Information is a valuable resource. Protecting its confidentiality and integrity is critical to business operations, helping to promote an open and transparent democratic government, and strengthening national security. Show “Official information” refers to all information created, sent and received by the Australian government, and all official information requires an appropriate degree of protection against information compromise. “Information compromise” includes information loss, misuse, interference, unauthorised access, unauthorised modification or unauthorised disclosure. On its website, the Australian Government Attorney-General’s Department details how government entities classify their information and guard against information compromise. The person responsible for generating or preparing information on behalf of an entity (or for actioning information produced outside the Australian government) assesses whether the information is sensitive or needs to be security classified. The entity that prepared the information and made the initial assessment is the originating entity, referred to as the originator. Only the originator can change the sensitivity or security classification applied to its information. Key assessment criteriaThe originator assesses the sensitivity or security classification of information by considering the potential impacts to national interest, organisations or individuals that could arise from compromise of the information’s confidentiality. The more valuable, important or sensitive the official information, the greater the level of business impact that would result from its compromise. The Business Impact Levels tool provides examples of potential damage from compromise of information’s confidentiality. The tool assists in the consistent classification of information and the assessment of impacts on government business. The potential damage from compromise of information’s confidentiality determines the classification of that information. Classified information typesThe Australian government uses three security classifications based on the likely damage to the national interest, organisations or individuals resulting from compromise of the information’s confidentiality.
Where information compromise would have some limited damage but does not warrant a security classification, that information is considered OFFICIAL: Sensitive. Other information from routine business operations and services is OFFICIAL, and information that does not form part of official duty is UNOFFICIAL. How is sensitive and security classified information handled?Key operational controls to protect sensitive and security classified information include:
Further detail about each of these controls is provided in the Attorney-General’s communication.
§ 105-62.101 Security classification categories. As set forth in Executive Order 12065, official information or material which requires protection against unauthorized disclosure in the interests of the national defense or foreign relations of the United States (hereinafter collectively termed “national security”) shall be classified in one of three categories: Namely, Top Secret, Secret, or Confidential, depending on its degree of significance to the national security. No other categories shall be used to identify official information or material as requiring protection in the interests of national security except as otherwise expressly provided by statute. The three classification categories are defined as follows: (a) Top Secret. Top Secret refers to that national security information which requires the highest degree of protection, and shall be applied only to such information as the unauthorized disclosure of which could reasonably be expected to cause exceptionally grave damage to the national security. Examples of exceptionally grave damage include armed hostilities against the United States or its allies, disruption of foreign relations vitally affecting the national security, intelligence sources and methods, and the compromise of vital national defense plans or complex cryptologic and communications systems. This classification shall be used with the utmost restraint. (b) Secret. Secret refers to that national security information or material which requires a substantial degree of protection, and shall be applied only to such information as the unauthorized disclosure of which could reasonably be expected to cause serious damage to the national security. Examples of serious damage include disruption of foreign relations significantly affecting the national security, significant impairment of a program or policy directly related to the national security, and revelation of significant military plans or intelligence operations. This classification shall be used sparingly. (c) Confidential. Confidential refers to other national security information which requires protection, and shall be applied only to such information as the unauthorized disclosure of which could reasonably be expected to cause identifiable damage to the national security. Page 2
§ 105-62.102 Authority to originally classify. (a) Top secret, secret, and confidential. The authority to originally classify information as Top Secret, Secret, or Confidential may be exercised only by the Administrator and is delegable only to the Director, Information Security Oversight Office. (b) Limitations on delegation of classification authority. Delegations of original classification authority are limited to the minimum number absolutely required for efficient administration. Delegated original classification authority may not be redelegated. [47 FR 5416, Feb. 5, 1982]
The following state regulations pages link to this page.
|