[Public Papers of the Presidents of the United States: George W. Bush (2005, Book II)]
[December 16, 2005]
[Pages 1863-1869]
[From the U.S. Government Publishing Office www.gpo.gov]



Memorandum on Guidelines and Requirements in Support of the Information 
Sharing Environment
December 16, 2005

 Memorandum for the Heads of Executive Departments and Agencies

Subject: Guidelines and Requirements in Support of the Information 
Sharing Environment

    Ensuring the appropriate access to, and the sharing, integration, 
and use of, information by Federal, State, local, and tribal agencies 
with counterterrorism responsibilities, and, as appropriate, private 
sector entities, while protecting the information privacy and other 
legal rights of Americans, remains a high priority for the United States 
and a necessity for winning the war on terror. Consistent with section 
1016 of the Intelligence Reform and Terrorism Prevention Act of 2004 
(Public Law 108-458) (IRTPA), my Administration is working to create an 
Information Sharing Environment (ISE) to facilitate the sharing of 
terrorism information (as defined in Executive Order 13388 of October 
25, 2005).
    Section 1016 of IRTPA supplements section 892 of the Homeland 
Security Act of 2002 (Public Law 107-296), Executive Order 13311 of July 
29, 2003, and other Presidential guidance, which address various aspects 
of information access. On April 15, 2005, consistent with section 
1016(f) of IRTPA, I designated the program manager (PM) responsible for 
information sharing across the Federal Government. On June 2, 2005, my 
memorandum entitled ``Strengthening Information Sharing, Access, and 
Integration--Organizational, Management, and Policy Development 
Structures for Creating the Terrorism Information Sharing Environment'' 
directed that the PM and his office be part of the Office of the 
Director of National Intelligence (DNI), and that the DNI exercise 
authority, direction, and control over the PM and ensure that the PM 
carries out his responsibilities under IRTPA. On October 25, 2005, I 
issued Executive Order 13388 to facilitate the work of the PM and the 
expeditious establishment of the ISE and restructure the Information 
Sharing Council (ISC), which provides advice concerning and assists in 
the establishment, implementation, and maintenance of the ISE.
    On June 2, 2005, I also established the Information Sharing Policy 
Coordination Committee (ISPCC), which is chaired jointly by the Homeland 
Security Council (HSC) and the National Security Council (NSC), and 
which has the responsibilities set forth in section D of Homeland 
Security Presidential Directive-1 and other relevant presidential 
guidance with respect to information sharing. The ISPCC is the main day-
to-day forum for interagency coordination of information sharing policy, 
including the resolution of issues raised by the PM, and provides policy 
analysis and recommendations for consideration by the more senior 
committees of the HSC and NSC systems and ensures timely responses.
    Section 1016(d) of IRTPA calls for leveraging all ongoing efforts 
consistent with establishing the ISE, the issuance of guidelines for 
acquiring, accessing, sharing, and using information in support of the 
ISE and for protecting privacy and civil liberties in the development of 
the ISE, and the promotion of a culture of information sharing. 
Consistent with the Constitution and the laws of the United States, 
including section 103 of the National Security Act of 1947, as amended, 
and sections 1016 and 1018 of IRTPA, I hereby direct as follows:
    1. Leveraging Ongoing Information Sharing Efforts in the Development 
of the ISE. The ISE shall build upon existing Federal Government 
policies, standards, procedures, programs, systems, and architectures

[[Page 1864]]

