Have you ever stared at a multiple-choice question and felt like all the answers could be true? In real terms, that’s the exact feeling most people get when they hit a question about derivative classification. You know the one — it shows up in security training, in the annual refresher, on the exam for a new billet. The question reads: "Which of the following is true concerning derivative classification?" And suddenly, four options blur together like a bad photocopy.
Let’s fix that.
Here’s the thing — once you understand what derivative classification actually is, the answer becomes obvious. And not just the test answer. The practical, real-world answer that keeps you out of trouble and helps you handle classified information correctly. So let’s walk through it Nothing fancy..
What Is Derivative Classification
Derivative classification isn’t a complicated concept. Practically speaking, a briefing slide. A database entry. In practice, it’s pretty straightforward. Which means a summary. You take information that’s already been classified — a secret report, a top secret cable, a confidential memo — and you incorporate that information into something new. A new document that pulls from the old one Which is the point..
The key word here is derivative. That's why you didn’t decide the information was classified in the first place. On top of that, you’re deriving the classification from an existing source. That was an original classification authority (OCA). You’re just carrying that classification forward into a new product.
People argue about this. Here's where I land on it.
Turns out, a lot of people get nervous about this. They worry they’re doing something wrong. And or they over-classify just to be safe. Or worse, they under-classify and leak something sensitive without realizing it It's one of those things that adds up..
The Short Version
Let me give you the cleanest way to think about it. Derivative classification happens when you:
- Extract classified information from an authorized source document
- Paraphrase that classified information into a new form
- Or restate it in a new format, like converting a report into a bullet list
The classification level doesn’t change unless you add new information. If the source says “Secret,” your new document says “Secret” — assuming you used the same classified content and didn’t add anything new.
Original vs. Derivative — The Big Difference
Original classification is when a government official with specific authority decides that certain information needs protection. On the flip side, they mark it. That’s a big deal. They stamp it. Worth adding: they decide the level — Confidential, Secret, or Top Secret. Only certain people can do it Simple, but easy to overlook..
Derivative classification is different. You don’t need special authority. You just need the source document and the ability to follow the rules. On top of that, almost anyone with access to classified information can do it. But here’s the catch — you are still responsible for getting it right. The burden doesn’t disappear just because you didn’t originate the classification.
Why It Matters
Honestly, this is the part most guides get wrong. They dive into definitions and procedures without explaining why anyone should care. So let me spell it out.
Mishandling classified information isn’t a minor paperwork error. It can compromise operations. Now, it can cost lives. And for the person who made the mistake, it can mean losing a clearance, losing a job, or facing legal consequences. Derivative classification matters because it’s where most mistakes actually happen.
Think about it. Practically speaking, original classification is rare and tightly controlled. But derivative classification? That happens every day. Analysts do it. Now, security managers do it. Administrative staff do it when they compile reports. Consider this: even contractors do it. The volume is massive, and so is the potential for error Practical, not theoretical..
A Real Example
Say you’re pulling data from a Top Secret intelligence report to build a weekly summary for your team. Day to day, the source says “intelligence indicates three battalions are moving north. Day to day, ” You write “enemy forces are repositioning to the northern sector. Practically speaking, you write a sentence that uses the same facts but different wording. ” Same classified information, repackaged.
If you don’t mark that correctly in your new document, you’ve made a mistake. And if that document gets released to a lower classification level or to someone without the need-to-know, you’ve just caused a spillage.
How It Works
So how do you actually do this correctly? Let’s break it down step by step. This isn’t theory — this is the process you’d follow on a Tuesday morning at your desk.
Step 1: Identify Your Source
You need an authorized source of classification guidance. That means:
- A properly marked original document
- A Security Classification Guide (SCG) for your program or topic
- A DD Form 254 (for contractors)
- Or a properly marked source that was itself derived from an authorized source
You can’t guess. Worth adding: you can’t rely on memory. You need the actual document or guide in front of you Still holds up..
Step 2: Determine What’s Classified
This sounds obvious, but it’s where people trip up. Sometimes a report contains unclassified information mixed in. Not everything in a classified document is necessarily classified. You need to identify exactly which portions are classified and at what level. Source documents should have markings that show this — banner lines, portion marks, classification authority blocks.
