary of the Treasury or Treasury's Senior Agency Official.

  2. Treasury DO/bureau/agency officials identified in TO 105-19 may automatically downgrade and declassify information within their jurisdiction up to the level of their own security clearance.

    Note:

    Where the official does not have the same level of original classification authority as the document(s) subject to review, the decision will be referred to the next higher level official for formal approval.

  3. IRS officials should consult with OCAs, subject matter experts, and security and records management officers when making downgrading and declassification decisions.

10.9.1.5.1  (08-14-2012)
Automatic Declassification Review

  1. All classified information contained in records that are more than 25 years old and that have been determined to have permanent historical value will be automatically declassified, unless such material has been exempted (under Title 44 U.S.C. via National Archives' ISOO) and in coordination with Treasury's Director, OSP.

    1. The 25-year automatic declassification process is a sliding scale as records age and applies annually to classified information every December 31st. The premise is that 25-year old documents can be declassified based on their age and subject matter when continued protection as national security information is no longer necessary.

    2. The exemption ensures continued classification of only particular information warranting protection in the national interest despite the passage of time.

  2. Permanently historically valuable information classified under EO 13526 or a prior EO is subject to automatic declassification upon reaching 25 years of age. Such classified records will automatically be declassified on December 31st of the year that is 25 years from its date of origin.

  3. Classified information will not be automatically declassified as a result of an unauthorized disclosure of identical or similar information.

  4. Prior to public release, all declassified records will be appropriately marked to reflect the declassified status of the information.

10.9.1.5.2  (08-14-2012)
Systematic Declassification Review

  1. Systematic declassification review applies to originally classified records (including Presidential papers) which the Archivist of the United States has determined to be of sufficient historical, or other, value to warrant permanent retention and which are exempt from automatic declassification under Section 3.4, EO 13526. The Archivist establishes declassification following such review.

  2. The Service's SAO is responsible for identifying to the Archivist the Service's classified information which is 25 years old and older and which requires continued protection. This includes permanently-valuable records exempted from automatic declassification under Section 3.3 of EO 13526.

10.9.1.5.3  (08-14-2012)
Mandatory Declassification Review

  1. Mandatory declassification review is a mechanism through which the public can request declassification review of classified records, regardless of age or origin, subject to certain limitations set forth EO 13526. For example:

    1. The request describes the document or material containing the information in sufficient specificity to enable location of it with a reasonable amount of effort;

    2. The document or material containing the information responsive to the request is not contained within an operational file exempted from search and review, publication, and disclosure under 5 U.S.C. 552 in accordance with law; and

    3. The information is not the subject of pending litigation.

  2. Where particular information is determined to no longer meet the standards for classification under EO 13526:

    1. The information will be declassified and released unless withholding is otherwise authorized and warranted under applicable law;

    2. If the particular information has been previously reviewed for possible declassification within the last 2 years, another review need not be conducted. Accordingly the requester will be so informed of this fact and the prior review decision along with advising the request of appeal rights.

  3. Requests for broad types of information, entire file series of records, or similar non-specific requests may be denied for processing.

  4. Treasury’s procedures for requesting and processing mandatory declassification reviews of classified information are contained in 31 CFR Part 2, National Security Information, and published in the Federal Register.

10.9.1.6  (08-14-2012)
Disseminating Classified Information

  1. Classified information may only be shared with an individual who has the appropriate security clearance (at or exceeding the level) of the particular information to be provided to them for conducting official U.S. Government business.

    Note:

    The individual must also have the need-to-know, signed a non-disclosure agreement, and received training on protective requirements to safeguard classified information.

  2. There must be sufficient controls to limit disclosure of classified information to only those persons authorized to receive it. Controls include those for:

    1. Physical/oral access,

    2. Internal distribution,

    3. Inventory,

    4. Reproduction, and

    5. Annually updating any automatic/routine, or recurring dissemination rosters to distribute classified information.

  3. Classified information originated by Treasury bureaus/agencies will remain under the Department’s control and will not be removed from official premises without proper authorization.

  4. Classified information originating in one agency may be disseminated to another agency or U.S. entity by any agency to which it has been made available without the consent of the originating agency, as long as the criteria for access under Section 1.4(a), EO 13526 are met, unless the originating agency has determined that prior authorization is required for such dissemination and has marked or indicated such requirement on the medium containing the classified information.

  5. Documents created prior to June 25, 2010 will not be disseminated outside any other agency to which they have been made available without the consent of the originating agency.

    Note:

    For the procedures for providing classified information to the Legislative Branch (U.S. Congress and U.S. Government Accountability Office (GAO)) and the Judicial Branch, see TD P 15-71, Department of the Treasury Security Manual , Chapter 3, Section 13.

  6. All automatic distribution listings involving routine distribution and sharing of classified information must be reviewed and updated annually. The update will eliminate any recipients who no longer have the need-to-know or are no longer employed in the same position warranting continued receipt of classified information disseminated automatically.

10.9.1.6.1  (08-14-2012)
Hand-carrying (Hard-copy) Classified Information

  1. When hand-carrying classified hard-copy material among and between IRS officials, ensure that the recipient has the:

    1. Proper security clearance,

    2. Need-to-know,

    3. Attendant training to safeguard the information, and

    4. Capability to adequately store classified information.

  2. Classified hard-copy material may be hand-carried within an IRS facility by direct contact of the officials/employees involved or via cleared support staff. The material will:

    1. Have the appropriate classified document cover sheet affixed to it and

    2. Be placed inside a single, sealed, opaque envelope/file folder or security locking bag.

  3. When IRS personnel hand-carry classified hard-copy material in official travel status, the physical transport will avoid using non-U.S. flag aircraft or vessels.

  4. Classified information will be taken across international borders "only" when absolutely essential and with the full knowledge of the agency's security officials.

  5. If the U.S. Government’s best interest requires hand-carrying classified information abroad, the following specific safeguards apply:

    1. Classified information will be in the physical possession of the traveler at all times if proper storage in a U.S. Government facility is not available.

    2. Under no circumstance will classified information be stored in a hotel safe/room, locked in a vehicle, private residence, train compartment, any detachable storage compartment, or any other non-General Services Administration (GSA)-approved storage device.

    3. An inventory of all classified information will be made prior to departure and a copy thereof retained by the traveler’s office until the traveler’s return – when all classified information will be accounted for

    4. Classified information will not be read or allowed to be viewed during the travel.

    5. First/business class travel may not be authorized when the justification is solely based on the need to read or study classified information.

  6. Classified information will not be delivered to unoccupied offices or rooms.

10.9.1.6.2  (08-14-2012)
Laptops and Disks

  1. The same requirements apply to classified information contained on laptops and disks as for hard-copy paper documents.

    1. Prior arrangements by the official traveler will be made to ensure the classified laptop and classified information on disks are protected during the entire trip.

    2. Storage in U.S. Government controlled diplomatic facilities is required and with advanced coordination with State Department officials.

    3. Laptops for classified processing (and disks containing classified information) will not be left unattended in hotel safes, rooms, conveyances, or stored overnight in U.S.-owned or foreign businesses either abroad or domestically.

    4. All laptops for classified processing and disks will be continuously controlled by cleared, U.S. Government employees (24 hours per day, seven days a week) during official travel.

  2. Flash/Thumb drives are NOT approved for storing or transporting classified information.

10.9.1.6.3  (08-14-2012)
Secure Voice/Data Communications

  1. IRS officials will use secure communications or Secure Telephone Equipment (STE) for conducting classified discussions. These communications include voice and data transmissions (facsimile or fax) under provisions established by Treasury systems security officials in Treasury Directive Publication (TD P) 85-01 Volume 1, Part 2.

