[Code of Federal Regulations] [Title 32, Volume 1, Parts 1 to 190] [Revised as of July 1, 1998] From the U.S. Government Printing Office via GPO Access [CITE: 32CFR159a.54] [Page 839-840] TITLE 32--NATIONAL DEFENSE CHAPTER I--OFFICE OF THE SECRETARY OF DEFENSE PART 159a--INFORMATION SECURITY PROGRAM REGULATION--Table of Contents Subpart H--Access, Dissemination, and Accountability Sec. 159a.54 Dissemination. (a) Policy. DoD Components shall establish procedures consistent with this Regulation for the dissemination of classified material. The originating official or activity may prescribe specific restrictions on dissemination of classified information when necessary. (See Sec. 159a.35(f). Particular emphasis shall be placed on traditional need-to-know measures to aid in the strict control of classified information.) (b) Restraints on Special Access Requirements. Special requirements with respect to access, distribution, and protection of classified information shall require prior approval in accordance with subpart M of this part. (c) Information Originating in a Non-DoD Department or Agency. Except under rules established by the Secretary of Defense, or as provided by section 102 of the National Security Act, classified information originating in a department or agency other than Department of Defense shall not be disseminated outside the Department of Defense without the consent of the originating department or agency. (d) Foreign Intelligence Information. Dissemination of foreign intelligence information shall be in accordance with the provisions of DoD Instruction 5230.22 and DoD Directive C-5230.23 \3\\0\. --------------------------------------------------------------------------- \3\\0\ See footnote 13 to Sec. 159a.33(j). --------------------------------------------------------------------------- (e) Restricted Data and Formerly Restricted Data. Information bearing the warning notices prescribed in Sec. 159a.35 (b) and (c) shall not be disseminated outside authorized channels without the consent of the originator. Access to and dissemination of Restricted Data by DoD personnel shall be subject to DoD Directive 5210.2. (f) NATO Information. Classified information originated by NATO shall be safeguarded in accordance with DoD Directive 5100.55. (g) COMSEC Information. COMSEC information shall be disseminated in accordance with NACSI 4005 and implementing instructions. (h) Dissemination of Top Secret Information. (1) Top Secret information, originated within the Department of [[Page 840]] Defense, may not be disseminated outside the Department of Defense without the consent of the originating DoD Component, or higher authority. (2) Top Secret information, whenever segregable from classified portions bearing lower classifications, shall be distributed separately. (3) Standing distribution requirements for Top Secret information and materials, such as distribution lists, shall be reviewed at least annually to verify the recipients' need-to-know. (i) Dissemination of Secret and Confidential Information. (1) Secret and Confidential information, originated within the Department of Defense, may be disseminated within the Executive Branch, unless prohibited by the originator. (See Sec. 159a.35(f)). (2) Standing distribution requirements for Secret and Confidential information and materials, such as distribution lists, shall be reviewed at least annually to verify the recipients' need-to-know. (j) Code Words, Nicknames, and Exercise Terms. The use of code words, nicknames, and exercise terms is subject to the provisions of subpart M and Appendix C. (k) Scientific and Technical Meetings. Use of classified information in scientific and technical meetings is subject to the provisions of DoD Directive 5200.12. (l) Limited Dissemination (LIMDIS). This section establishes limits on measures for the protection of information beyond those involving access to classified information per se, but not so stringent as to require the establishment of a Special Access Program. It prohibits use of terminology indicating enhancements to need-to-know, such as Special Need-to-Know (SNTK), MUST KNOW, Controlled Need-to-Know (CNTK), or other similar security upgrade designations and associated unique security requirements such as specialized nondisclosure statements. Limited dissemination controls are the only security enhancement short of a Special Access Program which may be employed for control over specific information for specified periods of time. In this context, these procedures may be initiated and continued on a showing that additional access controls are required in order to assure the security of the designated information. The decision to apply these procedures shall be made at the original classification authority level of command or supervision in accordance with the implementing information security instructions promulgated by the DoD Component. Except by agreement, such requirements shall not be imposed outside of the approving DoD Component. LIMDIS protective measures are restricted to one or more of the following: (1) Decentralized maintenance of disclosure listings, briefings concerning access limitations, and physical security restrictions limited to requirements such as placing the material in sealed envelopes within approved storage containers to avoid inadvertent disclosure and the commingling with other files; (2) Using unclassified nicknames (no code words may be assigned to LIMDIS information); (3) Marking the material as LIMDIS along with the assigned nickname; (4) Marking inner envelopes containing designated LIMDIS information with the notation: ``To be Opened Only By Personnel Authorized Access''; (5) Requiring electronically transmitted messages containing designated information to be marked with the uniform caveat LIMDIS; and (6) Prescribing unique oversight procedures to be accomplished by Component professional security personnel (industrial security inspections will be conducted in the normal manner by the Defense Investigative Service).