[House Document 109-76]
[From the U.S. Government Publishing Office]
109th Congress, 1st Session - - - - - - - - - - - - - House Document
109-76
GUIDELINES AND REQUIREMENTS IN SUPPORT OF THE INFORMATION SHARING
ENVIRONMENT
__________
MESSAGE
from
THE PRESIDENT OF THE UNITED STATES
transmitting
GUIDELINES AND REQUIREMENTS TO IMPLEMENT THE INFORMATION SHARING
ENVIRONMENT (ISE) CALLED FOR BY SECTION 1016 OF THE INTELLIGENCE REFORM
AND TERRORISM PREVENTION ACT OF 2004 (IRTPA)
December 17, 2005.--Message and accompanying papers referred to the
Committee on Intelligence (Permanent Select) and ordered to be printed
To the Congress of the United States:
The robust and effective sharing of terrorism information
is vital to protecting Americans and the Homeland from
terrorist attacks. To ensure that we succeed in this mission,
my Administration is working to implement the Information
Sharing Environment (ISE) called for by section 1016 of the
Intelligence Reform and Terrorism Prevention Act of 2004
(IRTPA). The ISE is intended to enable the Federal Government
and our State, local, tribal, and private sector partners to
share appropriate information relating to terrorists, their
threats, plans, networks, supporters, and capabilities while,
at the same time, respecting the information privacy and other
legal rights of all Americans.
Today, I issued a set of guidelines and requirements that
represent a significant step in the establishment of the ISE.
These guidelines and requirements, which are consistent with
the provisions of section 1016(d) of IRTPA, are set forth in a
memorandum to the heads of executive departments and agencies.
The guidelines and requirements also address collateral issues
that are essential to any meaningful progress on information
sharing. In sum, these guidelines will:
Clarify roles and authorities across
executive departments and agencies;
Implement common standards and architectures
to further facilitate timely and effective information
sharing;
Improve the Federal Government's terrorism
information sharing relationships with State, local,
and tribal governments, the private sector, and foreign
allies;
Revamp antiquated classification and marking
systems, as they relate to sensitive but unclassified
information;
Ensure that information privacy and other
legal rights of Americans are protected in the
development and implementation of the ISE; and
Ensure that departments and agencies promote
a culture of information sharing by assigning personnel
and dedicating resources to terrorism information
sharing.
The guidelines build on the strong commitment that my
Administration and the Congress have already made to
strengthening information sharing, as evidenced by Executive
Orders 13311 of July 27, 2003, and 13388 of October 25, 2005,
section 892 of the Homeland Security Act of 2002, the USA
PATRIOT Act, and sections 1011 and 1016 of the IRTPA. While
much work has been done by executive departments and agencies,
more is required to fully develop and implement the ISE.
To lead this national effort, I designated the Program
Manager (PM) responsible for information sharing across the
Federal Government, and directed that the PM and his office be
part of the Office of the Director of National Intelligence
(DNI), and that the DNI exercise authority, direction, and
control over the PM and ensure that the PM carries out his
responsibilities under section 1016 of IRTPA. I fully support
the efforts of the PM and the Information Sharing Council to
transform our current capabilities into the desired ISE, and I
have directed all heads of executive departments and agencies
to support the PM and the DNI to meet our stated objectives.
Creating the ISE is a difficult and complex task that will
require a sustained effort and strong partnership with the
Congress. I know that you share my commitment to achieve the
goal of providing decision makers and the men and women on the
front lines in the War on Terror with the best possible
information to protect our Nation. I appreciate your support to
date and look forward to working with you in the months ahead
on this critical initiative.
George W. Bush.
The White House, December 16, 2005.
The White House,
Washington, December 16, 2005.
Memorandum for the Heads of Executive Departments and Agencies.
Subject: Guidelines and Requirements in Support of the Information
Sharing Environment.