(collectively ``resources'') used for the sharing and integration of and 
access to terrorism information, and shall leverage those resources to 
the maximum extent practicable, with the objective of establishing a 
decentralized, comprehensive, and coordinated environment for the 
sharing and integration of such information.
      a. The DNI shall direct the PM to conduct and complete, within 90 
        days after the date of this memorandum, in consultation with the 
        ISC, a comprehensive evaluation of existing resources pertaining 
        to terrorism information sharing employed by individual or 
        multiple executive departments and agencies. Such evaluation 
        shall assess such resources for their utility and integrative 
        potential in furtherance of the establishment of the ISE and 
        shall identify any unnecessary redundancies.
      b. To ensure that the ISE supports the needs of executive 
        departments and agencies with counterterrorism responsibilities, 
        and consistent with section 1021 of IRTPA, the DNI shall direct 
        the PM, jointly with the Director of the National 
        Counterterrorism Center (NCTC), and in coordination with the 
        heads of relevant executive departments and agencies, to review 
        and identify the respective missions, roles, and 
        responsibilities of such executive departments and agencies, 
        both as producers and users of terrorism information, relating 
        to the acquisition, access, retention, production, use, 
        management, and sharing of terrorism information. The findings 
        shall be reviewed through the interagency policy coordination 
        process, and any recommendations for the further definition, 
        reconciliation, or alteration of such missions, roles, and 
        responsibilities shall be submitted, within 180 days after the 
        date of this memorandum, by the DNI to the President for 
        approval through the Assistant to the President for Homeland 
        Security and Counterterrorism (APHS-CT) and the Assistant to the 
        President for National Security Affairs (APNSA). This effort 
        shall be coordinated as appropriate with the tasks assigned 
        under the Guidelines set forth in section 2 of this memorandum.
      c. Upon the submission of findings as directed in the preceding 
        paragraph (1(b)), the DNI shall direct the PM, in consultation 
        with the ISC, to develop, in a manner consistent with applicable 
        law, the policies, procedures, and architectures needed to 
        create the ISE, which shall support the counterterrorism 
        missions, roles, and responsibilities of executive departments 
        and agencies. These policies, procedures, and architectures 
        shall be reviewed through the interagency policy coordination 
        process, and shall be submitted, within 180 days after the 
        submission of findings as directed in the preceding paragraph 
        (1(b)), by the DNI to the President for approval through the 
        APHS-CT and the APNSA.
    2. Information Sharing Guidelines. Consistent with section 1016(d) 
of IRTPA, I hereby issue the following guidelines and related 
requirements, the implementation of which shall be conducted in 
consultation with, and with support from, the PM as directed by the DNI:
      a. Guideline 1--Define Common Standards for How Information is 
        Acquired, Accessed, Shared, and Used Within the ISE
      The ISE must, to the extent possible, be supported by common 
        standards that maximize the acquisition, access, retention, 
        production, use, management, and sharing of terrorism 
        information within the ISE consistent with the protection of 
        intelligence, law enforcement, protective, and military sources, 
        methods, and activities.
      Consistent with Executive Order 13388 and IRTPA, the DNI, in 
        coordination

[[Page 1865]]

        with the Secretaries of State, Defense, and Homeland Security, 
        and the Attorney General, shall develop and issue, within 90 
        days after the date of this memorandum, common standards (i) for 
        preparing terrorism information for maximum distribution and 
        access, (ii) to enable the acquisition, access, retention, 
        production, use, management, and sharing of terrorism 
        information within the ISE while safeguarding such information 
        and protecting sources and methods from unauthorized use or 
        disclosure, (iii) for implementing legal requirements relating 
        to the handling of specific types of information, and (iv) that 
        include the appropriate method for the Government-wide adoption 
        and implementation of such standards. Such standards shall 
        accommodate and reflect the sharing of terrorism information, as 
        appropriate, with State, local, and tribal governments, law 
        enforcement agencies, and the private sector. Within 90 days 
        after the issuance of such standards, the Secretary of Homeland 
        Security and the Attorney General shall jointly disseminate such 
        standards for use by State, local, and tribal governments, law 
        enforcement agencies, and the private sector, on a mandatory 
        basis where possible and a voluntary basis where not. The DNI 
        may amend the common standards from time to time as appropriate 
        through the same process by which the DNI issued them.
      b. Guideline 2--Develop a Common Framework for the Sharing of 
        Information Between and Among Executive Departments and Agencies 
        and State, Local, and Tribal Governments, Law Enforcement 
        Agencies, and the Private Sector
      Recognizing that the war on terror must be a national effort, 
        State, local, and tribal governments, law enforcement agencies, 
        and the private sector must have the opportunity to participate 
        as full partners in the ISE, to the extent consistent with 
        applicable laws and executive orders and directives, the 
        protection of national security, and the protection of the 
        information privacy rights and other legal rights of Americans.
      Within 180 days after the date of this memorandum, the Secretary 
        of Homeland Security and the Attorney General, in consultation 
        with the Secretaries of State, Defense, and Health and Human 
        Services, and the DNI, and consistent with the findings of the 
        counterterrorism missions, roles, and responsibilities review 
        under section 1 of this memorandum, shall:
      (i) perform a comprehensive review of the authorities and 
        responsibilities of executive departments and agencies regarding 
        information sharing with State, local, and tribal governments, 
        law enforcement agencies, and the private sector; and
      (ii) submit to the President for approval, through the APHS-CT and 
        the APNSA, a recommended framework to govern the roles and 
        responsibilities of executive departments and agencies 
        pertaining to the acquisition, access, retention, production, 
        use, management, and sharing of homeland security information, 
        law enforcement information, and terrorism information between 
        and among such departments and agencies and State, local, and 
        tribal governments, law enforcement agencies, and private sector 
        entities.
      c. Guideline 3--Standardize Procedures for Sensitive But 
        Unclassified Information
      To promote and enhance the effective and efficient acquisition, 
        access, retention, production, use, management, and sharing of 
        Sensitive But Unclassified (SBU) information, including homeland 
        security information, law enforcement information, and terrorism 
        information, procedures and standards

