[House Document 109-76]
[From the U.S. Government Publishing Office]



                                     

109th Congress, 1st Session - - - - - - - - - - - - - House Document 
109-76
 
   GUIDELINES AND REQUIREMENTS IN SUPPORT OF THE INFORMATION SHARING 
                              ENVIRONMENT

                               __________

                                MESSAGE

                                  from

                   THE PRESIDENT OF THE UNITED STATES

                              transmitting

   GUIDELINES AND REQUIREMENTS TO IMPLEMENT THE INFORMATION SHARING 
ENVIRONMENT (ISE) CALLED FOR BY SECTION 1016 OF THE INTELLIGENCE REFORM 
              AND TERRORISM PREVENTION ACT OF 2004 (IRTPA)




  December 17, 2005.--Message and accompanying papers referred to the 
 Committee on Intelligence (Permanent Select) and ordered to be printed
To the Congress of the United States:
    The robust and effective sharing of terrorism information 
is vital to protecting Americans and the Homeland from 
terrorist attacks. To ensure that we succeed in this mission, 
my Administration is working to implement the Information 
Sharing Environment (ISE) called for by section 1016 of the 
Intelligence Reform and Terrorism Prevention Act of 2004 
(IRTPA). The ISE is intended to enable the Federal Government 
and our State, local, tribal, and private sector partners to 
share appropriate information relating to terrorists, their 
threats, plans, networks, supporters, and capabilities while, 
at the same time, respecting the information privacy and other 
legal rights of all Americans.
    Today, I issued a set of guidelines and requirements that 
represent a significant step in the establishment of the ISE. 
These guidelines and requirements, which are consistent with 
the provisions of section 1016(d) of IRTPA, are set forth in a 
memorandum to the heads of executive departments and agencies. 
The guidelines and requirements also address collateral issues 
that are essential to any meaningful progress on information 
sharing. In sum, these guidelines will:
           Clarify roles and authorities across 
        executive departments and agencies;
           Implement common standards and architectures 
        to further facilitate timely and effective information 
        sharing;
           Improve the Federal Government's terrorism 
        information sharing relationships with State, local, 
        and tribal governments, the private sector, and foreign 
        allies;
           Revamp antiquated classification and marking 
        systems, as they relate to sensitive but unclassified 
        information;
           Ensure that information privacy and other 
        legal rights of Americans are protected in the 
        development and implementation of the ISE; and
           Ensure that departments and agencies promote 
        a culture of information sharing by assigning personnel 
        and dedicating resources to terrorism information 
        sharing.
    The guidelines build on the strong commitment that my 
Administration and the Congress have already made to 
strengthening information sharing, as evidenced by Executive 
Orders 13311 of July 27, 2003, and 13388 of October 25, 2005, 
section 892 of the Homeland Security Act of 2002, the USA 
PATRIOT Act, and sections 1011 and 1016 of the IRTPA. While 
much work has been done by executive departments and agencies, 
more is required to fully develop and implement the ISE.
    To lead this national effort, I designated the Program 
Manager (PM) responsible for information sharing across the 
Federal Government, and directed that the PM and his office be 
part of the Office of the Director of National Intelligence 
(DNI), and that the DNI exercise authority, direction, and 
control over the PM and ensure that the PM carries out his 
responsibilities under section 1016 of IRTPA. I fully support 
the efforts of the PM and the Information Sharing Council to 
transform our current capabilities into the desired ISE, and I 
have directed all heads of executive departments and agencies 
to support the PM and the DNI to meet our stated objectives.
    Creating the ISE is a difficult and complex task that will 
require a sustained effort and strong partnership with the 
Congress. I know that you share my commitment to achieve the 
goal of providing decision makers and the men and women on the 
front lines in the War on Terror with the best possible 
information to protect our Nation. I appreciate your support to 
date and look forward to working with you in the months ahead 
on this critical initiative.

                                                    George W. Bush.
    The White House, December 16, 2005.
                                           The White House,
                                     Washington, December 16, 2005.
Memorandum for the Heads of Executive Departments and Agencies.
Subject: Guidelines and Requirements in Support of the Information 
        Sharing Environment.

