Information Security Oversight Office Annual Report to the President

The Information Security Oversight Office (ISOO), established in 1978, is responsible to the President for overseeing the Government-wide security classification program, and receives policy and program guidance from the National Security Council. ISOO has been part of the National Archives since 1995.

Today, ISOO released online its Report to the President for Fiscal Year (FY) 2016. This annual report includes information on government agencies’ security classification activities and costs, and provides an update on the implementation of the Controlled Unclassified Information (CUI) program. This annual report was mandated by Executive Order 13526, Classified National Security Information.

FY 2016 report highlights include:

Classification Activity:

• A 27 percent decrease in original classification activity, for a 2016 total of 39,240 decisions.
• A 5 percent increase in derivative classification action, up to 55,206,368 decisions.

Declassification Activity:

• Under automatic, systematic, and discretionary declassification review, agencies reviewed 102,172,703 pages and declassified 43,943,600 pages of historically valuable records. This was a 17 percent increase in the number of pages reviewed and 19 percent increase in the number of pages declassified.
• Agencies reviewed 248,413 pages under mandatory declassification review and declassified 117,453 pages in their entirety, declassified 92,678 pages in part, and retained classification of 38,282 pages in full.

Controlled Unclassified Information (CUI) background and implementation:

ISOO published the CUI Federal regulation (32 CFR part 2002) in the Federal Register on September 14, 2016. This regulation promotes the protection of CUI, appropriate information sharing, and consistent safeguarding and dissemination practices.

ISOO helps agencies implement the CUI program by conducting formal appraisals of existing agency practices, consulting with executive branch agencies and supporting elements (i.e., component agencies and non-Federal entities) on strategies and practices related to implementation, and raising awareness of key CUI program elements, timelines, and requirements through briefings, training sessions, and panel discussions.

Industrial Security:

The National Industrial Security Program Policy Advisory Committee (NISPPAC) established an Insider Threat working group to facilitate information sharing within security agencies on insider threat programs. ISOO Director Mark Bradley chairs this Committee and appoints its members.

ISOO is updating the Directive on Safeguarding Classified National Security Information (32 CFR part 2004).

As ISOO begins their next reporting cycle, Director Mark Bradley states that, “ISOO will focus on improving our methodology in data collection and will begin planning and developing new measures for future reporting that more accurately reflect the activities of agencies managing classified and sensitive information.”

Read the full Annual report, including an archive of previous annual reports, on the ISOO website: https://www.archives.gov/isoo/reports