[Weekly Compilation of Presidential Documents Volume 41, Number 51 (Monday, December 26, 2005)]
[Pages 1874-1879]
[Online from the Government Publishing Office, www.gpo.gov]

<R04>
Memorandum on Guidelines and Requirements in Support of the Information 
Sharing Environment

December 16, 2005

 Memorandum for the Heads of Executive Departments and Agencies

Subject: Guidelines and Requirements in Support of the Information 
Sharing Environment

    Ensuring the appropriate access to, and the sharing, integration, 
and use of, information by Federal, State, local, and tribal agencies 
with counterterrorism responsibilities, and, as appropriate, private 
sector entities, while protecting the information privacy and other 
legal rights of Americans, remains a high priority for the United States 
and a necessity for winning the war on terror. Consistent with section 
1016 of the Intelligence Reform and Terrorism Prevention Act of 2004 
(Public Law 108-458) (IRTPA), my Administration is working to create an 
Information Sharing Environment (ISE) to facilitate the sharing of 
terrorism information (as defined in Executive Order 13388 of October 
25, 2005).
    Section 1016 of IRTPA supplements section 892 of the Homeland 
Security Act of 2002 (Public Law 107-296), Executive Order 13311 of July 
29, 2003, and other Presidential guidance, which address various aspects 
of information access. On April 15, 2005, consistent with section 
1016(f) of IRTPA, I designated the program manager (PM) responsible for 
information sharing across the Federal Government. On June 2, 2005, my 
memorandum entitled ``Strengthening Information Sharing, Access, and 
Integration--Organizational, Management, and Policy Development 
Structures for Creating the Terrorism Information Sharing Environment'' 
directed that the PM and his office be part of the Office of the 
Director of National Intelligence (DNI), and that the DNI exercise 
authority, direction, and control over the PM and ensure that the PM 
carries out his responsibilities under IRTPA. On October 25, 2005, I 
issued Executive Order 13388 to facilitate the work of the PM and the 
expeditious establishment of the ISE and restructure the Information 
Sharing Council (ISC), which provides advice concerning and assists in 
the establishment, implementation, and maintenance of the ISE.
    On June 2, 2005, I also established the Information Sharing Policy 
Coordination Committee (ISPCC), which is chaired jointly by the Homeland 
Security Council (HSC) and the National Security Council (NSC), and 
which has the responsibilities set forth in section D of Homeland 
Security Presidential Directive-1 and other relevant presidential 
guidance with respect to information sharing. The ISPCC is the main day-
to-day forum for interagency coordination of information sharing policy, 
including the resolution of issues raised by the PM, and provides policy 
analysis and recommendations for consideration by the more senior 
committees of the HSC and NSC systems and ensures timely responses.
    Section 1016(d) of IRTPA calls for leveraging all ongoing efforts 
consistent with establishing the ISE, the issuance of guidelines for 
acquiring, accessing, sharing, and using information in support of the 
ISE and for protecting privacy and civil liberties in the development of 
the ISE, and the promotion of a culture of information sharing. 
Consistent with the Constitution and the laws of the United States, 
including section 103 of the National Security Act of 1947, as amended, 
and sections 1016 and 1018 of IRTPA, I hereby direct as follows:
    1. Leveraging Ongoing Information Sharing Efforts in the Development 
of the ISE. The ISE shall build upon existing Federal Government 
policies, standards, procedures, programs, systems, and architectures 
(collectively ``resources'') used for the sharing and integration of and 
access to terrorism information, and shall leverage those resources to 
the maximum extent practicable, with the objective of establishing a 
decentralized, comprehensive, and coordinated environment for

[[Page 1875]]

