Security Classification Policy and Procedure: E.O. 12958, as Amended
Security Classification Policy and Procedure:
E.O. 12958, as Amended
Harold C. Relyea
Specialist in American National Government
Government and Finance Division
After two years of preparation, E.O. 12958, prescribing security classification
policy and procedure, was signed by President William Clinton in mid-April 1995. The
order was prompted by changing security conditions in the aftermath of the end of the
cold war and a desire for more economical and effective management of classified
information. The directive was modified in late March 2003 by E.O. 13292, issued by
President George W. Bush. Largely prescribed in a series of successive presidential
executive orders issued over the past 50 years, security classification policy and
procedure provide the rationale and arrangements for designating information officially
secret for reasons of national security, and for its declassification as well.
Although formal armed forces information security orders had been in existence
since 1869, security classification arrangements assumed a presidential character in 1940.
The reasons for this late development are not entirely clear, but it probably was prompted
by desires to clarify the authority of civilian personnel in the national defense community
to create official secrets, to establish a broader basis for protecting military information
in view of growing global hostilities, and to better manage a discretionary power of
increasing importance to the entire executive branch.
Relying upon a 1938 statute concerning the security of armed forces installations and
equipment and “information relative thereto,”1 Franklin D. Roosevelt issued the first
presidential security classification directive, E.O. 8381, in March 1940. However, the
legislative history of the statute which the President relied upon to issue his order
provided no indication that Congress anticipated that such a security classification
arrangement would be created.
1 52 Stat. 3.
Other executive orders followed. E.O. 10104, adding a fourth level of classified
information, aligned U.S. information security categories with those of our allies in 1950.
A 1951 directive, E.O. 10290, completely overhauled the security classification program.
Information was now classified in the interest of “national security” and classification
authority was extended to non-military agencies which presumably had a role in “national
Criticism of the 1951 order prompted President Dwight D. Eisenhower to issue a
replacement, E.O. 10501, in November 1953. This directive and later amendments to it,
as well as E.O. 11652 of March 8, 1972, and E.O. 12065 of June 28, 1978, successively
narrowed the bases and limited discretion for assigning official secrecy to agency records.
Shortly after President Ronald Reagan issued E.O. 12356 on April 2, 1982, it came
under criticism for reversing the limiting trend set by classification orders of the previous
30 years by expanding the categories of classifiable information, mandating that
information falling within these categories be classified, making reclassification authority
available, admonishing classifiers to err on the side of classification, and eliminating
automatic declassification arrangements.
With the democratization of many eastern European countries, the demise of the
Soviet Union, and the end of the cold war, President Clinton, shortly after his
inauguration, initiated a sweeping review of cold war rules on security classification in
general and of E.O. 12356 in particular with a view to reform.2
Many began to suspect that the security classification program could be improved
when the Department of Defense Security Review Commission, chaired by retired
General Richard G. Stilwell, declared in 1985 that there were “no verifiable figures as to
the amount of classified material produced in DoD and in defense industry each year.”
Nonetheless, it was concluded that “too much information appears to be classified and
much at higher levels than is warranted.”3
The cost of the security classification program became clearer when the General
Accounting Office reported in October 1993 that it was “able to identify governmentwide
costs directly applicable to national security information totaling over $350 million for
1992.” After breaking this figure down — it included only $6 million for declassification
work — the report added that “the U.S. government also spends additional billions of
dollars annually to safeguard information, personnel, and property.”4
Established in April 1993, the President’s security classification task force
transmitted its initial draft order to the White House seven months later. Circulated
among the departments and agencies for comment, the proposal encountered strong
2 Tim Weiner, “President Moves to Release Classified U.S. Documents,” New York Times, May
3 U. S. Department of Defense, Department of Defense Security Review Commission, Keeping
The Nation’s Secrets (Washington: GPO, 1985), pp. 48-49.
4 U. S. General Accounting Office, Classified Information: Costs of Protection Are Integrated
With Other Security Costs, GAO Report GAO/NSIAD-94-55 (Washington: October 1993), p. 1.
opposition from officials within the intelligence and defense communities.5 More
revision of the draft directive followed.
As delay in issuing the new order continued, some in Congress considered legislating
a statutory basis for classifying information in the spring of 1994.6 In the fall, the
President issued an order declassifying selected retired records at the National Archives.7
After months of unresolved conflict over designating an oversight and policy direction
agency, a compromise version of the order was given presidential approval in April 1995.
