State Department Has a Ways to Go to Achieve Proper Classification of Documents

Authority to determine classification levels was one of the many issues raised by Hillary Clinton's email controversy. Authority to determine classification levels was one of the many issues raised by Hillary Clinton's email controversy. Kevin Lamarque/AP file photo

One of the many issues raised by former Secretary of State Hillary Clinton’s email controversy is who within the State Department determines the classification level of key and routine documents.

According to an inspector general’s report issued late last month, the department has fallen short in updating its list of officials with classification authority, has not delivered all mandatory training to staff handling the documents, and has provided inaccurate counts of the number of formerly classified documents now declassified.

Documents generated within the Office of the Secretary were not included in the department’s own report to the National Archives and Records Administration’s Information Security Oversight Office.

» Get the best federal news and ideas delivered right to your inbox. Sign up here.

“Of the 239 individuals who occupied positions that OIG had identified as Top Secret-level [original classification authorities], 41 (17 percent) had completed” the training course in classification in the past 12 months, said the report, a follow-up on a 2013 report on compliance with President Obama’s 2009 Executive Order 13526 prescribing a uniform system for classifying, safeguarding and declassifying national security information.

Of 671 individuals identified as Secret-level original classification authorities, only 172 (26 percent) had completed the course, according to records from the Foreign Service Institute. Among officials in the most senior-level positions, none had taken the course since its creation in 2011, the watchdog found.

State’s Bureau of Administration, the report noted, had not updated its list of officials authorized to make Top Secret and Secret-level classifications in six years. “In addition, the department had not implemented the sanction provision in the Executive Order that suspends an individual’s classification authority until training is completed,” the report continued. 

“These conditions occurred in part because the Bureau of Administration had not provided adequate guidance to the department’s bureaus specifying how the process for suspending classification authority should work,” the report said. “When department employees and contractors are unaware of classification standards and no mechanism is in place to enforce training requirements, there is an increased risk that information could be incorrectly marked, misclassified, and/or improperly restricted or disseminated.”

Also because of such deficiencies, the IG wrote, “the Bureau of Administration will remain unable to identify a complete universe of classified documents within the department for the annual self-inspection until additional capabilities are instituted.”

Acknowledging that a lack of resources plays a role in the training shortfalls, the IG updated past recommendations—noting progress on many.

Seven new recommendations include improved monitoring of training and more-precise reporting from components on document classification, clarification of which contractors must take classification training, improved software installation procedures and conducting a workload assessment.

State’s bureaus agreed.

The report’s finding of inaccuracies in the number of declassified State documents leapt out at Steven Aftergood, who writes the Secrecy News blog for the Federation of American Scientists. In applauding the government’s efforts at declassification under the 2010 Reducing Over-Classification Act, he quoted William Cira, acting director of the National Archives’ Information Security Oversight Office, as saying the inaccuracies do not worry him.

 “It has been recognized, even long before we asked the agencies to include the electronic environment, that an actual count is not feasible,” Cira said. “The sampling and extrapolation technique described in that report has been in widespread use for a long time.”

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.