the sharing and integration of such information.
      a. The DNI shall direct the PM to conduct and complete, within 90 
      days after the date of this memorandum, in consultation with the 
      ISC, a comprehensive evaluation of existing resources pertaining 
      to terrorism information sharing employed by individual or 
      multiple executive departments and agencies. Such evaluation shall 
      assess such resources for their utility and integrative potential 
      in furtherance of the establishment of the ISE and shall identify 
      any unnecessary redundancies.
      b. To ensure that the ISE supports the needs of executive 
      departments and agencies with counterterrorism responsibilities, 
      and consistent with section 1021 of IRTPA, the DNI shall direct 
      the PM, jointly with the Director of the National Counterterrorism 
      Center (NCTC), and in coordination with the heads of relevant 
      executive departments and agencies, to review and identify the 
      respective missions, roles, and responsibilities of such executive 
      departments and agencies, both as producers and users of terrorism 
      information, relating to the acquisition, access, retention, 
      production, use, management, and sharing of terrorism information. 
      The findings shall be reviewed through the interagency policy 
      coordination process, and any recommendations for the further 
      definition, reconciliation, or alteration of such missions, roles, 
      and responsibilities shall be submitted, within 180 days after the 
      date of this memorandum, by the DNI to the President for approval 
      through the Assistant to the President for Homeland Security and 
      Counterterrorism (APHS-CT) and the Assistant to the President for 
      National Security Affairs (APNSA). This effort shall be 
      coordinated as appropriate with the tasks assigned under the 
      Guidelines set forth in section 2 of this memorandum.
      c. Upon the submission of findings as directed in the preceding 
      paragraph (1(b)), the DNI shall direct the PM, in consultation 
      with the ISC, to develop, in a manner consistent with applicable 
      law, the policies, procedures, and architectures needed to create 
      the ISE, which shall support the counterterrorism missions, roles, 
      and responsibilities of executive departments and agencies. These 
      policies, procedures, and architectures shall be reviewed through 
      the interagency policy coordination process, and shall be 
      submitted, within 180 days after the submission of findings as 
      directed in the preceding paragraph (1(b)), by the DNI to the 
      President for approval through the APHS-CT and the APNSA.
    2. Information Sharing Guidelines. Consistent with section 1016(d) 
of IRTPA, I hereby issue the following guidelines and related 
requirements, the implementation of which shall be conducted in 
consultation with, and with support from, the PM as directed by the DNI:
      a. Guideline 1--Define Common Standards for How Information is 
      Acquired, Accessed, Shared, and Used Within the ISE
      The ISE must, to the extent possible, be supported by common 
      standards that maximize the acquisition, access, retention, 
      production, use, management, and sharing of terrorism information 
      within the ISE consistent with the protection of intelligence, law 
      enforcement, protective, and military sources, methods, and 
      activities.
      Consistent with Executive Order 13388 and IRTPA, the DNI, in 
      coordination with the Secretaries of State, Defense, and Homeland 
      Security, and the Attorney General, shall develop and issue, 
      within 90 days after the date of this memorandum, common standards 
      (i) for preparing terrorism information for maximum distribution 
      and access, (ii) to enable the acquisition, access, retention, 
      production, use, management, and sharing of terrorism information 
      within the ISE while safeguarding such information and protecting 
      sources and methods from unauthorized use or disclosure, (iii) for 
      implementing legal requirements relating to the handling of 
      specific types of information, and (iv)

[[Page 1876]]

      that include the appropriate method for the Government-wide 
      adoption and implementation of such standards. Such standards 
      shall accommodate and reflect the sharing of terrorism 
      information, as appropriate, with State, local, and tribal 
      governments, law enforcement agencies, and the private sector. 
      Within 90 days after the issuance of such standards, the Secretary 
      of Homeland Security and the Attorney General shall jointly 
      disseminate such standards for use by State, local, and tribal 
      governments, law enforcement agencies, and the private sector, on 
      a mandatory basis where possible and a voluntary basis where not. 
      The DNI may amend the common standards from time to time as 
      appropriate through the same process by which the DNI issued them.
      b. Guideline 2--Develop a Common Framework for the Sharing of 
      Information Between and Among Executive Departments and Agencies 
      and State, Local, and Tribal Governments, Law Enforcement 
      Agencies, and the Private Sector
      Recognizing that the war on terror must be a national effort, 
      State, local, and tribal governments, law enforcement agencies, 
      and the private sector must have the opportunity to participate as 
      full partners in the ISE, to the extent consistent with applicable 
      laws and executive orders and directives, the protection of 
      national security, and the protection of the information privacy 
      rights and other legal rights of Americans.
      Within 180 days after the date of this memorandum, the Secretary 
      of Homeland Security and the Attorney General, in consultation 
      with the Secretaries of State, Defense, and Health and Human 
      Services, and the DNI, and consistent with the findings of the 
      counterterrorism missions, roles, and responsibilities review 
      under section 1 of this memorandum, shall:
      (i) perform a comprehensive review of the authorities and 
      responsibilities of executive departments and agencies regarding 
      information sharing with State, local, and tribal governments, law 
      enforcement agencies, and the private sector; and
      (ii) submit to the President for approval, through the APHS-CT and 
      the APNSA, a recommended framework to govern the roles and 
      responsibilities of executive departments and agencies pertaining 
      to the acquisition, access, retention, production, use, 
      management, and sharing of homeland security information, law 
      enforcement information, and terrorism information between and 
      among such departments and agencies and State, local, and tribal 
      governments, law enforcement agencies, and private sector 
      entities.
      c. Guideline 3--Standardize Procedures for Sensitive But 
      Unclassified Information
      To promote and enhance the effective and efficient acquisition, 
      access, retention, production, use, management, and sharing of 
      Sensitive But Unclassified (SBU) information, including homeland 
      security information, law enforcement information, and terrorism 
      information, procedures and standards for designating, marking, 
      and handling SBU information (collectively ``SBU procedures'') 
      must be standardized across the Federal Government. SBU procedures 
      must promote appropriate and consistent safeguarding of the 
      information and must be appropriately shared with, and accommodate 
      and reflect the imperative for timely and accurate dissemination 
      of terrorism information to, State, local, and tribal governments, 
      law enforcement agencies, and private sector entities. This effort 
      must be consistent with Executive Orders 13311 and 13388, section 
      892 of the Homeland Security Act of 2002, section 1016 of IRTPA, 
      section 102A of the National Security Act of 1947, the Freedom of 
      Information Act, the Privacy Act of 1974, and other applicable 
      laws and executive orders and directives.
      (i) Within 90 days after the date of this memorandum, each 
      executive department and agency will conduct an inventory of its 
      SBU procedures, determine the underlying authority for each entry

