32 CFR 2001.70: General.
This subpart sets standards for agency security education and training programs. Implementation of these standards should:
(1) Ensure that all executive branch employees who create, process, or handle classified information have a satisfactory knowledge and understanding of classification, safeguarding, and declassification policies and procedures;
(2) Increase uniformity in the conduct of agency security education and training programs; and
(3) Reduce instances of over-classification or improper classification, improper safeguarding, and inappropriate or inadequate declassification practices.
The senior agency official is responsible for the agency's security education and training program. The senior agency official shall designate agency personnel, as necessary, to assist in carrying out this responsibility.
Security education and training should be tailored to meet the specific needs of the agency's security program and the specific roles employees are expected to play in that program. The agency official(s) responsible for the program shall determine the means and methods for providing security education and training. Training methods may include briefings, interactive videos, dissemination of instructional materials, on-line presentations, and other media and methods. Each agency shall maintain records about the programs it has offered and employee participation in them.
The frequency of agency security education and training will vary in accordance with the needs of the agency's security classification program, subject to the following requirements:
(1) Initial training shall be provided to every person who has met the standards for access to classified information in accordance with section 4.1 of the Order.
(2) Original classification authorities shall receive training in proper classification and declassification prior to originally classifying information and at least once each calendar year thereafter.
(3) Persons who apply derivative classification markings shall receive training in the proper application of the derivative classification principles of the Order prior to derivatively classifying information and at least once every two years.
(4) Each agency shall provide some form of refresher security education and training at least annually for all its personnel who handle or generate classified information.