Why Do Derivative Classifiers Keep Getting It Wrong?
Ever stared at a government document and wondered why the “Derivative Classification” block looks like a checklist from a spy‑movie? Because of that, you’re not alone. Most folks assume the only thing you need to remember is “copy the original classification.” Turns out there’s a whole set of requirements—and one of them doesn’t actually belong. In practice, that missing piece is the one that trips up the most people.
Below we’ll unpack what a derivative classifier is, why the role matters, how the process really works, the common pitfall (the “except” item), and what you can do to stay on the right side of the rules. By the end you’ll be able to glance at a classification banner and instantly know which box should stay empty Less friction, more output..
What Is a Derivative Classifier?
A derivative classifier is anyone who takes already‑classified information and creates a new product—an email, a briefing slide, a report, a PowerPoint, you name it. Here's the thing — their job isn’t to decide the original level (confidential, secret, top secret); that’s already been set by the original source. Instead, they must preserve that original classification and add any new markings that the new document requires Worth keeping that in mind..
Think of it like copying a recipe. The original chef decided the dish is “spicy.” You can add a garnish, change the plating, or write it down in a different language, but you can’t suddenly call it “mild” without a new decision from the chef.
In the U.But government world, the authority to act as a derivative classifier comes from Executive Order 13526 (the “Classification Executive Order”) and the National Security Information (NSI) Manual. Plus, s. The rules are strict because a single slip can expose sensitive material to the wrong eyes.
The Core Responsibilities
- Identify the source classification – locate the original marking or classification guide.
- Apply the same classification level – keep “confidential,” “secret,” or “top secret” intact.
- Add dissemination controls – things like “NOFORN” (no foreign nationals) or “ORCON” (originator controlled).
- Mark the document correctly – header, footer, and any required block markings.
- Maintain a record – keep a log of what you derived and when, in case an audit shows up.
That’s the baseline. Anything beyond those steps is extra, and that’s where the “except” comes in.
Why It Matters / Why People Care
If you’ve ever been on a project that required a security clearance, you know the sting of a classification error. A mislabeled report can:
- Leak Sensitive Data – even a single line of “secret” info in a “unclassified” email can be a breach.
- Trigger Audits – agencies run random checks. A mistake forces you to redo work, waste time, and sometimes face disciplinary action.
- Damage Trust – once you’re flagged as a sloppy classifier, you lose credibility with the original source and with your own supervisors.
Real‑talk: the cost of a classification mistake isn’t just paperwork. Also, it can mean lost contracts, delayed missions, or even legal repercussions. That’s why the “all the following except” question matters—if you’re checking the wrong box, you’re setting yourself up for trouble.
How It Works (or How to Do It)
Below is the step‑by‑step flow most agencies expect you to follow. It reads like a recipe, but trust me, the devil is in the details.
1. Locate the Original Classification Marking
- Search the source document – look for the block marking on the first page, header/footer, or a separate classification guide.
- Verify the authority – ensure the original classifier had the proper authority (e.g., a Director‑level official or a designated classification authority).
If you can’t find a clear marking, you cannot proceed. The rule says “no marking, no derivative work.” Simple as that.
2. Determine If New Information Is Added
- Identify original vs. new – highlight any sentences you’ve written yourself.
- Assess the sensitivity – does the new content raise the classification level? If yes, you need a new classification decision, not just a derivative one.
Most people assume any added text automatically inherits the original level. This leads to that’s only true if the new material doesn’t raise the risk. If you’re unsure, run it by the original source or a senior classifier.
3. Apply the Correct Classification Level
- Copy the exact wording – “CONFIDENTIAL,” “SECRET,” “TOP SECRET.” Don’t use shorthand or synonyms.
- Preserve the original de‑classification date – if the source says “Declassify 01 Jan 2028,” you must repeat that date.
4. Add Required Dissemination Controls
- Standard controls – NOFORN, ORCON, REL TO (list of countries), etc.
- Agency‑specific controls – some departments require “PROPIN” or “SI‑GOV” tags. Check the agency’s marking guide.
5. Mark the Document Properly
- Block marking – usually a paragraph on the first page that reads: “CONFIDENTIAL//NOFORN//ORCON//Declassify 01 Jan 2028.”
- Header/footer – repeat the classification level and any required control markings on every page.