Here’s what most people miss: if a document says “Top Secret” at the top, that doesn’t mean every sentence inside is Top Secret. Look for portion marks. Each paragraph, bullet, or section should be marked with (TS), (S), (C), or (U).
Step 3: Carry the Classification Forward
When you include classified information from your source into your new document, you apply the same classification level. If your source sentence is marked (S) for Secret, your paraphrased version should also be marked Secret in your new document.
Do not downgrade it. Because of that, do not upgrade it. Match it exactly The details matter here..
Step 4: Add Your Derivative Classification Block
Every new document you create needs a classification authority block. This is usually at the bottom of the first page or on the front cover. It shows:
- “Derived From: [source document or guide identifier]”
- “Declassify On: [date from the source]”
This tells anyone who picks up your document exactly where the classification came from. Which means it’s a trail of breadcrumbs. Without it, no one can verify your work Most people skip this — try not to. Turns out it matters..
Step 5: Mark It Properly
Banner lines — the big marking at the top and bottom of every page — need to match the highest classification of any content on that page. Now, if one paragraph is Secret and the rest is Confidential, the whole page gets a Secret banner. That’s how it works Worth keeping that in mind..
Common Mistakes
I’ve seen people make the same errors over and over. Here are the ones worth knowing about.
Over-Classification
This happens when someone isn’t sure so they just mark it higher than necessary. Over-classification hurts information sharing and operational efficiency. On the flip side, “Better safe than sorry,” they think. But that’s wrong. Plus, it’s also technically a violation of policy. You are required to classify at the correct level, not a safer level.
Forgetting the Derivative Classification Block
This is incredibly common. Still, that document is now inadequately marked. Someone creates a new document, marks the banner lines, portion marks every paragraph, but forgets the “Derived From” line entirely. If an inspector finds it, you’ve got a finding.
Relying on Memory
“I know that report said Secret, so I’ll just mark it Secret.Now, what if the source has since been declassified? ” But what if the specific fact you used was actually Confidential in the source? You can’t work from memory. You need the actual source document in front of you.
Mixing Sources Without Reconciliation
Sometimes you pull from two or more source documents. Your new document needs to reflect the highest of the two. One says Secret, the other says Top Secret. And your derivative classification block needs to list both sources. Don’t just pick one Surprisingly effective..
Practical Tips
Alright, let’s keep this actionable. If you only remember a few things from this whole article, make it these Small thing, real impact..
- Always have your source document open while you work. Do not close it. Do not work from recall. Have it right there.
- Portion mark as you go, not after. Mark each paragraph with (S), (TS), (C), or (U) the moment you write it. Don’t leave it for later — you’ll forget.
- Double-check your “Derived From” line. It should match the document identifier from your source. Not the title. Not a nickname. The actual document number.
- If you’re unsure, don’t guess. Ask your security manager. Ask your OCA. A five-minute question saves you a world of trouble later.
- Use the “Contained In” guide if your organization has one. Some agencies maintain guides that tell you exactly how to classify common topics. They’re gold.
FAQ
Who can perform derivative classification?
Anyone with access to classified information and proper training can perform derivative classification. You don’t need special appointment or authority. You just need an authorized source document and the knowledge to apply the rules correctly Practical, not theoretical..
What’s the difference between original and derivative classification?
Original classification is when a designated official decides that unclassified information needs protection. Derivative classification is when you take already-classified information and incorporate it into a new document. The key difference is who determines the classification in the first place.
Can you downgrade information during derivative classification?
No. You cannot downgrade. The derivative product carries the same classification as the source. Only an original classification authority can downgrade or declassify information But it adds up..
Do you need a security clearance to perform derivative classification?
Generally, yes. You need access to the classified information in the source document to begin with. That requires the appropriate clearance level and a valid need-to-know.
What happens if you mark derivative classification incorrectly?
It depends on the severity. Which means minor mistakes might result in retraining or a security violation report. Major errors — like releasing classified information to an unclassified environment — can lead to clearance suspension, revocation, or legal action The details matter here..
Wrapping This Up
Derivative classification isn’t mysterious. It’s a process. Because of that, follow the source, match the markings, document your authority, and don’t guess. The test question about it? Day to day, the true statement is almost always the one about carrying forward the classification from an authorized source. And that’s the heart of it. Everything else is supporting detail.
