This revision addresses policy updates to implement changes that will allow the IRS to provide clarity regarding required safeguards for NSI and appropriately handle NSI from its inception to destruction.

Treasury Department Publication (TD P) 15-71, Department of the Treasury Security Manual, dated June 17, 2011.

Treasury Order (TO) 105-19, Delegation of Original Classification Authority; Requirements for Downgrading and Declassification, dated June 17, 2011.

Department of Treasury Security Classification Guide dated March 2, 2012.

Information Security Oversight Office (ISOO) Directive No. 1, 32 Code of Federal Regulations (CFR) Parts 2001 and 2003, Classified National Security Information (implementing Executive Order 13526), dated June 22, 2010.

ISOO, Marking Classified National Security Information, Rev. 4, dated January 2018.

Executive Order (EO) 13526, Classified National Security Information, dated December 29, 2009.

EO 12968, Access to Classified Information, dated August 2, 1995.

EO 12829, National Industrial Security Program, dated January 8, 1993.

DoD 5220-22M, National Industrial Security Program Operating Manual, Change 2, dated May 18, 2016.

IRM 10.23.1, National Security Positions and Access to Classified Information.

IRM 10.23.3, Personnel Security/Suitability Program for Employment and Personnel Security Operations.

Treasury Directive Publication 85-01, Volume 1, Unclassified (Non-National Security) Systems.

Treasury Directive Publication 85-01, Volume II Classified (National Security) Systems.

The IRS Commissioner, as the IRS head, responsibilities include:

The Chief, FMSS serves as the SAO for the IRS NSI and Industrial Security Programs. The Deputy Chief, FMSS serves as Acting SAO when the Chief, FMSS is unavailable. SAO responsibilities include:

The Associate Director (AD), FMSS Security administers the IRS NSI and Industrial Security Programs for the SAO. AD responsibilities include:

The senior management/executive responsible for an office or a business, functional or operating unit is accountable for the effective management of NSI within their organization. Senior management/executive is responsible for:

The senior leadership in an office or a business, functional, or operating unit is responsible for the effective management of NSI within their organization. Senior leadership is responsible for:

NSI PM is responsible for:

Authorized holder of NSI are responsible for:

Program Reports: The NSI program will be assessed at a periodicity set by AD, Security via the NSI PM. The designated CDC in local field offices where NSI is held will be responsible for conducting the self-assessment. CDCs will be given at least 60 calendar days to complete both the self-assessment and report. Once the self-assessment has been conducted, the CDC will provide the results back to the NSI PM prior to the end of the assessment period. Reports will be consolidated by the NSI PM in order to report on and manage the operational ability of the NSI program in concert with FMSS management. Annual reporting via OSP to ISOO will occur by the end of fiscal year.

Program Effectiveness: The NSI program’s operational ability will be gauged by self-assessments to ensure compliance with national, Treasury, and IRS level policies.

Access - The ability and opportunity to obtain knowledge or possession of NSI.

Agency - Any "Executive Agency," as defined in 5 United States Code (USC) 105, and any other entity within the executive branch that comes into the possession of NSI.

Authorized Person(s/nel) - A person who has a favorable determination of eligibility (e.g., security clearance) for access to NSI, signed an approved nondisclosure agreement, and has a need-to-know the NSI in the performance of official duties. Authorized Personnel also fulfill the requirement to take the annual NSI Refresher Training.

Automated Information System (AIS) - An assembly of computer hardware, software, or firmware configured to collect, create, communicate, compute, disseminate, process, store, or control data or information.

Automatic Declassification - The declassification of information based solely on the occurrence of a specific date or event as determined by an Original Classification Authority (OCA) or the expiration of a maximum timeframe for the duration of classification established under EO 13526.

Classification - The process by which information is determined to be NSI.

Classification Guide - A documentary form of classification guidance issued by an OCA that identifies the elements of information regarding a specific subject that must be classified and establishes the level and duration of classification for each such element. As IRS does not have its own Classification Guide, OSP’s guidance will be used.

Classification Management - Classification management seeks to ensure that official information is classified only when required in the interest of national security and is properly identified and retains the classification assigned if necessary.

