national security, and confers on the Administrator of NASA, or such responsible officers or employees as the Administrator may designate, the authority for original classification of official information or material which requires protection in the interest of national security. It also provides for: (1) Basic classification, downgrading and declassification guidelines; (2) The issuance of directives prescribing the procedures to be followed in safeguarding classified information or material; (3) A monitoring system to ensure the effectiveness of the Order; (4) Appropriate administrative sanctions against officers and employees of the United States Government who are found to be in violation of the Order or implementing directive; and (5) Classification prohibitions as discussed in § 1203.410. (c) Executive Order 12065 requires the timely identification and protection of that NASA information the disclosure of which would be contrary to the best interest of national security. Accordingly, the determination in each case must be based on a judgment as to whether disclosure of information could reasonably be expected to result in identifiable damage to the national security. [44 FR 34914, June 18, 1979; 44 FR 45610, Aug. 3, 1979] § 1203.201 Information security objectives. The objectives of the NASA Information Security Program are to: (a) Ensure that information is classified only when a sound basis exists for such classification and only for such period as is necessary. (b) Prevent both the unwarranted classification and the overclassification of NASA information. (c) Ensure the greatest practicable uniformity within NASA in the classification of information. (d) Ensure effective coordination and reasonable uniformity with other Government departments and agencies, particularly in areas where there is an interchange of information, techniques or hardware. (e) Provide a timely and effective means for downgrading or declassifying information when the circum stances necessitating the original classification change or no longer exist. § 1203.202 Responsibilities. (a) The Chairperson, NASA Information Security Program Committee (Subpart I of this part), is responsible for: (1) Directing the NASA Information Security Program in accordance with NASA policies and objectives and applicable laws and regulations. (2) Ensuring effective compliance with and implementation of Executive Order 12065 and the Information Security Oversight Office Directive No. 1 relating to security classification matters. (3) Reviewing, in consultation with the NASA Information Security Program Committee, questions, suggestions, appeals and compliance concerning the NASA Information Security Program and making determinations concerning them. (4) Coordinating NASA security classification matters with NASA installations, the Department of Defense, the Department of Energy and other Government agencies. (5) Issuing Security Classification Guides for NASA programs and projects. (6) Developing, maintaining and recommending to the Administrator guidelines for the systematic review covering 20-year old classified information under NASA's jurisdiction. (7) Reviewing and coordinating with appropriate offices all appeals of denials of requests for records under sections 552 and 552a of Title 5, United States Code (Freedom of Information and Privacy Acts) when the denials are based on the records continued classification. (8) Recommending to the Administrator appropriate administrative action to correct abuse or violations of any provision of the NASA Information Security Program, including notifications by warning letter, formal reprimand and to the extent permitted by law, suspension without pay and removal. (b) All NASA employees are responsible for bringing to the attention of the Chairperson of the NASA Infor mation Security Program Committee any information security problems in need of resolution, any areas of interest wherein information security guidance is lacking, and any other matters likely to impede achievement of the objectives prescribed herein. (c) Each NASA official to whom the authority for original classification is delegated shall be accountable for the propriety of each classification (see Subpart H) and is responsible for: (1) Ensuring that classification determinations are consistent with the policy and objectives prescribed above, and other applicable guidelines. (2) Bringing to the attention of the Chairperson, NASA Information Security Program Committee, for resolution, any disagreement with classification determinations made by other NASA officials. (3) Ensuring that information and material which no longer requires its present level of protection is promptly downgraded or declassified in accordance with applicable guidelines. (d) Other Officials-in-Charge of Headquarters Offices are responsible for: (1) Ensuring that classified information or material prepared within their respective offices is appropriately marked. (2) Ensuring that material proposed for public release is reviewed to eliminate classified information. (e) Directors of Field Installations are responsible for: (1) Developing proposed Security Classification Guides. (2) Ensuring that classified information or material prepared in their respective installations is appropriately marked. (3) Ensuring that material proposed for public release is reviewed to eliminate classified information. (4) Designating Security Classification Officers at their respective installations, to whom responsibilities listed in paragraphs (e) (1), (2), and (3) of this section may be reassigned. (f) The NASA Security Classification Manager, NASA Security Office, NASA Headquarters, who serves as a member of the NASA Information Security Program Committee, is responsible for the NASA-wide coordina tion of security classification matters and for the development of proposed Security Classification Guides for Headquarters. (g) The Chief, NASA Security Office, is responsible for: (1) Conducting an active oversight program to ensure effective implementation of the Order. (2) Establishing procedures for the safeguarding of classified information or material (e.g., accountability, control, access, storage, transmission, marking, etc.) and for ensuring that such