10.9.1.7  (08-14-2012)
Safeguarding Classified Information

  1. Classified information, regardless of its form, will be afforded a level of protection against loss or unauthorized disclosure commensurate with its level of classification.

10.9.1.7.1  (08-14-2012)
Access to Classified Information

  1. EO 12968, Access to Classified Information, provides that to be eligible for access to classified information distinct actions must be taken. EO 13526 further reiterates that individuals must have:

    1. A favorable determination of eligibility for access. An individual is eligible for access to classified information only after a positive showing of trustworthiness as determined by the proper Service authority and based upon an investigation (and favorable adjudication) in accordance with National personnel security standards, criteria and accompanying Treasury guidance;

    2. Signed Standard Form (SF) 312, Classified Information Non-Disclosure Agreement;

    3. The need-to-know the information. Need-to-know is a determination in accordance with directives issued pursuant to EO 12968 and EO 13526 that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized U.S. Government function; and

    4. Participated in contemporaneous training on the proper safeguarding of classified information and on the criminal, civil, and administrative sanctions that may be imposed on an individual who fails to protect classified information from unauthorized access.

    Note:

    Additionally, employees who are original classification authorities must receive proper classification and declassification training at least once annually.

  2. A security clearance for access to classified information will not be fully valid until each of the above four elements is fulfilled.

  3. No employee will be deemed to be eligible for access to classified information merely by reason of:

    1. Federal service or contracting, licensee, certificate holder, or

    2. Grantee status, or

    3. As a matter of right or privilege, or

    4. As a result of any particular title, rank, position, or affiliation.

  4. IRM 10.23.3, Personnel Security/Suitability Program, contains procedures for requesting employee security clearances. The Personnel Security Office website (http://hco.web.irs.gov/recruitstaff/PersonnelSecurity/Contact/Contact.shtml) is also a good source for security clearance information.

  5. Holders of classified information are responsible for verifying security clearances of employees prior to granting access. For verification of security clearances:

    1. For IRS employees, contact the Personnel Security Office;

    2. For visitors, see Exhibit 10.9.1-3, Visitor Procedures.

10.9.1.7.2  (08-14-2012)
General Safeguarding Provisions

  1. Each person possessing a security clearance is responsible for safeguarding classified information from possible loss, compromise or unauthorized disclosure. Every cleared person having knowledge and physical custody of, or access to, classified information also has this responsibility.

  2. Classified information will be properly protected at all times. The failure to do so might constitute a security infraction/violation depending on the circumstances and/or the possibility of ensuing compromise, loss, or access to classified information by unauthorized persons.

  3. Authorized persons who have access to classified information are responsible for

    1. Ensuring that classified information is used, processed, stored, reproduced, transmitted, and destroyed under conditions that provide adequate protection and prevent access by unauthorized persons.

    2. Protecting it from persons without authorized access to that information, to include securing it in approved equipment or facilities whenever it is not under the direct control of an authorized person;

    3. Ensuring that classified information is not communicated over unsecured voice or data circuits, in public conveyances or places, or in any other manner that permits interception by unauthorized persons.

  4. Classified information will ONLY be processed on approved computers/equipment, i.e., the Treasury Secure Data Network (TSDN) for Secret and Confidential information (as well as particularly sensitive information) or the Treasury Foreign Intelligence Network (TFIN) for Top Secret and Sensitive Compartmented Information.

  5. Classified information will be transmitted and received in an authorized manner which ensures that:

    1. Evidence of tampering can be detected,

    2. Inadvertent access can be precluded, and

    3. Provides a method which assures timely delivery to the intended recipient.

  6. Persons transmitting classified information are responsible for ensuring that intended recipients are authorized persons with the capability to store classified information.

  7. Secure communications or Secure Telephone Equipment (STE) will be used for conducting classified discussions.

  8. Classified information approved for destruction will be completely destroyed to prevent retrieval and to prevent recognition and reconstruction.

  9. Classified information may not be removed from IRS official premises without proper authorization.

  10. An IRS official or employee leaving IRS service may not remove classified information from IRS' control or direct that information be declassified in order to remove it from IRS control.

  11. Access to classified information will be terminated when an employee no longer has a need for access.

10.9.1.8  (08-14-2012)
Standards for Security Equipment

  1. Security equipment used for secure storage of classified material will conform to standards specified by the General Services Administration (GSA). Whenever new secure storage equipment is procured, it will be in conformance with the standards and specifications established by the GSA, and will, to the maximum extent possible, be of the type available through the Federal Supply System.

  2. Only equipment listed on an Evaluated Products List (EPL) issued by the National Security Agency (NSA) may be utilized to destroy classified information using any method covered by an EPL. However, equipment approved for use prior to January 1, 2011, and not found on an EPL, may be utilized for the destruction of classified information until December 31, 2016.

    Note:

    Equipment approved for use prior to January 1, 2011, and not found on an EPL, may be utilized for the destruction of classified information until December 31, 2016.

  3. GSA-approved field safes and special purpose one and two drawer light-weight security containers which are intended primarily for storage of classified information in situations where normal storage of classified information is not feasible. If used in normal storage situations, these security containers will be securely fastened to a structure to render them non-portable and keep them under constant surveillance to prevent their theft.

10.9.1.9  (08-14-2012)
Storing Classified Information

  1. Classified information will be stored only under conditions designed to deter and detect unauthorized access to the information. Storage at overseas locations will be at U.S. Government-controlled facilities unless otherwise stipulated in treaties or international agreements.

10.9.1.9.1  (08-14-2012)
Storing Top Secret Information

  1. Top Secret information will be stored in a GSA-approved security container or a vault built to Federal Standard (FED STD) 832, with one of the following supplemental controls:

    • Secret-level cleared personnel will inspect the security container once every two hours;

    • An Intrusion Detection System (IDS) with the personnel responding to the alarm arriving within 15 minutes of the alarm annunciation;

    • Security-in-depth when the GSA-approved security container is equipped with a lock meeting Federal Specification FF-L-2740;

    • For an open storage area (secure room) covered by security-in-depth, an IDS with the personnel responding to the alarm arriving within 15 minutes of the alarm annunciation;

    • For an open storage area (secure room) not covered by security-in-depth, personnel responding to the alarm will arrive within five minutes of the alarm annunciation.

  2. All Intrusion Detection Equipment (IDE) must be in accordance with standards approved by the National Archives' ISOO. Government and proprietary installed, maintained, or furnished systems are subject to approval only by the agency head.

10.9.1.9.2  (08-14-2012)
Storing Secret Information

  1. Secret information will be stored by one of the following methods:

    1. In the same manner prescribed for Top Secret information;

    2. In a GSA-approved security container or a vault built to Federal Standard 832 without supplemental controls;

    3. Security-in-depth when a non-GSA approved container or open storage (secure room) area is used.

    Note:

    Until October 1, 2012, Secret information can also be stored in a non-GSA-approved container having a built-in combination lock or in a non-GSA-approved container secured with a rigid metal lock-bar and a padlock approved by the agency head.

  2. When a non-GSA approved container or an open storage area (secure room) is used, one of the following supplemental controls is required:

    • Secret-level cleared personnel will inspect the non-GSA-approved container or open storage area once every four hours;

    • An IDS with responders arriving within 30 minutes of alarm annunciation.

10.9.1.9.3  (08-14-2012)
Storing Confidential Information

  1. Confidential information will be stored in the same manner as prescribed for Top Secret or Secret information except that supplemental controls are not required.

10.9.1.9.4  (08-14-2012)
Dial-Type Locks and Other Changeable Combination Locks

  1. Dial-type lock combinations will be administratively classified at the highest level of classified information that is protected by the lock.

