Security Classification Policy and Procedure:
E.O. 12958, as Amended

Kevin R. Kosar
Analyst in American National Government
June 4, 2009
Congressional Research Service
7-5700
www.crs.gov
97-771
CRS Report for Congress
P
repared for Members and Committees of Congress

Security Classification Policy and Procedure: E.O. 12958, as Amended

Summary
Largely prescribed in a series of successive presidential executive orders issued over the past 50
years, security classification policy and procedure provide the rationale and arrangements for
designating information officially secret for reasons of national security, and for its
declassification as well. President Franklin D. Roosevelt issued the first executive order (E.O.
8381) in 1940.
Current security classification policy may be found in Executive Order 12958, which was signed
by President William Clinton on April 17, 1995. It “prescribes a uniform system for classifying,
safeguarding, and declassifying national security information.” As issued, E.O. 12958 declared,
“If there is significant doubt about the need to classify information, it shall not be classified.”
Additionally, the order stated “If there is significant doubt about the appropriate level of
classification, it shall be classified at the lower level.”
President George W. Bush amended Executive Order 12958 via Executive Order 13292 on March
25, 2003. E.O. 13292 made many changes to E.O. 12958, and eliminated both of the
aforementioned “significant doubt” provisions.
On May 27, 2009, President Barack Obama ordered a review of E.O. 12958. The assistant to the
President for National Security Affairs (commonly known as the National Security Advisor) is
required to submit to the President “recommendations and proposed revisions” to E.O. 12958
within 90 days.
This report will be updated to reflect further presidential or congressional action.

Congressional Research Service

Security Classification Policy and Procedure: E.O. 12958, as Amended

Contents
Background ................................................................................................................................ 5
Clinton’s Executive Order 12958 As Issued................................................................................. 6
Prescribing Declassification .................................................................................................. 7
Controversial Areas............................................................................................................... 8
Classification Challenges ...................................................................................................... 8
A Balancing Test ................................................................................................................... 8
Program Direction................................................................................................................. 8
New Organizations................................................................................................................ 9
Bush’s Amendments to E.O. 12958 ........................................................................................... 10
Obama’s Review of E.O. 12958 ................................................................................................ 10

Contacts
Author Contact Information ...................................................................................................... 11
Acknowledgments .................................................................................................................... 12

Congressional Research Service

Security Classification Policy and Procedure: E.O. 12958, as Amended

Background
Although formal armed forces information security orders had been in existence since 1869,
security classification arrangements assumed a presidential character in 1940. The reasons for this
late development are not entirely clear, but it probably was prompted by desires to clarify the
authority of civilian personnel in the national defense community to create official secrets, to
establish a broader basis for protecting military information in view of growing global hostilities,
and to better manage a discretionary power of increasing importance to the entire executive
branch.
Relying upon a 1938 statute concerning the security of armed forces installations and equipment
and “information relative thereto,”1 Franklin D. Roosevelt issued the first presidential security
classification directive, E.O. 8381, in March 1940.2 However, the legislative history of the statute
which the President relied upon to issue his order provided no indication that Congress
anticipated that such a security classification arrangement would be created.
Other executive orders followed. E.O. 10104, adding a fourth level of classified information,
aligned U.S. information security categories with those of our allies in 1950.3 A 1951 directive,
E.O. 10290, completely overhauled the security classification program.4 Information was now
classified in the interest of “national security” and classification authority was extended to non-
military agencies which presumably had a role in “national security” policy.
Criticism of the 1951 order prompted President Dwight D. Eisenhower to issue a replacement,
E.O. 10501, in November 1953.5 This directive and later amendments to it, as well as E.O. 11652
of March 8, 1972, and E.O. 12065 of June 28, 1978, successively narrowed the bases and limited
discretion for assigning official secrecy to agency records.6
President Ronald W. Reagan issued E.O. 12356 on April 2, 1982.7 Quickly, it came under
criticism for reversing the limiting trend set by classification orders of the previous 30 years by
expanding the categories of classifiable information, mandating that information falling within
these categories be classified, making reclassification authority available, admonishing classifiers
to err on the side of classification, and eliminating automatic declassification arrangements.