procedures are systematically reviewed and those which are duplicative or unnecessary are eliminated. (3) Appointing the Headquarters Security Classification Officer. [44 FR 34914, June 18, 1979, as amended at 45 FR 3888, Jan. 21, 1980] § 1203.203 Degree of protection. (a) General. Upon determination that information or material must be classified, the degree of protection (security classification) commensurate with the sensitivity of the information must be determined. The lowest category of classification necessary to provide the appropriate degree of protection should be assigned. If the classifier has a reasonable doubt as to which security classification category is appropriate, or whether the material should be classified at all, the least restrictive designation should be used, or the information should not be classified. (b) Authorized categories of classification. The three categories of classification, as authorized and defined in Executive Order 12065 are set out below. No other restrictive markings are authorized to be placed on NASA classified documents or materials except as expressely provided by statute or by NASA Directives. (1) Top Secret. Top Secret is the designation applied to information or material the unathorized disclosure of which could reasonably be expected to cause exceptionally grave damage to the national security. Examples of exceptionally grave damage include armed hostilities against the United States or its allies; disruption of foreign relations vitally affecting the na tional security; the compromise of vital national defense plans or complex cryptologic and communications intelligence systems; the revelation of sensitive intelligence operations; and the disclosure of scientific or technological developments vital to national security. (2) Secret. Secret is the designation applied to information or material the unathorized disclosure of which could reasonably be expected to cause serious damage to the national security. Examples of serious damage include disruption of foreign relations significantly affecting the national security; significant impairment of a program or policy directly related to the national security; revelation of significant military plans or intelligence operations; and compromise of significant scientific or technological develpments relating to national security. (3) Confidential. Confidential is the designation applied to that information or material the unauthorized disclosure of which could reasonably be expected to cause identifiable damage to the national security. al significant factor is added in the process of compilation. For example: (a) The way unclassified information is compiled may be classified; (b) The fact that the information is complete for its intended purpose may be classified; or (c) The fact the compilation represents an official evaluation may be classified. In these cases, the compilations would be classified. § 1203.303 Dissemination considerations. The degree of intended dissemination, use of the information and whether the end purpose to be served renders effective security control impractical are considerations during the classification process. These factors do not necessarily preclude classification, but must be considered in order not to impose security controls which are impractical to enforce. § 1203.304 Internal effect. The effect of security protection on program progess and cost and on other functional activities of NASA should be considered. Impeditive effects and added costs inherent in a security classification must be assessed in light of the detrimental effects on the national security interests which would result from failure to classify. § 1203.305 Restricted data. Restricted Data or Formerly Restricted Data is so classified when originated, as required by the Atomic Energy Act of 1954, as amended. Specific guidance for the classification of Restricted Data is provided in "Classification Guides" published by the Department of Energy. Subpart D-Guides for Original Classification § 1203.400 Specific classifying guidance. Technological and operational information and material, and in some exceptional cases scientific information, falling within any one or more of the following categories must be classified if its unauthorized disclosure could reasonably be expected to cause identifiable damage to the national security. In cases where it is believed that a contrary course of action would better serve the national interests, the matter should be referred to the Chairperson, NASA Information Security Program Committee, for a determination. It is not intended that this list be exclusive; original classifiers are responsible for initially classifying any other type of information which, in their judgment, requires protection within the intent of Executive Order 12065: (a) Information which provides the United States, in comparison with other nations, with a significant scientific, engineering, technical, operational, intelligence, strategic, tactical or economic advantage related to national security. (b) Information which if disclosed would significantly diminish the technological lead of the United States in any military system, subsystem or component thereof, resulting in identifiable damage to such a system, subsystem or component thereof. (c) Scientific or technological information in an area where an advanced military application that would in itself be classified is foreseen during exploratory development. (d) Information which, if known, would: (1) Provide a foreign nation with an insight into the defense application or the war or defense plans or posture of the United States; (2) Allow a foreign nation to develop, improve or refine a similar item of defense application; (3) Provide a foreign nation with a base upon which to develop effective countermeasures; (4) Weaken or nullify the effectiveness of a defense or military plan, operation, project, weapon system or activity which is vital to the national security. (e) Information or material which is important to the national security of the United States in relation to other nations when there is sound reason to believe that those nations are unaware that the United States has or is capable of obtaining the information