The Clinton order, as initially issued, authorizes the classification of information for
reasons of “national security,” which “means the national defense or foreign relations of
the United States.”8 Regarding the threshold consideration as to whether a classification
action should occur, the order states: “If there is significant doubt about the need to
classify information, it shall not be classified.” No explanation of the term “significant”
is provided. Nonetheless, the policy of E.O. 12356, directing classifiers to err on the side
of classification in questionable cases, is reversed.
E.O. 12958 retains three classification levels, identified by the traditional Top Secret,
Secret, and Confidential markings. Again reversing E.O. 12356 policy, the Clinton order
states: “If there is significant doubt about the appropriate level of classification, it shall
be classified at the lower level.” In this regard, E.O. 12356 had called for classification
at the higher level.
The classification categories specified in E.O. 12958 — identifying inclusively the
information subjects that may be considered for classification — are the same as those of
E.O. 12356, with one exception. In E.O. 12356, explicit provision was made for the
President to create additional classification categories. No such allowance is stated in
E.O. 12958, but additional categories could be appended by a subsequent order amending
Prescribing Declassification. Unlike E.O. 12356, the Clinton order limits the
duration of classification. When information is originally classified, an attempt is to be
made “to establish a specific date or event for declassification.” Alternatively, if a short-
term time or event for declassification cannot be determined, the new order sets a 10-year
terminus. However, allowance is made for extending the duration of classification
5 See David C. Morrison, “For Whose Eyes Only?,” National Journal, vol. 26, February 26, 1994,
pp. 472-476; Tim Weiner, “U.S. Plans Overhaul on Secrecy, Seeking to Open Millions of Files,”
New York Times, March 18, 1994, pp. A1, B6; R. Jeffrey Smith, “CIA, Others Opposing White
House Move to Bare Decades-Old Secrets,” Washington Post, March 30, 1994, p. A14.
6 See U. S. Congress, House Permanent Select Committee on Intelligence, A Statutory Basis for
Classifying Information, hearing, 103rd Cong., 2nd sess., March 16, 1994 (Washington: GPO,
7 See E.O. 12937 of November 10, 1994, in Federal Register, vol. 59, November 15, 1994, pp.
8 See Federal Register, vol. 60, April 20, 1995, pp. 19825-19843.
beyond the 10-year limit in selected cases and in accordance with prescribed procedures
and conditions. In brief, the intent appears to be that only a small quantity of the most
highly sensitive information would be maintained under security classification for periods
longer than 10 years.
Other arrangements are specified for the automatic declassification of historic
government records — those that are more than 25 years old and have been determined
by the Archivist of the United States to have permanent historical value. E.O. 12958
mandates the beginning of governmentwide declassification of historic records five years
hence, shortly after the turn of the century. Allowance is made for continuing the
classification of these materials in selected cases and in accordance with prescribed
procedures and conditions. Once again, the intent appears to be that only a small quantity
of the most highly sensitive historic records would be maintained under security
classification. The Archivist, according to the Clinton order, “shall establish a
Governmentwide database of information that has been declassified.”
Furthermore, E.O. 12958 continues the mandatory declassification review
requirement of E.O. 12356. This provision authorizes a person to request that almost any
classified record be reviewed with a view to being declassified and publicly disclosed.
Similarly, if an agency record requested pursuant to the Freedom of Information Act is
found to be security classified, mandatory declassification review also occurs.
Controversial Areas. A few provisions of E.O. 12958 may be considered
controversial. The Clinton order states that information “may not be reclassified after it
has been declassified and released to the public under proper authority.” The reference
to “proper authority” means that the information has not been disclosed through a leak.
However, some question remains as to how “public” the proper disclosure must be to
preclude retrieval and reclassification when some higher authority, having second
thoughts, wants to stop disclosure.
Similarly, the Clinton order states: “Compilations of items of information which are
individually unclassified may be classified if the compiled information reveals an
additional association or relationship that (1) meets the standards for classification under
this order; and (2) is not otherwise revealed in the individual items of information.” At
issue here is the so-called “mosaic theory” that individual items of unclassified
information, in aggregation, result in classifiable information. At dispute is the question
of perception: government officials classify aggregated unclassified information items
because they fear that harm to the national security could result if the aggregation were
E.O. 12958 continues to allow agency officials to “refuse to confirm or deny the
existence or nonexistence of requested information whenever the fact of its existence or
nonexistence is itself classified under this order.”
