Your security clearance does not give you
approved access to all classified information. It gives you access only to:
- Information at the same or lower level of
classification as the level of the clearance granted; AND that you have a
"need-to-know" in order to perform your work.
Need-to-know is one of the most fundamental security principles. The
practice of need-to-know limits the damage that can be done by a trusted insider who goes
bad. Failures in implementing the need-to-know principle have contributed greatly to the
damage caused by a number of recent espionage cases.
Need-to-know imposes a dual responsibility on
you and all other authorized holders of classified information:
- When doing your job, you are expected to limit
your requests for information to that which you have a genuine need-to-know. Under some
circumstances, you may be expected to explain and justify your need-to-know when asking
others for information.
- Conversely, you are expected to ensure that
anyone to whom you give classified information has a legitimate need to know that
information. You are obliged to ask the other person for sufficient information to enable
you to make an informed decision about their need-to-know, and the other person is obliged
to justify their need-to-know.
- You are expected to refrain from discussing
classified information in hallways, cafeterias, elevators, rest rooms or smoking areas
where the discussion may be overheard by persons who do not have a need-to-know the
subject of conversation.
You are also obliged to report to your
security office any co-worker who repeatedly violates the need-to-know principle.
 |
Need-to-know is difficult to
implement as it conflicts with our natural desire to be friendly and helpful. It also
requires a level of personal responsibility that many of us find difficult to accept. The
importance of limiting sensitive information to those who have a need to know is
underscored, however, every time a trusted insider is found to have betrayed that trust. |
Here are some specific
circumstances when you need to be particularly careful:
- An individual from another organization may
contact you and ask for information about your classified project. Even though you have
reason to believe this person has the appropriate clearance, you are also obliged to
confirm the individuals need-to-know before providing information. If you have any
doubt, consult your supervisor or security officer.
- Difficult situations sometimes arise when
talking with friends who used to be assigned to the same classified program where you are
now working. The fact that a colleague formerly had a need-to-know about this program does
not mean he or she may have access to the information. There is no "need" to
keep up to date on sensitive developments after being transferred to a different
assignment.
- The need-to-know principle also applies to
placing classified information on computer networks. Before doing so, make sure it is
appropriate for this information to be seen by all persons with access to the system.
Although every individual gaining access to a particular computer network is cleared for
the clearance level of that system, they may not have a need to know all of the
information posted on the system.
|