    Ensuring the appropriate access to, and the sharing, 
integration, and use of, information by Federal, State, local, 
and tribal agencies with counterterrorism responsibilities, 
and, as appropriate, private sector entities, while protecting 
the information privacy and other legal rights of Americans, 
remains a high priority for the united States and a necessity 
for winning the war on terror. Consistent with section 1016 of 
the Intelligence Reform and Terrorism Prevention Act of 2004 
(Public Law 108-458) (IRTPA), my Administration is working to 
create an Information Sharing Environment (ISE) to facilitate 
the sharing of terrorism information (as defined in Executive 
Order 13388 of October 25, 2005).
    Section 1016 of IRTPA supplements section 892 of the 
Homeland Security Act of 2002 (Public Law 107-296), Executive 
Order 13311 of July 29, 2003, and other Presidential guidance, 
which address various aspects of information access. On April 
15, 2005, consistent with section 1016(f) of IRTPA, I 
designated the program manager (PM) responsible for information 
sharing across the Federal Government. On June 2, 2005, my 
memorandum entitled ``Strengthening Information Sharing, 
Access, and Integration--Organizational, Management, and Policy 
Development Structures for Creating the Terrorism Information 
Sharing Environment'' directed that the PM and his office be 
part of the Office of the Director of National Intelligence 
(DNI), and that the DNI exercise authority, direction, and 
control over the PM and ensure that the PM carries out his 
responsibilities under IRTPA. On October 25, 2005, I issued 
Executive Order 13388 to facilitate the work of the PM and the 
expeditious establishment of the ISE and restructure the 
Information Sharing Council (ISC), which provides advice 
concerning and assists in the establishment, implementation, 
and maintenance of the ISE.
    On June 2, 2005, I also established the Information Sharing 
Policy Coordination Committee (ISPCC), which is chaired jointly 
by the Homeland Security Council (HSC) and the National 
Security Council (NSC), and which has the responsibilities set 
forth in section D of Homeland Security Presidential Directive-
1 and other relevant presidential guidance with respect to 
information sharing. The ISPCC is the main day-to-day forum for 
interagency coordination of information sharing policy, 
including the resolution of issues raised by the PM, and 
provides policy analysis and recommendations for consideration 
by the more senior committees of the HSC and NSC systems and 
ensures timely responses.
    Section 1016(d) of IRTPA calls for leveraging all ongoing 
efforts consistent with establishing the ISE, the issuance of 
guidelines for acquiring, accessing, sharing, and using 
information in support of the ISE and for protecting privacy 
and civil liberties in the development of the ISE, and the 
promotion of a culture of information sharing. Consistent with 
the Constitution and the laws of the United States, including 
section 103 of the National Security Act of 1947, as amended, 
and sections 1016 and 1018 of IRTPA, I hereby direct as 
follows:
    1. Leveraging Ongoing Information Sharing Efforts in the 
Development of the ISE. The ISE shall build upon existing 
Federal Government policies, standards, procedures, programs, 
systems, and architectures (collectively ``resources'') used 
for the sharing and integration of and access to terrorism 
information, and shall leverage those resources to the maximum 
extent practicable, with the objective of establishing a 
decentralized, comprehensive, and coordinated environment for 
the sharing and integration of such information.
          a. The DNI shall direct the PM to conduct and 
        complete, within 90 days after the date of this 
        memorandum, in consultation with the ISC, a 
        comprehensive evaluation of existing resources 
        pertaining to terrorism information sharing employed by 
        individual or multiple executive departments and 
        agencies. Such evaluation shall assess such resources 
        for their utility and integrative potential in 
        furtherance of the establishment of the ISE and shall 
        identify any unnecessary redundancies.
          b. To ensure that the ISE supports the needs of 
        executive departments and agencies with 
        counterterrorism responsibilities, and consistent with 
        section 1021 of IRTPA, the DNI shall direct the PM, 
        jointly with the Director of the National 
        Counterterrorism Center (NCTC), and in coordination 
        with the heads of relevant executive departments and 
        agencies, to review and identify the respective 
        missions, roles, and responsibilities of such executive 
        departments and agencies, both as producers and users 
        of terrorism information, relating to the acquisition, 
        access, retention, production, use, management, and 
        sharing of terrorism information. The findings shall be 
        reviewed through the interagency policy coordination 
        process, and any recommendations for the further 
        definition, reconciliation, or alteration of such 
        missions, roles, and responsibilities shall be 
        submitted, within 180 days after the date of this 
        memorandum, by the DNI to the President for approval 
        through the Assistant to the President for Homeland 
        Security and Counterterrorism (APHS-CT) and the 
        Assistant to the President for National Security 
        Affairs (APNSA). This effort shall be coordinated as 
        appropriate with the tasks assigned under the 
        Guidelines set forth in section 2 of this memorandum.
          c. Upon the submission of findings as directed in the 
        preceding paragraph (1(b)), the DNI shall direct the 
        PM, in consultation with the ISC, to develop, in a 
        manner consistent with applicable law, the policies, 
        procedures, and architectures needed to create the ISE, 
        which shall support the counterterrorism missions, 
        roles, and responsibilities of executive departments 