[[Page 1877]]

      in the inventory, and provide an assessment of the effectiveness 
      of its existing SBU procedures. The results of each inventory 
      shall be reported to the DNI, who shall provide the compiled 
      results to the Secretary of Homeland Security and the Attorney 
      General.
      (ii) Within 90 days after receiving the compiled results of the 
      inventories required under the preceding paragraph (i), the 
      Secretary of Homeland Security and the Attorney General, in 
      coordination with the Secretaries of State, Defense, and Energy, 
      and the DNI, shall submit to the President for approval 
      recommendations for the standardization of SBU procedures for 
      homeland security information, law enforcement information, and 
      terrorism information in the manner described in paragraph (iv) 
      below.
      (iii) Within 1 year after the date of this memorandum, the DNI, in 
      coordination with the Secretaries of State, the Treasury, Defense, 
      Commerce, Energy, Homeland Security, Health and Human Services, 
      and the Attorney General, and in consultation with all other heads 
      of relevant executive departments and agencies, shall submit to 
      the President for approval recommendations for the standardization 
      of SBU procedures for all types of information not addressed by 
      the preceding paragraph (ii) in the manner described in paragraph 
      (iv) below.
      (iv) All recommendations required to be submitted to the President 
      under this Guideline shall be submitted through the Director of 
      the Office of Management and Budget (OMB), the APHS-CT, and the 
      APNSA, as a report that contains the following:
        (A) recommendations for government-wide policies and procedures 
            to standardize SBU procedures;
        (B) recommendations, as appropriate, for legislative, policy, 
            regulatory, and administrative changes; and
        (C) an assessment by each department and agency participating in 
            the SBU procedures review process of the costs and budgetary 
            considerations for all proposed changes to marking 
            conventions, handling caveats, and other procedures 
            pertaining to SBU information.
      (v) Upon the approval by the President of the recommendations 
      submitted under this Guideline, heads of executive departments and 
      agencies shall ensure on an ongoing basis that such 
      recommendations are fully implemented in such department or 
      agency, as applicable. The DNI shall direct the PM to support 
      executive departments and agencies in such implementation, as well 
      as in the development of relevant guidance and training programs 
      for the standardized SBU procedures.
      d. Guideline 4--Facilitate Information Sharing Between Executive 
      Departments and Agencies and Foreign Partners
      The ISE must support and facilitate appropriate terrorism 
      information sharing between executive departments and agencies and 
      foreign partners and allies. To that end, policies and procedures 
      to facilitate such informational access and exchange, including 
      those relating to the handling of information received from 
      foreign governments, must be established consistent with 
      applicable laws and executive orders and directives.
      Within 180 days after the date of this memorandum, the Secretary 
      of State, in coordination with the Secretaries of Defense, the 
      Treasury, Commerce, and Homeland Security, the Attorney General, 
      and the DNI, shall review existing authorities and submit to the 
      President for approval, through the APHS-CT and the APNSA, 
      recommendations for appropriate legislative, administrative, and 
      policy changes to facilitate the sharing of terrorism information 
      with foreign partners and allies, except for those activities 
      conducted pursuant to sections 102A(k), 104A(f), and 119(f)(1)(E) 
      of the National Security Act of 1947.
      e. Guideline 5--Protect the Information Privacy Rights and Other 
      Legal Rights of Americans

[[Page 1878]]

