What is the difference between the DoD 5015.2 baseline requirements and the classified records marking module?
DoD 5015.2 is a long-standing U.S. Department of Defense standard that sets functional requirements for electronic records management applications. It is organized into a mandatory baseline that every conforming system must meet, plus optional modules that add specialized capabilities for organizations with particular missions. Understanding the split between the baseline and the classified records marking module helps agencies and vendors set expectations about what a “5015.2-certified” system actually does.
The baseline requirements
The baseline covers the core, general-purpose functions of trustworthy records management. In broad terms it addresses:
- Categorizing records into file plans and record categories.
- Capturing and declaring electronic records, including metadata.
- Applying retention and disposition schedules so records are kept and destroyed on time.
- Searching, retrieving, and transferring records, including transfer to the National Archives.
- Audit and access controls to protect record integrity.
Any system claiming conformance must satisfy this baseline. It is intended to work across the entire federal and defense community, regardless of an agency’s classification posture, and it aligns with broader federal records principles overseen by the National Archives.
The classified records marking module
The classified records management requirements are an add-on, applicable only to systems that must handle national security information. This module layers additional controls on top of the baseline rather than replacing it. Conceptually it addresses:
- Security classification markings (for example, classification level and related markings) carried as record metadata.
- Declassification and downgrading instructions and dates, so markings can change over the record’s life.
- Handling and dissemination controls appropriate to classified material.
These capabilities reflect the rules issued under the executive-order framework administered by the Information Security Oversight Office (ISOO).
The practical difference
The simplest way to frame it: the baseline answers “is this a sound records management system?” while the classified module answers “can this system also manage the markings, downgrading, and declassification of national security information?” An organization with no classified holdings needs only the baseline; one handling classified material needs both. The modules are cumulative, not alternatives.
For broader context on the standards that shape government recordkeeping, see the compliance standards topic hub.
Sources & further reading
Authoritative government and non-profit references.
- Information Security Oversight Office (ISOO) — National Archives (NARA)
- Records management policy and guidance — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). What is the difference between the DoD 5015.2 baseline requirements and the classified records marking module?. Records Management University. https://www.recordsmgmt.org/questions/difference-between-dod-5015-2-baseline-and-classified-marking-module/
MLA
RM University Editorial. "What is the difference between the DoD 5015.2 baseline requirements and the classified records marking module?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/difference-between-dod-5015-2-baseline-and-classified-marking-module/.
Related questions
- Can a commercial off-the-shelf system meet the NARA Universal ERM Requirements without being DoD 5015.2 certified?
- Can a company be fined or sanctioned for not following ISO 15489 in a lawsuit?
- Can a US company store its records on servers in another country, and what cross-border data rules apply?
- Can following ISO 15489 actually help us pass an audit or hold up in court?
- Can I just adopt ISO 15489 word-for-word as our records policy, or does it not work that way?