Classified National Intelligence (CNI) - National Intelligence as defined in 50 USC 401a (5), classified pursuant to EO 13526. Sensitive Compartmented Information (SCI) is part of CNI.

Classified National Security Information (NSI) - Information that has been determined pursuant to EO 13526 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status regardless of its form (document, technology equipment, etc.). Termed "NSI" in this IRM.

Communications Security (COMSEC) - Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such communications. COMSEC includes cryptographic security, transmission security, emission security, and physical security of COMSEC material.

Compromise - The unauthorized disclosure of NSI to an individual without the appropriate clearance or need-to-know.

Confidential - The classification level applied only to information the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the OCA is able to identify or describe.

Control - The authority of an agency that originates NSI, or its successor in function, to regulate access to the information.

Custodian - The authorized person who has possession or is otherwise charged with the responsibility for safeguarding NSI.

Declassification - The authorized change in the status of information from NSI to unclassified and the subsequent revision of associated markings.

Declassification Authority - Officials delegated declassification authority in writing by the Secretary of Treasury or Treasury’s Senior Agency Official (SAO) responsible for Treasury’s NSI program.

Declassification Guide - The written instructions issued by a declassification authority that detail what specific elements of information may be declassified and the elements that must remain classified.

Derivative Classification - The incorporating, paraphrasing, restating, or generating, in new form, information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source information. Derivative classification includes the classification of information based on a classification guide. The duplication or reproduction, such as copying or printing, of existing NSI is not derivative classification.

Disclosure - The communication or physical transfer of NSI to an unauthorized recipient by showing or revealing NSI, whether orally, in writing or any other medium (e.g., video, graphic, etc.).

Downgrading - A determination by a downgrading/declassification authority that information classified and safeguarded at a specified level must be classified and safeguarded at a lower level.

Industrial Security - The segment of security concerned with protecting NSI released to and in the possession of contractors. This term describes the program under which the United States Government (USG) engages in a contract that has security policies and responsibilities for safeguarding the NSI, NSI systems, assets or facilities, which are imposed on the contractor, and in which the USG provides guidance to and conducts oversight of contractor implementation of those policies.

Information Security - The program established by EO for the classification, declassification, downgrading, and safeguarding of NSI. This includes protection of Sensitive but Unclassified (SBU), non-national security information.

Infraction - A security incident involving a deviation from governing security regulations that does not result in an unauthorized disclosure or compromise of NSI nor otherwise constitutes a security violation.

Lines of Inquiry (LOI) - Discreet, measurable items reviewed during an assessment that, when combined with other LOIs, is meant to ascertain the operational ability of a program.

Mandatory Declassification Review - The review for declassification of NSI in response to a request for declassification that meets the requirements for EO 13526.

Material - In the context of a security incident, an individual is considered material to the inquiry if they were a part of the issue that lead to the incident or if they have knowledge regarding the incident that will influence, or is crucial to, the inquiry.

National Security - The national defense or foreign relations of the U.S. and includes, with a Treasury context, U.S. economic vitality, global competitiveness, market sensitivity, and tracking terrorist assets/financial crimes.

National Security Clearance - Certification issued by a designated personnel security official or designee that a person may access up to Secret or Top Secret NSI on a need-to-know basis granted after a valid, in scope Tier 3 or Tier 5 investigation, respectively.

Need-to-know - A determination by direct management and HCO that an employee requires access to NSI to perform or assist in a lawful and authorized governmental function.

Non-Disclosure Agreement (NDA) - An officially authorized contract between an individual and the USG signed by an individual as a condition of access to NSI and specifying the security requirements for the access and details the penalties for noncompliance carried out via the SF 312, Classified Information Nondisclosure Agreement.

Open Storage - The storage of NSI openly (i.e., not requiring storage inside a security container) when authorized personnel do not occupy the facility. In all instances, "open storage" must be specifically approved in writing by OSP to store NSI at the Secret level. This term is used in concert with TSDN LA.

Original Classification - The initial determination that information requires, in the interest of national security, protection against unauthorized disclosure.

