Information Security Oversight Office (ISOO)

1998 Annual Report

Information Security Oversight Office
National Archives and Records Administration
700 Pennsylvania Avenue, NW
Washington, DC 20408
August 31, 1999

The President
The White House
Washington, DC 20500

Dear Mr. President:

We are pleased to submit the Information Security Oversight Office's 1998 Report to the President.

In the third year of implementation of Executive Order 12958, the executive branch can again report achievements in the President's security classification program. Specifically, the program enjoyed a third straight year of unprecedented achievements in declassification and noted another decrease in the number of original classifiers. In the declassification program, agencies of the executive branch reported declassifying over 193 million pages of records having permanent historical value. Combined with the figures reported for the first two years of the Order's implementation, the executive branch has declassified almost 600 million pages of records under this Order. This achievement is exceptional. In three years under your Executive order, the agencies have declassified 131 percent more pages than in the prior 16 years combined.

When E.O. 12958 took effect in FY 1996, you called upon agency heads who have original classification authority to review carefully the number of officials within their agencies to whom they delegate this authority. They again responded in FY 1998 by reducing the number by over 100 individuals. While some further reductions may be possible, we believe that some executive branch agencies have reached the minimum necessary for effective operations.

Notwithstanding these very positive trends, we are concerned about the continuing increase in classification activity. The increase appears to be a function of increased military, intelligence and foreign relations activities, and reporting of electronic transmissions like e-mail, rather than actual increases in classified programs. Additionally, industry, after reporting a dramatic decrease in its security cost estimates last year, reported a significant increase from last year's estimate. This largely contributed to the increase in the total cost estimate for both Government and industry. The estimate for industry, however, is very likely the most accurate figure reported, because of the size and content of the sample used, and is still well below the estimate reported for 1996. Future oversight activities by ISOO and increased commitment of the agencies will determine whether these trends will continue and further progress made in meeting the goals of the Order.


Steven Garfinkel

Summary of FY 1998 Program Activity

The following Report to the President is the third report under E.O. 12958. The following data highlight ISOO's findings.

  • The number of original classification authorities decreased by 107, to 3,903.
  • Reported original classification decisions decreased by almost 22,000, to 137,005.
  • Reported derivative classification decisions increased by 796,397, to 7,157,763.
  • The total of all classification actions reported for fiscal year 1998 increased by 12 percent, to 7,294,768.
  • CIA accounted for 40 percent of all classification decisions; DOD, 29 percent; NRO, 27 percent; Justice, 2 percent; State, 1 percent; and all others, 1 percent.


  • Under Automatic and Systematic Review Declassification programs, agencies declassified 193,155,807 pages of historically valuable records.
  • Agencies received 4,877 new mandatory review requests.
  • Under mandatory review, agencies declassified in full 232,851 pages; declassified in part 24,759 pages; and retained classification in full on 58,344 pages.
  • Agencies received 85 new mandatory review appeals.
  • On appeal, agencies declassified in whole or in part 2,0294 additional pages.

A Success Story:
The Department of the Army's Declassification Program
FY 1998 saw continued improvements in the declassification programs of many agencies. One agency in particular merits spotlighting: the Department of the Army. During the past three years, Army's Declassification Program has evolved from almost nothing into a most impressive effort to declassify historically valuable records. At the outset of Executive Order 12958's declassification program, ISOO considered the Army situation to be almost hopeless. Other than one or two subject specific declassification projects, Army had not conducted a systematic review for declassification program for more than a decade. There was no declassification infrastructure or command structure in place; there was little awareness concerning the location, condition or quantity of records subject to automatic declassification; and there was no source of funding or human resources apparent. The Army has proven ISOO's assessment to be dead wrong, and is doing so, has accomplished what may well be E.O. 12958's most remarkable success story.

Highly dedicated and competent personnel combined with that most important variable, top management support, achieved Army's current level of success. Army, in concert with a great assist from the National Archives and Records Administration (NARA), has reviewed 75% of the 270 million pages of Army's permanently valuable records identified for automatic declassification. What remains to be reviewed are an estimated 60 million pages, 30 percent of which Army anticipates falling under a Presidentially approved file series exemption. Highlights of the Army's successful declassification effort follow:

The Secretary of the Army created the Army Declassification Activity (ADA) as a component of the Adjutant General's Office on October 10, 1997, fully two years after E.O. 12958 went into effect, to help meet the declassification requirements of Executive Order 12958. ADA combines the latest technology and declassification expertise into a state of the art declassification processing unit. It is a model that will enable the Army to continue its declassification efforts beyond the initial April 2000 requirements of the Order.

ADA developed an Automated Declassification Guide, consolidating over 400 classification guides, which serves as the reference document for Army declassifiers. Its use streamlines the declassification research process for reviewers.

ADA trained over 200 Government and contractor personnel during FY 1998 in the declassification process, using computer-based-training and videotapes.

The Army identified and located all its records subject to section 3.4 of the Order. Some of these records were found to have high personal interest to the public. For example, Army located 28 boxes of records related to the Korean Conflict Prisoner of War/Missing in Action issue. These records, which the Department of Army thought had been lost or destroyed, were found only through the comprehensive search of databases and records centers by the ADA personnel. These records will assist the Defense Prisoner of War/Missing Persons Office in responding to the questions of families of service members still listed as Missing in Action from the Korean Conflict.

In its declassification efforts, ADA has created detailed finding aids that will greatly facilitate researcher use of its records for decades to come.

