What is Need-to-Know?

 

Your security clearance does not give you approved access to all classified information. It gives you access only to:

Information at the same or lower level of classification as the level of the clearance granted; AND that you have a “need-to-know” in order to perform your work.

Need-to-know is one of the most fundamental security principles. The practice of need-to-know limits the damage that can be done by a trusted insider who goes bad. Failures in implementing the need-to-know principle have contributed greatly to the damage caused by a number of recent espionage cases.

Need-to-know imposes a dual responsibility on you and all other authorized holders of classified information:

  • When doing your job, you are expected to limit your requests for information to that which you have a genuine need-to-know. Under some circumstances, you may be expected to explain and justify your need-to-know when asking others for information.
  • Conversely, you are expected to ensure that anyone to whom you give classified information has a legitimate need to know that information. You are obliged to ask the other person for sufficient information to enable you to make an informed decision about their need-to-know, and the other person is obliged to justify their need-to-know.
  • You are expected to refrain from discussing classified information in hallways, cafeterias, elevators, restrooms or smoking areas where the discussion may be overheard by persons who do not have a need-to-know the subject of conversation.

You are also obliged to report to your security office any co-worker who repeatedly violates the need-to-know principle.

Need-to-know is difficult to implement as it conflicts with our natural desire to be friendly and helpful. It also requires a level of personal responsibility that many of us find difficult to accept. The importance of limiting sensitive information to those who have a need to know is underscored, however, every time a trusted insider is found to have betrayed that trust.

Here are some specific circumstances when you need to be particularly careful:

  • An individual from another organization may contact you and ask for information about your classified Even though you have reason to believe this person has the appropriate clearance, you are also obliged to confirm the individual’s need-to-know before providing information. If you have any doubt, consult your supervisor or security officer.
  • Difficult situations sometimes arise when talking with friends who used to be assigned to the same classified program where you are now working. The fact that a colleague formerly had a need-to-know about this program does not mean he or she may have access to the information. There is no “need” to keep up to date on sensitive developments after being transferred to a different
  • The need-to-know principle also applies to placing classified information on computer networks. Before doing so, make sure it is appropriate for this information to be seen by all persons with access to the system. Although every individual gaining access to a particular computer network is cleared for the clearance level of that system, they may not have a need to know all of the information posted on the system.

 

For more information on Security Clearances check out our series where our experts cover the in’s and outs of obtaining and working with security clearances.