  2. Combinations to dial-type locks will be changed only by persons authorized access to the level of information protected unless other sufficient controls exist to prevent access to the lock or knowledge of the combination. Combinations will be changed under the following conditions:

    1. Whenever such equipment is placed into use;

    2. Whenever a person knowing the combination no longer requires access to it unless other sufficient controls exist to prevent access to the lock; or

    3. Whenever a combination has been subject to possible unauthorized disclosure.

  3. When security equipment is taken out of service, it will be inspected to ensure that no classified information remains and the combination lock should be reset to a standard combination of "50–25–50" for built-in combination locks or "10–20–30" for combination padlocks.

  4. Before an individual may be provided any security equipment combination, the sharing employee must first verify the individual’s security clearance and his/her need-to-know the information stored, or to be stored, within the security equipment. An individual’s security clearance level will be verified through IRS’ personnel security channels.

  5. Combinations to equipment storing classified and other information protected by mechanical and electronic locks must be recorded on the SF 700, Security Container Information. This is to ensure an official record is maintained to facilitate access to such equipment, prevent possible lockouts, and diminish the need to drill into (and effect costly repair) the lock/equipment when the combination is unknown, forgotten, and/or otherwise unavailable.

10.9.1.9.5  (08-14-2012)
Key Operated Locks

  1. When special circumstances exist, the IRS Commissioner may approve the use of key operated locks for the storage of Secret and Confidential information. Whenever such locks are used, administrative procedures for the control and accounting of keys and locks will be included in implementing regulations required under Section 5.4(d)(2) of EO 13526.

  2. The keys for the locks will be protected at the level of the classified information being protected.

10.9.1.10  (08-14-2012)
Information Controls

  1. There must be a system of control measures which assure that access to classified information is provided to authorized persons. The control measures will:

    1. Be appropriate to the environment in which the access occurs and the nature and volume of the information; and

    2. Include technical, physical, and personnel control measures.

  2. Disposition of classified information will be required when technical, physical and personnel control measures are insufficient to deter and detect access by unauthorized persons.

  3. Administrative control measures may include records of internal distribution, access, generation, inventory, and reproduction.

  4. Combinations to locks used to secure vaults, open storage areas, and security containers that are approved for the safeguarding of classified information will be protected in the same manner as the highest level of classified information that the vault, open storage area, or security container is used to protect.

  5. Computer and information system passwords will be protected in the same manner as the highest level of classified information that the computer or system is certified and accredited to process.

    Note:

    Passwords will be changed on a frequency determined to be sufficient to meet the level of risk assessed by the agency.

  6. Reproduction of classified information will be held to the minimum consistent with operational requirements. The following additional control measures will be taken:

    1. Reproduction will be accomplished by authorized persons knowledgeable of the procedures for classified reproduction;

    2. Unless restricted by the originating agency, Top Secret, Secret, and Confidential information may be reproduced to the extent required by operational needs, or to facilitate review for declassification;

    3. Copies of classified information will be subject to the same controls as the original information; and

    4. The use of technology that prevents, discourages, or detects the unauthorized reproduction of classified information is encouraged.

10.9.1.11  (08-14-2012)
Packaging of Classified Information

  1. The physical security requirements for properly handling and safeguarding classified information focus on packaging, reproduction and transmitting classified information in the course of official U.S. Government business.

  2. All classified information packaging will be of sufficient strength and durability to:

    1. Provide security protection while in transit;

    2. Prevent items from being damaged;

    3. Preclude inadvertent access to the contents;

    4. Detect possible tampering, sealed with tamper-resistant filament tape; and

    5. Ensure delivery in a timely manner.

  3. Hard-copy (paper) classified documents that are hand-carried outside of a government facility will have the proper cover sheet affixed and be enclosed in opaque inner and outer protective envelopes/covers that will provide reasonable evidence of tampering and which conceal the contents.

    1. The innermost envelope/cover will be sealed and clearly marked with the highest level of classified information being carried (including any appropriate warning caveats or restriction notices) and the names and addresses of the sender and recipient.

    2. The outermost envelope/cover will identify the names and addresses of the sender and recipient; however, there will be no indication that the contents are classified. A locked briefcase, attaché, or portfolio (or security locking bag) may serve as the outer envelope/cover in the same manner used for material sent via diplomatic pouch.

  4. If the material is too large for envelopes or similar wrappings, the material will be enclosed in two sealed opaque boxes. Specialized shipping containers, including closed cargo transporters or diplomatic pouch, may also be considered the outermost protective cover.

  5. Classified information delivered in diplomatic or other type pouches by other Federal agencies and receipted to the IRS and delivered to the intended recipient (leaving a single layer of protection) will not be considered a security violation for purposes of proper packaging/safeguarding.

  6. Packaging requirements for safeguarding classified information during transit will not eliminate the need for screening mail or packages to detect or deflect possible hazardous agents being introduced into IRS controlled space or facilities.

    Note:

    Employees or contractors who screen incoming mail and packages will have at least a Secret-level security clearance.

10.9.1.12  (08-14-2012)
Reproduction Controls for Classified Information

  1. Use of technologies to prevent, discourage, or detect unauthorized reproduction (including specialized paper, copy numbering, and distribution restrictions, as might be warranted for particular classified information) are encouraged.

  2. Reproduction controls will ensure classified information is protected in its entirety during the copying process. Such reproduction will only be made by cleared government employees and contractor personnel who are fully knowledgeable of classified handling procedures.

  3. Only copiers specifically approved for classified reproduction may be used for such reproduction, and only under the following procedures:

    1. Do not leave a copier machine or facility without ensuring the originals are retrieved along with all reproductions – even damaged or flawed copies.

    2. Destroy unusable copies by burning, mulching, or shredding. No record is required.

    3. Only use burn-bags to dispose of Secret and Confidential information.

  4. Copying sensitive compartmented information (SCI), special access program (SAP) information, and special access required (SAR) information outside of Special Security Officer (SSO) channels is not authorized.

  5. Copy machines approved for classified reproduction will be labeled as such. One or more of the following such labels will be affixed to copier equipment and indicating any restrictive caveats that might be applicable. At a minimum use Standard Form Labels:

    1. 706 (Orange for Top Secret);

    2. 707 (Red for Secret); and

    3. 708 ( Blue for Confidential).

  6. Additional "original" copies may be made on printers connected to the Treasury Secure Data Network (TSDN), restricted to only the Secret and Confidential levels. The following types of copy machines may not be used for classified information:

    1. Networked copying machines on any unclassified local area network.

    2. Copiers equipped with remotely accessible memory, diagnostic, or maintenance capability.

10.9.1.13  (08-14-2012)
Transmission of Classified Information within the U.S. Government

  1. Classified information will be transmitted and received in an authorized manner which:

    1. Ensures that evidence of tampering can be detected;

    2. Ensures that inadvertent access can be precluded; and

    3. That provides a method which assures timely delivery to the intended recipient.

  2. Individuals who transmit classified information are responsible for ensuring that intended recipients are authorized persons with the capability to store classified information.

    Note:

    The use of street-side collection boxes is strictly prohibited for classified materials.

10.9.1.13.1  (08-14-2012)
Transmission of Top Secret Information

  1. Transmission of Top Secret information outside of an IRS facility will only be accomplished by:

    1. Person-to-person contact by specifically cleared employees;

    2. State Department diplomatic pouch;

    3. The Defense Courier Service (DCS) or an authorized government agency courier service;

    4. A designated courier or escort with Top Secret clearance; or

    5. Electronic means over approved secure communications systems.

  2. Under no circumstances will Top Secret information be sent via the U.S. Postal Service or any other commercial messenger service.

  3. The DCS is intended as a means to securely transport Top Secret information, but SCI may be included if going to the same destination. The DCS "will not" be used when only Secret or Confidential information needs to be transmitted.

    Note:

    Transmission of SCI material within the U.S. Government outside of the IRS will be accomplished via authorized courier service in a point-to-point manner.

