From NARA’s Information Security Oversight Office (ISOO):
Today, the Information Security Oversight Office (ISOO) released online its Report to the President for Fiscal Year (FY) 2015.
This annual report covers government agencies’ security classification activities, shares cost estimates for these activities, and provides an update on the Controlled Unclassified Information (CUI) program. This annual report was mandated by Executive Order 13526, Classified National Security Information.
FY 2015 report declassification highlights include:
- A 14 percent increase in original classification activity, for a 2015 total of 53,425 decisions.
- A 32 percent decrease in derivative classification action, down to 52,778,354 decisions.
Under automatic, systematic, and discretionary declassification review, agencies reviewed 87,192,858 pages and declassified 36,779,589 pages of historically valuable records. This was a 35 percent increase in the number of pages reviewed and 32 percent increase in the number of pages declassified.
Agencies reviewed 391,103 pages under mandatory declassification review and declassified 240,717 pages in their entirety, declassified 109,349 pages in part, and retained classification of 41,037 pages in their entirety.
- ISOO continues to monitor agencies’ self-assessments of their classified information programs. While many agency reports show improvement, others are lacking. ISOO will continue to help agencies with these assessments to ensure compliance.
Controlled Unclassified Information program:
- ISOO continued to advance its policy development strategy, as its submitted proposed Federal CUI rule (the future 32 Code of Federal Regulations part 2002) underwent extensive agency and, after its publication in the Federal Register, public comment.
- ISOO continued its CUI Program appraisal process to assist executive branch agencies in preparing for implementation by providing agency planners with a baseline.
- ISOO also coordinated a timeline for phased implementation of the CUI Program for the executive branch, which will be provided to agencies at the time of the regulation’s issuance.
- The National Industrial Security Program Policy Advisory Committee (NISPPAC) developed procedures for implementing an insider threat program, and continued to advance the government-industry partnership.
- ISOO contributed significant support to the administration’s cyber security information sharing initiatives, guiding NISP partner agencies through the creation of novel risk management processes made effective as part of E. O. 13691 “Promoting Private Sector Cyber Security Information Sharing.”
- The NISPPAC also focused on the challenges concerning the personnel security clearance vetting process and the methodology for authorizing information systems to process, store and transmit classified information.