U.S. flag

An official website of the United States government

Dot gov

Official websites use
A .gov website belongs to an official government organization in the United States.


Secure websites use HTTPS
A lock () or https:// means you’ve safely connected to the website. Share sensitive information only on official, secure websites.

Was this page helpful?

Classification Management

Classification Management is the marking, safeguarding, identification, declassification, and destruction of classified national security information (NSI) and determines the life-cycle of such information. InfoSec Program staff provide guidance to Department of Commerce operating units and security specialists on classification management and facilitate Subject Matter Expert reviews of NSI as part of the Mandatory Declassification Review (MDR) process, which may occur as part of a Freedom of Information Act (FOIA) request.

Original Classification

Authority to originally classify information as Secret or Confidential may be exercised by the Secretary of Commerce and by officials to whom such authority is specifically delegated. No official of the Department is authorized to originally classify information as Top Secret. This authority was reissued in the December 29, 2009 Presidential order entitled, Original Classification Authority. This order designates those agency heads and officials as having the authority to classify information.

In accordance with the October 3, 2014 memorandum from the Secretary of Commerce titled Delegation of Original Classification Authority, original classification authority is further delegated to the Department’s Director for Security, and the Deputy Under Secretary for the Bureau of Industry and Security.

The Department has published a DOC National Security Information Classification Guide (CUI//FEDCON) (Commerce personnel only) to assist classifiers in the classification of information.

Derivative Classification

Derivative Classification is the incorporating, paraphrasing, restating, or generating in new form information that is already classified and marking the newly developed material consistent with the classification markings that apply to the source information. Derivative classification includes the classification of information based on classification guidance. The duplication or reproduction of existing classified information is not derivative classification.

Mandatory Declassification Review

Mandatory Declassification Review (MDR) is a means by which any individual or entity can request any Federal agency to review classified information for declassification, regardless of its age or origin, subject to certain limitations.  MDR is another route to the declassification and release of classified Department records under the terms of E.O. 13526. 

All information classified under the Order or predecessor orders by the originating agency, Congressional records classified by the executive branch, and information from past Presidential administrations is subject to MDR. Requests for MDR to the Department of Commerce can be sent to the Director for Security at:

U.S. Department of Commerce

Information and Personnel Security (IPSD), Office of Security (OSY), room 1521

1401 Constitution Avenue, NW

Washington, DC 20230


15 CFR Part 4a, Classification, Declassification, and Public Availability of National Security Information, June 10, 2020

Delegation of Original Classification Authority, October 3, 2014 DOC memorandum

Original Classification Authority, December 29, 2009 Presidential Order

DOC National Security Information Classification Guide, October 2020 (Commerce personnel only)

Information Security Oversight Office (ISOO) Classification Management Training Aids