10.9.1.13.2  (08-14-2012)
Transmission of Secret Information

  1. Secret information "will not" be sent via certified mail.

  2. The procedures for transmitting Secret information depend on where it was originated and its destination.

  3. Transmittal of Secret information will be accomplished within and between the fifty States, District of Columbia, and the Commonwealth of Puerto Rico by any of the following methods:

    1. One of the means authorized for Top Secret information (subject to the above DCS restriction);

    2. The U.S. Postal Service (USPS) Express Mail or USPS Registered Mail - but the waiver of signature and indemnity block (item 11-B) on the label must not be used;

    3. Cleared commercial carriers or cleared messenger services; or

    4. Protective services provided by U.S. air or surface commercial carriers.

  4. Overnight delivery servicing carriers will be U.S.-owned/operated and will provide automated, in-transit tracking of the classified information and ensure package integrity during transit.

    1. Service providers will cooperate with U.S. Government inquiries in the event of a loss, theft, or possible compromise of classified information.

    2. The sender is responsible for ensuring an authorized person is available to receive the delivery and verification of the correct mailing address.

    3. The package may be addressed to the recipient by name.

    4. The release signature block on the receipt label will not be executed under any circumstances.

    5. Neither external (street-side) collection boxes nor internal or unmanned collection boxes may be used to drop off classified information for later pick-up.

    6. Transfer of custody to a representative of the GSA-contract carrier for overnight delivery must always be done person-to-person.

    Note:

    Classified Communications Security Information, North Atlantic Treaty Organization (NATO), and foreign government information will not be transmitted in this manner.

10.9.1.13.3  (08-14-2012)
Transmission of Confidential Information

  1. Transmission of Confidential information will be by any of the methods established for Secret information.

10.9.1.14  (08-14-2012)
Transmission of Classified Information to Foreign Governments

  1. Transmission of U.S. classified information to foreign governments will take place between designated government representatives using government-to-government transmission methods or through channels agreed to by the national security authorities of the two governments.

  2. When classified information is transferred to a foreign government or its representative a signed receipt is required; oral discussions of classified information do not require receipt acknowledgment. Coordination with the Special Security Office, Office of the Assistant Secretary for Intelligence and Analysis is required.

10.9.1.15  (08-14-2012)
Receipt for Classified Information

  1. Treasury Department Form (TD F) 15-05.8, Receipt for Classified Information, will be used to receive and account for classified information.

  2. Receipts for classified information must be used for all Top Secret information but are optional for Secret and Confidential information.

  3. The TD F 15-05.8 will identify both addressee and sender, and describe the document without otherwise revealing any classified information.

    1. The recipient (or other cleared support staff) will promptly sign and return the receipt to the sender.

    2. The sender will maintain a record of outstanding receipts for use in subsequent tracer actions if the receipt is not returned within the reasonable time-frame of 30 calendar days.

    3. Completed receipts will be maintained for a 3-year period after which they may be destroyed. No record of the actual destruction of the receipt is required.

  4. Responsible agency office heads will determine the administrative procedures required to sufficiently handle the volume of classified information within their organization in conjunction with assistance from agency security and records management officials.

  5. Several items may be transmitted to the same addressee with one receipt form. The inclusion of classified information on the form will be avoided. For example, if a subject title is classified, an abbreviated short form or title will be used, as in the first letter of each word in the subject line.

    Note:

    TD F 15-05.8, Receipt for Classified Information, can be found at: http://intranet.treas.gov/security/forms/

10.9.1.16  (08-14-2012)
Couriers for Classified Information

  1. IRS couriers and other authorized persons with a frequent and recurring need to hand-carry classified information will provide constant and continuous protection while the material is in their custody.

  2. Only direct, point-to-point deliveries are authorized.

  3. Persons designated to be couriers will also carry on their person a Treasury courier card issued by IRS security officials to verify their courier status.

  4. Designations of couriers and the required training explaining their responsibilities as a courier will be formally documented. See TD P 15-71, Department of the Treasury Security Manual, Chapter V, Section 6.

10.9.1.17  (08-14-2012)
Destruction of Classified Information

  1. Classified information approved for destruction will be completely destroyed to obstruct retrieval and to prevent recognition and reconstruction. Approved destruction methods vary depending on the type of media used, e.g., for paper documents, burning, cross-cut shredding, wet-pulping, and pulverizing. For other classified media examples include: melting, degaussing, and chemical decomposition.

  2. The destruction methods (and options) may be limited within a particular state, county, or municipal area. The type of destruction selected will be appropriate to the local jurisdiction or area and might restrict the actual method that may be used.

10.9.1.17.1  (08-14-2012)
Destruction Process

  1. Destruction of Top Secret Information. Top Secret information will be destroyed in the presence of two cleared individuals; one person performs the actual destruction and the other person serves as a witness. Both individuals will sign Treasury Department Form (TD F) 15-05.5, Classified Document Certificate of Destruction. The completed TD F 15-05.5 will be maintained on file for a three-year period after which it may be destroyed. No record of the destruction of the certificate is required.

  2. Destruction of Secret or Confidential Information. Secret or Confidential information does not require a destruction certificate. Non-record classified information such as extra copies and duplicates, including hand-written notes, preliminary drafts, and other material of similar temporary nature, will also be destroyed by burning, mulching or shredding as soon as its utility is expended. No records of such destruction are required.

  3. Destruction of Sensitive Information. Sensitive information will be destroyed in the same manner as Secret and Confidential.

10.9.1.17.2  (08-14-2012)
Approved Destruction Equipment

  1. Approved types of equipment for destroying hard-copy (paper) classified information and classified information on electronic/magnetic media include cross-cut shredders, burn-bags for temporary storage, and high-security disintegrators and degaussers.

  2. Cross-Cut Shredders. Destruction of classified paper media will be performed using one of the high-security cross-cut shredders listed on the National Security Agency (NSA), Central Security Service (CSS) evaluated products list at http://www.nsa.gov/ia/guidance/media_destruction_guidance/index.shtml.

    1. Users of cross-cut shredders should dispose of the residue in several waste baskets, bins, or receptacles. The shredded paper should be distributed as such because the shredding process itself is not the final disposition.

    2. The shredded paper is still disposed of in some manner depending upon the location and the mode of waste removal that is used in each facility.

    Note:

    The inclusion of a product on the NSA, CSS evaluated products list is not an endorsement by NSA, Treasury, or the U.S. Government. End users should contact the shredder manufacturers and distributors for help in selecting the equipment best suited to their individual requirements and to accommodate the anticipated volume of classified paper media to be destroyed.

  3. Burn-bags for Temporary Storage. Secret and Confidential information to be destroyed may be torn and placed in sealed opaque containers commonly designed as "burn-bags." Burn-bags appear with the words "burn" or "classified waste," or feature multiple alternating groupings of red and white diagonal stripes.

    1. Burn-bags awaiting destruction must be protected while in the end-users custody. The protection includes the user having a direct “line of sight” or “field of control” over the bags, depending on the office configuration. Burn-bags will only be collected and contents destroyed by cleared contractor personnel or facilities maintenance personnel, and/or persons authorized by Treasury/IRS security officials.

    2. When not in active use, burn-bags containing classified waste will be protected commensurate with the level of classified contents and be secured at the close of business in a GSA-approved security container.

    3. Burn-bags containing classified information may also be stored within a Sensitive Compartmented Information Facility (SCIF) or security-approved open storage area pending collection by authorized personnel. Burn-bags containing classified information that are located outside a SCIF or open-storage area must not be left unattended at any time.

    Note:

    Use of burn-bags to store Top Secret information, pending final destruction at a later date, "is not " authorized.

