C3.2.1. Policy on Disclosure of Classified Military Information (CMI) to Foreign Government and International Organizations. DoD Directive 5230.11 implements National Disclosure Policy (NDP-1). It is U.S. national and DoD policy that CMI is a national security asset that must be protected and shared with foreign governments only when there is a clearly defined benefit to the United States, when authorized by officials designated under the Directive and then only when all requirements of the Directive are met.

C3.2.2. Avoiding False Impressions. U.S. policy is to avoid creating false impressions of USG readiness to make available classified military materiel, technology, or information. Much military hardware is unclassified; however its operation and maintenance or related training may involve sensitive classified information. Some classified information (e.g., sensitive compartmented information (SCI), communications security (COMSEC) information, etc.) may require approval outside of DoD and the National Disclosure Policy Committee (NDPC). Accordingly, proposals to foreign governments or international organizations that result from either U.S. or combined (U.S. and proposed recipient) initial planning, and that will lead to the eventual disclosure of classified military information, must be authorized in advance by designated disclosure officials in the departments and agencies originating the information or by the NDPC. This includes the release of unclassified Price and Availability (P&A) data. Furthermore, it must be explicitly stated and acknowledged that no U.S. commitment to furnish such classified information or materiel is intended or implied until disclosure has been approved.

C3.2.3. Disclosure Authorities. Under the terms of NDP-1, the NDPC is the central authority for formulating, promulgating, administering, and monitoring national disclosure policy. The Secretary of Defense and the Deputy Secretary of Defense are the only officials who may grant unilateral exceptions to NDP-1. However, in most cases, exceptions to policy are granted or denied by the NDPC. Under DoD Directive 5230.11, the Secretary of Defense has delegated disclosure authority to the Secretaries of the Military Departments (MILDEPs) and other DoD officials whose decisions must be compliant with NDP-1. They are required to appoint a Principal Disclosure Authority (PDA) at component headquarters level to oversee the disclosure process and a Designated Disclosure Authority (DDA) at subordinate command and agency levels to oversee disclosure decisions at their level when disclosure authority is delegated. Any commitment to disclosure or release of controlled defense-related information or technology must be authorized by the PDA or DDA unless authority is otherwise delegated in a Delegation of Disclosure Authority Letter (DDL).

C3.2.4. Disclosure Decisions. PDAs or DDAs evaluate proposals for disclosure of classified information relating to defense articles and services on a case-by-case basis in accordance with NDP-1, DoDD 5230.11, and MILDEP regulations. An affirmative disclosure decision requires consent of the PDA or DDA representing the DoD Component that originated the information and the written consent of the official having original classification authority for the information if the information has not already been marked by the originator for disclosure to the intended recipient government or international organization. The PDA or DDA must also ensure that the disclosure criteria, conditions, and limitations in DoDD 5230.11, are satisfied, including the existence of a bilateral General Security Agreement (GSA) concerning the mutual protection of classified information. In the absence of a GSA, the security requirements may be included in a program agreement (e.g., a co-production or cooperative development memorandum of understanding (MOU),) or in a program-specific security agreement described in Section C3.2.6. Disclosure authorizations for classified information are recorded in the National Disclosure Policy System (NDPS). The Chief of the U.S. Diplomatic Mission must approve in-country release of all Security Assistance (SA) information to a purchaser.

C3.2.5. Tentative Security Assistance Plans and Programs. Classified planning information for budget and future years may be released to a foreign government or international organization to the extent it is necessary for participation in the SA planning process; it is necessary for development of related defense plans; the purchaser can maintain security precautions; and the purchaser uses the information only for the intended purposes. If the release involves classified information or Controlled Unclassified Information (CUI), the release must be approved by the supporting DDA. Classified dollar levels of proposed programs may be released only with permission of the Director, DSCA, and Department of State (DoS) concurrence. U.S. officials releasing information under this paragraph must ensure that the recipient understands that the release does not constitute a commitment by the United States.

C3.2.5.1. FMS Agreements. After an LOA is approved, classified information regarding the quantity and projected delivery schedules for articles and services in FMS agreements may be released to facilitate appropriate planning by the recipient, subject to assurance by the recipient that it will maintain adequate security precautions and use the information only for the purposes for which provided. Release is made only to purchaser Government officials who require the information in their official capacity.

C3.2.6. Program Security Agreements. When there is no General Security of Information Agreement (GSOIA) or General Security of Military Information Agreement (GSOMIA) with a purchasing government, provisions for protecting CMI must be included in another related agreement. If, for example, the CMI is being released in conjunction with a co-production or cooperative development and production governed by an MOU, the provisions may be included in the MOU. Letters of Offer and Acceptance (LOAs), however, are not international agreements. If CMI is to be released in support of an FMS sale, and there is no GSOIA or GSOMIA, a program specific security agreement developed and approved by the Defense Technology Security Administration (DTSA) containing the security requirements must be concluded prior to discussion of CMI with the purchasing government. Depending upon the circumstances, this may take the form of a separate international agreement as defined by DoDD 5530.3 or by 22 CFR Part 181, or as a separate arrangement pursuant to the LOA. Questions concerning which form a program-specific security agreement should take should be directed to DSCA (Programs Directorate, Weapons Division and Office of the General Counsel). The agreement will contain, at a minimum, the provisions described in Figure C3.F1. below.

Figure C3.F1. Sample Text for a Program-Specific Security Agreement

C3.2.7. National Industrial Security Program (NISP). U.S. security depends on the proper safeguarding of classified information released to industry. The NISP ensures that classified information released to cleared U.S. contractor facilities is safeguarded during all phases of the contracting, licensing, and grant processes. The NISP also applies to all classified information not released under a contract, license certificate, or grant, and to Foreign Government Information (FGI) furnished to contractors that requires protection in the interest of national security. DoD 5220.22-R and DTM-09-019 provides procedures used by DoD to ensure maximum uniformity and effectiveness in application of NISP policies to industry. The NISP Operating Manual (NISPOM), DoD 5220.22-M, Supplement 1, contains detailed security requirements for U.S. contractors’ use in safeguarding classified information. The NISPOM is applied to industry by management’s execution of the DoD Security Agreement (DD Form 441), and by direct reference in the “Security Requirements” clause in the contract. The Defense Industrial Security Clearance Office (DISCO) verifies the eligibility of industry personnel to access classified defense information.

C3.2.8. U.S. Contracts with Foreign Firms. Implementing Agencies (IAs) may award (or permit a contractor to award) a classified contract to a foreign contractor if the classified information is releasable to the government of the foreign contractor under NDP-1. Foreign disclosure implications are identified by the program office and resolved by the supporting DDA prior to any announcements that could lead to foreign involvement. Classified information must be requested and transferred through government channels in compliance with the DoD Component documentary request procedures. Prior to any activity that may result in the disclosure of classified information to a foreign contractor, the IA will request that DISCO seek a Facility Security Clearance Assurance (FSCA) from the security authorities of the foreign contractor. The FSCA verifies the facility security clearance of the foreign contractor and advises the other government that U.S. classified information is to be transferred to a contractor under its jurisdiction under the terms of the relevant bilateral security agreements with the other government. IA responsibilities are contained in DoD 5220.22-R and DTM-09-019.

C3.2.9. Contracts Requiring Overseas Deliveries. When an IA places a contract with a cleared U.S. contractor for delivery of classified information or materiel to a foreign government, the IA is responsible for delivery. See Chapter 7 for more information regarding transportation of classified information.