What are the levels of security classification?
Under Executive Order 13526, U.S. national security information is classified at one of three levels, defined by the degree of harm that unauthorized disclosure could be expected to cause.
The three levels
- Confidential — disclosure could reasonably be expected to cause damage to national security.
- Secret — disclosure could be expected to cause serious damage.
- Top Secret — disclosure could be expected to cause exceptionally grave damage.
Only officials with original classification authority may classify information, and only when it falls within defined categories and genuinely warrants protection.
Beyond the three levels
You may also encounter related markings that aren’t classification levels themselves:
- Controlled Unclassified Information (CUI) — sensitive but unclassified information requiring safeguarding (e.g., certain privacy, law-enforcement, or proprietary data).
- Compartments and caveats (e.g., Sensitive Compartmented Information, special access programs) — additional access controls layered on top of Top Secret/Secret for especially sensitive material.
Why levels matter for recordkeeping
A classified record’s markings state its level along with the originating authority, reason, and declassification instructions. Those markings drive how the record must be safeguarded (handling, storage, access) and how it will eventually be reviewed for release. The level also affects timelines — most permanently valuable classified records are subject to automatic declassification at 25 years unless specifically exempted. Sound recordkeeping preserves the markings and chain of custody for the decades between classification and review.
Over-classification — marking information at a higher level than warranted, or classifying what needn’t be — is a recognized problem the rules actively discourage, because it impedes both information sharing and eventual public access.
Sources & further reading
Authoritative government and non-profit references.
- Executive Order 13526 — National Archives (NARA) / ISOO
How to cite this page
APA
RM University Editorial. (2026). What are the levels of security classification?. Records Management University. https://www.recordsmgmt.org/questions/what-are-the-levels-of-classification/
MLA
RM University Editorial. "What are the levels of security classification?." Records Management University, 11 April 2026, www.recordsmgmt.org/questions/what-are-the-levels-of-classification/.
Related questions
- What is automatic declassification?
- What's the difference between declassification and redaction?
- Can a hospital or research university hold classified records, and how do FCL and HIPAA rules interact?
- Can a law firm representing a government client retain classified discovery, and who declassifies it after the case?
- Can a multinational company use ISO 15489 as a single recordkeeping standard across all of its countries?