Additional Security Settings 6-9

6.2.1 About Records Classification

Oracle URM offers several features specifically geared to handling and processing classified content in accordance with the Chapter 4 requirements of the DoD 5015.2 specification. This functionality must be enabled for use see Enabling or Disabling Classified Security on page 6-11. A content item is marked as a classified using a classification specifying the security level of the item. Several built-in classifications Top Secret, Secret, and Confidential are available, but custom classifications can be created see Creating or Editing a Custom Security Classification on page 6-12. Content is either classified, unclassified, or declassified: ■ Classified content has an initial classification and a current classification. The initial classification is specified when the item is first filed. All changes to classification are tracked in the audit logs in the Record History reports. ■ Unclassified content is not and has never been classified. ■ Declassified content was formerly classified. When an item is filed and classified, it typically must be declassified within a ten year period. Any exceptions to this must be given an exemption category. When a declassify date exceeds the ten year period after the publication filing date, an alert reminds the user to enter an exemption category for the item.

6.2.1.1 Classification Levels

The standard security categories classification scheme, from highest to lowest, are as follows: 1. Top Secret 2. Secret 3. Confidential 4. No markings unclassified When using security classification for corporate use only that is, if you are not concerned with DoD compliance, these terms can be defined as necessary for the organization’s infrastructure. For example, Top Secret may apply to that content which is critical to the operation of your company and should never be deleted, while Confidential may apply to content which must be kept limited to a specific group of individuals, such as Human Resource representatives or members of your accounting team. Custom classifications can also be defined. See Creating or Editing a Custom Security Classification on page 6-12. The following descriptions are applicable for those companies which are using the Oracle URM product for DoD compliance. 6-10 Oracle Fusion Middleware Setup Guide for Universal Records Management Figure 6–3 Classified Hierarchy

6.2.1.1.1 Top Secret If complying with DoD Section 1508, the Top Secret classification

according to Executive Order 12958 is applied to information, the unauthorized disclosure of which could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe. If complying with DoD Section 1508, only the President of the United States has the authority to classify content as Top Secret, pursuant to the Executive Order 12958. For further details, access the following link: http:www.fas.orgsgpclintoneo12958.html

6.2.1.1.2 Secret According to EO 12958, the Secret classification level is applied to

information, the unauthorized disclosure of which could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.

6.2.1.1.3 Confidential According to EO 12958, the Secret classification level is applied

to information, the unauthorized disclosure of which could be expected to cause damage to the national security that the original classification authority is able to identify or describe.

6.2.1.2 Classified Records Security Hierarchy