Exclusive of NARA's complementary efforts, Army's own reviewers declassified 16.5 million pages during FY 1998, a 511% increase over their FY 1997 effort (2.7 million pages) and a 43,321% increase over their FY 1996 effort (38,000 pages)!


Implementation of the Automatic Declassification Provision of
Executive Order 12958 -- "Classified National Security Information"


Executive Order 12958, "Classified National Security Information," signed by President Clinton on April 17, 1995, and effective on October 14, 1995, is a radical departure from the secrecy policies of the past. The first order to revise the security classification system since the end of the Cold War, E.O. 12958 includes major changes which should result in fewer new secrets and significantly more information being declassified. At the same time, the Order includes all of the necessary safeguards to protect appropriately classified information. Fiscal Year 1998 is the third full year of the Order's policies.

The declassification provisions of Section 3.4 contain the most far-reaching reforms in the new security classification system. This section, entitled "Automatic Declassification," requires the automatic declassification of most historically valuable information that is 25 years old. In the past, these older classified records remained classified indefinitely. Under E.O. 12958, these same records, including approximately 1.5 billion pages created over the past 50 years, will become automatically declassified five years from the issuance date of the Order, or April 17, 2000. In order to keep information classified beyond 25 years, agency heads must be able to demonstrate (1) that particular information falls within a narrow exception to automatic declassification (that determination is then subject to outside review by an interagency panel of senior officials); or (2) that particular file series, identified by the agency head and approved by the President, almost invariably contain exempted information.

In effect, E.O. 12958 reverses the resource burden. Unlike the prior systems, in which agencies had to expend resources in order to declassify older information, under E.O. 12958, agencies must expend the resources necessary to demonstrate why older, historical information needs to remain classified.


The data gathered by the Information Security Oversight Office (ISOO) for this report reveal that in Fiscal Year 1998, the agencies of the executive branch continued to declassify historically valuable documents in numbers unprecedented before the issuance in 1995 of Executive Order 12958, "Classified National Security Information." In FY 1998, executive branch agencies declassified over 193 million pages of historically valuable records.

During the first three years that E.O. 12958 has been in effect, the executive branch has declassified more than 593 million pages of historically valuable material. This figure represents 70% of all of the pages declassified since 1980. It is of particular significance that the executive branch has sustained declassification of historically valuable records in such great numbers for three consecutive years.

Of the 593 million pages declassified in FY 1996, FY 1997, and FY 1998, the National Archives and Records Administration (NARA) accounts for 53% (319.5 million) of the total. [Although these pages are among the holdings of NARA, the records originated in agencies other than NARA.] The Department of Defense (DOD) accounts for 34% (205 million) of the total. Other agencies that have declassified large numbers of historically valuable records over the past three years include: the Department of State, 37.5 million; United States Information Agency, 13.9 million; the Agency for International Development, 10.6 million; the Department of Energy, 9.2 million; the Arms Control and Disarmament Agency, 4.9 million; the Department of Commerce, 2.6 million; the Central Intelligence Agency, 1.2 million; the National Aeronautics and Space Administration, 0.6 million; the Department of the Treasury, 0.6 million; and the National Security Council, 0.24 million.

850 Million Pages Declassified
Fiscal Years 1980 - 1998

FY 1980-1994 188.3 million pages
(Average per year: 12.6 million pages)
FY 1995 69 million pages
FY 1996 196 million pages
FY 1997 204 million pages
FY 1998 193 million pages


To meet the President's declassification targets detailed in Executive Order 12958, executive branch agencies were to declassify during FY 1996 at least 15 percent of their total records subject to the Order's automatic declassification provisions, "and similar commitments for subsequent years until the effective date for automatic declassification," i.e., April 17, 2000. Existing records subject to automatic declassification must have been appraised as historically valuable and be at least 25 years old in April 2000.

The data provided to date continue to indicate uneven accomplishment among the agencies of the requirement to declassify significant portions of the subject records each year.

From the data currently available, lSOO believes that the 593 million pages declassified by the executive branch in FY 1996, FY 1997, and FY 1998 comprise approximately 44% of the total universe of classified pages subject to automatic declassification by April2000.


E.O. 12958 authorized the heads of agencies that originate classified information to designate particular file series of classified information to be exempt from the Order's 25-year-old automatic declassification provision. These series were to be limited to records replete with information that "almost invariably" fell within one of the categorical exemptions to automatic declassification. These exempt file series are subject to presidential approval. Agency heads direct them to the President through the Assistant to the President for National Security Affairs (National Security Adviser).

In June 1997, the National Security Adviser requested that ISOO review the agencies' proposed exempt file series, and advise him of ISOO's recommendations regarding their acceptance by the President. Assisted by staff members from NARA and the National Security Council, the ISOO team reviewed 16 agency requests for file series exemptions.

As a result of the ISOO review, six agencies withdrew entirely their requests for file series exemptions. The remaining 10 agencies that requested such exemptions have significantly narrowed the scope of their requests. Perhaps most important, for each of the remaining file series proposed for exemption, the agencies have established fixed dates to review them for declassification. On March 9, 1999, the President approved the file series proposed for exemption by the 10 agencies listed in the chart [below]. In the aggregate, these exemptions contain approximately 187 million pages of historically valuable information over 25 years old, or approximately 11.5% of the total universe of records subject to section 3.4(a) of E.O. 12958. [Note: The 11.5% figure represents the percentage of exempted pages in relation to the total number of page os the entire executive branch (1.627 billion pages) impacted by section 3.4(a) of the Order.] The chart below breaks out, by agency, data on the total volume (by pages) of records affected by section 3.4(a) of E.O. 12958, and the number of pages approved for a file series exemption under section 3.4(c). The relative percentages are provided also.


