dures for the review of information accessioned into the National Archives of the United States. (f) In response to a request for information under the Freedom of Information Act, the Privacy Act of 1974, or the mandatory review provisions of this Order: (1) An agency shall refuse to confirm or deny the existence or non-existence of requested information whenever the fact of its existence or non-existence is itself classifiable under this Order. (2) When an agency receives any request for documents in its custody that were classified by another agency, it shall refer copies of the request and the requested documents to the originating agency for processing, and may, after consultation with the originating agency, inform the requester of the referral. In cases in which the originating agency determines in writing that a response under Section 3.4(f)(1) is required, the referring agency shall respond to the requester in accordance with that Section. (a) A person is eligible for access to classified information provided that a determination of trustworthiness has been made by agency heads of designated officials and provided that such access is essential to the accomplishment of lawful and authorized Government purposes. (b) Controls shall be established by each agency to ensure that classified information is used, processed, stored, reproduced, transmitted, and destroyed only under conditions that will provide adequate protection and prevent access by unauthorized persons. (c) Classified information shall not be disseminated outside the executive branch except under conditions that ensure that the information will be given protection equivalent to that afforded within the executive branch. (d) Except as provided by directives issued by the President through the National Security Council, classified information originating in one agency may not be disseminated outside any other agency to which it has been made available without the consent of the originating agency. For purposes of this Section, the Department of Defense shall be considered one agency. Sec. 4.2 Special Access Programs. (a) Agency heads designated pursuant to Section 1.2(a) may create special access programs to control access, distribution, and protection of particularly sensitive information classified pursuant to this Order or predecessor orders. Such programs may be created or continued only at the written direction of these agency heads. For special access programs pertaining to intelligence activities (including special activities but not including military operational, strategic and tactical programs), or intelligence sources or methods, this function will be exercised by the Director of Central Intelligence. (b) Each agency head shall establish and maintain a system of accounting for special access programs. The Director of the Information Security Oversight Office, consistent with the provisions of Section 5.2(b)(4), shall have non-delegable access to all such accountings. Sec. 4.3 Access by Historical Researchers and Former Presidential Appointees. (a) The requirement in Section 4.1(a) that access to classified information may be granted only as is essential to the accomplishment of authorized and lawful Government purposes may be waived as provided in Section 4.3(b) for persons who: (1) are engaged in historical research projects, or (2) previously have occupied policy-making positions to which they were appointed by the President. (b) Waivers under Section 4.3(a) may be granted only if the originating agency: (1) determines in writing that access is consistent with the interest of national security; (2) takes appropriate steps to protect classified information from unauthorized disclosure or compromise, and ensures that the information is safeguarded in a manner consistent with this Order; and (3) limits the access granted to former presidential appointees to items that the person originated, reviewed, signed, or received while serving as a presidential appointee. Part 5 Implementation and Review Sec. 5.1 Policy Direction. (a) The National Security Council shall provide overall policy direction for the information security program. (b) The Administrator of General Services shall be responsible for implementing and monitoring the program established pursuant to this Order. The Administrator shall delegate the implementation and monitorship functions of this program to the Director of the Information Security Oversight Office. Sec. 5.2 Information Security Oversight Office (a) The Information Security Oversight Office shall have a fulltime Director appointed by the Administrator of General Services subject to approval by the President. The Director shall have the authority to appoint a staff for the Office. (b) The Director shall: (1) develop, in consultation with the agencies, and promulgate, subject to the approval of the National Security Council, directives for the implementation of this Order, which shall be binding on the agencies; (2) oversee agency actions to ensure compliance with this Order and implementing directives; (3) review all agency implementing regulations and agency guidelines for systematic declassification review. The Director shall require any regulation or guideline to be changed if it is not consistent with this Order or implementing directives. Any such decision by the Director may be appealed to the National Security Council. The agency regulation or guideline shall remain in effect pending a prompt decision on the appeal; (4) have the authority to conduct on-site reviews of the information security program of each agency that generates or handles classified information and to require of each agency those reports, information, and other cooperation that may be necessary to fulfill the Director's responsibilities. If these