Agencies Pursue Standardized Policy for “Sensitive” Info

06.12.06 | 2 min read | Text by Steven Aftergood

An interagency report on proposals to streamline controls on so-called “sensitive but unclassified” (SBU) information is due to be presented to the White House this month.

Efforts to promote information sharing among government agencies and others involved in homeland security have been stymied by the growing use of over sixty different types of access controls on unclassified information, such as For Official Use Only, Law Enforcement Sensitive, Limited Official Use, and many more. Such controls are often poorly defined and mutually incompatible.

Last December 16, the White House initiated an ongoing review that began with preparation of an inventory of all of the various SBU access controls used in the federal government, which was completed in March. The next step was to formulate recommendations for standardizing SBU policies related to terrorism, homeland security and law enforcement, which are now due.

See Guideline 3, “Standardize Procedures for Sensitive But Unclassified Information,” in the December 16 White House memo.

As of last week, a report to the President on those recommendations was awaiting the signatures of the Attorney General and the Secretary of Homeland Security.

The pending report sets forth principles upon which SBU policy should be based, but stops short of the crucial task of defining exactly how those principles ought to be implemented, government officials said.

One of those principles is that each type of control on unclassified information should have a uniform, public and government-wide definition so that it is employed the same way by all agencies. That is not the case today.

The proposed principles include provisions for oversight of how SBU controls are used, officials told Secrecy News.

They also include a proposed moratorium on the creation of new SBU categories.

The new report to the President has not been released. But a 2005 report prepared for the Department of Homeland Security provides one detailed perspective on the complexity of the information sharing problem and some options for addressing it.

See “Information Sharing and Collaboration Business Plan,” Institute for Defense Analyses, June 2005 (205 pages, 1.5 MB PDF).