Need to Know Principle
Need-to-Know is one of the most fundamental security principles. According to the DoD 5200.2-R, need-to-know is defined as:
"A determination made by a possessor of classified information That a prospective recipient, in the interest of national security, has a requirement for access to, knowledge, or possession of the classified information in order to perform tasks or services essential to the fulfillment of an official United States Government program."
Knowledge, possession of, or access to, classified information shall not be afforded to any individual solely by virtue of the individual’s office, position, or security clearance.
*Note that the responsibility to determine "need-to-know" is the responsibility of the individual who possesses the classified information. The need-to-know principle says that having the clearance for information is only half of the issue. The other half is having the need-to-know. Individuals with authorized access to classified information are required to limit access to that information only to individuals whose clearance and need-to-know has been verified. The need-to-know principle dictates that you, as an authorized holder of information, only share the information when two conditions are met. These are: One, the requester has the appropriate clearance and access. Two, the requester needs to know the information in order to perform his or her job functions. When both conditions are met, provide the information.
Remember that need-to-know imposes a dual responsibility on all authorized holders of classified information. 1. Limit your requests for information to that which you have a genuine need-to-know. You may be expected to explain why you need to know it. 2. Refrain from discussing classified information in areas where the discussion may be overheard by persons who do not have a need-to-know the subject of conversation. 3. If someone asks you for classified information, you are expected to ensure they are cleared appropriately and have an official need-to-know. You are also obliged to report to your security office any co-worker who repeatedly violates the need-to-know principle.
For a complete Information and Guidelines please go to our Reporting page.
Contact IS Staff