Original Classification Authority(ies) (OCA) - An individual authorized in writing, either by the President or by agency heads, or other officials designated by the President, to classify information in the first instance. Within Treasury, OCA are designated by the Secretary (at the TS, Secret, or Confidential levels) or by the Department’s SAO (at the Secret or Confidential levels). IRS does not have an OCA.

Paragraph or Portion Markings - Required markings on classified documents to indicate the specific level of classification applicable to each paragraph or portion of a document shown in parenthetical form as follows: (TS) for Top Secret, (S) for Secret, (C) for Confidential, and (U) for Unclassified.

Personnel Security - The segment of security that concerns the trustworthiness and integrity of Federal employees and others associated with the USG. It is also the process in the USG for complying with national security interest requirements under EO 10450 or with other similar authority.

Physical Security - The segment of security concerning protective requirements and means for safeguarding IRS personnel, property, facilities, and information.

Public Trust - Investigations (Tier 1, Low Risk; Tier 2, Moderate Risk; Tier 4, High Risk) performed to ascertain whether an individual is suitable or eligible to work in sensitive or public trust positions.

Safeguarding or Safeguards - Physical, procedural, or electronic measures and controls prescribed to ensure NSI and Sensitive but Unclassified (SBU) is not accessed inadvertently or improperly.

Secret - The classification level applied only to information the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the OCA is able to identify or describe.

Secure Telephone Equipment (STE) - The USG current encrypted telephone communications system for wired or "landline" communications.

Security Classification Guide (SCG) - A documentary form of guidance, issued by an OCA, providing the user with instructions on what types of information may be classified and the level/duration thereof.

Security Container (also known as a safe) - A General Services Administration (GSA) approved security container equipped with built-in (mounted), dial-type, changeable combination lock, specifically designed for the NSI. A security container may be used for protecting money and other highly negotiable materials or assets; however, this IRM only applies to any container housing NSI.

Security Clearance - An administrative authorization for access to NSI, up to a stated classification level (TS, Secret, or Confidential), and referred to as a clearance.

Security Countermeasures - Actions, devices, procedures, and/or techniques to reduce security risks.

Security Incident - An act that constitutes a threat to a security program or is a deviation from existing security regulations. Security incidents will be categorized as security infractions or violations.

Security-in-Depth - A determination by the agency head, or designee, that a facility’s security program consists of layered and complementary security controls enough to deter and detect unauthorized entry and movement within a facility. Examples include, but are not limited to, use of perimeter fences, employee and visitor access controls, use of an intrusion detection system, random guard controls, etc.

Security Infraction - Any knowing, willful, or negligent action contrary to the requirements of EO 13526 or its implementing directives that does not result in an unauthorized disclosure NSI.

Security Violation - Any knowing, willful, or negligent action that could reasonably be expected 1) to result in an unauthorized disclosure of NSI, 2) to classify or continue the classification of information contrary to the requirements of EO 13526 or its implementing directives, or 3) to create or continue a special access program contrary to EO 13526.

Senior Agency Official (SAO) - The official designated by the agency head under EO 13526 to direct and administer the agency’s security program, under which information is classified, safeguarded, handled, or declassified.

Sensitive but Unclassified (SBU) - Treasury, bureaus, or another authority has determined to require protection from unauthorized or unwarranted public disclosure.

Sensitive Compartmented Information (SCI) - A subset of CNI concerning or derived from intelligence sources, methods, or analytical processes that is required to be protected within formal access control systems established by the Director National Intelligence (DNI).

SCI Facility(ies) (SCIF) - An accredited area or installation certified and accredited as meeting DNI security standards for the processing, storage and/or discussion of SCI. SCIF must be coordinated with Treasury’s Special Security Office (SSO) in advance of construction. IRS does not have SCIF.

Sensitive Position - Any position the occupant of which could bring about, by virtue of the nature of the position and access to NSI, a materially adverse effect on the national security, the mission of the Department, or the "efficiency of the service." All sensitive positions are designated as either non-critical sensitive, critical sensitive, or special sensitive.