reports, inspections, or access to specific categories of classified information would pose an exceptional national security risk, the affected agency head or the senior official deignated under Section 5.3(a)(1) may deny access. The Director may appeal denials to the National Security Council. The denial of access shall remain in effect pending a prompt decision on the appeal; (5) review requests for original classification authority from agencies or officials not granted original classification authority and, if deemed appropriate, recommend presidential approval; (6) consider and take action on complaints and suggestions from persons within or outside the Government with respect to the administration of the information security program; (7) have the authority to prescribe, after consultation with affected agencies, standard forms that will promote the implementation of the information security program; (8) report at least annually to the President through the National Security Council on the implementation of this Order; and (9) have the authority to convene and chair interagency meetings to discuss matters pertaining to the information security program. Sec. 5.3 General Responsibilities. Agencies that originate or handle classified information shall: (a) designate a senior agency official to direct and administer its information security program, which shall include an active oversight and security education program to ensure effective implementation of this Order; (b) promulgate implementing regulations. Any unclassifed regulations that establish agency information security policy shall be published in the Federal Register to the extent that these regulations affect members of the public; (c) establish procedures to prevent unnecessary access to classified information, including procedures that (i) require that a demonstrable need for access to classified information is established before initiating administrative clearance procedures, and (ii) ensure that the number of persons granted access to classified information is limited to the minimum consistent with operational and security requirements and needs; and (d) develop special contingency plans for the protection of classified information used in or near hostile or potentially hostile areas. (a) If the Director of the Information Security Oversight Office finds that a violation of this Order or its implementing directives may have occurred, the Director shall make a report to the head of the agency or to the senior official designated under Section 5.3(a)(1) so that corrective steps, if appropriate, may be taken. (b) Officers and employees of the United States Government, and its contractors, licensees, and grantees shall be subject to appropriate sanctions if they: (1) knowingly, willfully, or negligently disclose to unauthorized persons information properly classified under this Order or predecessor orders; (2) knowingly and willfully classify or continue the classification of information in violation of this Order or any implementing directive; or (3) knowingly and willfully violate any other provision of this Order or implementing directive. (c) Sanctions may include reprimand, suspension without pay, removal, termination of classification authority, loss or denial of access to classified information, or other sanctions in accordance with applicable law and agency regulation. (d) Each agency head or the senior official designated under Section 5.3(a)(1) shall ensure that appropriate and prompt corrective action is taken whenever a violation under Section 5.4(b) occurs. Either shall ensure that the Director of the Information Security Oversight Office is promptly notified whenever a violation under Section 5.4(b) (1) or (2) occurs. (d) "Foreign government information" means: (1) information provided by a foreign government or governments, an international organization of governments, or any element thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence; or (2) information produced by the United States pursuant to or as a result of a joint arrangement with a foreign government or governments or an international organization of governments, or any element thereof, requiring that the information, the arrangement, or both, are to be held in confidence. (e) "National security" means the national defense or foreign relations of the United States. (f) "Confidential source" means any individual or organization that has provided, or that may reasonably be expected to provide, information to the United States on matters pertaining to the national security with the expectation, expressed or implied, that the information or relationship, or both, be held in confidence. (g) "Original classification" means an initial determination that information requires, in the interest of national security, protection against unauthorized disclosure, together with a classification designation signifying the level of protection required. (a) Nothing in this Order shall supersede any requirement made by or under the Atomic Energy Act of 1954, as amended. "Restricted Data" and "Formerly Restricted Data" shall be handled, protected, classified, downgraded, and declassified in conformity with the provisions of the Atomic Energy Act of 1954, as amended, and regulations issued under that Act. (b) The Attorney General, upon request by the head of an agency or the Director of the Information Security Oversight Office, shall render an interpretation of this Order with respect to any question arising in the course of its administration. (c) Nothing in this Order limits the protection afforded any information by other provisions of law. (d) Executive Order No. 12065 of June 28, 1978, as amended, is revoked as of the effective date of this Order. (e) This Order shall become effective on August 1, 1982. |