or material; i.e., through intelligence activities, sources, or methods. (f) Information which if disclosed could be exploited in a manner preju dicial to the national security posture of the United States by discrediting its technological power, capability or intentions. (g) Information which reveals an unusually significant scientific or technological "breakthrough" which there is sound reason to believe is not known to or within the state-of-the-art capability of other nations. If the "breakthrough" supplies the United States with an important advantage of a technological nature, classification also would be appropriate if the potential application of the information, although not specifically visualized, would afford the United States a significant national security advantage in terms of technological lead time or an economic advantage relating to national security. (h) Information of such nature that an unfriendly government in possession of it would be expected to use it for purposes prejudicial to U.S. national security and which, if classified, could not be obtained by an unfriendly power without a considerable expenditure of resources. (i) Information which if disclosed to a foreign government would enhance its military research and development programs to the detriment of U.S. counterpart or competitive programs. (j) Operational information pertaining to the command and control of space vehicles, the possession of which would facilitate malicious interference with U.S. space mission, that might result in identifiable damage to the national security. (k) Information which if disclosed could jeopardize the foreign relations or activities of the United States; for example, the premature or unauthorized release of information relating to the subject matter of international negotiations, foreign government information or information regarding the placement or withdrawal of NASA tracking stations on foreign territory. (1) United States Government programs for safeguarding nuclear materials or facilities. (m) Other categories of information which are related to national security and which require protection against unauthorized disclosure as may be determined by the Administrator. The Chairperson, NASA Information Security Program Committee, will promptly inform the Director, Information Security Oversight Office, General Services Administration (GSA) of such determinations. of § 1203.401 Effect of open publication. Public disclosure, regardless source or form, of information currently classified or being considered for classification does not preclude initial or continued classification. However, such disclosure requires an immediate reevaluation to determine whether the information has been compromised to the extent that downgrading or declassification is indicated. Similar consideration must be given to related items of information in all programs, projects, or items incorporating or pertaining to the compromised items of information. In these cases, if a release were made or authorized by an official Government source, classification of clearly identified items may no longer be warranted. Questions as to the propriety of continued classification should be referred to the Chairperson, NASA Information Security Program Committee. § 1203.402 Classifying material other than documentation. Items of equipment or other physical objects may be classified only where classified information may be derived by visual observation of internal or external appearance, structure, operation, test, application or use. The overall classification assigned to equipment or objects shall be at least as high as the highest classification of any of the items of information which may be revealed by the equipment or objects, but may be higher if the classifying authority determines that the sum of classified or unclassified information warrants such higher classification. In every instance where classification of an item of equipment or object is determined to be warranted, such determination must be based on a finding that there is at least one aspect of the item or object which requires protection. If mere knowledge of the existence of the equipment or object would compromise or nullify the reason or justification for its clas sification, the fact of its existence should be classified. § 1203.403 State-of-the-art and intelligence. A logical approach to classification requires consideration of the extent to which the same or similar information available from intelligence sources is known or is available to others. It is also important to consider whether it is known publicly, either domestically or internationally, that the United States has the information or even is interested in the subject matter. The known state-of-the-art in other nations is an additional substantive factor requiring consideration. § 1203.404 Handling of unprocessed data. It is the usual practice to withhold the release of raw scientific data received from spacecraft until it can be calibrated, correlated and properly interpreted by the experimenter under the monitorship of the cognizant NASA office. During this process, the data are withheld through administrative measures, and it is not necessary to resort to security classification to prevent premature release. However, if at any time during the processing of raw data it becomes apparent that the results require protection under the criteria set forth in this Subpart D, it is the responsibility of the cognizant NASA office to obtain the appropriate security classification. § 1203.405 Proprietary information. Proprietary information made available to NASA is subject to examination for classification purposes under the criteria set forth in this Subpart D. Where the information is in the form of a proposal and accepted by NASA for support, it should be categorized in accordance with the criteria of § 1203.400. If NASA does not support the proposal but believes that security classification would be appropriate under the criteria of § 1203.400 if it were under Government jurisdiction, the contractor should be advised of the reasons why safeguarding would be appropriate, unless security considerations preclude release of the explanation to the contractor. NASA should |