        and agencies. These policies, procedures, and 
        architectures shall be reviewed through the interagency 
        policy coordination process, and shall be submitted, 
        within 180 days after the submission of findings as 
        directed in the preceding paragraph (1(b)), by the DNI 
        to the President for approval through the APHS-CT and 
        the APNSA.
    2. Information Sharing Guidelines. Consistent with section 
1016(d) of IRTPA, I hereby issue the following guidelines and 
related requirements, the implementation of which shall be 
conducted in consultation with, and with support from, the PM 
as directed by the DNI:
          a. Guideline 1.--Define Common Standards for How 
        Information is Acquired, Accessed, Shared, and Used 
        Within the ISE
          The ISE must, to the extent possible, be supported by 
        common standards that maximize the acquisition, access, 
        retention, production, use, management, and sharing of 
        terrorism information within the ISE consistent with 
        the protection of intelligence, law enforcement, 
        protective, and military sources, methods, and 
        activities.
          Consistent with Executive Order 13388 and IRTPA, the 
        DNI, in coordination with the Secretaries of State, 
        Defense, and Homeland Security, and the Attorney 
        General, shall develop and issue, within 90 days after 
        the date of this memorandum, common standards (i) for 
        preparing terrorism information for maximum 
        distribution and access, (ii) to enable the 
        acquisition, access, retention, production, use, 
        management, and sharing of terrorism information within 
        the ISE while safeguarding such information and 
        protecting sources and methods from unauthorized use or 
        disclosure, (iii) for implementing legal requirements 
        relating to the handling of specific types of 
        information, and (iv) that include the appropriate 
        method for the Government-wide adoption and 
        implementation of such standards. Such standards shall 
        accommodate and reflect the sharing of terrorism 
        information, as appropriate, with State, local, and 
        tribal governments, law enforcement agencies, and the 
        private sector. Within 90 days after the issuance of 
        such standards, the Secretary of Homeland Security and 
        the Attorney General shall jointly disseminate such 
        standards for use by State, local, and tribal 
        governments, law enforcement agencies, and the private 
        sector, on a mandatory basis where possible and a 
        voluntary basis where not. The DNI may amend the common 
        standards from time to time as appropriate through the 
        same process by which the DNI issued them.
          b. Guideline 2. Develop a Common Framework for the 
        Sharing of Information Between and Among Executive 
        Departments and Agencies and State, Local, and Tribal 
        Governments, Law Enforcement Agencies, and the Private 
        Sector
          Recognizing that the war on terror must be a national 
        effort, State, local, and tribal governments, law 
        enforcement agencies, and the private sector must have 
        the opportunity to participate as full partners in the 
        ISE, to the extent consistent with applicable laws and 
        executive orders and directives, the protection of 
        national security, and the protection of the 
        information privacy rights and other legal rights of 
        Americans.
          Within 180 days after the date of this memorandum, 
        the Secretary of Homeland Security and the Attorney 
        General, in consultation with the Secretaries of State, 
        Defense, and Health and Human Services, and the DNI, 
        and consistent with the findings of the 
        counterterrorism missions, roles, and responsibilities 
        review under section 1 of this memorandum, shall:
                  (i) Perform a comprehensive review of the 
                authorities and responsibilities of executive 
                departments and agencies regarding information 
                sharing with State, local, and tribal 
                governments, law enforcement agencies, and the 
                private sector; and
                  (ii) Submit to the President for approval, 
                through the APHS-CT and the APNSA, a 
                recommended framework to govern the roles and 
                responsibilities of executive departments and 
                agencies pertaining to the acquisition, access, 
                retention, production, use, management, and 
                sharing of homeland security information, law 
                enforcement information, and terrorism 
                information between and among such departments 
                and agencies and State, local, and tribal 
                governments, law enforcement agencies, and 
                private sector entities.
          c. Guideline 3.--Standardize Procedures for Sensitive 
        But Unclassified Information
          To promote and enhance the effective and efficient 
        acquisition, access, retention, production, use, 
        management, and sharing of Sensitive But Unclassified 
        (SBU) information, including homeland security 
        information, law enforcement information, and terrorism 
        information, procedures and standards for designating, 
        marking, and handling SBU information (collectively 
        ``SBU procedures'') must be standardized across the 
        Federal Government. SBU procedures must promote 
        appropriate and consistent safeguarding of the 
        information and must be appropriately shared with, and 
        accommodate and reflect the imperative for timely and 
        accurate dissemination of terrorism information to, 
        State, local, and tribal governments, law enforcement 
        agencies, and private sector entities. This effort must 
        be consistent with Executive Orders 13311 and 13388, 