1 52 Stat. 3.
2 President Franklin D. Roosevelt, “Defining Certain Vital Military and Naval Installations and Equipment,” 5 Federal
Register
1147, March 26, 1940.
3 President Harry S Truman, “Defining Certain Vital Military and Naval Installations and Equipment as Requiring
Protection Against the General Dissemination of Information Relative Thereto,” 15 Federal Register 597, February 3,
1950.
4 President Harry S Truman, “Prescribing Regulations Establishing Minimum Standards for the Classification,
Transmission, and Handling, by Department and Agencies of the Executive Branch, of Official Information Which
Requires Safeguarding in the Interest of the Security of the United States,” 16 Federal Register 9795, September 27,
1951.
5 President Dwight D. Eisenhower, “Safeguarding Official Information in the Interests of the Defense of the United
States,” 18 Federal Register 7049, November 10, 1953.
6 President Richard M. Nixon, “Classification and Declassification of National Security Information and Material,” 37
Federal Register 5209, March 10, 1972; and President James E. Carter, “National Security Information,” 43 Federal
Register
28249, July 3, 1978.
7 President Ronald W. Reagan, “National Security Information,” 14 Federal Register 14874, April 6, 1982.
Congressional Research Service
5

Security Classification Policy and Procedure: E.O. 12958, as Amended

With the democratization of many eastern European countries, the demise of the Soviet Union,
and the end of the cold war, President William J. Clinton, shortly after his inauguration, initiated a
sweeping review of cold war rules on security classification in general and of E.O. 12356 in
particular with a view to reform.8
Many began to suspect that the security classification program could be improved when the
Department of Defense Security Review Commission, chaired by retired General Richard G.
Stilwell, declared in 1985 that there were “no verifiable figures as to the amount of classified
material produced in DoD and in defense industry each year.” Nonetheless, it was concluded that
“too much information appears to be classified and much at higher levels than is warranted.”9
The cost of the security classification program became clearer when the General Accounting
Office (now Government Accountability Office) reported in October 1993 that it was “able to
identify government wide costs directly applicable to national security information totaling over
$350 million for 1992.” After breaking this figure down—it included only $6 million for
declassification work—the report added that “the U.S. government also spends additional billions
of dollars annually to safeguard information, personnel, and property.”10
Established in April 1993, the President’s security classification task force transmitted its initial
draft order to the White House seven months later. Circulated among the departments and
agencies for comment, the proposal encountered strong opposition from officials within the
intelligence and defense communities.11 More revision of the draft directive followed.
As delay in issuing the new order continued, some in Congress considered legislating a statutory
basis for classifying information in the spring of 1994.12 In the fall, the President issued E.O.
12937 declassifying selected retired records at the National Archives.13 After months of
unresolved conflict over designating an oversight and policy direction agency, a compromise
version of the order was given presidential approval in April 1995.
Clinton’s Executive Order 12958 As Issued
The Clinton order, as initially issued, authorizes the classification of information for reasons of
“national security,” which “means the national defense or foreign relations of the United

8 Tim Weiner, “President Moves to Release Classified U.S. Documents,” New York Times, May 5, 1993, p. A18.
9 U. S. Department of Defense, Department of Defense Security Review Commission, Keeping The Nation’s Secrets
(Washington: GPO, 1985), pp. 48-49.
10 U. S. General Accounting Office, Classified Information: Costs of Protection Are Integrated With Other Security
Costs
, GAO Report GAO/NSIAD-94-55 (Washington: October 1993), p. 1.
11 See David C. Morrison, “For Whose Eyes Only?,” National Journal, vol. 26, February 26, 1994, pp. 472-476; Tim
Weiner, “U.S. Plans Overhaul on Secrecy, Seeking to Open Millions of Files,” New York Times, March 18, 1994, pp.
A1, B6; and R. Jeffrey Smith, “CIA, Others Opposing White House Move to Bare Decades-Old Secrets,” Washington
Post
, March 30, 1994, p. A14.
12 See U. S. Congress, House Permanent Select Committee on Intelligence, A Statutory Basis for Classifying
Information
, hearing, 103rd Cong., 2nd sess., March 16, 1994 (Washington: GPO, 1995).
13 President William J. Clinton, “Declassification of Selected Records within the National Archives of the United
States,” 59 Federal Register 59097, November 15, 1994, at http://www.archives.gov/federal-register/executive-orders/
pdf/12937.pdf.
Congressional Research Service
6