Source Document - An existing document containing NSI that can be incorporated, paraphrased, restated, or generated into a new document.

Systemic Declassification Review - The review for declassification of NSI contained in records the Archivist of the U.S. has determined to have a permanent historical value IAW 44 U.S.C. 2107.

Threat - The intention and capability of an adversary to undertake actions that would be detrimental to the interests of the U.S.

Top Secret - The classification level applied only to information the unauthorized disclosure of which could reasonably be expected to cause exceptionally grave damage to the national security that the OCA is able to identify or describe. Approval from the AD, Security is needed prior to storing Top Secret.

Treasury Secure Data Network (TSDN) Limited Area (LA) - A room that offers the protection necessary to store NSI systems and material up to the Secret level through a combination of Protective Service Officers (PSO), responders, detectors/alarms, and/or locking devices.

IRS NSI Website, updated as new versions of the forms are issued

ISOO Marking Guide

Department of Treasury Security Classification Guide

NSA/CSS EPL for Shredders

NSA/CSS EPL for Degaussers

SF 311

In no case will NSI remain classified or be reclassified in order to:

Information may not be reclassified after declassification and subsequent release to the public under proper authority unless:

Derivative classification is the restatement of existing NSI by persons who reproduce, extract, summarize, or apply classification markings derived from source material or as directed by a classification guide. Derivative can also mean incorporating, paraphrasing, restating, or generating in new form or information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source information.

The basis for derivative classification actions involves use of one or more of the following types of information:

Derivative classification may be exercised by any authorized personnel and consultants or contractors under the National Industrial Security Program (NISP) who are current on the required bi-annual derivative training.

All derivative classification actions made by IRS personnel (employees, consultants, and contractor personnel) must be accounted for annually, in September, and reported through the NSI PM to OSP.

It is recommended that derivative classifiers establish an annual, unclassified chronological file to note: the level (Confidential, Secret, or TS), if multiple sources were used to create the document and whether a list of sources was attached to the document, date created, and other pertinent unclassified information that the owner finds to be helpful indicators (e.g., title or unclassified version of title).

Information classified under EO 13526 and prior EO is subject to challenge by any authorized holder of the information. Authorized holders are defined as:

Challenges of classification decisions are intended to bring about corrective action that ensures only NSI legitimately warranting protection based upon criteria in EO 13526 is classified. The decision to challenge is based on one of the following assumptions:

Those who exercise a classification challenge will not be subjected to adverse action, reprisal, retribution, retaliation based on their election to engage the challenge provision.

Classification challenges must follow IRM 10.9.1.3.4.1 and be compliant with TD P 15-71, Chap III, Section 20 and 32 CFR 2001.14.

Marking will be completed by accomplishing the following:

Derivatively Classified Documents: For information derivatively classified based on multiple sources, the derivative classifier carries forward the date or event for declassification that corresponds to the longest period of classification among the sources; the level of classification reflects the highest level of classification of the portions of the source document used.

Emails containing NSI must be sent only on approved systems for the level of NSI (e.g., TSDN for up to Secret NSI) being sent by an employee who is an Authorized Person.

Ensuring all the requirements for marking paper documents from IRM 10.9.1.4.1 are addressed with the following specifics related to the electronic environment:

Working papers are documents (e.g., notes, drafts, prototypes), materials (e.g., printer ribbons, photographic plates), or other media created during development and preparation of a finished product. Working papers and materials are not intended or expected to be disseminated. Working papers and materials containing NSI must be:

Working papers or other working materials must be destroyed in the same manner as NSI.

Marked and controlled as finished products of the appropriate classification when retained more than 180 calendar days from date of origin (regardless of if they are complete), filed permanently, or released outside the IRS.

Shared between cleared employees internal to the IRS, either physically or electronically, without controlling them as permanent documents only when the working materials are shared information (e.g., collaborative documents or coordinating drafts) in the development process.

SF 706, 707, and 708 are labels required to identify equipment approved for processing NSI (e.g., copiers, electronic/magnetic media like disks, removable hard drives, or similar; thumb drives are not permitted to store NSI). Labels are color-coded in the same manner as document cover sheets:

Additional SF labels exist for equipment and are also required:

Once applied, the label must not be removed.

