The Information Security Oversight Office (ISOO), a component of the National Archives that receives program and policy guidance from the National Security Staff at the White House, is responsible for policy and oversight of the Government-wide security classification system and the National Industrial Security Program. ISOO receives authority from:
- Executive Order 13526, Classified National Security Information (Dec. 29, 2009).
- Executive Order 12958, Classified National Security Information (Apr. 17, 1995), as amended.
- Executive Order 12829, National Industrial Security Program (Jan. 6, 1993), as amended by Executive Order 12885.
ISOO is a component of the National Archives and Records Administration (NARA) and receives policy and program guidance from the National Security Council (NSC). ISOO oversees the security classification programs in both Government and industry and reports annually to the President on their status.
ISOO is headed by a Director, who is appointed by the Archivist of the United States, and who has the authority to order declassification of information that, in the Director's view, is classified in violation of the aforementioned classification standards. In addition, there is an Interagency Security Classification Appeals Panel (ISCAP), headed by the ISOO Director and made up of representatives of the heads of various agencies, including the Departments of Defense, Justice, and State, as well as the Central Intelligence Agency, and the National Archives. ISCAP is empowered to decide appeals of classifications challenges and to review automatic and mandatory declassifications. If the ISOO Director finds a violation of E.O. 13526 or its implementing directives, then the Director must notify the appropriate classifying agency so that corrective steps can be taken.
ISOO has three components:
- The Classification Management Staff: Develops security classification policies for classifying, declassifying and safeguarding national security information generated in Government and industry.
- The Operations Staff: Evaluates the effectiveness of the security classification programs established by Government and industry to protect information vital to our national security interests.
- The Controlled Unclassified Information (CUI) Office: Develops standardized CUI policies and procedures that appropriately protect sensitive information through effective data access and control measures.