Security Classification Policy and Procedure: E.O. 12958, as Amended

States.”14 Regarding the threshold consideration as to whether a classification action should
occur, the order states: “If there is significant doubt about the need to classify information, it shall
not be classified.” No explanation of the term “significant” is provided. Nonetheless, it reversed
the policy of E.O. 12356, which directed classifiers to err on the side of classification in
questionable cases.
E.O. 12958 retains three classification levels, identified by the traditional Top Secret, Secret, and
Confidential markings. Again reversing E.O. 12356 policy, the Clinton order states: “If there is
significant doubt about the appropriate level of classification, it shall be classified at the lower
level.” This too was a reversal of E.O. 12356, which required classification at the higher level.
The classification categories specified in E.O. 12958—identifying inclusively the information
subjects that may be considered for classification—are the same as those of E.O. 12356, with one
exception. E.O. 12356 explicitly provided for the President to create additional classification
categories. No such allowance is stated in E.O. 12958; any additional category had to be
appended by a subsequent executive order.
Prescribing Declassification
Unlike E.O. 12356, E.O. 12958 limits the duration of classification. When information is
originally classified, an attempt is to be made “to establish a specific date or event for
declassification.” Alternatively, if a short-term time or event for declassification cannot be
determined, the new order sets a 10-year terminus. However, allowance is made for extending the
duration of classification beyond the 10-year limit in selected cases and in accordance with
prescribed procedures and conditions. In brief, the intent appears to be that only a small quantity
of the most highly sensitive information would be maintained under security classification for
periods longer than 10 years.
Other arrangements are specified for the automatic declassification of historic government
records—those that are more than 25 years old and have been determined by the Archivist of the
United States to have permanent historical value. E.O. 12958 mandates the beginning of
government wide declassification of historic records five years hence, shortly after the turn of the
century. Allowance is made for continuing the classification of these materials in selected cases
and in accordance with prescribed procedures and conditions. Once again, the intent appears to be
that only a small quantity of the most highly sensitive historic records would be maintained under
security classification. The Archivist, according to the Clinton order, “shall establish a
Government wide database of information that has been declassified.”
Furthermore, E.O. 12958 continues the mandatory declassification review requirement of E.O.
12356. This provision authorizes a person to request that almost any classified record be reviewed
with a view to being declassified and publicly disclosed. Similarly, if an agency record requested
pursuant to the Freedom of Information Act is found to be security classified, mandatory
declassification review also occurs.

14 President William J. Clinton, “Executive Order 12958—Classified National Security Information,” 60 Federal
Register
19825, April 20, 1995, at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=1995_register&docid=
fr20ap95-135.pdf.
Congressional Research Service
7

Security Classification Policy and Procedure: E.O. 12958, as Amended

Controversial Areas
A few provisions of E.O. 12958 may be considered controversial. The Clinton order states that
information “may not be reclassified after it has been declassified and released to the public under
proper authority.” The reference to “proper authority” means that the information has not been
disclosed through a leak. However, some question remains as to how “public” the proper
disclosure must be to preclude retrieval and reclassification when some higher authority, having
second thoughts, wants to stop disclosure.
Similarly, the Clinton order states: “Compilations of items of information which are individually
unclassified may be classified if the compiled information reveals an additional association or
relationship that (1) meets the standards for classification under this order; and (2) is not
otherwise revealed in the individual items of information.” At issue here is the so-called “mosaic
theory” that individual items of unclassified information, in aggregation, result in classifiable
information. At dispute is the question of perception: government officials classify aggregated
unclassified information items because they fear that harm to the national security could result if
the aggregation were publicly disclosed.
E.O. 12958 continues to allow agency officials to “refuse to confirm or deny the existence or
nonexistence of requested information whenever the fact of its existence or nonexistence is itself
classified under this order.”
Classification Challenges
E.O. 12958 authorized classification challenges. “Authorized holders of information who, in good
faith, believe that its classification status is improper,” says the order, “are encouraged and
expected to challenge the classification status of the information in accordance with agency
procedures.”
A Balancing Test
Another innovation, first introduced by E.O. 12065, President Jimmy Carter’s security
classification directive, but eliminated in E.O. 12356, is the so-called balancing test. According to
E.O. 12958, where “the need to protect ... information may be outweighed by the public interest
in disclosure of the information, and in these cases the information should be declassified,” the
question “shall be referred to the agency head or the senior agency official” responsible for
classification matters for resolution. Because there was insufficient opportunity for the balancing
test of E.O. 12065 to be implemented, the effect of the provision could not be assessed. E.O.
12958 provides an opportunity to conduct such an analysis sometime in the future.
Program Direction
E.O. 12958 originally vested responsibility for implementing and supervising the security
classification program in the director of the Office of Management and Budget (OMB), assisted
by the director of the Information Security Oversight Office (ISOO).15 The Clinton order also