Employees working with or processing NSI are responsible for properly labeling and controlling equipment in their custody.

All removable electronic and magnetic media used to process NSI will be physically labeled with the highest level of NSI contained therein.

Failure to apply the appropriate labels is a security infraction. If the failure results in improper storage, loss, unauthorized access, or compromise of NSI, it is a security violation.

Automatic Declassification Review: All NSI contained in records that are more than 25 years old and that have been determined to have permanent historical value under Title 44 U.S.C. is automatically declassified, unless it meets the requirements of EO 13526 Section 3.3 paragraphs (b)-(d) and (g)-(j). The 25-year automatic declassification process is a sliding scale as records age and applies annually to NSI on December 31.

Systematic Declassification Review: This function is carried out by the agency with the OCA responsible for the classification of a given piece of NSI. Detailed information can be found in EO 13526, Section 3.4.

Mandatory Declassification Review: This function is carried out by the OCA responsible for the classification of a given piece of NSI. Detailed information can be found in EO 13526, Section 3.5.

IRS employees use secure communications or Secure Telephone Equipment (STE) for conducting NSI discussions. These communications, including voice and data transmissions, must be under provisions established by Treasury systems security officials in TD P 85-01 Volume 1, Part 2.

IRS Criminal Investigation (CI) has the authority to implement and certify secure rooms for the purposes of classified conversations via STE. Documentation of certification must be kept and available for provision.

EO 13526 states that individuals must have the following to access NSI, the combination of which means that the individual is an "authorized person(s/nel)" :

Access to NSI must not be permitted until each of the (1) a) through d) above four elements are fulfilled.

No employee must be deemed to be eligible for access to NSI merely by reason of:

IRM 10.23.3, Personnel Security, Personnel Security/Suitability for Employment and Personnel Security Operations, must be followed in matters of personnel security, which include but not limited to: requesting employee security clearances, transfer of clearances to attend meetings, etc.

Holders of NSI are responsible for verifying that employees are authorized personnel prior to granting access. For verification of security clearances refer to a) or b) at least seven business days in advance:

Each authorized person is responsible for safeguarding NSI from possible loss, compromise, or unauthorized disclosure. The knowledge and physical custody of, or access to, NSI comes with this responsibility and includes:

"Unauthorized" means those individuals who are cleared, but lack need-to-know, as well as those without an appropriate clearance level.

NSI will only be processed on approved computers/equipment (e.g., TSDN for up to Secret or the Treasury Foreign Intelligence Network (TFIN) for up to TS and SCI. IRS does not have TFIN).

Persons transmitting NSI are responsible for ensuring that intended recipients are authorized persons with the capability to store NSI at the level being sent, regardless of the method of transmission (e.g., electronic, hand-carry).

Secure communications (e.g., STE or other) located in a space certified by the CI, for its spaces, to preclude access to both the equipment (e.g., access control) and unauthorized disclosure of the conversation itself (e.g., white noise, sound baffling, Sound Transmission Class (STC) rating, etc.) or a certified TSDN LA will be used for conducting classified discussions.

NSI approved for destruction must be destroyed IAW this IRM.

NSI may not be removed from IRS premises without authorization from the employee’s manager and the SCC.

An IRS official or employee leaving IRS may not remove NSI from IRS control or direct that information be declassified to remove it from IRS control.

Access to NSI must be terminated when an employee no longer has a need for NSI to accomplish their duties; the employee’s management must ensure the transition to a Public Trust Position Description (PD). Access must also be terminated as required in the IRM 10.23 series, Personnel Security.

Security containers used for storage of NSI material must conform to standards specified by the General Services Administration (GSA).

Whenever a new security container is procured, it must be compliant with the requirements and purchased through the Federal Supply System, and the CDC responsible must input the container into the Security Container Tracker.

NSI should only be stored under conditions designed to deter and detect unauthorized access.

Storage at overseas locations must be at USG facilities, unless it is otherwise stipulated in treaties or international agreements.