Ensuring the appropriate access to, and the sharing,
integration, and use of, information by Federal, State, local,
and tribal agencies with counterterrorism responsibilities,
and, as appropriate, private sector entities, while protecting
the information privacy and other legal rights of Americans,
remains a high priority for the united States and a necessity
for winning the war on terror. Consistent with section 1016 of
the Intelligence Reform and Terrorism Prevention Act of 2004
(Public Law 108-458) (IRTPA), my Administration is working to
create an Information Sharing Environment (ISE) to facilitate
the sharing of terrorism information (as defined in Executive
Order 13388 of October 25, 2005).
Section 1016 of IRTPA supplements section 892 of the
Homeland Security Act of 2002 (Public Law 107-296), Executive
Order 13311 of July 29, 2003, and other Presidential guidance,
which address various aspects of information access. On April
15, 2005, consistent with section 1016(f) of IRTPA, I
designated the program manager (PM) responsible for information
sharing across the Federal Government. On June 2, 2005, my
memorandum entitled ``Strengthening Information Sharing,
Access, and Integration--Organizational, Management, and Policy
Development Structures for Creating the Terrorism Information
Sharing Environment'' directed that the PM and his office be
part of the Office of the Director of National Intelligence
(DNI), and that the DNI exercise authority, direction, and
control over the PM and ensure that the PM carries out his
responsibilities under IRTPA. On October 25, 2005, I issued
Executive Order 13388 to facilitate the work of the PM and the
expeditious establishment of the ISE and restructure the
Information Sharing Council (ISC), which provides advice
concerning and assists in the establishment, implementation,
and maintenance of the ISE.
On June 2, 2005, I also established the Information Sharing
Policy Coordination Committee (ISPCC), which is chaired jointly
by the Homeland Security Council (HSC) and the National
Security Council (NSC), and which has the responsibilities set
forth in section D of Homeland Security Presidential Directive-
1 and other relevant presidential guidance with respect to
information sharing. The ISPCC is the main day-to-day forum for
interagency coordination of information sharing policy,
including the resolution of issues raised by the PM, and
provides policy analysis and recommendations for consideration
by the more senior committees of the HSC and NSC systems and
ensures timely responses.
Section 1016(d) of IRTPA calls for leveraging all ongoing
efforts consistent with establishing the ISE, the issuance of
guidelines for acquiring, accessing, sharing, and using
information in support of the ISE and for protecting privacy
and civil liberties in the development of the ISE, and the
promotion of a culture of information sharing. Consistent with
the Constitution and the laws of the United States, including
section 103 of the National Security Act of 1947, as amended,
and sections 1016 and 1018 of IRTPA, I hereby direct as
follows:
1. Leveraging Ongoing Information Sharing Efforts in the
Development of the ISE. The ISE shall build upon existing
Federal Government policies, standards, procedures, programs,
systems, and architectures (collectively ``resources'') used
for the sharing and integration of and access to terrorism
information, and shall leverage those resources to the maximum
extent practicable, with the objective of establishing a
decentralized, comprehensive, and coordinated environment for
the sharing and integration of such information.
a. The DNI shall direct the PM to conduct and
complete, within 90 days after the date of this
memorandum, in consultation with the ISC, a
comprehensive evaluation of existing resources
pertaining to terrorism information sharing employed by
individual or multiple executive departments and
agencies. Such evaluation shall assess such resources
for their utility and integrative potential in
furtherance of the establishment of the ISE and shall
identify any unnecessary redundancies.
b. To ensure that the ISE supports the needs of
executive departments and agencies with
counterterrorism responsibilities, and consistent with
section 1021 of IRTPA, the DNI shall direct the PM,
jointly with the Director of the National
Counterterrorism Center (NCTC), and in coordination
with the heads of relevant executive departments and
agencies, to review and identify the respective
missions, roles, and responsibilities of such executive
departments and agencies, both as producers and users
of terrorism information, relating to the acquisition,
access, retention, production, use, management, and
sharing of terrorism information. The findings shall be
reviewed through the interagency policy coordination
process, and any recommendations for the further
definition, reconciliation, or alteration of such
missions, roles, and responsibilities shall be
submitted, within 180 days after the date of this
memorandum, by the DNI to the President for approval
through the Assistant to the President for Homeland
Security and Counterterrorism (APHS-CT) and the
Assistant to the President for National Security
Affairs (APNSA). This effort shall be coordinated as
appropriate with the tasks assigned under the
Guidelines set forth in section 2 of this memorandum.