Percent of Exempted
Total Pages Affected by Number of Pages to Total
AGENCY Sec.3.4(a), E.O. 12958 Approved for Exemption Volume Affected

Army 270,000,000 27,000,000 10%

CIA 157,200,000 94,500,000 60%

DIA 69,138,158 26,272,500 38%

OSD 25,000,000 7,387,500 30%

OJCS 9,300,000 1,581,000 17%

NSA 71,600,000 27,600,000 38.5%

NSC 433,333 65,000 15%

NRO 1,140,000 720,366 63%

PFIAB 160,000 77,500 48%

STATE 42,000,000 1,620,000 3.8%

TOTALS 645,971,491 186,823,866 29%**

** Note: The 29% figure represents the percentage of exempted pages
in relation to the total number of pages of these ten agencies
impacted by section 3.4(b) of the Order.


Please refer to page 9 of this report [below] for an update on this aspect of the program.


An unprecedented effort to declassify older historically valuable information is in place.
Agencies that have had only minimal declassification programs in the past are now engaged in significant declassification efforts.
Communication and coordination between agencies' security and records management staffs have improved tremendously from what was generally a very poor situation.
A declassification infrastructure has been established in every agency that originates classified information.
Communication among the agencies has increased significantly as they attempt to coordinate their declassification efforts.


In practice, automatic declassification at 25 years (rather than at a later date) means that more information requires review, more information is proposed for exemption, less bulk declassification occurs, and the cost of compliance increases.
Start-up and compliance among the major classifying agencies has been uneven. Several agencies were very slow in getting started, and they find themselves in a difficult catch-up situation. In addition, many agencies spent a year or more attempting to gain sufficient knowledge about the scope of their classified holdings.
The rate of declassification at several agencies is lagging because of an apparent unwillingness to alter an extremely cautious approach to declassification. Several agencies will not declassify any information that has not undergone a line-by-line review by several reviewers, notwithstanding the age of the documents or their subject matter. This method of review is obviously the most time consuming and costly.
Resource limitations are having a clear impact on agency compliance and oversight.
In many cases, documents contain the classified information of several agencies (agencies with equities in the document). Dealing with multiple equities greatly complicates and delays the declassification review process.
In large measure, declassification activity has been so prolific that it exceeds the ability of agency systems and resources to process the records for public access, or even the ability to advise other agencies and the public about what information has been declassified.


Although 593 million pages have been declassified under E.O. 12958, executive branch agencies estimate approximately 500 million pages will not be reviewed by April 2000.
On October 17, 1998, the President signed into law the National Defense Authorization Act for FY 1999 (the Act). Section 3161 of the Act, entitled "Protection Against Inadvertent Release of Restricted Data and Formerly Restricted Data," initially halted the declassification of any documents subject to section 3.4 of E.O. 12958 that had not been reviewed on a page-by-page basis until 60 days after the Secretary of Energy had submitted a plan to specified Members of Congress and the Assistant to the President for National Security Affairs. The plan has been submitted to the Congress. Agencies have begun working with DOE to implement it. The Act is likely to impede the ability of executive branch agencies to meet interim targets and may diminish the numbers of older historically valuable documents declassified in the coming years.

Interagency Security Classification Appeals Panel


Section 5.4 of Executive Order 12958, "Classified National Security Information."


(1) To decide on appeals by authorized persons who have filed classification challenges under Section 1.9 of E.O. 12958.
(2) To approve, deny or amend agency exemptions from automatic declassification as provided in Section 3.4(d) of E.O. 12958.

(3) To decide on mandatory review appeals by parties whose requests for declassification under Section 3.6 of E.O. 12958 have been denied at the agency level.


Roslyn A. Mazer, Chair
Department of Justice
Jennifer A. Carrano
Intelligence Community

Michael J. Kurtz
National Archives and Records Administration

William H. Leary
National Security Council

J. William Leonard
Department of Defense

Frank M. Machak
Department of State


Steven Garfinkel, Director
Information Security Oversight Office


Information Security Oversight Office

Summary of Activity

The President created the Interagency Security Appeals Panel (ISCAP) under E.O. 12958 to perform the critical functions noted above. The ISCAP, made up of senior level representatives appointed by the Secretaries of State and Defense, the Attorney General, the Director of Central Intelligence, the Archivist of the United States, and the Assistant to the President for National Security Affairs, began meeting in May 1996. The Director of ISOO serves as its Executive Secretary, and ISOO provides its staff support. To date, the entirety of the ISCAP's decided cases has consisted of mandatory review appeals, most involving documents from presidential libraries. Included within these cases, the ISCAP decided appeals seeking the declassification of 150 documents that remained fully or partially classified upon the completion of agency processing. Of these, the ISCAP voted to declassify 80 of them in full, to declassify significant portions of 47 others, and to affirm the agency's action fully for 23 documents.

Viewing the totality of its decision docket from May 1996 to date, the ISCAP has declassified significant information in 85% of the documents on which it has voted (80 documents in full, 54%; 47 documents in part, 31%). The ISCAP has voted to affirm fully the agency's classification action for 23 documents (15%).