        section 892 of the Homeland Security Act of 2002, 
        section 1016 of IRTPA, section 102A of the National 
        Security Act of 1947, the Freedom of Information Act, 
        the Privacy Act of 1974, and other applicable laws and 
        executive orders and directives.
                  (i) Within 90 days after the date of this 
                memorandum, each executive department and 
                agency will conduct an inventory of its SBU 
                procedures, determine the underlying authority 
                for each entry in the inventory, and provide an 
                assessment of the effectiveness of its existing 
                SBU procedures. The results of each inventory 
                shall be reported to the DNI, who shall provide 
                the compiled results to the Secretary of 
                Homeland Security and the Attorney General.
                  (ii) Within 90 days after receiving the 
                compiled results of the inventories required 
                under the preceding paragraph (i), the 
                Secretary of Homeland Security and the Attorney 
                General, in coordination with the Secretaries 
                of State, Defense, and Energy, and the DNI, 
                shall submit to the President for approval 
                recommendations for the standardization of SBU 
                procedures for homeland security information, 
                law enforcement information, and terrorism 
                information in the manner described in 
                paragraph (iv) below.
                  (iii) Within 1 year after the date of this 
                memorandum, the DNI, in coordination with the 
                Secretaries of State, the Treasury, Defense, 
                Commerce, Energy, Homeland Security, Health and 
                Human Services, and the Attorney General, and 
                in consultation with all other heads of 
                relevant executive departments and agencies, 
                shall submit to the President for approval 
                recommendations for the standardization of SBU 
                procedures for all types of information not 
                addressed by the preceding paragraph (ii) in 
                the manner described in paragraph (iv) below.
                  (iv) All recommendations required to be 
                submitted to the President under this Guideline 
                shall be submitted through the Director of the 
                Office of Management and Budget (OMB), the 
                APHS-CT, and the APNSA, as a report that 
                contains the following:
                          (A) recommendations for government-
                        wide policies and procedures to 
                        standardize SBU procedures;
                          (B) recommendations, as appropriate, 
                        for legislative, policy, regulatory, 
                        and administrative changes; and
                          (C) an assessment by each department 
                        and agency participating in the SBU 
                        procedures review process of the costs 
                        and budgetary considerations for all 
                        proposed changes to marking 
                        conventions, handling caveats, and 
                        other procedures pertaining to SBU 
                        information.
                  (v) Upon the approval by the President of the 
                recommendations submitted under this Guideline, 
                heads of executive departments and agencies 
                shall ensure on an ongoing basis that such 
                recommendations are fully implemented in such 
                department or agency, as applicable. The DNI 
                shall direct the PM to support executive 
                departments and agencies in such 
                implementation, as well as in the development 
                of relevant guidance and training programs for 
                the standardized SBU procedures.
          d. Guideline 4.--Facilitate Information Sharing 
        Between Executive Departments and Agencies and Foreign 
        Partners
          The ISE must support and facilitate appropriate 
        terrorism information sharing between executive 
        departments and agencies and foreign partners and 
        allies. To that end, policies and procedures to 
        facilitate such informational access and exchange, 
        including those relating to the handling of information 
        received from foreign governments, must be established 
        consistent with applicable laws and executive orders 
        and directives.
          Within 180 days after the date of this memorandum, 
        the Secretary of State, in coordination with the 
        Secretaries of Defense, the Treasury, Commerce, and 
        Homeland Security, the Attorney General, and the DNI, 
        shall review existing authorities and submit to the 
        President for approval, through the APHS-CT and the 
        APNSA, recommendations for appropriate legislative, 
        administrative, and policy changes to facilitate the 
        sharing of terrorism information with foreign partners 
        and allies, except for those activities conducted 
        pursuant to sections 102A(k), 104A(f), and 119(f)(1)(E) 
        of the National Security Act of 1947.
          e. Guideline 5.--Protect the Information Privacy 
        Rights and Other Legal Rights of Americans
          As recognized in Executive Order 13353 of August 27, 
        2004, the Federal Government has a solemn obligation, 
        and must continue fully, to protect the legal rights of 
        all Americans in the effective performance of national 
        security and homeland security functions. Accordingly, 
        in the development and use of the ISE, the information 
        privacy rights and other legal rights of Americans must 
        be protected.
                  (i) Within 180 days after the date of this 
                memorandum, the Attorney General and the DNI, 