c. Upon the submission of findings as directed in the
preceding paragraph (1(b)), the DNI shall direct the
PM, in consultation with the ISC, to develop, in a
manner consistent with applicable law, the policies,
procedures, and architectures needed to create the ISE,
which shall support the counterterrorism missions,
roles, and responsibilities of executive departments
and agencies. These policies, procedures, and
architectures shall be reviewed through the interagency
policy coordination process, and shall be submitted,
within 180 days after the submission of findings as
directed in the preceding paragraph (1(b)), by the DNI
to the President for approval through the APHS-CT and
the APNSA.
2. Information Sharing Guidelines. Consistent with section
1016(d) of IRTPA, I hereby issue the following guidelines and
related requirements, the implementation of which shall be
conducted in consultation with, and with support from, the PM
as directed by the DNI:
a. Guideline 1.--Define Common Standards for How
Information is Acquired, Accessed, Shared, and Used
Within the ISE
The ISE must, to the extent possible, be supported by
common standards that maximize the acquisition, access,
retention, production, use, management, and sharing of
terrorism information within the ISE consistent with
the protection of intelligence, law enforcement,
protective, and military sources, methods, and
activities.
Consistent with Executive Order 13388 and IRTPA, the
DNI, in coordination with the Secretaries of State,
Defense, and Homeland Security, and the Attorney
General, shall develop and issue, within 90 days after
the date of this memorandum, common standards (i) for
preparing terrorism information for maximum
distribution and access, (ii) to enable the
acquisition, access, retention, production, use,
management, and sharing of terrorism information within
the ISE while safeguarding such information and
protecting sources and methods from unauthorized use or
disclosure, (iii) for implementing legal requirements
relating to the handling of specific types of
information, and (iv) that include the appropriate
method for the Government-wide adoption and
implementation of such standards. Such standards shall
accommodate and reflect the sharing of terrorism
information, as appropriate, with State, local, and
tribal governments, law enforcement agencies, and the
private sector. Within 90 days after the issuance of
such standards, the Secretary of Homeland Security and
the Attorney General shall jointly disseminate such
standards for use by State, local, and tribal
governments, law enforcement agencies, and the private
sector, on a mandatory basis where possible and a
voluntary basis where not. The DNI may amend the common
standards from time to time as appropriate through the
same process by which the DNI issued them.
b. Guideline 2. Develop a Common Framework for the
Sharing of Information Between and Among Executive
Departments and Agencies and State, Local, and Tribal
Governments, Law Enforcement Agencies, and the Private
Sector
Recognizing that the war on terror must be a national
effort, State, local, and tribal governments, law
enforcement agencies, and the private sector must have
the opportunity to participate as full partners in the
ISE, to the extent consistent with applicable laws and
executive orders and directives, the protection of
national security, and the protection of the
information privacy rights and other legal rights of
Americans.
Within 180 days after the date of this memorandum,
the Secretary of Homeland Security and the Attorney
General, in consultation with the Secretaries of State,
Defense, and Health and Human Services, and the DNI,
and consistent with the findings of the
counterterrorism missions, roles, and responsibilities
review under section 1 of this memorandum, shall:
(i) Perform a comprehensive review of the
authorities and responsibilities of executive
departments and agencies regarding information
sharing with State, local, and tribal
governments, law enforcement agencies, and the
private sector; and
(ii) Submit to the President for approval,
through the APHS-CT and the APNSA, a
recommended framework to govern the roles and
responsibilities of executive departments and
agencies pertaining to the acquisition, access,
retention, production, use, management, and
sharing of homeland security information, law
enforcement information, and terrorism
information between and among such departments
and agencies and State, local, and tribal
governments, law enforcement agencies, and
private sector entities.
