What are the duties of an agency's Original Classification Authority versus a derivative classifier?
In the U.S. national security classification system, two distinct roles control how information becomes and stays classified: the Original Classification Authority (OCA) and the derivative classifier. They carry different responsibilities, and understanding the line between them is central to sound recordkeeping and oversight.
The Original Classification Authority (OCA)
An OCA is an official specifically delegated, in writing, the power to make an initial determination that information requires protection in the interest of national security. This authority is limited to named positions and cannot be assumed informally.
Core duties of an OCA include:
- Deciding what gets classified. The OCA judges that information is owned or controlled by the government, falls within an authorized category, and that its disclosure could reasonably be expected to cause identifiable damage to national security.
- Setting the level. The OCA assigns the classification level (Confidential, Secret, or Top Secret) based on the degree of expected harm.
- Establishing duration. The OCA sets a declassification date or event, or applies an authorized exemption when a longer period is justified.
- Documenting the basis. The OCA must be able to identify or describe the reason for classification, supporting later review and accountability.
- Completing required training before exercising the authority.
Because original classification creates the protection in the first place, the role is narrowly held and closely tracked.
The Derivative Classifier
Derivative classifiers do not make new classification decisions. Instead, they incorporate, paraphrase, restate, or generate material from information that an OCA already classified, and they carry that existing classification forward.
Their duties center on faithful application:
- Apply existing markings accurately, using source documents or a security classification guide.
- Carry over level and duration exactly as the source dictates, without raising or lowering protection on their own.
- Mark new documents with the proper classification, source citation, and declassification instructions.
- Observe the prohibition on over-classification and avoid classifying simply to withhold information.
- Complete training at the required intervals.
Why the Distinction Matters
OCAs originate protection; derivative classifiers perpetuate it. The vast majority of classified material is produced derivatively, so errors propagate quickly if source guidance is misapplied. Both roles feed directly into later declassification review and public access. For oversight expectations, see the declassification topic hub.
Sources & further reading
Authoritative government and non-profit references.
- Information Security Oversight Office (ISOO) — National Archives (NARA)
How to cite this page
APA
RM University Editorial. (2026). What are the duties of an agency's Original Classification Authority versus a derivative classifier?. Records Management University. https://www.recordsmgmt.org/questions/duties-of-original-classification-authority-vs-derivative-classifier/
MLA
RM University Editorial. "What are the duties of an agency's Original Classification Authority versus a derivative classifier?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/duties-of-original-classification-authority-vs-derivative-classifier/.
Related questions
- Can a hospital or research university hold classified records, and how do FCL and HIPAA rules interact?
- Can a law firm representing a government client retain classified discovery, and who declassifies it after the case?
- Can a multinational company use ISO 15489 as a single recordkeeping standard across all of its countries?
- Can a private citizen request that a specific classified record be declassified?
- Can AI and machine learning reliably assist with declassification review of classified records?