  4. High-Security Disintegrators and Degaussers. NSA produces a list of high-security disintegrators for disposing of paper/plastic/punched-tape material at http://www.nsa.gov/ia/_files/government/MDG/EPL-Degausser25February2010.pdf. NSA also produces a list of degaussers for disposing of magnetic media. Specifications concerning appropriate equipment and standards for destruction of other storage media may be obtained from GSA.

  5. Electronic Media and Equipment. Technical guidance on destruction (methods, equipment, and standards for disposing) of classified electronic media and processing equipment components may be obtained through Treasury’s Office of Security Programs (OSP). Specifications concerning appropriate equipment and standards for destruction of other storage media may be obtained from GSA.

10.9.1.18  (08-14-2012)
Processing Classified Information

  1. Classified information may only be processed on approved computers/equipment, i.e., the Treasury Secure Data Network (TSDN) for Secret and Confidential information (as well as particularly sensitive information) or the Treasury Foreign Intelligence Network (TFIN) for Top Secret and Sensitive Compartmented Information.

  2. Information systems approved for classified processing will not be connected to any system not approved for classified operation. Systems approved for classified processing will not share peripherals with unclassified processing equipment except through National Security Agency (NSA) -approved switching devices. Approval for the use of switching devices will be included in the security authorization documentation.

  3. Refer to TD P 85-01, Department of Treasury Information Technology Security Program, Volume II and TD 15-03 and/or contact the Treasury DO, Office of the Chief Information Officer (OCIO) for information on uniform procedures to ensure automated information systems, including networks and telecommunications systems that:

    1. Collect, create, communicate, compute, disseminate, process, or store classified information,

    2. Prevent unauthorized access, ensure information integrity, and

    3. To the maximum extent practicable, use common information technology standards, protocols, and interfaces that maximize the availability of, and access to, the formats to maximize the accessibility of information to persons who meet the standards set by EO 13526 for access to classified information.

10.9.1.19  (08-14-2012)
End of Day Security Checks

  1. End-of-day security checks will be conducted in areas that handle, process, or store classified information. The SF 701, Activity Security Checklist, will be used to document the end-of-day check. The SF 701 is a systematic means to thoroughly inspect a particular office or secure work area and to allow for agency employee accountability if any irregularities are discovered.

  2. The SF 701 includes space to indicate whether the following activities have been completed:

    1. Security containers have been locked or checked by authorized persons.

    2. Desks, wastebaskets, and other surfaces and receptacles are free of classified information.

    3. Windows/doors have been locked.

    4. Electronic media (such as disks, tapes, removable hard drives, etc.) for processing classified information have been properly stored.

    5. Security alarms and protective equipment are activated.

  3. The IRS may include additional information on the SF 701 to suit any unique circumstances.

  4. Each security-approved “Open Storage” area safeguarding classified information and Sensitive Compartmented Information Facility (SCIF) will use the SF 701 unless the area or facility is in continuous operation (24 hours a day, seven days a week).

  5. When securing or checking a security container, rotate the dial of combination locks at least four complete turns in the same direction, and check each drawer. This prevents the possibility of someone being able to open the lock by merely turning the dial back to its opening position.

10.9.1.20  (08-14-2012)
Security Infractions and Violations of Classified Information

  1. Each employee (or contractor) authorized access to classified information is individually responsible for protecting classified information. The obligation comes along with each person possessing a security clearance. This includes safeguarding classified information in any form, e.g., hard copy paper documents, electronically formatted material, originals, copies, facsimile versions, and any classified information provided orally or in audio or visual formats like slides, graphs, charts, tables, microfilm/fiche, etc.

10.9.1.20.1  (08-14-2012)
Security Infractions

  1. Security infractions are incidents involving a deviation from governing security regulations that does not result in an unauthorized disclosure, loss or compromise of classified information but which increases the probability of an actual security violation.

  2. Examples of security infractions might include but are not necessarily limited to:

    1. The non-use of security forms for safeguarding/accounting for classified information - such as document cover sheets, records of safe combinations, security container forms, OPEN/CLOSED signs, or

    2. Not checking classified work areas before close of business and/or improperly assuming someone else will protect classified information.

10.9.1.20.2  (08-14-2012)
Security Violations

  1. Security violations are any knowing, willful, or negligent action:

    1. That could reasonably be expected to result in an unauthorized disclosure of classified information;

    2. To classify or continue the classification of information contrary to the requirements of EO 13526, or its implementing directives;

    3. To create or continue a special access program contrary to the requirements of EO 13526.

  2. Repeated abuse of the classification process, either by unnecessary or over-classification, or repeated failure, neglect or disregard of established requirements for safeguarding classified information will be grounds for appropriate adverse or disciplinary action.

  3. Examples of security violations include, but are not necessarily limited to, the following actions involving classified information:

    1. Improper: transmission (mailing, hand-carrying, emailing); storage; packaging; reproduction; processing on non-approved IT systems/equipment; marking; and destruction.

    2. Failure to: secure classified documents; apply all required markings on classified documents; lock security container/bar-lock cabinet or equipment; protect burn bags containing classified waste prior to destruction; safeguard classified communications security (COMSEC) information; verify security clearance of recipients prior to sharing classified information; verify need-to-know and/or need-for access to classified information; and report the loss or possible compromise of classified information.

  4. Any person who knows or suspects a security violation (e.g., classified information has been or may have been lost, possibly compromised or disclosed to an unauthorized person) has occurred will:

    1. Where applicable, take custody of the information and safeguard it in an appropriate manner;

    2. Immediately report the incident and circumstances to his/her manager and the designated security official(s) (e.g. classified document custodian (CDC), Information Security Manager, Physical Security, senior agency official (SAO), or TIGTA);

    3. The CDC will conduct an inquiry of the incident.

    4. The IRS SAO or designate is responsible for notifying the Treasury Director, Office of Security Programs (OSP) of any alleged security violation, in writing (including via email), within 24 hours of initial discovery.

  5. The TD F 15-05.6, Record of Security Violation will be used to initially report a possible security violation. Space is provided for the responsible individual to make a statement as to his or her knowledge of what happened. This is followed by the supervisor’s statement with respect to subsequent action. The TD F 15-05.6 becomes a matter of record in those instances where security officials determine the violation to be valid.

    Note:

    A copy of TD F 15-05.6, Record of Security Violation can be found at: http://intranet.treas.gov/security/forms/

10.9.1.21  (08-14-2012)
Classified Document Cover Sheets

  1. Standard Forms 703, 704, and 705 are used to alert personnel that a document, file, or folder to which it is affixed, respectively contains Top Secret, Secret, or Confidential classified information and must be protected. Classified document cover sheets perform the following functions:

    1. Alert users that particular information is classified;

    2. Shield classified documents while being used; and

    3. Provide protection from unauthorized scrutiny.

  2. Classified document cover sheets are color-coded:

    1. Orange for Top Secret information (SF 703),

    2. Red for Secret information (SF 704), and

    3. Blue for Confidential information (SF 705).

  3. Classified document cover sheets will be placed on all classified documents or classified folders when withdrawn from secure storage for internal and external transmission and handling/processing.

  4. Individuals preparing, processing, packaging or hand-carrying classified documents are responsible for affixing the appropriate document cover sheet. If classified information is delivered or received without the required cover sheet, the recipient is responsible for attaching the proper classified document cover sheet.

    1. Cover sheets should be removed before classified information is securely filed to conserve filing space.

    2. Cover sheets should be removed from classified information and recycled prior to destruction of the classified information.

    3. Cover sheets are meant to be continually recycled until worn out.

    4. To protect the integrity of the color-coding process, cover sheets will not be photocopied in black/white and put into use.