c. Guideline 3.--Standardize Procedures for Sensitive
But Unclassified Information
To promote and enhance the effective and efficient
acquisition, access, retention, production, use,
management, and sharing of Sensitive But Unclassified
(SBU) information, including homeland security
information, law enforcement information, and terrorism
information, procedures and standards for designating,
marking, and handling SBU information (collectively
``SBU procedures'') must be standardized across the
Federal Government. SBU procedures must promote
appropriate and consistent safeguarding of the
information and must be appropriately shared with, and
accommodate and reflect the imperative for timely and
accurate dissemination of terrorism information to,
State, local, and tribal governments, law enforcement
agencies, and private sector entities. This effort must
be consistent with Executive Orders 13311 and 13388,
section 892 of the Homeland Security Act of 2002,
section 1016 of IRTPA, section 102A of the National
Security Act of 1947, the Freedom of Information Act,
the Privacy Act of 1974, and other applicable laws and
executive orders and directives.
(i) Within 90 days after the date of this
memorandum, each executive department and
agency will conduct an inventory of its SBU
procedures, determine the underlying authority
for each entry in the inventory, and provide an
assessment of the effectiveness of its existing
SBU procedures. The results of each inventory
shall be reported to the DNI, who shall provide
the compiled results to the Secretary of
Homeland Security and the Attorney General.
(ii) Within 90 days after receiving the
compiled results of the inventories required
under the preceding paragraph (i), the
Secretary of Homeland Security and the Attorney
General, in coordination with the Secretaries
of State, Defense, and Energy, and the DNI,
shall submit to the President for approval
recommendations for the standardization of SBU
procedures for homeland security information,
law enforcement information, and terrorism
information in the manner described in
paragraph (iv) below.
(iii) Within 1 year after the date of this
memorandum, the DNI, in coordination with the
Secretaries of State, the Treasury, Defense,
Commerce, Energy, Homeland Security, Health and
Human Services, and the Attorney General, and
in consultation with all other heads of
relevant executive departments and agencies,
shall submit to the President for approval
recommendations for the standardization of SBU
procedures for all types of information not
addressed by the preceding paragraph (ii) in
the manner described in paragraph (iv) below.
(iv) All recommendations required to be
submitted to the President under this Guideline
shall be submitted through the Director of the
Office of Management and Budget (OMB), the
APHS-CT, and the APNSA, as a report that
contains the following:
(A) recommendations for government-
wide policies and procedures to
standardize SBU procedures;
(B) recommendations, as appropriate,
for legislative, policy, regulatory,
and administrative changes; and
(C) an assessment by each department
and agency participating in the SBU
procedures review process of the costs
and budgetary considerations for all
proposed changes to marking
conventions, handling caveats, and
other procedures pertaining to SBU
information.
(v) Upon the approval by the President of the
recommendations submitted under this Guideline,
heads of executive departments and agencies
shall ensure on an ongoing basis that such
recommendations are fully implemented in such
department or agency, as applicable. The DNI
shall direct the PM to support executive
departments and agencies in such
implementation, as well as in the development
of relevant guidance and training programs for
the standardized SBU procedures.
d. Guideline 4.--Facilitate Information Sharing
Between Executive Departments and Agencies and Foreign
Partners
The ISE must support and facilitate appropriate
terrorism information sharing between executive
departments and agencies and foreign partners and
allies. To that end, policies and procedures to
facilitate such informational access and exchange,
including those relating to the handling of information
received from foreign governments, must be established
consistent with applicable laws and executive orders
and directives.
Within 180 days after the date of this memorandum,
the Secretary of State, in coordination with the
Secretaries of Defense, the Treasury, Commerce, and
Homeland Security, the Attorney General, and the DNI,
shall review existing authorities and submit to the
President for approval, through the APHS-CT and the
APNSA, recommendations for appropriate legislative,
administrative, and policy changes to facilitate the
sharing of terrorism information with foreign partners
and allies, except for those activities conducted
pursuant to sections 102A(k), 104A(f), and 119(f)(1)(E)
of the National Security Act of 1947.
e. Guideline 5.--Protect the Information Privacy
Rights and Other Legal Rights of Americans
As recognized in Executive Order 13353 of August 27,
2004, the Federal Government has a solemn obligation,
and must continue fully, to protect the legal rights of
all Americans in the effective performance of national
security and homeland security functions. Accordingly,
in the development and use of the ISE, the information
privacy rights and other legal rights of Americans must
be protected.
