32 CFR 2001.41: Responsibilities of holders.
Authorized persons who have access to classified information are responsible for:
(a) Protecting it from persons without authorized access to that information, to include securing it in approved equipment or facilities whenever it is not under the direct control of an authorized person;
(b) Meeting safeguarding requirements prescribed by the agency head; and
(c) Ensuring that classified information is not communicated over unsecured voice or data circuits, in public conveyances or places, or in any other manner that permits interception by unauthorized persons.