Classification Challenges. Among the new features of E.O. 12958 is the
authorization of classification challenges. “Authorized holders of information who, in
good faith, believe that its classification status is improper,” says the order, “are
encouraged and expected to challenge the classification status of the information in
accordance with agency procedures.” The willingness of federal employees to engage in
this mild form of “whistleblowing,” and resulting retribution, has not been a matter of
A Balancing Test. Another innovation, first introduced by E.O. 12065, President
Jimmy Carter’s security classification directive, but eliminated in E.O. 12356, is the so-
called balancing test. According to E.O. 12958, where “the need to protect ... information
may be outweighed by the public interest in disclosure of the information, and in these
cases the information should be declassified,” the question “shall be referred to the agency
head or the senior agency official” responsible for classification matters for resolution.
Because there was insufficient opportunity for the balancing test of E.O. 12065 to be
implemented, the effect of the provision could not be assessed. E.O. 12958 provides an
opportunity to conduct such an analysis sometime in the future.
Program Direction. E.O. 12958 originally vested responsibility for implementing
and supervising the security classification program in the director of the Office of
Management and Budget (OMB), assisted by the director of the Information Security
Oversight Office (ISOO).9 The Clinton order also indicates that the Security Policy
Board, a secretive body established in May 1994 by Presidential Decision Directive 29,
a classified instrument, “shall make a recommendation to the President ... with respect to
the issuance of a Presidential directive on safeguarding classified information.” This
subsequent directive, according to E.O. 12958, “shall pertain to the handling, storage,
distribution, transmittal and destruction of and accounting for classified information.”
New Organizations. Finally, E.O. 12958 creates two new entities. The first of
these, the Interagency Security Classification Appeals Panel (ISCAP), is composed of
senior level representatives of the Secretary of State, Secretary of Defense, Attorney
General, Director of Central Intelligence, Archivist of the United States, and Assistant to
the President for National Security Affairs. The President selects the panel’s chair from
among its members. The ISOO director serves as the ISCAP executive secretary and
provides support staff. The functions of the panel, as specified in the Clinton order, are
(1) to make final determinations on classification challenges appealed to it; (2) to approve,
deny, or amend exemptions from automatic declassification sought by agencies; (3) to
make final determinations on mandatory declassification review requests appealed to it;
and, generally, to advise and assist the President “in the discharge of his constitutional and
discretionary authority to protect the national security of the United States.”
The second body established by the Clinton executive order, the Information Security
Policy Advisory Council (ISPAC), is “composed of seven members appointed by the
President for staggered terms not to exceed four years, from among persons who have
demonstrated interest and expertise in an area related to the subject matters of [E.O.
12958] and are not otherwise employees of the Federal Government.” The functions of
the ISPAC, as specified in the order, are to “(1) advise the President, the Assistant to the
President for National Security Affairs, the Director of the Office of Management and
9 Conferees on the FY1995 Treasury, Postal Service, and Executive Office of the President
appropriation transferred ISOO from the General Services Administration to OMB (H.Rept. 103-
Postal Service, and Executive Office of the President appropriation transferred ISOO to the
National Archives and Records Administration (H.Rept. 104-291, pp. 41-42).
Budget, or such other executive branch officials as it deems appropriate, on policies
established under [E.O. 12958] or its implementing directives, including recommended
changes to those policies; (2) provide recommendations to agency heads for specific
subject areas for systematic declassification review; and (3) serve as a forum to discuss
policy issues in dispute.
E.O. 12958 became effective on October 15, 1995, 180 days from the date of its
issuance by the President.10 An amending directive, E.O. 13142 of November 19, 1999,
largely effected technical changes reflecting the transfer of ISOO to the National Archives
and the administrative direction of the Archivist.11
Further amendment of E.O. 12958 occurred in late March 2003 when President
George W. Bush issued E.O. 13292.12 The product of a review and reassessment initiated
in the summer of 2001, the directive, among other changes, eliminated the Clinton order’s
standard that information should not be classified if there is “significant doubt” about the
need to do so; treated information obtained in confidence from foreign governments as
classified; and authorized the Vice President, “in the performance of executive duties,”
to classify information originally. It also added “infrastructures” and “protection
services” to the categories of classifiable information; eased the reclassification of
declassified records; postponed the starting date for automatic declassification of
protected records 25 or more years old from April 17, 2003, to December 31, 2006;
eliminated the requirement that agencies prepare plans for declassifying records; and
permitted the Director of Central Intelligence to block declassification actions of the
ISCAP, unless overruled by the President. As of March 2008, there have been no further
changes to E.O. 12958.
10 The OMB implementing regulation appears in Federal Register, vol. 60, October 13, 1995, pp.
11 E.O. 13142 appears in Federal Register, vol. 64, November 23, 1999, pp. 66089-66090.
12 See Federal Register, vol. 68, March 28, 2003, pp. 15315-15334.