Accession Number:

ADA445486

Title:

"Sensitive but Unclassified" Information and Other Controls: Policy and Options for Scientific and Technical Information

Descriptive Note:

Congressional rept.

Corporate Author:

LIBRARY OF CONGRESS WASHINGTON DC CONGRESSIONAL RESEARCH SERVICE

Personal Author(s):

Report Date:

2006-02-15

Pagination or Media Count:

87.0

Abstract:

Providing access to scientific and technical information for legitimate uses while protecting it from potential terrorists is complex and poses difficult policy choices. Federally funded, extramural academic research basic and applied is supposed to be classified if it poses a security threat otherwise, it is to be unrestricted. Since the September 11, 2001 terrorist attacks, controls increasingly have been placed on some types of unclassified research and scientific and technical information, including information used to inform decision making and citizen oversight. These controls include sensitive but unclassified SBU labels restrictive contract clauses visa controls controlled laboratories and the widening of legal restrictions on access to some federal biological, transportation, critical infrastructure, geospatial, environmental impact, and nuclear information. On December 16, 2005, President Bush instructed federal agencies to standardize procedures to designate, mark, and handle SBU information, and to forward recommendations for government-wide standards to the Director of National Intelligence DNI. Federal agencies do not use uniform definitions of SBU information or have consistent policies for safeguarding or releasing it. This lack of uniformity and consistency raises issues about how to identify SBU information, especially scientific and technical information how to keep it from those who would use it malevolently, while allowing access for those who need to use it and how to develop uniform nondisclosure policies and penalties. Appendix A describes the federal agencies that use the definition of sensitive as found in the Computer Security Act CSA, use FISMA guidelines or risk-based procedures to develop information security policies, use a mix of CSA and FISMA concepts, or use unique definitions. Appendix B describes federal information systems created to transmit sensitive but unclassified information.

Subject Categories:

  • Information Science
  • Government and Political Science
  • Sociology and Law

Distribution Statement:

APPROVED FOR PUBLIC RELEASE