A security clearance demonstrates that the government has determined that you are trustworthy. As such, you may perform on classified contracts depending on your security clearance level and need to know. To better understand how to protect classified information, it may help to understand how and why security classification is assigned. The following provides answers to popular questions:

Why is Certain Information Classified?

The US Government relies on a system of security classification to ensure users protect sensitive information at the right level.

In the National Industrial Security Program, classified information is marked CONFIDENTIAL, SECRET and TOP SECRET. TOP SECRET has more restrictions than SECRET and SECRET has more than CONFIDENTIAL. For example, disclosure of CONFIDENTIAL information could reasonably be expected to cause damage; SECRET could reasonably be expected to cause serious damage; and TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security.

Who Assigns the Classification Levels?

Executive order 12958, as amended provides instruction for appointment of trained government Original Classification Authorities (OCA). The OCAs evaluate programs and associated information, equipment, services, etc. to determine whether or not they are classified and if so, what level.

Can Anything Be Classified For Any Reason?

There are restrictions in determining classification levels. Contrary to popular spy novels and movies, a classification cannot be assigned to hide legal violations, inefficiencies or mistakes. Nor can the OCAs assign a classification just to prevent embarrassment, prevent or restrict competition or delay the release of information that hasn’t previously required such a level of protection.

How Does the OCA Decide what is Classified?

The OCA uses a six step process to determine whether or not information is classified:

  1. Determine if the information is official government information-The US Government must own, have an interest or control the information.
  2. Determine if the information is eligible to be classified-OCAs base this on guidance provided in EO 12958, As Amended describing the four specific criteria.
  3. Determine if there is potential for damage to national security if unauthorized release occurs-If potential damage to national security cannot be determined, it shouldn’t be classified. If potential damage does exist, the OCA should describe the damage.
  4. Determine Classification Level-The OCA assigns the classification level as CONFIDENTIAL, SECRET or TOP SECRET and describes the level of damage to national security.
  5. Make a Decision About the Duration-Once the OCA assigns a classification level they should assign a limit, duration or time period of the classification. This ensures that information is only classified as necessary and for only as long as needed.
  6. Communicate the decision-The OCA notifies the users of the classification levels and duration through the Security Classification Guide. Also, classified items are marked conspicuously with the classification level.


An awarded security clearance and access to classified information are granted after a properly executed investigation and determination process. Similarly, the classified information you protect also goes through a determination process. Understanding the how and why of classification determination can help you better protect it.


Jeffrey W. Bennett, ISP has a combined 25 years experience in the National Industrial Security Program. He is a former Army officer who has served in military intelligence, logistics and speaks three languages. He has an MBA from Columbia College and a Masters Degree in Acquisitions and Procurement Management from Webster University. He is the author of many security books including DoD Security Clearance and Contracts Guidebook-What Cleared Contractors Need to Know About Their Need to Know and The Insider’s Guide to Security Clearances. Visit his website @ www.redbikepublishing.com for more information.

Related News

Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP is a podcaster, consultant and author of NISPOM, security, and risk management topics. Jeff's first book was a study guide for security certification. Soon after, Jeff began writing other security books and courses, and started his company Red Bike Publishing, LLC. You can find his books, ITAR, NISPOM, PodCast and more @ www.redbikepublishing.com.