(i) Within 180 days after the date of this
memorandum, the Attorney General and the DNI,
in coordination with the heads of executive
departments and agencies that possess or use
intelligence or terrorism information, shall
(A) conduct a review of current executive
department and agency information sharing
policies and procedures regarding the
protection of information privacy and other
legal rights of Americans, (B) develop
guidelines designed to be implemented by
executive departments and agencies to ensure
that the information privacy and other legal
rights of Americans are protected in the
development and use of the ISE, including in
the acquisition, access, use, and storage of
personally identifiable information, and (C)
submit such guidelines to the President for
approval through the Director of OMB, the APHS-
CT, and the APNSA. Such guidelines shall not be
inconsistent with Executive Order 12333 and
guidance issued pursuant to that order.
(ii) Each head of an executive department or
agency that possesses or uses intelligence or
terrorism information shall ensure on an
ongoing basis that (A) appropriate personnel,
structures, training, and technologies are in
place to ensure that terrorism information is
shared in a manner that protects the
information privacy and other legal rights of
Americans, and (B) upon approval by the
President of the guidelines developed under the
preceding subsection (i), such guidelines are
fully implemented in such department or agency.
3. Promoting a Culture of Information Sharing. Heads of
executive departments and agencies must actively work to create
a culture of information sharing within their respective
departments or agencies by assigning personnel and dedicating
resources to terrorism information sharing, by reducing
disincentives to such sharing, and by holding their senior
managers and officials accountable for improved and increased
sharing of such information.
Accordingly, each head of an executive department or agency
that possesses or uses intelligence or terrorism information
shall:
a. Within 90 days after the date of this memorandum,
designate a senior official who possesses knowledge of
the operational and policy aspects of information
sharing to (i) provide accountability and oversight for
terrorism information sharing within such department
and agency, (ii) work with the PM, in consultation with
the ISC, to develop high-level information sharing
performance measures for the department or agency to be
assessed no less than semiannually, and (iii) provide,
through the department or agency head, an annual report
to the DNI on best practices of and remaining barriers
to optimal terrorism information sharing;
b. Within 180 days after the date of this memorandum,
develop and issue guidelines, provide training and
incentives, and hold relevant personnel accountable for
the improved and increased sharing of terrorism
information. Such guidelines and training shall seek to
reduce obstructions to sharing, consistent with
applicable laws and regulations. Accountability efforts
shall include the requirement to add a performance
evaluation element on information sharing to employees'
annual Performance Appraisal Review, as appropriate,
and shall focus on the sharing of information that
supports the mission of the recipient of the
information; and
c. bring to the attention of the Attorney General and
the DNI, on an ongoing basis, any restriction contained
in a rule, regulation, executive order or directive
that significantly impedes the sharing of terrorism
information and that such department or agency head
believes is not required by applicable laws or to
protect the information privacy rights and other legal
rights of Americans. The Attorney General and the DNI
shall review such restriction and jointly submit any
recommendations for changes to such restriction to the
APHS-CT and the APNSA for further review.
4. Heads of executive departments and agencies shall, to
the extent permitted by law and subject to the availability of
appropriations, provide assistance and information to the DNI
and the PM in the implementation of this memorandum.
5. This memorandum:
a. Shall be implemented in a manner consistent with
applicable laws, including Federal laws protecting the
information privacy rights and other legal rights of
Americans, and subject to the availability of
appropriations;
b. Shall be implemented in a manner consistent with
the statutory authority of the principal officers of
executive departments and agencies as heads of their
respective departments or agencies;
c. Shall not be construed to impair or otherwise
affect the functions of the Director of the Office of
Management and Budget relating to budget,
administrative, and legislative proposals; and
d. Is intended only to improve the internal
management of the Federal Government and is not
intended to, and does not, create any rights or
benefits, substantive or procedural, enforceable at law
or in equity by a party against the United States, its
departments, agencies, or entities, its officers,
employees, or agencies, or any other person.
George W. Bush.