      As recognized in Executive Order 13353 of August 27, 2004, the 
      Federal Government has a solemn obligation, and must continue 
      fully, to protect the legal rights of all Americans in the 
      effective performance of national security and homeland security 
      functions. Accordingly, in the development and use of the ISE, the 
      information privacy rights and other legal rights of Americans 
      must be protected.
      (i) Within 180 days after the date of this memorandum, the 
      Attorney General and the DNI, in coordination with the heads of 
      executive departments and agencies that possess or use 
      intelligence or terrorism information, shall (A) conduct a review 
      of current executive department and agency information sharing 
      policies and procedures regarding the protection of information 
      privacy and other legal rights of Americans, (B) develop 
      guidelines designed to be implemented by executive departments and 
      agencies to ensure that the information privacy and other legal 
      rights of Americans are protected in the development and use of 
      the ISE, including in the acquisition, access, use, and storage of 
      personally identifiable information, and (C) submit such 
      guidelines to the President for approval through the Director of 
      OMB, the APHS-CT, and the APNSA. Such guidelines shall not be 
      inconsistent with Executive Order 12333 and guidance issued 
      pursuant to that order.
      (ii) Each head of an executive department or agency that possesses 
      or uses intelligence or terrorism information shall ensure on an 
      ongoing basis that (A) appropriate personnel, structures, 
      training, and technologies are in place to ensure that terrorism 
      information is shared in a manner that protects the information 
      privacy and other legal rights of Americans, and (B) upon approval 
      by the President of the guidelines developed under the preceding 
      subsection (i), such guidelines are fully implemented in such 
      department or agency.
    3. Promoting a Culture of Information Sharing. Heads of executive 
departments and agencies must actively work to create a culture of 
information sharing within their respective departments or agencies by 
assigning personnel and dedicating resources to terrorism information 
sharing, by reducing disincentives to such sharing, and by holding their 
senior managers and officials accountable for improved and increased 
sharing of such information.
Accordingly, each head of an executive department or agency that 
possesses or uses intelligence or terrorism information shall:
      a. within 90 days after the date of this memorandum, designate a 
      senior official who possesses knowledge of the operational and 
      policy aspects of information sharing to (i) provide 
      accountability and oversight for terrorism information sharing 
      within such department and agency, (ii) work with the PM, in 
      consultation with the ISC, to develop high-level information 
      sharing performance measures for the department or agency to be 
      assessed no less than semiannually, and (iii) provide, through the 
      department or agency head, an annual report to the DNI on best 
      practices of and remaining barriers to optimal terrorism 
      information sharing;
      b. within 180 days after the date of this memorandum, develop and 
      issue guidelines, provide training and incentives, and hold 
      relevant personnel accountable for the improved and increased 
      sharing of terrorism information. Such guidelines and training 
      shall seek to reduce obstructions to sharing, consistent with 
      applicable laws and regulations. Accountability efforts shall 
      include the requirement to add a performance evaluation element on 
      information sharing to employees' annual Performance Appraisal 
      Review, as appropriate, and shall focus on the sharing of 
      information that supports the mission of the recipient of the 
      information; and
      c. bring to the attention of the Attorney General and the DNI, on 
      an ongoing basis, any restriction contained in a rule, regulation, 
      executive order or directive that significantly impedes the 
      sharing of terrorism information and that such department or 
      agency head believes is not

[[Page 1879]]

      required by applicable laws or to protect the information privacy 
      rights and other legal rights of Americans. The Attorney General 
      and the DNI shall review such restriction and jointly submit any 
      recommendations for changes to such restriction to the APHS-CT and 
      the APNSA for further review.
    4. Heads of executive departments and agencies shall, to the extent 
permitted by law and subject to the availability of appropriations, 
provide assistance and information to the DNI and the PM in the 
implementation of this memorandum.
    5. This memorandum:
      a. shall be implemented in a manner consistent with applicable 
      laws, including Federal laws protecting the information privacy 
      rights and other legal rights of Americans, and subject to the 
      availability of appropriations;
      b. shall be implemented in a manner consistent with the statutory 
      authority of the principal officers of executive departments and 
      agencies as heads of their respective departments or agencies;
      c. shall not be construed to impair or otherwise affect the 
      functions of the Director of the Office of Management and Budget 
      relating to budget, administrative, and legislative proposals; and
      d. is intended only to improve the internal management of the 
      Federal Government and is not intended to, and does not, create 
      any rights or benefits, substantive or procedural, enforceable at 
      law or in equity by a party against the United States, its 
      departments, agencies, or entities, its officers, employees, or 
      agencies, or any other person.

                                                George W. Bush

Note: An original was not available for verification of the content of 
this memorandum. This item was not received in time for publication in 
the appropriate issue.