    5. To accommodate emergency use, cover sheets may be reproduced on a color copier.

  5. There are also sensitive compartmented information (SCI), special access program (SAP), and special access required (SAR) cover sheets for use in protecting such information. These cover sheets are only available through the SSO in Treasury's OIA. Copying SCI, SAP, and SAR information cover sheets outside SSO channels is not authorized.

10.9.1.22  (08-14-2012)
Labels on Classified Equipment and Media

  1. Standard Forms 706, 707, and 708 are labels used to identify equipment approved for processing classified information at the Top Secret, Secret, or Confidential level, respectively, e.g., copiers approved for classified reproduction, and to identify electronic/magnetic media, e.g., disks/diskettes, removable hard drives, copier hard drives, or similar media containing classified information.

  2. Labels for classified information in the SF 700 series are color-coded in the same manner as classified document cover sheets.

    1. Orange for Top Secret (SF 706); Red for Secret (SF 707); Blue for Confidential (SF 708); Purple for "classified but level determination pending" (SF 709);

    2. Green for "unclassified" (SF 710). In locations where only unclassified information is processed or stored, the use of the green “unclassified” label (SF 710) is optional. However, in environments in which classified and unclassified information is processed or stored, the “unclassified” label must be used to positively identify removable IT media authorized for unclassified use only;

    3. White"data descriptor" label (SF 711)

  3. Classified Equipment. Labels will be conspicuously placed on classified equipment in a manner that will not interfere with its operation.

    1. Once applied, the label will not be removed.

    2. A label to identify a higher classification level may be applied on top of a lower classification level in the event the classification content changes, e.g., from Confidential to Secret.

    3. A lower classification label will never be applied to equipment already containing a higher level of classified information.

  4. Classified Electronic/Magnetic Media. Employees working with or processing classified information are responsible for properly labeling and controlling electronic/magnetic storage media in their custody.

    Note:

    Failure to apply the appropriate security classification label is not a security violation, but it is a security infraction. If the failure results in improper storage, loss, unauthorized access, or compromise of classified information, however, it would be a violation of established security safeguards.

  5. Removable Electronic/Magnetic Media. All removable electronic and magnetic media used to process classified information will be physically labeled with the highest level of classified information contained therein.

    1. The same labeling requirements for classified documents (e.g. classified document cover sheets) apply to removable electronic/magnetic media.

    2. Removable media will be physically detached from the processing equipment at the close of business each workday and secured in an appropriate, locked, GSA-approved security container.

    3. Removable media will be safeguarded at all times when not otherwise in use and under the constant supervision of a properly cleared IRS employee.

  6. An exception to the requirement to physically remove and store such electronic/magnetic items is authorized when the equipment and processing occurs in either of the following areas:

    1. An approved SCIF

    2. A work/storage area that has been specifically approved by the cognizant IRS security official for open-storage of classified information and the area is equipped with minimum security safeguards prescribed for classified information by TD P 15-71, Department of the Treasury Security Manual.

    3. Such storage will take into consideration the level of protection required, the nature of security-in-depth within the IRS facility housing the equipment and removable material, and the use of risk-management principles to provide secure, adequate, and cost-effective storage.

Exhibit 10.9.1-1 
Classified Document Custodian (CDC) Duties and Responsibilities

The Classified Document Custodian (CDC) will:

  1. Serve as the principle advisor to the appointing official and supervisor in matters pertaining to security of classified information;

  2. Ensure that access to classified information is limited to cleared personnel with a need-to-know;

  3. Report loss, compromise, or possible compromise of classified material, per reporting procedure of this handbook, to supervisor and to the SAO;

  4. Conduct self inspections per instructions developed by the SAO.

The CDC will establish administrative procedures for the control of classified information appropriate to their local environment, based on an assessment of the threat, location, and mission of their organization. These procedures will be used to protect classified information from unauthorized disclosure by access control and compliance with the marking, storage, transmission, and destruction requirements of this IRM.

The CDC will develop local operating procedures pertaining to how:

  1. Personnel security clearances and need-to-know will be verified;

  2. Classified information will be protected when removed from secure storage;

  3. Classified information will be carried in and out the Service facility;

  4. End-of-day and after hours security checks will be conducted;

  5. Classified information is accounted for;

  6. Combinations to security containers will be stored;

  7. Classified meetings will be conducted;

  8. Classified information will be transmitted out of the facility;

  9. Classified information will be destroyed;

  10. Classified visits to the facility will be conducted to include procedure for verifying security clearances of visitors;

  11. Classified information will be reproduced;

  12. Classified information will be prepared or processed on automated information systems;

  13. Classified telephone conversations will be protected, i.e., use of Secure Terminal Equipment (STE);

  14. Combinations to security containers, vaults, or open storage areas are changed.

The CDC may serve concurrently as the Top Secret Control Officer (TSCO).

Exhibit 10.9.1-2 
Top Secret Control Officer (TSCO) Responsibilities

Each Top Secret Control Officer (TSCO) or alternate will perform the following:

  1. Initially receive and open all Top Secret information within their organization. This includes Top Secret information delivered to the agency by outside courier and/or brought back to the agency by an employee, except that SCI must be delivered directly to the Office of Intelligence and Analysis. In the former instance, all incoming Top Secret information must be brought to (and logged in by) the TSCO or alternate by the next business day;

  2. Maintain current accountability records of Top Secret information received within their office or IRS and attendant supply of Top Secret document forms;

  3. Ensure Top Secret information is properly stored and that such information under their personal custody is destroyed, when required, under two-person control and documented;

  4. Strictly follow prohibitions against reproduction of Top Secret information;

  5. Conduct an annual physical inventory of Top Secret information within the immediate organization along with the designated alternate TSCO or another Top Secret cleared employee or contractor (if appropriate). The results will be provided in a written report to the SAO. If there are unaccountable documents, the report will include a plan of action with identifiable milestones and dates for resolving whatever circumstances caused material to be lost or missing;

  6. Downgrade, declassify, retire, or destroy Top Secret documents, as appropriate to the markings and/or other caveats on such information;

  7. Affix a TD F 15-05.10, Top Secret Document Record, and Standard Form (SF) 703, Top Secret Document Cover Sheet, to all copies of Top Secret information leaving the immediate office/IRS prior to delivery to other offices for record/response;

  8. Maintain receipts of the transfer and destruction of Top Secret information for a full three years and receive appropriate follow-up reports from subordinate office/IRS TSCOs concerning their disposition of Top Secret documents;

  9. Assign Top Secret document numbers to all incoming and newly created documents in a calendar-year sequence, e.g., TS 11-001 and TS 11-002. "TS" is the abbreviation for "Top Secret" , 11 is the fiscal year when the document is initially recorded, and 001 and 002 are the first and second documents so recorded;

  10. Verify recipients have a Top Secret security clearance, need-to-know, and storage capability before such information is released and/or assigned to appropriate staff for action/response.

Exhibit 10.9.1-3 
Visitor Procedures

For the purposes of this IRM, a visitor is any IRS employee whose security clearance cannot be verified by the Personnel Security office.

The Classified Document Custodian (CDC) and their supervisor are responsible for ensuring that only visitors with an appropriate level of security clearance and need-to-know are granted access to classified information.

The visit request is a procedure designed to ensure that visitors have security clearances and need-to-know.

Visit requests will include the following information:

  1. Name and address of agency sponsoring the visit;

  2. Full name, date and place of birth, social security number, title, position and citizenship of proposed visitor;

  3. Name of person to be visited;

  4. Purpose and justification for visit;

  5. Certification of visitor's personnel security clearance, i.e., Top Secret, Secret, Confidential.

  6. Date or period for visit;

  7. Point of contact at the sponsoring agency to include contact data, i.e., phone number, fax number, and email address.

    Note:

    Visit requests from U.S. contractors must also include the contractor's Commercial and Government Entity (CAGE) code and certification of the level of the Facility Clearance (FCL). FCLs are Top Secret, Secret, or Confidential.