[[Page 1866]]

        for designating, marking, and handling SBU information 
        (collectively ``SBU procedures'') must be standardized across 
        the Federal Government. SBU procedures must promote appropriate 
        and consistent safeguarding of the information and must be 
        appropriately shared with, and accommodate and reflect the 
        imperative for timely and accurate dissemination of terrorism 
        information to, State, local, and tribal governments, law 
        enforcement agencies, and private sector entities. This effort 
        must be consistent with Executive Orders 13311 and 13388, 
        section 892 of the Homeland Security Act of 2002, section 1016 
        of IRTPA, section 102A of the National Security Act of 1947, the 
        Freedom of Information Act, the Privacy Act of 1974, and other 
        applicable laws and executive orders and directives.
      (i) Within 90 days after the date of this memorandum, each 
        executive department and agency will conduct an inventory of its 
        SBU procedures, determine the underlying authority for each 
        entry in the inventory, and provide an assessment of the 
        effectiveness of its existing SBU procedures. The results of 
        each inventory shall be reported to the DNI, who shall provide 
        the compiled results to the Secretary of Homeland Security and 
        the Attorney General.
      (ii) Within 90 days after receiving the compiled results of the 
        inventories required under the preceding paragraph (i), the 
        Secretary of Homeland Security and the Attorney General, in 
        coordination with the Secretaries of State, Defense, and Energy, 
        and the DNI, shall submit to the President for approval 
        recommendations for the standardization of SBU procedures for 
        homeland security information, law enforcement information, and 
        terrorism information in the manner described in paragraph (iv) 
        below.
      (iii) Within 1 year after the date of this memorandum, the DNI, in 
        coordination with the Secretaries of State, the Treasury, 
        Defense, Commerce, Energy, Homeland Security, Health and Human 
        Services, and the Attorney General, and in consultation with all 
        other heads of relevant executive departments and agencies, 
        shall submit to the President for approval recommendations for 
        the standardization of SBU procedures for all types of 
        information not addressed by the preceding paragraph (ii) in the 
        manner described in paragraph (iv) below.
      (iv) All recommendations required to be submitted to the President 
        under this Guideline shall be submitted through the Director of 
        the Office of Management and Budget (OMB), the APHS-CT, and the 
        APNSA, as a report that contains the following:
            (A) recommendations for government-wide policies and 
            procedures to standardize SBU procedures;
            (B) recommendations, as appropriate, for legislative, 
            policy, regulatory, and administrative changes; and
            (C) an assessment by each department and agency 
            participating in the SBU procedures review process of the 
            costs and budgetary considerations for all proposed changes 
            to marking conventions, handling caveats, and other 
            procedures pertaining to SBU information.
      (v) Upon the approval by the President of the recommendations 
        submitted under this Guideline, heads of executive departments 
        and agencies shall ensure on an ongoing basis that such 
        recommendations are fully implemented in such department or 
        agency, as applicable. The DNI shall direct the PM to support 
        executive departments and agencies in such implementation, as

[[Page 1867]]