                in coordination with the heads of executive 
                departments and agencies that possess or use 
                intelligence or terrorism information, shall 
                (A) conduct a review of current executive 
                department and agency information sharing 
                policies and procedures regarding the 
                protection of information privacy and other 
                legal rights of Americans, (B) develop 
                guidelines designed to be implemented by 
                executive departments and agencies to ensure 
                that the information privacy and other legal 
                rights of Americans are protected in the 
                development and use of the ISE, including in 
                the acquisition, access, use, and storage of 
                personally identifiable information, and (C) 
                submit such guidelines to the President for 
                approval through the Director of OMB, the APHS-
                CT, and the APNSA. Such guidelines shall not be 
                inconsistent with Executive Order 12333 and 
                guidance issued pursuant to that order.
                  (ii) Each head of an executive department or 
                agency that possesses or uses intelligence or 
                terrorism information shall ensure on an 
                ongoing basis that (A) appropriate personnel, 
                structures, training, and technologies are in 
                place to ensure that terrorism information is 
                shared in a manner that protects the 
                information privacy and other legal rights of 
                Americans, and (B) upon approval by the 
                President of the guidelines developed under the 
                preceding subsection (i), such guidelines are 
                fully implemented in such department or agency.
    3. Promoting a Culture of Information Sharing. Heads of 
executive departments and agencies must actively work to create 
a culture of information sharing within their respective 
departments or agencies by assigning personnel and dedicating 
resources to terrorism information sharing, by reducing 
disincentives to such sharing, and by holding their senior 
managers and officials accountable for improved and increased 
sharing of such information.
    Accordingly, each head of an executive department or agency 
that possesses or uses intelligence or terrorism information 
shall:
          a. Within 90 days after the date of this memorandum, 
        designate a senior official who possesses knowledge of 
        the operational and policy aspects of information 
        sharing to (i) provide accountability and oversight for 
        terrorism information sharing within such department 
        and agency, (ii) work with the PM, in consultation with 
        the ISC, to develop high-level information sharing 
        performance measures for the department or agency to be 
        assessed no less than semiannually, and (iii) provide, 
        through the department or agency head, an annual report 
        to the DNI on best practices of and remaining barriers 
        to optimal terrorism information sharing;
          b. Within 180 days after the date of this memorandum, 
        develop and issue guidelines, provide training and 
        incentives, and hold relevant personnel accountable for 
        the improved and increased sharing of terrorism 
        information. Such guidelines and training shall seek to 
        reduce obstructions to sharing, consistent with 
        applicable laws and regulations. Accountability efforts 
        shall include the requirement to add a performance 
        evaluation element on information sharing to employees' 
        annual Performance Appraisal Review, as appropriate, 
        and shall focus on the sharing of information that 
        supports the mission of the recipient of the 
        information; and
          c. bring to the attention of the Attorney General and 
        the DNI, on an ongoing basis, any restriction contained 
        in a rule, regulation, executive order or directive 
        that significantly impedes the sharing of terrorism 
        information and that such department or agency head 
        believes is not required by applicable laws or to 
        protect the information privacy rights and other legal 
        rights of Americans. The Attorney General and the DNI 
        shall review such restriction and jointly submit any 
        recommendations for changes to such restriction to the 
        APHS-CT and the APNSA for further review.
    4. Heads of executive departments and agencies shall, to 
the extent permitted by law and subject to the availability of 
appropriations, provide assistance and information to the DNI 
and the PM in the implementation of this memorandum.
    5. This memorandum:
          a. Shall be implemented in a manner consistent with 
        applicable laws, including Federal laws protecting the 
        information privacy rights and other legal rights of 
        Americans, and subject to the availability of 
        appropriations;
          b. Shall be implemented in a manner consistent with 
        the statutory authority of the principal officers of 
        executive departments and agencies as heads of their 
        respective departments or agencies;
          c. Shall not be construed to impair or otherwise 
        affect the functions of the Director of the Office of 
        Management and Budget relating to budget, 
        administrative, and legislative proposals; and
          d. Is intended only to improve the internal 
        management of the Federal Government and is not 
        intended to, and does not, create any rights or 
        benefits, substantive or procedural, enforceable at law 
        or in equity by a party against the United States, its 
        departments, agencies, or entities, its officers, 
        employees, or agencies, or any other person.
                                                    George W. Bush.

                                  