The use of the SF 702, Security Container Check Sheet, must have the informational section (e.g., room number, building, container number, month/year) filled out appropriately. The SF 702 must be annotated each time the security container is accessed and checked. A record of the SF 702 must be kept for 90 calendar days.

Security containers designated for NSI storage should only contain NSI; unclassified information must not be stored with NSI.

Dial-type locks must meet the FF-L-2740B standard and combinations are considered classified at the highest level of NSI that is protected by the lock. This applies to the locks installed on a container or door of a secure room, e.g., TSDN LA.

Combinations will be changed only by persons with a security clearance, verified prior to the change occurring by emailing hco.ps.national.security.programs@irs.gov, commensurate with the level of NSI in the container and who have knowledge as to how to appropriately change the combination. The combinations should not be sequential numbers, or the standard combination used on decommissioned containers noted below in (7) b) of this section. It is suggested that a six-letter word is chosen then, using a telephone number pad, converting the word into numbers to create a three, two-digit number combination.

An individual that is/will be listed on the SF 700 as having authorization to access the security container must be present to specify the desired combination and verify the change.

Combinations must be changed IAW the TD P 15-71 Chap 5, Sect 4.

Before an employee is provided a container combination, their status as an Authorized Person must be verified by the SCC. An individual’s security clearance must be verified through Personnel Security Office via hco.ps.national.security.programs@irs.gov. SCC must list on the SF 700 any individual who received the combination of the container. If there are more than four employees with access, an attachment to the SF 700 can be used to ensure the information of each employee is captured.

Combinations to security containers storing NSI must be recorded on the SF 700, sealed, then stored in a different security container where stored information is the same or higher level of classification.

Regardless of its destination, prior to decommissioning a security container, it must be cleared of all material by the owning Business Unit.

If repairs to the Class 6 security container or FF-L-2740B lock are required, the technician hired to address them must be GSA certified. The Business Unit must remove NSI from the defunct container and place it in another Class 6 container. If the technician is not GSA certified, then the security container must be decommissioned (i.e., not used to store NSI) until a GSA certified technician can recertify it. The two organizations mentioned in a) and b) maintain lists of certified technicians worldwide, as well as provide GSA certified training:

Movements of a security container between rooms or facilities, to include decommissioning to a warehouse or excess, must be tracked by the CDC with responsibility for the container via the Security Container Tracker maintained by the NSI PM.

NSI will be transmitted and received in an authorized manner, which ensures that evidence of tampering can be detected, inadvertent access can be precluded, and provides a method, which assures timely delivery to the intended recipient.

Use of street-side collection boxes is strictly prohibited for any NSI materials.

Communications Security (COMSEC) must not be transmitted via methods noted in IRM 10.9.1.11.2 or IRM 10.9.1.11.3; contact the Treasury COMSEC manager for specific instructions.

Transmission of TS information outside of an IRS facility is only accomplished by:

Under no circumstances is TS information sent via the U.S. Postal Service (USPS) or any commercial messenger service.

Consultation with the TSCO must take place prior to transmission regarding the methods for the transmission, whether the material will be briefed, to whom it will be given, etc.

IRS does not have the capability to store SCI in its facilities, and therefore, its facilities must not store or process SCI.

Transmission of hard-copy TS requires the use of TD F 15-05.8, Receipt for Classified Information.

Secret and Confidential information cannot be sent via certified mail.

Transmission of Secret or Confidential within the U.S., District of Columbia, and the commonwealth of Puerto Rico must be carried out by any of the following methods:

Cleared commercial carriers must be U.S.-owned/operated and must provide automated, in-transit tracking of the NSI and ensure package integrity during transit.

Transmission of hard-copy Secret requires the use of TD F 15-05.8.

Transmission of Secret and Confidential can be done by electronic means on approved systems (e.g., TSDN).

TD F 15-05.8 is used to receive and account for the transfer of all TS and Secret, regardless of agency of origin.

The TD F 15-05.8 must specify addressee, sender, and an unclassified description of the document.

