Article: Derivative Classification

Derivative Classification
By E.C. Browne
In an age when intelligence leaks can reverberate across the globe in mere seconds, the art and science of handling classified material has never been more crucial. We often hear about “protecting sources and methods,” but on a practical level, how do we ensure that sensitive information remains under lock and key? That’s where the principle of derivative classification enters the scene. It’s a process that, when done correctly, preserves national security (NATSEC) interests while preventing well-intentioned people from accidentally committing serious security breaches. While the topic can get convoluted, it doesn’t have to be. The goal here is to demystify derivative classification, highlight its significance, and explain how to keep yourself - and the mission - out of hot water.
Derivative Classification in a Nutshell
Derivative classification takes place whenever you create a new document (for instance, a briefing, report, or slideshow) that draws upon information already classified by an Original Classification Authority (OCA). This new material must carry forward all the relevant protections, including classification levels and markings, to safeguard any sensitive details. Put another way, you aren’t making an “original classification decision” on whether something should be Top Secret (TS), Secret (S), or Confidential (C). Instead, you’re taking existing classified data and reproducing it - word-for-word, paraphrased, or even compiled into a new format - while maintaining whatever classification it already held.
The “Utter Liability” Factor
Many people become liabilities not out of malice but sheer ignorance or complacency. Someone might think, “Oh, I remember that project was Secret a while back, so it’s probably still Secret,” and proceed to slap a classification label on the document based on memory alone. That’s how mistakes happen. According to standard guidelines (referenced in directives such as DODM 5200.01 and the National Industrial Security Program Operating Manual, or NISPOM), no one may rely on memory or speculation; you must consult authorized sources such as a Security Classification Guide (SCG) or a properly marked source document to identify the correct classification. Failing to do so is a fast track to over-classification, under-classification, or disclosure of sensitive details.
Authorized Sources: The Two Pillars
First, a Security Classification Guide (SCG) is typically published for specific programs or operations. It lays out precisely what elements of information demand classification and at what level. Second, a properly marked source document (for example, a briefing marked SECRET) can be used to “carry forward” that same classification into your new work. Those are your two pillars. Any other source - like a rumor, guess, or even a general rule of thumb - simply isn’t valid.
Key Concepts: “Contained In,” “Revealed By,” “Compilation”
In derivative classification, you’ll encounter three main concepts:
Contained In This is the simplest scenario. If you copy or paraphrase text that is plainly marked as SECRET, that portion of your new material inherits the same SECRET marking because the classification is explicitly “contained in” the original material.
Revealed By Sometimes, the classification won’t appear obvious in your new text, but a reader could deduce sensitive details by analyzing what’s implied. For instance, you might omit explicit dates or numbers, yet still present clues that allow someone to figure out that the overall content is classified. If that analysis “reveals” classified information, the new portion must be marked at the same level as the original source.
Compilation This is what happens when you combine multiple pieces of unclassified or lower-level classified data and end up with something more sensitive than the individual parts. For example, you might list a base location (Unclassified) alongside the number of personnel (Unclassified) and an upcoming test date (Unclassified). On their own, these data points don’t require classification. Put them all together, though, and an adversary might gain a strategic advantage that warrants classification at a higher level. Only the OCA has the authority to designate which combinations of unclassified or lower-level details become classified when compiled. Those instructions then appear in SCGs, which derivative classifiers must follow.
Why This Matters: Costs and Consequences
Classifying information shouldn’t be a trivial exercise. There are tangible costs, from building secure facilities to conducting background checks and training sessions. Over-classification strains resources and can stifle collaboration, while under-classification puts national security at risk. Derivative classifiers must therefore use their best judgment, consult the correct guides, and safeguard against both extremes.
When Classification Goes Wrong
If you do slip up - say you classify something incorrectly or, worse, divulge sensitive details to an unauthorized recipient - prepare for repercussions that can range from administrative sanctions to criminal penalties. Administrative actions might include suspension without pay or revocation of your clearance. Criminal consequences can include fines or imprisonment if the act is deemed willful. The message here is simple: the stakes are high, and the margin for error is slim.
Avoiding Pitfalls and Promoting Info Sharing
National security doesn’t mean hoarding information. In fact, the entire intelligence community (IC) is more effective when agencies, departments, and even allied partners share data efficiently. That’s why derivative classification rules encourage you to avoid over-classification and help ensure that unclassified information remains accessible. For instance, if only one paragraph in a 10-page report is classified Secret, you might consider putting that portion into an annex rather than labeling the entire report Secret. This approach allows wide dissemination of the unclassified elements.
Challenges and the Right to Question
There are times when you may suspect information has been improperly classified - perhaps it’s labeled Top Secret but doesn’t obviously meet that threshold. In those cases, derivative classifiers are encouraged (and in some contexts, required) to challenge the classification. First, ask your security manager or facility security officer (FSO) to reconcile the discrepancy. If the conflict persists, you can submit a formal classification challenge. By policy, the agency must respond in writing within 60 days or update you on the status if it needs more time. Information under challenge remains at its last assigned classification level until a formal resolution emerges, but rest assured you won’t face retribution just for raising a valid concern.
Acronyms and Terms to Keep in Your Cargo Pocket
• OCA (Original Classification Authority): The small group of government officials who can decide new classifications.
• SCG (Security Classification Guide): The go-to resource for derivative classifiers, outlining what info is classified and at what level.
• NISPOM (National Industrial Security Program Operating Manual): Governs contractors working with classified information.
• E.O. 13526 (Executive Order 13526): Sets the overarching rules for classifying, safeguarding, and declassifying info.
• DODM 5200.01: A key Department of Defense manual with volumes addressing classification, marking, and related procedures.
Staying on the Right Side of the Law
Perhaps the most important takeaway is that derivative classification isn’t just an administrative hurdle. It protects real-world operations, helps shield Service Members from harm, and preserves the U.S. advantage against potential adversaries. Done right, it ensures that sensitive information flows where it needs to go - combatant commands, intelligence analysts, allies - and stays out of the hands of those who’d misuse it. Done poorly, it becomes a liability, leading to confusion, wasted resources, and potentially catastrophic breaches.
Saved Rounds
- Derivative classification is one of the unsung cornerstones of the intelligence world. For those who practice it - intelligence analysts, staff officers, policy writers - it’s not enough to memorize a few acronyms.
- Vigilance, attention to detail, and a willingness to consult official guides form the foundation for success.
- Whether you’re dealing with SECRET briefing slides, TS compartmented documents, or older Confidential reports, you should always verify classification levels through approved sources and apply your markings accurately.
- If you have any lingering doubts, consult an SCG, talk to your security manager, or reach out to the relevant OCA.
- Remember: ignorance is no defense, and a casual slip can cause a world of trouble. If you truly want to “not be an utter liability,” take derivative classification seriously, follow the established procedures, and help maintain the delicate balance between secrecy and information sharing that underpins national security.