The work of the ISCAP is crucial to the implementation of E.O. 12958, because its decisions will ultimately establish the cutting edge between what information is declassified and what information remains classified. For the first time, the Order provides that historically valuable information that is 25 years old will be automatically declassified. In order to keep information classified beyond 25 years, agencies must demonstrate that particular information falls within one of nine narrow exceptions. Not only does the ISCAP review these agency determinations, it applies those same new standards to similar information that comes before it on appeal under the mandatory declassification review provisions of the Order.

ISCAP reviews only a small portion of documents subject to the heightened standard for 25 year-old information. In order to maximize its effect on the U.S. Government's broader declassification program, ISCAP has taken steps to communicate the subject matters and rationales of its decisions. These steps include issuing periodic communiques and making available a database of its decisions. In March 1999, ISCAP tested a prototype program, in which groups of agency declassification reviewers worked through case studies drawn from ISCAP appeals, and then compared results and reasoning with those of other groups and with the ISCAP's decision-making. The participants -- drawn from the declassification staffs of NARA, CIA, NASA, NSC, NRO, Departments of Defense, State, Transportation, Justice and Energy, and the Security Policy Board -- provided highly positive feedback. ISCAP plans to participate in similar programs with selected case studies on issues of particular interest to specific agencies.

The database of decisions rendered by the ISCAP is available from ISOO on Microsoft Access 2.0. Documents declassified by the ISCAP are made available to the requester either through the custodial unit (e.g., a presidential library) that has permanent custody of them, or by the ISCAP staff. Other interested persons may ordinarily obtain copies of declassified documents from the custodial units.

Several examples of portions of the documents declassified by the ISCAP during the past year are reproduced on the following pages. [Not included here].

For copies of the ISCAP's bylaws, decision database or other information, contact ISOO:

TELEPHONE: (202)219-5250
FAX: (202)219-5385

The National Industrial Security Program:

"Where Does It Stand?"
In 1993, the President formally established the National Industrial Security Program (NISP) through Executive Order 12829. Its goal, then, and now, was to make the executive branch's industrial security program more efficient and cost effective, while fully protecting classified information in the possession of Government contractors, licensees or grantees.
Consistent with ISOO's responsibilities under Section 102(b) of the Order, ISOO began a series of surveys in the early summer of 1997. The initial survey began with contractors located in the Boston, Massachusetts area. During fiscal year 1998, ISOO expanded the survey to include contractors in the Albuquerque, San Francisco, and Washington Metropolitan areas. The purpose of both surveys was to assess the level of implementation achieved by contracting agencies and contractors with respect to the overall objectives of Executive Order 12829, including:

  • Achieving uniformity in security procedures.
  • Implementing the reciprocity principle in security procedures, particularly with regard to facility and personnel clearances.
  • Eliminating duplicative or unnecessary requirements, particularly agency inspections of contractors' programs.
  • Achieving reductions in security costs.
  • The following excerpt is the Executive Summary of the second survey report issued by ISOO in January 1999.


In this, its second survey of the NISP, ISOO continues to report progress and areas for improvement. The information presented in this report suggests that implementation of the NISP has produced positive results. The survey reveals that there are greater awareness and uniformity in security procedures, increased reciprocal acceptance of personnel and facility security clearances, and increased reciprocal acceptance of agency inspections. All of these achievements reduce security costs.

Notwithstanding these accomplishments, the report discusses areas in which survey participants have raised valid concerns about inconsistent implementation of National Industrial Security Program Operating Manual (NISPOM) procedures and practices. In particular, many contractors expressed concern about: (1) the lack of specificity in the NISPOM in regard to procedural matters; (2) Cognizant Security Agencies (CSA) requiring different clearance request forms; (3) the continued impasse between the Department of Energy (DOE) and the Department of Defense (DOD) regarding reciprocal agreements for access and safeguarding Secret Restricted Data (S/RD); and (4) the Defense Security Service's (DSS) diminished presence and accessibility for security advice and assistance, and oversight.

Despite these prevailing concerns, there remains a genuine feeling that a revitalized NISP is essential to continuing the dialogue between Government and industry begun by Executive Order 12829. ISOO encourages a renewed commitment by the CSAs and industry to achieve greater cost savings and improved implementation. Chief among ISOO's recommendations are that: (1) the Executive Agent (Secretary of Defense) develop more prescriptive based handbook(s) for other requirements of the NISPOM to provide an option to smaller contractors who need more detailed procedural guidance; and also (2) facilitate a common understanding of the terminology used by the different user agencies; (3) the DOE and the DOD expeditiously reach a mutual resolution regarding access to and safeguarding of S/RD and S/FRD; (4) the DSS strive for a mutually equitable balance for communicating and maintaining its much needed presence in the contractor community; (5) the Executive Agent, in consultation with the signatories of the NISP, establish a standard clearance request form, a standard electronic personnel security questionnaire; (6) the Executive Agent encourage greater co-utilization of Sensitive Compartmented Information Facilities (SCIFs); and (7) the affected contractor should report instances of redundant and duplicative security review and audit activity to the Director, ISOO for resolution. To avoid any further delay, it is imperative that renewed leadership, communication, cooperation, and innovation become the avenues for expeditiously implementing the requirements of the NISPOM.

Security Classification-- What Does it Cost?