Visit requests are not required for employees of the Executive Branch who are U.S. citizens when:

  1. There is an established working relationship, and

  2. The clearance level and the bounds of need-to-know of the government employee are known.

    Note:

    The holder of the classified information, not the visitor, decides whether or not a visit request is needed.

Visit requests should be submitted in advance of the proposed visit in sufficient time for local processing and to make a determination as to whether or not the visitor will be granted access.

  1. Facsimile and email requests are acceptable.

  2. Time sensitive requests may be accepted by telephone, but must be confirmed promptly by facsimile or email.

Movements of visitors, who will be granted access to classified information, must be controlled to ensure that their access is consistent with the purpose of the visit. If a visitor is escorted, the escort must have a security clearance.

Exhibit 10.9.1-4 
TD F 15-05.8, Receipt for Classified Information

DEPARTMENT OF THE TREASURY
Receipt for Classified Information
(Inclusion of classified information should be avoided)
Prepare in accordance with the Treasury Secretary Security Manual (type or print in ink) Date:
Section A - Address and Sender
TO:


FROM:  
Section B - Document Description (including document details)
Classification
(TS, S, C)
Description - Identify items such as report, letter, or memo. Unclassified subject or short title, copy and number of attachments, etc.




Originating Agency/Dept.
Section C - Acknowledgment of Receipt
Name Signature Date    
Section D - Record of Internal Transmittal
Recipient Name
1.
2.
3.
4.
5.
Recipient Signature Date
Section E - Acknowledgment of Destruction
Destroyed by: Signature Date    
Witnessed by: Witness Signature Date    
TD F 15-05.8 (Revised 07/05). Previous versions usable until depleted Return original copy to sender

Exhibit 10.9.1-5 
TD F 15-05.6, Record of Security Violation

DEPARTMENT OF THE TREASURY
RECORD OF SECURITY VIOLATION
Part 1 (To Be Executed By Reporting Official)
Violation Discovered By: Date: Time: Highest Classification Involved:
Building: Room Number: Office/Division: Phone Number: Station Number:
Subject of Reported Violation
Unsecured Security Container
Classified Document(s) Unsecured
Improper Transmission
Unsecured Barlock Cabinet
Classified In Waste Receptacle
  Classified COMSEC
Unsecured Vault/Secure Room
Classified Burnbag Unsecured
Other (Use Narrative)
Security Container Check Sheet - Standard Form (SF) 702
SF 702 displayed?
All Columns used?
OPEN/CLOSED Sign?
Security Container/Cabinet Number:

Date of last SF 702 entry:
Narrative Description of Violation: (use reverse if necessary)






Name and Title of Reporting Official (type or print) Signature Date
Part 2 (To Be Executed By Individual Responsible For Violation)
Statement of Individual Responsible for Violation: (use reverse side or continuation sheet, if necessary)






Name and Title of Reporting Official (type or print) Signature Date
Part 3 (To Be Executed By Individual's Supervisor)
Estimated time information was without required protection: From: To:
Evaluation of Possibility of compromise: (use reverse side if necessary)

Corrective action to prevent recurrence has been initiated as follows: (use reverse side if necessary)






Name of Supervisor (Type or Print) Signature Date
FOR USE OF SECURITY OFFICE ONLY Valid Violation: Yes No
TD F 15-05.6 (Rev. 06/05). Previous editions obsolete.

Exhibit 10.9.1-6 
Security Violations Inquiry Questions

Identify the information or material involved:

  1. Classification: (Include warning notices and intelligence control markings if any)

  2. Any identification or serial numbers

  3. Date

  4. Originator if known

  5. Original Classification Authority(ies) if known

  6. Derivative Classification Authority

  7. Subject or title

  8. Downgrading and declassification instructions

  9. Number of pages or items of equipment involved

Describe circumstances surrounding the incident: (Provide explanation of contributing factors and names of any persons interviewed).

Identify person(s) responsible: (If any or known).

Identify persons or offices notified, e.g., TIGTA: If TIGTA was notified indicate if they accepted or declined to investigate.

Identify any security weaknesses or vulnerabilities that may have contributed to the incident.

Identify corrective measures take as a result of the incident.

Assess the likelihood of loss or compromise by choosing one of the following statements:

  1. A loss or compromise of classified information did not occur;

  2. A loss or compromise of classified information did not occur; however, a security weakness(es) or vulnerability(ies) was revealed due to the failure of a person(s) to comply with Service procedures;

  3. A loss or compromise of classified information may have occurred, but the probability of compromise is remote and the threat to national security minimal;

  4. A loss or compromise of classified information may have occurred due to significant systemic security weakness(es) or vulnerability(ies); or

  5. A loss or compromise of classified information occurred, and the probability of damage to the national security cannot be discounted without further investigation.

