All The Following Are Steps In Derivative Classification Except

Understanding Derivative Classification: Identifying the Correct Steps and Common Misconceptions

Derivative classification is a critical security process within governments and organizations that handle classified national security information. It involves incorporating, paraphrasing, restating, or generating new material from existing classified sources and applying the appropriate classification markings to the resulting product. The integrity of the entire classification system hinges on derivative classifiers performing their duties with precision and understanding. A frequent point of confusion, especially in training and testing, is distinguishing the mandatory steps of derivative classification from actions that are either part of other processes or outright prohibited. This article provides a comprehensive, step-by-step breakdown of the official derivative classification process, clearly delineates what the procedure entails, and definitively identifies common options that are not steps in derivative classification, ensuring readers can confidently navigate this essential responsibility.

The Foundation: What is Derivative Classification?

Before dissecting the steps, it is vital to understand the core concept. Derivative classification is not the act of originally classifying information based on a substantive need-to-know and potential damage to national security. That is original classification, a power reserved for specific, designated Original Classification Authorities (OCAs). Instead, derivative classification is a mechanical and analytical duty performed by individuals who create new documents or materials using pre-existing classified sources. Its sole purpose is to propagate the classification from the source material to the new product accurately. The derivative classifier does not decide if information should be classified; they determine how it must be classified based on the source. This foundational principle is the key to identifying correct versus incorrect steps.

The Mandatory Steps of Derivative Classification

The process, as defined by authoritative sources like U.S. Executive Order 13526 and its implementing regulations, follows a clear, logical sequence. Each step is mandatory and builds upon the previous one.

Step 1: Identify and Examine All Source Material

The derivative classifier must first identify all sources of classified information used in the new product. This includes not only the primary documents but also any referenced materials, briefings, or discussions that contained classified content. The classifier must have access to the source material to verify its current classification level (e.g., Confidential, Secret, Top Secret) and any applicable classification caveats or dissemination controls (e.g., NOFORN, ORCON). You cannot derivative classify from an unverified or unknown source. If the classification of a source is unclear, the derivative classifier must seek clarification from the appropriate authority before proceeding.

Step 2: Determine if the New Material Contains Classified Information

Not all information derived from a classified source remains classified. The "derived" information must itself be closely held and its disclosure must be reasonably expected to cause damage to national security. This is a legal and substantive determination. If the new material merely presents common knowledge, publicly available facts, or generalized information that does not reveal the specific protected secrets of the source, it may be unclassified. However, this is a narrow exception. When in doubt, the default position is to classify. The derivative classifier must analyze the content: does the specific wording, data, or insight from the source, when repackaged, still reveal a protected secret?

Step 3: Apply the Highest Appropriate Classification Level

If the new material is determined to contain classified information, the classifier must assign it the highest classification level of any source material from which it is derived. For example, if a paragraph is crafted using one Secret document and one Top Secret document, the entire paragraph must be classified as Top Secret. This "downgrading" is prohibited unless a specific, authorized exception applies (which is rare and requires explicit OCA approval). The principle is classification at the highest level of the source.

Step 4: Mark the Document with Proper Classification Blocking and Banner Lines

This is the most visible and procedural step. The classified document must be marked with:

• Classification Authority Block: Including the name and title of the Original Classification Authority (if originally classified) or the derivative classification authority (if derived), and the source of classification (e.g., "Derived from: [Source Title, Classification, Date]").
• Banner Lines: The words "TOP SECRET," "SECRET," or "CONFIDENTIAL" at the top and bottom of every page.
• **Port

…Portion Markings: Each paragraph, section, or other distinct unit of information must be annotated with the appropriate classification level (e.g., (S) for Secret, (TS) for Top Secret) to indicate exactly which parts contain classified material. If a portion is unclassified, it should be marked with a “(U)” or left unmarked according to agency guidance. Accurate portion marking enables users to quickly discern what may be shared and what must remain protected.

Beyond the basic banner and authority blocks, derivative classifiers must also apply any applicable dissemination controls or handling caveats that were present in the source material. Common controls include NOFORN (not releasable to foreign nationals), ORCON (originator controlled), and REL TO USA, AUS, CAN, GBR, NZL (Five Eyes). These caveats are placed directly beneath the classification banner or within the classification authority block, depending on the issuing agency’s template. When multiple controls apply, they are listed in the order prescribed by the governing security manual (e.g., NOFORN/ORCON).

Step 5: Conduct a Peer Review or Independent Validation
Before final release, the derivative classifier should have the marked document reviewed by a second qualified individual—often a security officer or another derivative classifier—to verify that:

1. All source material has been correctly identified and its classification level accurately reflected.
2. The highest‑level rule has been applied without unwarranted downgrading.
3. Portion markings, banner lines, authority blocks, and dissemination controls are complete and conform to the agency’s template.
   Any discrepancies discovered during this review must be corrected and re‑reviewed until the document satisfies all classification requirements.

Step 6: Store, Transmit, and Handle the Classified Product The completed document must be stored in a container or system approved for its classification level (e.g., a GSA‑approved safe for Secret, a SCIF‑approved vault for Top Secret). Electronic versions require encryption that meets the National Security Agency’s (NSA) standards for the designated level, along with access controls that limit retrieval to individuals with the appropriate clearance and need‑to‑know. When transmitting the material—whether via secure email, courier, or classified network—the classifier must ensure that the transmission medium is authorized for the highest classification present and that all required covering sheets or transmittal letters include the same classification markings and caveats.

Step 7: Maintain Records and Prepare for Future Actions
Derivative classification actions generate a classification record that must be retained for the duration of the material’s classified life, plus any additional period mandated by agency policy. This record typically includes:

• The classifier’s name, title, and signature.
• Date and time of classification.
• Source references (including titles, classifications, dates, and any applicable control markings). - A brief rationale explaining why the derived information was deemed classified.
  These records facilitate periodic reviews, potential downgrades, declassification actions, and audits by inspectors general or oversight bodies.

Step 8: Periodic Review and Potential Downgrading/Declassification
Classified derivative products are not static. At scheduled intervals—or when triggered by events such as changes in source declassification, policy updates, or loss of sensitivity—the holder must reassess whether the material still meets the criteria for its assigned classification level. If the information no longer poses a risk of damage to national security, the holder may initiate a downgrade or declassification request, following the agency’s formal procedures and obtaining approval from the Original Classification Authority or its delegate.

In summary, derivative classification is a disciplined, eight‑step process that begins with verifying the authenticity and classification of source material, proceeds through a careful analysis of whether the new content retains classified character, applies the highest‑level classification rule, and culminates in precise markings, independent validation, secure handling, diligent record‑keeping, and ongoing review. By adhering rigorously to these steps, organizations protect national security information while enabling the legitimate dissemination of derived knowledge that is essential to mission success. Proper training, continual vigilance, and respect for the governing security directives ensure that derivative classification remains a reliable safeguard against unauthorized disclosure.