The security classification program is now in its fourth year of reporting costs for both Government and industry. Congress first requested security classification cost estimates from the executive branch in 1994. The Office of Management and Budget reported those cost estimates to Congress while working with agencies to develop better sampling methodology for future years. Congress has continued to seek updated estimates. In addition, ISOO is tasked through Executive Order 12958 to report these costs to the President. Executive Order 12928, "National Industrial Security Program," also requires that industry or contractor costs be collected and reported by ISOO to the President.
Until the last few years, the costs for the security classification program were deemed non-quantifiable, intertwined with other somewhat amorphous overhead expenses. While many of its costs remain ambiguous, ISOO continues to ask questions about their makeup and is looking for ways to refine the methodology. While ISOO can resolve some of them, requiring exact responses to these cost collection efforts would be cost prohibitive. Consequently, ISOO relies on sampling and therefore the measurements of costs of the security classification system will be estimates. Nevertheless, by maintaining stability in methodology, ISOO should gain over time a good indication of the total cost burden and its upward and downward trends.


The data presented below were collected by categories based on common definitions developed by an executive branch working group. The categories are defined below.
Personnel Security: A series of interlocking and mutually supporting program elements that initially establish a government or contractor employee's eligibility, and ensure suitability for the continued access to classified information.

Physical Security: That portion of security concerned with physical measures designed to safeguard and protect classified facilities and information, domestic or foreign.

Information Security: Includes three sub-categories: Classification Management: The system of administrative policies and procedures for identifying, controlling and protecting from unauthorized disclosure, classified information, the protection of which is authorized by executive order or statute. Classification management encompasses those resources used to identify, control, transfer, transmit, retrieve, inventory, archive, declassify or destroy classified information. Declassification: The authorized change in the status of information from classified information to unclassified information. It encompasses those resources used to identify and process information subject to the automatic, systematic or mandatory review programs authorized by executive order or statute. Information Technology Systems (Automated Information Systems (AIS) or Information Technology Systems Security): Measures and controls that ensure confidentiality, integrity and availability of the classified information processed and stored by a computer or information technology system. It can include, but is not limited to, the provision of all security features needed to provide an accredited system of protection for computer hardware and software, and classified information, material, or processes in automated systems.

Professional Education, Training and Awareness: The establishment, maintenance, direction, support and assessment of a security training and awareness program; the certification and approval of the training program; the development, management, and maintenance of training records; the training of personnel to perform tasks associated with their duties; and qualification and/or certification of personnel before assignment of security responsibilities related to classified information.

Security Management and Planning: Development and implementation of plans, procedures and actions to accomplish policy requirements, develop budget and resource requirements, oversee organizational activities and respond to management requests related to classified information.

Unique Items: Those department or agency-specific activities that are not reported in any of the primary categories but are nonetheless significant and need to be included.

Because of expressed interest in the declassification programs established under Executive Order 12958, ISOO also requested agencies to identify that portion of their cost estimates in the category of information security/classification management that was attributable to their declassification programs. For FY 1998, the agencies reported declassification cost estimates of $199,652,607, or 5.5% of their total cost estimates.

The total security classification costs estimate within Government for FY 1998 is $3,580,026,033. This figure represents estimates provided by 30 executive branch agencies including the Department of Defense, whose estimate incorporates the National Foreign Intelligence Program. It does not include, however, the cost estimates of the CIA, which that agency has classified.

Government Security Classification Costs Estimate Fiscal Year 1998

Total $3.6 billion

Personnel Security $398 million
Physical Security $386 million
Information Security $2.2 billion
Information Systems Security $1.8 billion
Classification Management $213 million
Declassification Management $200 million
Professional Education Training & Awareness $93 million
Security Management & Planning $487 million
Unique Items $5.7 million



A joint Department of Defense and industry group developed a cost collection methodology for those costs associated with the use and protection of classified information within industry. Because industry accounts for its costs differently than Government, cost estimate data are not provided by category. Rather a sampling method was applied that included volunteer companies from four different categories of facilities. The category of facility is based on the complexity of security requirements that a particular company must meet in order to hold a classified contract with a Government agency.
The 1998 cost estimate totals for industry pertain to the twelve month accounting period for the most recently completed fiscal year of each company that was part of the industry sample. For most of the companies included in the sample December 31, 1998, was the end of their fiscal year. The estimate of total security costs for 1998 within industry was $1,371,086,000. The Government cost estimate shows a modest six percent increase above the cost estimate reported for FY 1997. Industry, on the other hand, reported a dramatic 98 percent increase in its cost estimate. The total cost estimate for Government and industry for 1998 is $5 billion, a 22 percent increase in the total cost estimate for 1997 of $4.1 billion.

The increased cost estimates for Government appear to result from the agencies' ability to estimate these costs more accurately rather than from any new programs. The relatively low increase is reflected in the costs associated with security management, oversight, planning, physical security and security education and training. The other cost estimate categories stayed relatively stable.

With respect to the increase in contractor costs, this year's estimate appears to be a more reasonably accurate total than either the extremely low estimate reported for 1997, or the much higher estimates reported in both 1995 and 1996. The current estimate was based on sampling from a larger pool of companies than used in 1997, 1996 or 1995. The larger sample size tends to suggest greater accuracy. Further, the Department of Defense, the Executive Agent for the National Industrial Security Program, believes that the categories of companies reporting cost estimate data need to be defined more clearly, and that the mix of small and large companies reporting data in 1998 provides a better sample. ISOO expects that future estimates are likely to bear out its assertion that the industry estimate reported here is the most realistic reported to date in what remains a relatively new and evolving process.

The refining process for security cost collection seems to be a continuous one, as well it should be given the many variables in the security classification program. As Government and industry add to their experience in cost collection, the information should help considerably in managing the security classification program.