        well as in the development of relevant guidance and training 
        programs for the standardized SBU procedures.
      d. Guideline 4--Facilitate Information Sharing Between Executive 
        Departments and Agencies and Foreign Partners
      The ISE must support and facilitate appropriate terrorism 
        information sharing between executive departments and agencies 
        and foreign partners and allies. To that end, policies and 
        procedures to facilitate such informational access and exchange, 
        including those relating to the handling of information received 
        from foreign governments, must be established consistent with 
        applicable laws and executive orders and directives.
      Within 180 days after the date of this memorandum, the Secretary 
        of State, in coordination with the Secretaries of Defense, the 
        Treasury, Commerce, and Homeland Security, the Attorney General, 
        and the DNI, shall review existing authorities and submit to the 
        President for approval, through the APHS-CT and the APNSA, 
        recommendations for appropriate legislative, administrative, and 
        policy changes to facilitate the sharing of terrorism 
        information with foreign partners and allies, except for those 
        activities conducted pursuant to sections 102A(k), 104A(f), and 
        119(f)(1)(E) of the National Security Act of 1947.
      e. Guideline 5--Protect the Information Privacy Rights and Other 
        Legal Rights of Americans
      As recognized in Executive Order 13353 of August 27, 2004, the 
        Federal Government has a solemn obligation, and must continue 
        fully, to protect the legal rights of all Americans in the 
        effective performance of national security and homeland security 
        functions. Accordingly, in the development and use of the ISE, 
        the information privacy rights and other legal rights of 
        Americans must be protected.
      (i) Within 180 days after the date of this memorandum, the 
        Attorney General and the DNI, in coordination with the heads of 
        executive departments and agencies that possess or use 
        intelligence or terrorism information, shall (A) conduct a 
        review of current executive department and agency information 
        sharing policies and procedures regarding the protection of 
        information privacy and other legal rights of Americans, (B) 
        develop guidelines designed to be implemented by executive 
        departments and agencies to ensure that the information privacy 
        and other legal rights of Americans are protected in the 
        development and use of the ISE, including in the acquisition, 
        access, use, and storage of personally identifiable information, 
        and (C) submit such guidelines to the President for approval 
        through the Director of OMB, the APHS-CT, and the APNSA. Such 
        guidelines shall not be inconsistent with Executive Order 12333 
        and guidance issued pursuant to that order.
      (ii) Each head of an executive department or agency that possesses 
        or uses intelligence or terrorism information shall ensure on an 
        ongoing basis that (A) appropriate personnel, structures, 
        training, and technologies are in place to ensure that terrorism 
        information is shared in a manner that protects the information 
        privacy and other legal rights of Americans, and (B) upon 
        approval by the President of the guidelines developed under the 
        preceding subsection (i), such guidelines are fully implemented 
        in such department or agency.
    3. Promoting a Culture of Information Sharing. Heads of executive 
departments and agencies must actively work to create a culture of 
information sharing within their respective departments or agencies by 
assigning personnel and dedicating resources

[[Page 1868]]

to terrorism information sharing, by reducing disincentives to such 
sharing, and by holding their senior managers and officials accountable 
for improved and increased sharing of such information.
Accordingly, each head of an executive department or agency that 
possesses or uses intelligence or terrorism information shall:
      a. within 90 days after the date of this memorandum, designate a 
        senior official who possesses knowledge of the operational and 
        policy aspects of information sharing to (i) provide 
        accountability and oversight for terrorism information sharing 
        within such department and agency, (ii) work with the PM, in 
        consultation with the ISC, to develop high-level information 
        sharing performance measures for the department or agency to be 
        assessed no less than semiannually, and (iii) provide, through 
        the department or agency head, an annual report to the DNI on 
        best practices of and remaining barriers to optimal terrorism 
        information sharing;
      b. within 180 days after the date of this memorandum, develop and 
        issue guidelines, provide training and incentives, and hold 
        relevant personnel accountable for the improved and increased 
        sharing of terrorism information. Such guidelines and training 
        shall seek to reduce obstructions to sharing, consistent with 
        applicable laws and regulations. Accountability efforts shall 
        include the requirement to add a performance evaluation element 
        on information sharing to employees' annual Performance 
        Appraisal Review, as appropriate, and shall focus on the sharing 
        of information that supports the mission of the recipient of the 
        information; and
      c. bring to the attention of the Attorney General and the DNI, on 
        an ongoing basis, any restriction contained in a rule, 
        regulation, executive order or directive that significantly 
        impedes the sharing of terrorism information and that such 
        department or agency head believes is not required by applicable 
        laws or to protect the information privacy rights and other 
        legal rights of Americans. The Attorney General and the DNI 
        shall review such restriction and jointly submit any 
        recommendations for changes to such restriction to the APHS-CT 
        and the APNSA for further review.
    4. Heads of executive departments and agencies shall, to the extent 
permitted by law and subject to the availability of appropriations, 
provide assistance and information to the DNI and the PM in the 
implementation of this memorandum.
    5. This memorandum:
      a. shall be implemented in a manner consistent with applicable 
        laws, including Federal laws protecting the information privacy 
        rights and other legal rights of Americans, and subject to the 
        availability of appropriations;
      b. shall be implemented in a manner consistent with the statutory 
        authority of the principal officers of executive departments and 
        agencies as heads of their respective departments or agencies;
      c. shall not be construed to impair or otherwise affect the 
        functions of the Director of the Office of Management and Budget 
        relating to budget, administrative, and legislative proposals; 
        and
      d. is intended only to improve the internal management of the 
        Federal Government and is not intended to, and does not, create 
        any rights or benefits, substantive or procedural, enforceable 
        at law or in equity by a party against the United States, its 
        departments, agencies, or entities, its officers, employees, or 
        agencies, or any other person.

                                                          George W. Bush

[[Page 1869]]