Responsible senior leadership must determine the administrative procedures required to sufficiently handle the volume of NSI being transmitted or received by their organization in conjunction with assistance from local CDC, the NSI PM, and records management officials.

Several items may be transmitted to the same addressee with one receipt form. The TD F 15-05.8 must be kept unclassified. For example, if a subject title is classified, an abbreviated short form or title will be used, i.e., the first letter of each word in the title/subject line.

IRS employees must not be currently detailed to another agency to request a courier card or letter from IRS. If an IRS employee is detailed to another agency and needs to courier NSI, the request for a card/letter must be addressed to the agency where detailed. As soon as the detail has ended, the IRS employee must return the card/letter to the issuing agency and request a replacement courier card from IRS, if required.

Employees with a frequent and recurring need (i.e., minimum of 12 times per year) to hand-carry NSI must request a courier card via a TD F 15-05.12, Request and Receipt for Courier Card. The request must be submitted minimum 14 business days in advance.

Employees requesting a courier card must have a final, valid security clearance and provide, with the TD F 15-05.12, a digitized color photograph on a plain background. The employee must have proof of training on courier responsibilities before the card can be issued.

Employees who must carry NSI once or routinely on a non-recurring basis must request a courier letter and have a final clearance. CI POC and NSI PM must use Attachment 2 in the TD P 15-71, entitled "Sample Courier Letter Format," to create the courier letter. The request must be submitted minimum of 14 business days in advance. To request a letter, the employee must provide the following information:

If the card or letter authorizes the employee to carry SCI, Treasury’s Special Security Office (SSO) must be the approving official. IRS cannot store SCI at its facilities.

If the card or letter is expired or no longer needed (e.g., employee is terminating employment with the Business Unit, etc.), the card or letter must be returned to the CI or NSI PM who issued it.

Destruction of Top Secret information. TS information, to include duplicates, working papers, etc. will be destroyed in the presence of two authorized persons; one person performs the destruction and the other person serves as a witness. Both individuals must sign the TD F 15-05.5, Classified Document Certificate of Destruction. The completed TD F 15-05.5 must be maintained on file for a three-year period, after which it may be destroyed. No record of the destruction certificate is required. Questions regarding this process should be directed to the TSCO.

Destruction of Secret or Confidential Information. Secret or Confidential information, to include duplicates, working papers, etc., does not require a certificate of destruction.

The destruction of any level of NSI must take place as soon as its utility has ended.

Burn-bags for Temporary Storage. Secret and Confidential, excluding Top Secret, may be torn and placed in sealed opaque containers commonly designed as "burn-bags." Burn-bags feature multiple alternating groupings of red and white diagonal stripes.

Destruction of Sensitive Information. Sensitive information must be destroyed in the same manner as Secret and Confidential.

The SCC must ensure that a review of the container take place annually to ensure the removal and destruction of NSI that is no longer needed. The review does not require documentation.

Care must be taken not to facilitate the improper handling of NSI, such as placing a paper recycling box next to an NSI copier or placing burn-bags next to unclassified trash containers.

Security infractions are incidents involving a deviation from governing security regulations that does not result in an unauthorized disclosure, loss, or compromise of NSI, yet increases the probability of an actual security violation.

Examples of security infractions include but are not limited to the following actions/inactions involving NSI:

Security violations are any knowing, willful, or negligent action that could reasonably lead to an unauthorized disclosure of NSI, to include: repeated abuse of the classification process, either by unnecessary or over-classification, or repeated failure, neglect, or disregard of established requirements for safeguarding NSI. Security violations are grounds for appropriate adverse or disciplinary action.

Examples of security violations include but are not limited to the following actions/inactions involving NSI:

Any person who knows or suspects a security incident has occurred must, where applicable, take custody of the NSI material and safeguard it. Others affected (e.g., on an email chain) should be made aware of the incident in an unclassified manner to take appropriate steps to guard the information and do not disclose it to others.

The incident must be immediately reported but no later than noon the following business day in an unclassified manner to the local CDC.

The CDC makes appropriate reports and proceeds with the inquiry IAW Exhibit 10.9.1-5.