Comparing Total Costs for Government and Industry
Fiscal Years 1995 - 1998

FY 1998 Total $5 billion
FY 1997 Total $4.1 billion
FY 1996 Total $5.2 billion
FY 1995 Total $5.6 billion

FY 1998 Government $3.6 billion
FY 1997 Government $3.4 billion
FY 1996 Government $2.6 billion
FY 1995 Government $2.7 billion

FY 1998 Industry $1.4 billion
FY 1997 Industry $692,823,000
FY 1996 Industry $2.6 billion
FY 1995 Industry $2.9 billion


Original Classifiers
Original classification authorities (OCAs), also called original classifiers, are those individuals designated in writing, either by the President or by selected agency heads, to classify information in the first instance. Under Executive Order 12958, only original classifiers determine what information, if disclosed without authority, could reasonably be expected to cause damage to the national security. Original classifiers must also be able to identify or describe the damage.

For fiscal year 1998, the number of original classifiers throughout the executive branch was 3,903, which represents a reduction of 107 classifiers from the previous year.* This figure, for the eighth consecutive year, represents the lowest number of original classifiers ever reported by ISOO. ISOO believes that Executive Order 12958's requirement that agency heads carefully scrutinize and re-issue delegations of original classification authority has been the largest contributing factor to this further decrease. This review, taken in conjunction with the widespread use of classification guidance (see "Derivative Classification," below) in an automated environment, has revealed a reduced need for OCAs for operational needs. In ISOO's view, some agencies have reached a level in the number of original classification authorities that seems reasonable for the conduct of their missions. Nevertheless, some of the larger agencies that had comparable classification activity, but many more original classification authorities, could reduce the number of original classification authorities without negatively affecting operations through increased use of classification guidance. ISOO will continue to monitor this aspect of agency programs more closely through its oversight activities.

* ONDCP did not report its data to ISOO this year. Therefore, the reported number does not include five OCAs previously reported to ISOO by this office. Nor do the other data reported here include those for ONDCP, which has not historically reported quantitatively significant data.
In fiscal year 1998, agencies reported decreases in the number of original classifiers for all three classification levels. The Department of Justice is responsible for 78 percent of the total reduction in original classifiers. This is the second year Justice has reported substantial decreases in the number of original classifiers. In addition, the Department of Defense reported decreases in the number of Top Secret and Secret, while increasing the number of Confidential original classifiers. Overall, DOD reduced its number of OCAs, because NRO began reporting separately in fiscal year 1998. (DOD's fiscal year 1998 decrease is based upon a comparison with fiscal year 1997 without NRO's figures.) In fiscal year 1997, the Department of State reported a 5 percent decrease in the number of original classification authorities. ISOO had hoped that this trend would continue in fiscal year 1998, but State reported the same number as fiscal year 1997. ISOO also wishes to recognize OMB, AID, ACDA, and DOE for their efforts to reduce the number of original classifiers, in each case at the Secret level.

Original Classifiers Fiscal Year 1998

Total 3,903

Top Secret 884
Secret 2,773
Confidential 246
Original Classification

Original Classification is an initial determination by an authorized classifier that information requires extraordinary protection, because unauthorized disclosure of the information could reasonably be expected to cause damage to the national security. The process of original classification ordinarily includes both the determination of the need to protect the information and the placement of markings to identify the information as classified. By definition, original classification precedes all other aspects of the security classification system, e.g., derivative classification, safeguarding and declassification. Therefore, ISOO often refers to the number of original classification actions as the most important figure that it reports.

For fiscal year 1998, agencies reported a total of 137,005 original classification decisions. This figure represents a decrease of 14 percent over the number of original classification decisions reported in fiscal year 1997. By classification level, Top Secret decreased by 33 percent, while Secret decreased by 10 percent and Confidential by 19 percent. It is not clear why original classification activity decreased in fiscal year 1998. A review of original classification activity for the past 10 years shows a downward trend with the exception of fiscal year 1997 which noted a 51 percent increase from fiscal year 1996. It seems likely that fiscal year 1997's increase is a function of agencies implementing a new executive order, which in itself requires the review and issuance of new or revised classification guides.

Three agencies -- DOD, Justice, and State -- now account for 95 percent of all original classification decisions. DOD reported a total of 56,103 original classification decisions, which represents a 37 percent decrease from the previous year. For the second year in a row, Justice also reported a large increase from fiscal year 1997 of 29 percent. State reversed its downward trend in original classification activity with an 8 percent increase. In both cases the increase may be a result of not using security classification guides. Justice needs to review and update its existing security classification guides, while State needs to develop guides.

Original Activity Fiscal Year 1998

Total 137,005

Top Secret 4,872
Secret 91,516
Confidential 40,617

Several agencies with smaller security classification programs reported marked decreases in the number of original classification decisions. In particular, ISOO commends DOT, NRC, Treasury, NSC, and OVP, which reported decreases of 100 percent, 85 percent, 34 percent, 30 percent and 24 percent respectively, in the number of original classification decisions.

Original Classification Levels Fiscal Year 1998

Top Secret 3%
Secret 67%
Confidential 30%

As part of the original classification process, the classifiers must determine a time frame for the protection of the information. This is commonly called the "duration" of classification. Executive Order 12958 creates three possible outcomes at the time of original classification. First, if applicable to the duration of the information's national security sensitivity, information should be marked for declassification upon a specific date or event. For example, a classifier could determine that the information's sensitivity will lapse upon the completion of a particular project. The event would be noted on the face of the document, and when the project had been completed, the information would automatically be declassified. Second, if the original classification authority could not determine an earlier specific date or event for declassification, information should ordinarily be marked for declassification 10 years from the date of the original decision. Third, if the specific information falls within one or more of eight categories, the classifier may exempt it from declassification at 10 years. In almost all instances, this will result in the information being subject to automatic declassification at 25 years. The indefinite duration marking used under Executive Order 12356, "Originating Agency's Determination Required" or "OADR," was eliminated with the issuance of E.O. 12958.

