The InfoSec Program is responsible for providing and ensuring compliance with several types of briefings and training to Employees, Contractors, and other Departmental affiliates who have been granted access to national security information (NSI). 

Executive Order 13526 and 32 CFR 2001 provide the guidelines for required classification management training. All personnel who work with classified information must receive initial training on security policies. Additional training requirements for all individuals that work with classified information include: annual refresher training, annual training for original classification authorities, and biennial training for all derivative classifiers.

Training requirements at the Department include:

---

Initial NSI Briefing and Annual Refresher Training

After being approved for access to NSI, but before such access provided there is a need-to-know, an individual must be briefed about proper handling, disseminating, safeguarding, and storage and sign a Non-Disclosure Agreement (NDA), Standard Form (SF) 312.

Once an individual has completed an NDA and received an initial NSI briefing, so long as they have a clearance granting them continued access to classified information, they are required to undergo annual refresher training.

---

Derivative Classification Training

Incorporation, paraphrasing, and restating of information, which is already classified, are examples of derivative use and regularly occur when handling NSI. While the InfoSec Program does not directly provide this training—it’s provided through an agreement with another Federal agency—it is required before access will be granted to NSI systems and can help prevent the loss and unauthorized disclosures of information which can damage the national security of the United States.

---

Original Classification Authority (OCA) Training

Information related to one of the categories of information identified by Executive Order (E.O.) 13526, the loss or unauthorized disclosure of which has been determined, would damage the United States’ national security that hasn’t previously been classified, i.e., information which isn’t derivative must be classified. However, such information may only be classified by an individual who, by position, has been designated an Original Classification Authority (OCA). Before an individual who has been designated an OCA, they must complete training annually to perform the function.

---

Security Debriefing

As clearances belong to a position, not the employee, employees separating from the Department of Commerce for any reason, e.g., retirement, resigning, transitioning to a new Department or Agency, must receive a security debriefing and endorse the Security Debriefing Acknowledgement portion of the SF 312. If a person is moving into a new position within the Department that does not require access to classified information, they too must be debriefed.

In person Security Briefings will take place at HCHB on Fridays at 1pm. For personnel not located at HCHB, please contact your Field Security Office.

---