The Security Classification Guide (SCG) is part of the Program Protection Plan (PPP). It details how the information will be classified and marked on an acquisition program. It’s the written record of an original classification decision or series of decisions regarding a system, plan, program, or project. The SCG addresses each Critical Program Information (CPI), as well as other relevant information requiring protection, including export-controlled information and sensitive but unclassified information. The Program Manager (PM) must develop an SCG in accordance with DoD Manual 5200.01. [1]
Definition: The Security Classification Guide (SCG) is any instruction or source that sets out the classification of a system, plan, program, mission, or project.
Purpose of the Security Classification Guide (SCG)
Security classification guidance aims to communicate classification decisions, promote uniform derivative classification, and consistently apply classification decisions to all relevant information users. It also helps ensure that classified information receives the required level of protection when making derivative classification decisions.
Main Security Classification Guide (SCG) References
These manuals and Instructions contain the requirements and minimum standards for developing classification guidance.
-
Manual: DoD Manual 5200.01 “Volume 1: DoD Information Security Program Overview”
-
Instruction: DoD Manual 5200.45 “Instructions for Developing Security Classification Guides”
Security Classification Guide (SCG) Classification
SCGs allow the Original Classification Authority to identify specific items or elements requiring classification, the exact classification levels assigned, the reason for classification, applicable downgrading and declassification instructions, any special handling caveats or dissemination controls, identity and position of the classifier and a point of contact for questions and/or suggestions regarding the SCG. Information in the SCG is classified as either originally or derivatively.
- Originally: Original classification occurs when information is developed that intrinsically meets the criteria for classification under Executive Order 12958. Such classification cannot reasonably be derived from a previous classification decision still in force involving in substance, the same or closely related information.
- Derivative: Information under review is already known to be classified
Classified Resposnisbility
All personnel of the Department of Defense are personally and individually responsible for properly protecting classified information and unclassified information under their custody and control. All officials within the Department of Defense who hold command, management, or supervisory positions have specific, non-delegable responsibility for the quality and effectiveness of implementation and management of the information security program within their areas of responsibility.
AcqLinks and References:
- [1] Defense Acquisition Guidebook (DAG) Chapter 9
- DoD Manual 5200.01 “Volume 1 DoD Information Security program Overview, Classification and Declassification”
- DoD Manual 5200.45 “Instructions for Developing Security Classification Guides”
- Template: Program Protection Plan (PPP)
Updated: 10/3/2023
Rank: G6.3