Original Activity by Agency Fiscal Year 1998

DOD 56,103
Justice 51,535
State 22,302
All Others 7,065

During fiscal year 1998, classifiers chose declassification upon a specific date or event less than 10 years, or upon the 10-year date for 49,236 original classification decisions. On the remaining 87,769 original classification decisions, original classifiers elected to apply an exemption from 10-year declassification. In both fiscal years 1996 and 1997 under this Order, approximately half of all original classification actions were marked for automatic declassification in 10 years or less. Fiscal year 1998's percentage is markedly lower than the previous two years. Nevertheless, 36 percent is still higher than the figures reported under prior systems, when more than 90 percent of referral decisions were marked for indefinite classification. During planned classified document reviews in fiscal year 1999 and beyond, ISOO will examine this aspect of the classification process closely to determine the validity of the time frame assigned by classifiers for the protection of the information.

Duration of Classification Fiscal Year 1998

10 Years or Less 36%
Exempt from 10 Year 64%
Derivative Classification

Derivative classification is the act of incorporating, paraphrasing, restating, or generating in new form classified source information. Information may be classified in two ways: (a) through the use of a source document, usually correspondence or publications generated by an original classification authority; or (b) through the use of a classification guide. A classification guide is a set of instructions issued by an original classification authority. It pertains to a particular subject and describes the elements of information about that subject that must be classified, and the level and duration of classification. Only executive branch or Government contractor employees with the appropriate security clearance, who are required by their work to restate classified source information, may classify derivatively.

Derivative Activity Fiscal Year 1998

Total 7,157,763

Top Secret 831,002
Secret 4,495,872
Confidential 1,830,889

For fiscal year 1998, agencies reported 7,157,763 derivative classification actions. This figure represents an increase of 13 percent from that reported in fiscal year 1997.

Derivative Classification Levels Fiscal Year 1998

Top Secret 12%
Secret 63%
Confidential 25%

The significant increase comes from three of the major classifying agencies, Justice, CIA and DOD. NRO was added to the list of the major classifying agencies for fiscal year 1998, all of which reported very different results for derivative classification activity. This year CIA derivatively classified the most information of the five agencies, reporting a 44 percent increase over last year. State reported a modest 4 percent decrease, while Justice reported a 51 percent increase. DOD reported a 51 percent decrease, which is artificial, because its 1997 figures included the derivative classification activity of the NRO. In looking at NRO and DOD separately for both fiscal years 1997 and 1998, DOD reported a 13 percent increase from 1997 and NRO reported a 15 percent decrease.

FY 1997 - FY 1998

DOD: 1,798,381 - 2,034,545
NRO: 2,321,050 - 1,966,250

TOTAL: 4,119,431 - 4,000,795

All other agencies reported 31,703 derivative classification actions, a 21 percent decrease from the year before. ISOO recognizes those agencies contributing to this decrease: ACDA (58%), DOT (53%), GSA (42%) and NASA (38%).

Derivative Activity by Agency Fiscal Year 1998

DOD 2,034,545
CIA 2,918,550
NRO 1,966,250
State 112,027
Justice 94,688
All Others 31,703

The increase in derivative classification activity may be influenced by a variety of factors. The widespread introduction of technology and the development and use of automated information management systems affect how information is collected, analyzed, and disseminated, which in turn influences the decision-making process.

For example, the speed and ease of electronic communications decreases the time needed to collect and disseminate information and potentially increases the number of recipients of that information. The faster more people receive classified information, the more quickly they could take action, resulting in more decisions being made and disseminated as derivatively classified information. Continuing advancements in technology will further speed the collection and dissemination of information. World events will continue to play a role in the amount of derivative activity, in particular, military operations in Europe, and elsewhere. Understandably, international conflicts or incidents affect classification activity more than any other stimulus.

Combined Classification

Together, original and derivative classification decisions make up what is called combined classification activity. In fiscal year 1998, combined classification activity increased by 774,614 (12%), to a total of 7,294,768 actions. Since derivative actions outnumbered original actions by a ratio of more than 53:1, they had a much greater impact on combined classification activity.

CIA accounted for 40 percent of all combined classification activity reported for fiscal year 1998; DOD, 29 percent; Justice, 2 percent and State, 1 percent.

NRO, which is reporting independently of DOD this year, accounted for 27 percent. As in the past, the remaining agencies accounted for only 1e percent of the combined classification activity. CIA, DOD, and State reported increases in combined classification by 44, 11 and 7 percent, respectively. DOD's increase results from a comparison to 1997 figures excluding NRO.

