Information Security Oversight Office (ISOO)

Agency Training Requirements

The Information Security Oversight Office (ISOO) logo

Executive Order 13526 and 32 CFR 2001 lay out the guidelines for required classification management training.   All personnel who work with classified information must receive initial training on security policies.  Additional training requirements for all individuals that work with classified information include: annual refresher training, annual training for original classification authorities, and biennial training for all derivative classifiers.

Guidance on this page that pertain to the public do not have the force and effect of law and are not meant to bind the public, except as authorized by law or regulation or as incorporated into a contract. Accordingly, with regard to the public, these guidance documents only provide clarity regarding existing requirements under the law or agency policies. Guidance documents on this page that pertain to Federal agencies are binding on agency actions as authorized under applicable statute, executive order, regulation, or similar authority

Initial Training

All cleared agency personnel shall receive initial training on:

  • Basic security policies - E.O. 13526, Sec. 4.1 / 32 CFR 2001.71(b)
  • Principles - E.O. 13526, Sec. 1.7
  • Practices
  • Criminal, civil, and administrative penalties - E.O. 13526, Sec. 5.5 

Refresher Training

All employees who create, process, or handle classified information shall receive annual refresher training on:

  • Reinforcement of policies, principles, and procedures covered in initial and specialized training
  • Identification and handling of other agency-originated information and foreign government information
  • The threat and techniques employed by foreign intelligence activities attempting to obtain classified information
  • Penalties for engaging in espionage activities
  • Issues or concerns identified during agency self-inspections 

Original Classification Authorities

OCAs shall be provided detailed annual training on proper classification and declassification, with an emphasis on the avoidance of over-classification.  At a minimum, the training shall cover:

  • Classification standards  (E.O. 13526, Sec. 1.1 / 32 CFR 2001.10)
  • Classification levels  (E.O. 13526, Sec. 1.2 )
  • Classification Authority  (E.O. 13526, Sec. 1.3)
  • Classification Categories  (E.O. 13526, Sec. 1.4)
  • Duration of Classification  (E.O. 13526, Sec. 1.5 / 32 CFR 2001.12)
  • Identification and Markings  (E.O. 13526, Sec. 1.6 / 32 CFR 2001 Subpart C)
  • Classification prohibitions and limitations  (E.O. 13526, Sec. 1.7)
  • Sanctions  (E.O. 13526, Sec. 5.5)
  • Classification challenges  (E.O. 13526, Sec. 1.8 / 32 CFR 2001.14)
  • Security classification guides  (E.O. 13526, Sec. 2.2 / 32 CFR 2001.15)
  • Information sharing

Derivative Classifiers

Persons who apply derivative classification markings shall receive biennial training on the proper application of the derivative classification principles of the Order, with an emphasis on the avoidance of over-classification.  At a minimum, the training shall cover:

  • Principles of derivative classification (E.O. 13526, Sec. 2.1)
  • Classification levels  (E.O. 13526, Sec. 1.2)
  • Duration of classification  (E.O. 13526, Sec. 1.5 / 32 CFR 2001.12)
  • Identification and markings  (E.O. 13526, Sec. 1.6 / 32 CFR 2001 Subpart C)
  • Classification prohibitions and limitations  (E.O. 13526, Sec. 1.7)
  • Sanctions  (E.O. 13526, Sec. 5.5)
  • Classification challenges  (E.O. 13526, Sec. 1.8 / 32 CFR 2001.14)
  • Security classification guides  (E.O. 13526, Sec. 2.2 / 32 CFR 2001.15)
  • Information sharing

 

 

 

 

Top