15 Conferees on the FY1995 Treasury, Postal Service, and Executive Office of the President appropriation transferred
(continued...)
Congressional Research Service
8

Security Classification Policy and Procedure: E.O. 12958, as Amended

indicates that the Security Policy Board, a secretive body established in May 1994 by Presidential
Decision Directive 29, a classified instrument, “shall make a recommendation to the President ...
with respect to the issuance of a Presidential directive on safeguarding classified information.”
This subsequent directive, according to E.O. 12958, “shall pertain to the handling, storage,
distribution, transmittal and destruction of and accounting for classified information.”
New Organizations
Finally, E.O. 12958 creates two new entities. The first of these, the Interagency Security
Classification Appeals Panel (ISCAP), is composed of senior level representatives of the
Secretary of State, Secretary of Defense, Attorney General, Director of Central Intelligence,
Archivist of the United States, and Assistant to the President for National Security Affairs. The
President selects the panel’s chair from among its members. The ISOO director serves as the
ISCAP executive secretary and provides support staff. The functions of the panel, as specified in
the Clinton order, are (1) to make final determinations on classification challenges appealed to it;
(2) to approve, deny, or amend exemptions from automatic declassification sought by agencies;
(3) to make final determinations on mandatory declassification review requests appealed to it;
and, (4) generally, to advise and assist the President “in the discharge of his constitutional and
discretionary authority to protect the national security of the United States.”
The second body established by the Clinton executive order, the Information Security Policy
Advisory Council (ISPAC), is “composed of seven members appointed by the President for
staggered terms not to exceed four years, from among persons who have demonstrated interest
and expertise in an area related to the subject matters of [E.O. 12958] and are not otherwise
employees of the Federal Government.” The functions of the ISPAC, as specified in the order, are
to “(1) advise the President, the Assistant to the President for National Security Affairs, the
Director of the Office of Management and Budget, or such other executive branch officials as it
deems appropriate, on policies established under [E.O. 12958] or its implementing directives,
including recommended changes to those policies; (2) provide recommendations to agency heads
for specific subject areas for systematic declassification review; and (3) serve as a forum to
discuss policy issues in dispute.
E.O. 12958 became effective on October 15, 1995, 180 days from the date of its issuance by the
President.16 An amending directive, E.O. 13142 of November 19, 1999, largely effected technical
changes reflecting the transfer of ISOO to the National Archives and the administrative direction
of the Archivist.17

(...continued)
ISOO from the General Services Administration to OMB (H.Rept. 103-741, p. 42). At the recommendation of the
OMB director, conferees on the FY1996 Treasury, Postal Service, and Executive Office of the President appropriation
transferred ISOO to the National Archives and Records Administration (H.Rept. 104-291, pp. 41-42).
16 The implementing regulation is Office of Management and Budget, “Information Security Oversight Office;
Classified National Security Information,” 60 Federal Register 53493, October 13, 1995.
17 President William J. Clinton, “Amendment to Executive Order 12958–Classified National Security Information,” 64
Federal Register 66089, November 23, 1999.
Congressional Research Service
9