Combined Activity for Fiscal Year 1998

Total 7,294,768

Top Secret 835,874
Secret 4,587,388
Confidential 1,871,506

Combined Classification Levels Fiscal Year 1998

Top Secret 11%
Secret 63%
Confidential 26%

Combined Classification Activity by Agency Fiscal Year 1998

CIA 2,918,550
DOD 2,090,648
NRO 1,966,250
Justice 146,223
State 134,329
All Others 38,768

ISOO continues to be concerned about the upward trend in classification activity. The increase in classification comes in derivative not original. Some explanation of the increase is noted above under the derivative section. However, the increase is still puzzling given the downward trend of classification activity noted under the previous Executive order. ISOO strongly believes that, whatever the shortcomings in the implementation of the classification provisions of E.O. 12958, they are primarily the result of the disproportionate amount of resources and attention that the agencies must devote to the declassification process, at least through April 2000. In order to address this concern, ISOO has redirected its oversight activities to classification in FY 1999. In particular, ISOO is looking at agencies' classified products through document reviews and looking more closely at agency security education and training programs.


During fiscal year 1998, declassification activity, although down slightly from fiscal year 1997, continued at a steady pace far exceeding that under prior executive orders. Instituting two declassification programs under E.O. 12958: (1) "Automatic Declassification," Section 3.4 of E.O. 12958; and (2) "Systematic Declassification Review," Section 3.5 of the Order, has very clearly driven this increase in declassification activity. The "Automatic Declassification" program began in mid-October 1995 with the effective date of Executive Order 12958. Under the "Automatic Declassification" program, information appraised as having permanent historical value is automatically declassified once it reaches 25 years of age unless an agency head has determined that it falls within a narrow exemption that permits continued classification. Fiscal year 1996 was the first full year of implementation for this program. Started in 1972, "Systematic Review for Declassification" is the program under which classified permanently valuable records are reviewed for the purpose of declassification after the records reach a specific age. Under E.O. 12356, NARA was the only agency required to conduct a systematic review of its classified holdings. Now E.O. 12958 requires all agencies that originate classified information to establish and conduct a systematic declassification review program.
In effect, systematic review has become an appendage of the automatic declassification program. ISOO has collected data on declassification that does not distinguish between the two programs because they are now so interrelated.

The continuing impact of the automatic declassification program is reflected in the amount of information declassified within the executive branch during FY 1998. In this one year, the executive branch declassified over 193 million pages. In the three years that Executive Order 12958 has been in effect, over 593 million pages have been declassified. Compared to the total for the previous 16 years, 1980 to 1995, the executive branch declassified 131 percent more pages during FY 1996, FY 1997, and FY 1998. For the 19 years during which ISOO has been collecting data, declassification activity within the executive branch resulted in over 850 million pages declassified.

850 Million Pages Declassified
Fiscal Years 1980-1998

Fiscal Years 1996-1998 593 million pages (70%)
Fiscal Years 1980-1995 257 million pages (30%)

Fiscal Year 1998 193 million pages (23%)
Fiscal Year 1997 204 million pages (24%)
Fiscal Year 1996 196 million pages (23%)
Fiscal Year 1995 69 million pages (8%)
Fiscal Years 1980-1994 188 million pages (22%)

NARA is responsible for 48 percent and DOD 36 percent of the total declassified pages in FY 1998. CIA, ACDA, FEMA, NRC, and OPIC have improved their declassification results significantly in fiscal year 1998 by doubling or more the number of pages they declassified in FY 1997. In addition to the important contributions of these agencies, ISOO commends the efforts of AID, DOT, NRO, NSC, and Treasury.

1998 TOTAL 193,155,807

NARA 92,000,000
DOD 69,436,586
Navy 31.4 million
Army 16.5 million
NSA 10.1 million
Air Force 7.6 million
NIMA 1.2 million
All Others 2.7 million
STATE 12,536,000
AID 6,545,000
USIA 5,436,075
ACDA 3,371,496
DOE 1,613,957
CIA 1,046,240
TREASURY 780,000
NASA 98,000
NSC 88,638
FEMA 81,561
JUSTICE 64,234
NRO 38,000
OSTP 16,800
NRC 11,500
DOT 1,100
OPIC 157

Mandatory Review

Under Executive Order 12958, the mandatory review process permits individuals or agencies to require an agency to review specified national security information for purposes of seeking its declassification. Requests must be in writing and describe the information with sufficient detail to permit the agency to retrieve it with a reasonable amount of effort. Mandatory review remains popular with some researchers as a less contentious alternative to Freedom of Information Act (FOIA) requests. It is also used to seek the declassification of presidential papers or records, which are not subject to the FOIA.

Mandatory Review Pages Processed Fiscal Years 1997-1998

FY 1998 Total 315,954
FY 1997 Total 111,895

FY 1998 Granted in Full 232,851
FY 1997 Granted in Full 50,181

FY 1998 Granted in Part 24,759
FY 1997 Granted in Part 41,961

FY 1998 Denied in Full 58,344
FY 1997 Denied in Full 19,753

During FY 1998 agencies processed 4,512 cases totaling 315,954 pages. The number of pages processed decreased by 182 percent from the previous year. The percentage of pages declassified in whole or in part (82 percent) is identical to last year's rate, a trend which ISOO believes is an indication that mandatory review remains a very successful means for declassifying information. With the establishment of the Interagency Security Classification Appeals Panel (ISCAP), created under Executive Order 12958 and discussed earlier in this report, mandatory review requests are likely to increase.

Mandatory Review Appeals Disposition Fiscal Year 1998

Granted in Full 19%
Granted in Part 67%
Denied in Full 14%

During FY 1998, agencies processed 73 appeals that comprised 2,361 pages. Of these, 86 percent of the pages were granted in whole or in part. The rate is 58 percent higher than last year. The higher rate of declassification suggests that researchers can continue to anticipate greater return in declassified information if they pursue an appeal.