Exhibit 10.9.1-7 
Terms and Definitions

Access. The ability and opportunity to obtain knowledge or possession of classified information.
Agency. Any "Executive agency," as defined in 5 USC 105, and any other entity within the executive branch that comes into the possession of classified information.
Authorized Person. A person who has a favorable determination of eligibility, i.e., security clearance, for access to classified information, has signed an approved nondisclosure agreement, and has a need-to-know for the specific classified information in the performance of official duties.
Automated Information System (AIS). An assembly of computer hardware, software or firmware configured to collect, create, communicate, compute, disseminate, process, store or control data or information.
Automatic Declassification. This term means the declassification of information base solely on
a. The occurrence of a specific date or event as determined by an original classification authority; or
b. The expiration of a maximum time frame for duration of classification established under EO 13256.
Classification. The act or process by which information is determined to be classified information.
Classification Guidance. Any instruction or source that prescribes the classification of specific information.
Classification Guide. A documentary form of classification guidance issued by an original classification authority that identifies the elements of information regarding a specific subject that must be classified and establishes the level and duration of classification for each such element.
Classification Management. Classification management seeks to ensure that official information is classified only when required in the interest of national security and is properly identified and retains the classification assigned only as long as necessary.
Classified National Security Information. Information that has been determined pursuant to EO 13256 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.
Communications Security (COMSEC). Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such communications. COMSEC includes crypto security, transmission security, emission security, and physical security of COMSEC material.
Control. The authority of an agency that originates information, or its successor in function, to regulate access to the information.
Custodian. The individual or IRS entity who has possession of, or is otherwise charged with the responsibility for safeguarding classified information.
Declassification. The authorized change in the status of information from classified information to unclassified information.
Declassification Authority. Officials delegated declassification authority in writing by the Secretary of the Treasury or the Department’s Senior Agency Official (SAO) responsible for Treasury’s information security program.
Declassification Guide. The written instructions issued by a declassification authority that describe the elements of information regarding a specific subject that maybe declassified and the elements that must remain classified.
Derivative Classification. The incorporating, paraphrasing, restating, or generating, in new form, information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source information. Derivative classification includes the classification of information based on classification guidance. The duplication or reproduction of existing classified information is not derivative classification.
Disclosure. The communication or physical transfer of classified information to an unauthorized recipient. Showing or revealing classified information, whether orally, in writing or any other medium, without providing the recipient material for retention.
Downgrading. A determination by a downgrading/declassification authority that information classified and safeguarded at a specified level shall be classified and safeguarded at a lower level.
Industrial Security. That segment of security concerned with protecting classified information released to and in the possession of contractors. This term describes the program under which the U.S. Government engages in a contract (unclassified or classified) that has security policies and responsibilities for safeguarding the information, information systems, assets, or facilities, which are imposed on the contractor, and in which the U.S. Government provides guidance to and conducts oversight of contractor implementation of those policies.
Information Security. The program established by Executive Order for the classification, declassification, downgrading and safeguarding of classified information. This also includes protection of sensitive but unclassified (non-national security) information.
Infraction. A security incident involving a deviation from governing security regulations that does not result in an unauthorized disclosure or compromise of classified information nor otherwise constitutes a security violation.
Mandatory Declassification Review. The review for declassification of classified information in response to a request for declassification that meets the requirements for Executive Order 13256.
National Security. The national defense or foreign relations of the United States and includes, with a Treasury context, U.S. economic vitality, global competitiveness, market sensitivity and tracking terrorist assets/financial crimes.
National Security Clearance. Certification issued by a designated personnel security official or designee that a person may access classified information on a need-to-know basis.
National Security Information (NSI). Any information that has been determined, pursuant to Executive Order 13526, or any predecessor order, to require protection against unauthorized disclosure and this is so designated; also known as “collateral” information.
Need-for-Access. A determination that an employee requires access to a particular level of classified information in order to perform or assist in a lawful and authorized governmental function.
Need-to-know. A determination made by an authorized holder of classified information that a prospective recipient requires access to specific classified information in order to perform or assist in a lawful and authorized governmental function.
Non-Disclosure Agreement (NDA). An officially authorized contract between an individual and the U.S. Government signed by an individual as a condition of access to classified information and specifying the security requirements for the access and details the penalties for noncompliance.
Non-Sensitive Position. A position that does not require access to classified information and that has low risk to the national security and public trust.
Open Storage. The storage of classified information on shelves or in locked or unlocked non-approved containers when authorized personnel do not occupy the facility. In all instances, “Open Storage” must be specifically approved by Treasury or bureau headquarters security officials to store classified information and is limited to the Secret level.
Original Classification. The initial determination information requires, in the interest of the national security, protection against unauthorized disclosure.
Original Classification Authority (OCA). An individual authorized in writing, either by the President, or by agency heads or other officials designated by the President, to classify information in the first instance. Within Treasury, OCAs are designated by the Secretary (at the Top Secret, Secret, or Confidential levels) or by the Department’s Senior Agency Official (at the Secret or Confidential levels).
Paragraph or Portion Markings. Required markings on classified documents to indicate the specific level of classification applicable to each paragraph or portion of a document shown in parenthetical form as follows: (TS) for TOP SECRET, (S) for SECRET, (C) for CONFIDENTIAL and (U) for UNCLASSIFIED.
Personnel Security. The segment of security that concerns the trustworthiness and integrity of Federal employees and others associated with the U.S. Government. It is also the process in the U.S. government for complying with national security interest requirements under EO 10450 or with other similar authority.
Physical Security. The segment of security concerning protective requirements and means for safeguarding Treasury personnel, property, facilities and information.
Safe. A GSA-approved security container equipped with a built-in (mounted), dial-type, changeable combination lock, specifically designed for the classified information. A safe may also be used for protecting money and other highly negotiable materials or assets.
Safeguarding or Safeguards. Physical, procedural or electronic measures and controls prescribed to ensure classified and controlled unclassified information is not accessed inadvertently or improperly.
SECRET. The classification level applied only to information the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.
Secure Room. A room that offers the same or greater protection than a GSA-approved security container authorized for the storage of classified material, through the use of a combination of guards, detectors/alarms, and/or locking devices.
Secure Telephone Equipment (STE). The U.S. Government's current (as of 2008), encrypted telephone communications system for wired or "landline" communications.
Security Classification Guide (SCG). A documentary form of guidance, issued by an original classification authority, providing the user with instructions on what types of information may be classified and the level/duration thereof.
Security Clearance. An administrative authorization for access to national security information, up to a stated classification level (Top Secret, Secret, or Confidential) and also referred to as a “clearance”.
Security Countermeasures. Actions, devices, procedures, and/or techniques to reduce security risks.
Security Incident. An act that constitutes a threat to a security program or is a deviation from existing governing security regulations. Security incidents may be portrayed as security infractions or security violations.
Security-In-Depth. A determination by the agency head (or designee) that a facility’s security program consists of layered and complementary security controls sufficient to deter and detect unauthorized entry and movement within the facility. Examples include, but are not limited to, use of perimeter fences, employee and visitor access controls, use of an intrusion detection system, random guard patrols throughout the facility during non-working hours, closed circuit video monitoring or other safeguards that mitigate the vulnerability of open storage areas without alarms and security storage cabinets during non-working hours.
Security Infraction. Any knowing, willful, or negligent action contrary to the requirements of EO 13526 or its implementing directives that does not constitute a security “violation”.
Security Violation. Any knowing, willful, or negligent action 1) that could reasonably be expected to result in an unauthorized disclosure of classified information; 2) to classify or continue the classification of information contrary to the requirements of EO 13526 or its implementing directives; or 3) to create or continue a special access program contrary to this EO.
Senior Agency Official (SAO). The official designated by the agency head under EO 13526 to direct and administer the agency's security program, under which information is classified, safeguarded/handled, and declassified.
Sensitive But Unclassified Information (SBU). Unclassified information Treasury, bureaus, or another authority has determined to require protection from unauthorized or unwarranted public disclosure.
Sensitive Compartmented Information (SCI). Classified information concerning or derived from intelligence sources, methods, or analytical processes that is required to be handled exclusively within formal access control systems established by the Director of Central Intelligence and requiring limited access and control on its dissemination; also known as “codeword” information.
Sensitive Compartmented Information Facility (SCIF). An accredited area, room, group or rooms, buildings, or installation certified and accredited as meeting Director of National Intelligence security standards for the processing, storage and/or discussion of SCI.
Sensitive Position. Any position within Treasury, the occupant of which could bring about, by virtue of the nature of the position and access to classified information, a materially adverse effect on the national security, the mission of the Department, or the “efficiency of the service”. All sensitive positions are designated as either special sensitive, critical-sensitive, or non-critical sensitive.
Source document. An existing document that contains classified information that is incorporated, paraphrased, restated, or generated in new form into a new document.
Systematic Declassification Review. The review for declassification of classified information contained in records that have been determined by the Archivist of the United States to have permanent historical value in accordance with 44 U.S.C. 2107.
Threat. The intention and capability of an adversary to undertake actions that would be detrimental to the interests of the United States.
TOP SECRET. The designation applied to classified information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security.
Transmission. Any movement of classified information from one place to another.
Unauthorized access. When an unauthorized person or persons have access to classified information due to insufficient safeguards to prevent them from gaining knowledge or possession of the information. This also includes failure to follow prescribed procedures to prevent such person(s) for gaining access to classified information.
Unauthorized disclosure. A communication or physical transfer of classified information to an unauthorized recipient.
Vault. An area approved by the agency head (or designee) which is designed and constructed of masonry units or steel lined construction to provide protection against forced entry and equipped with a GSA-approved vault door and lock.

Exhibit 10.9.1-8 
Abbreviations

CDC – Classified Document Custodian
CDN – Consolidated Data Network
CFR – Code of Federal Regulations
COMSEC – Communications Security
EO – Executive Order
ISOO – Information Security Oversight Office, National Archives and Records Administration
NDA – Non-Disclosure Agreement
NSI – National Security Information
OSP – Office of Security Programs
SAO – Senior Agency Official
SCI – Sensitive Compartmented Information
SCIF – Sensitive Compartmented Information Facility
SCG- Security Classification Guide
SPC – Security Point-of-Contact
SSO – Special Security Officer
STE – Secure Telephone Equipment
STU III – Secure Telephone Unit
TCS – Treasury Communications System
TD – Treasury Directive
TD F – Treasury Department Form
TD P – Treasury Directive Publication
TO – Treasury Order
TSCO – Top Secret Control Officer
TSDN – Treasury Secure Data Network

More Internal Revenue Manual