Security Classification Policy and Procedure: E.O. 12958, as Amended

Bush’s Amendments to E.O. 12958
Further amendment of E.O. 12958 occurred in late March 2003 when President George W. Bush
issued E.O. 13292.18 The product of a review and reassessment initiated in the summer of 2001,
the directive, among other changes,
• eliminated the Clinton order’s standard that information should not be classified
if there is “significant doubt” about the need to do so;
• treats information obtained in confidence from foreign governments as classified;
• authorizes the Vice President, “in the performance of executive duties,” to
classify information originally;
• adds “infrastructures” and “protection services” to the categories of classifiable
information;
• eases the reclassification of declassified records;
• postpones the starting date for automatic declassification of protected records 25
or more years old from April 17, 2003, to December 31, 2006;
• eliminates the requirement that agencies prepare plans for declassifying records;
• cancels the order requiring the Archivist to create a “government wide database
of information that has been declassified,” and instead requires the “Director of
the Information Security Oversight Office ... [to] coordinate the linkage and
effective utilization of existing agency databases of records that have been
declassified and publicly released”; and
• permits the Director of Central Intelligence to block declassification actions of
the ISCAP, unless overruled by the President.
Since E.O. 13292 was issued, there have been no further changes to E.O. 12958.
Obama’s Review of E.O. 12958
On May 27, 2009, President Barack H. Obama issued a memorandum ordering a review of E.O.
12958.19 The President wrote,
[M]y Administration is committed to operating with an unprecedented level of openness.
While the Government must be able to prevent the public disclosure of information where
such disclosure would compromise the privacy of American citizens, national security, or
other legitimate interests, a democratic government accountable to the people must be as

18 See Federal Register, vol. 68, March 28, 2003, pp. 15315-15334, at http://edocket.access.gpo.gov/2003/pdf/03-
7736.pdf. E.O. 12958 as amended also may be found at http://www.archives.gov/isoo/policy-documents/eo-12958-
amendment.html.
19 President Barack H. Obama, “Memorandum of May 27, 2009—Classified Information and Controlled Unclassified
Information,” 74 Federal Register 26277-26280, June 1, 2009.
Congressional Research Service
10

Security Classification Policy and Procedure: E.O. 12958, as Amended

transparent as possible and must not withhold information for self-serving reasons or simply
to avoid embarrassment.20
To achieve these goals, the assistant to the President for National Security Affairs (commonly
known as the National Security Advisor) is to submit to the President “recommendations and
proposed revisions” to E.O. 12958 regarding21
(i) Establishment of a National Declassification Center to bring appropriate agency officials
together to perform collaborative declassification review under the administration of the
Archivist of the United States;
(ii) Effective measures to address the problem of over classification, including the possible
restoration of the presumption against classification, which would preclude classification of
information where there is significant doubt about the need for such classification, and the
implementation of increased accountability for classification decisions;
(iii) Changes needed to facilitate greater sharing of classified information among appropriate
parties;
(iv) Appropriate prohibition of reclassification of material that has been declassified and
released to the public under proper authority;
(v) Appropriate classification, safeguarding, accessibility, and declassification of information
in the electronic environment, as recommended by the Commission on the Intelligence
Capabilities of the United States Regarding Weapons of Mass Destruction and others; and
(vi) Any other measures appropriate to provide for greater openness and transparency in the
Government’s security classification and declassification program while also affording
necessary protection to the Government’s legitimate interests.22
The National Security Advisor’s response is due in 90 days.

Author Contact Information

Kevin R. Kosar

Analyst in American National Government
kkosar@crs.loc.gov, 7-3968



20 Ibid., p. 26277.
21 The memorandum also orders a review of the procedures for controlled unclassified information. For an introduction
to this topic, see the National Archives, “What is Controlled Unclassified Information?” at http://www.archives.gov/
cui/.
22 President Barack H. Obama, “Memorandum of May 27, 2009—Classified Information and Controlled Unclassified
Information,” p. 26277.
Congressional Research Service
11

Security Classification Policy and Procedure: E.O. 12958, as Amended

Acknowledgments
This report originally was written by Harold C. Relyea, who has retired from CRS. Readers with questions
about this report’s subject matter may contact Kevin R. Kosar.



Congressional Research Service
12