- Portion markings – if only part of the document is classified, use “//” to separate classified and unclassified sections.
6. Record the Derivation
- Logbook entry – date, source document reference, classification level, and your name.
- Electronic metadata – many systems automatically capture this; still double‑check.
7. Review and Release
- Self‑review – run a checklist (we’ll share a cheat sheet later).
- Supervisor sign‑off – some agencies require a second set of eyes before distribution.
Common Mistakes / What Most People Get Wrong
Here’s the kicker: the “except” item on most quizzes about derivative classification is “must obtain a new classification authority for the derived document.” Put another way, you don’t need a brand‑new authority unless you add material that changes the classification level.
Mistake #1: Treating “All of the Following” as “All Must Be Done”
People often think you have to re‑determine the classification every time you create a derivative work. That said, the law says you only do that if the new content raises the sensitivity. Otherwise, you simply copy the original marking Less friction, more output..
Mistake #2: Forgetting Portion Markings
If only a paragraph is classified, many copy‑paste the whole block marking onto the entire document. That over‑classifies and can cause unnecessary handling restrictions.
Mistake #3: Skipping the Log
A surprising number of new classifiers think the log is optional. Auditors love to ask, “When did you derive this?” If you can’t produce a record, you’re on the hook for the mistake.
Mistake #4: Using the Wrong Font or Size
Looks minor, but agencies have strict formatting rules. A tiny “SECRET” in the footer that’s hard to read can be deemed “improper marking,” which is a violation.
Mistake #5: Assuming “Unclassified” Means “No Markings Needed”
If the source document is unclassified but contains Sensitive But Unclassified (SBU) data, you still need to mark the derivative with the appropriate SBU banner. Ignoring it can lead to a breach of privacy regulations.
Practical Tips / What Actually Works
Below are the tricks I’ve collected from years of reviewing classification logs and surviving a few close calls.
- Create a personal checklist – a one‑page PDF you keep open while you work. Include: source ID, classification level, de‑class date, dissemination controls, portion markings, log entry.
- Use a template – most agencies provide a Word template with pre‑filled header/footer fields. Plug in the values; don’t type them manually.
- use “Mark as Classified” tools – many secure email systems have a button that auto‑adds the correct block marking. Use it.
- Run a “find” for the classification word – after you finish, search the document for “CONFIDENTIAL,” “SECRET,” etc., to ensure you didn’t miss a spot.
- Ask “Does this new sentence raise the risk?” – if you can’t answer quickly, flag it for a senior reviewer.
- Keep a master log spreadsheet – columns for date, source reference, classification, controls, and reviewer. It pays off during audits.
- Practice the “except” rule – whenever you’re unsure, ask yourself: “Do I need a new authority, or am I just copying the original?” If the answer is “just copying,” you’re good.
FAQ
Q: Can I derivative‑classify a document that’s marked “TOP SECRET//NOFORN” if I’m only adding a short summary?
A: Yes, as long as the summary doesn’t introduce new information that would raise the classification level. Keep the same block marking and add the summary in the same classified portion.
Q: What if the original source has no explicit de‑classification date?
A: You must follow the default de‑classification schedule in the agency’s policy (usually 25 years for “TOP SECRET,” 10 for “SECRET,” 5 for “CONFIDENTIAL”) and note that in your log Took long enough..
Q: Do I need to mark a derivative document that is entirely unclassified but contains a “FOR OFFICIAL USE ONLY” (FOUO) paragraph?
A: Absolutely. The FOUO paragraph must be clearly marked, and the overall document should carry a “UNCLASSIFIED” block with “FOUO” noted where appropriate Which is the point..
Q: Is it okay to use “CONFIDENTIAL” in the header and “SECRET” in the block marking?
A: No. All markings must be consistent throughout the document. Mismatched levels are a violation.
Q: How often should I review the classification guide?
A: At least once a quarter, or whenever a new agency directive is released. The rules evolve, and staying current prevents accidental errors And it works..
That’s the short version: derivative classifiers must copy the original classification, add any required dissemination controls, mark the document correctly, and keep a record—but they do not need a brand‑new classification authority unless the new content changes the level. Keep that “except” in mind, follow the checklist, and you’ll stay on the right side of the fence Easy to understand, harder to ignore. That alone is useful..
Now go ahead and mark those reports with confidence. Your future self (and the security office) will thank you.
