National Archives This is historical material “frozen in time”. The website is no longer updated and links to external websites and some internal pages may not work.

October 4, 2017

MEMORANDUM FOR THE VICE PRESIDENT

THE SECRETARY OF STATE

THE SECRETARY OF THE TREASURY

THE SECRETARY OF DEFENSE

THE ATTORNEY GENERAL

THE SECRETARY OF THE INTERIOR

THE SECRETARY OF COMMERCE

THE SECRETARY OF ENERGY

THE SECRETARY OF HOMELAND SECURITY

THE ASSISTANT TO THE PRESIDENT AND

CHIEF OF STAFF

THE DIRECTOR OF THE OFFICE OF MANAGEMENT

AND BUDGET

THE ASSISTANT TO THE PRESIDENT AND SENIOR

ADVISOR

THE ASSISTANT TO THE PRESIDENT FOR NATIONAL

SECURITY AFFAIRS

THE COUNSEL TO THE PRESIDENT

THE DIRECTOR OF NATIONAL INTELLIGENCE

THE ASSISTANT TO THE PRESIDENT FOR SCIENCE AND

TECHNOLOGY AND DIRECTOR OF THE OFFICE OF

SCIENCE AND TECHNOLOGY POLICY

THE ASSISTANT TO THE PRESIDENT FOR HOMELAND

SECURITY AND COUNTERTERRORISM

THE DIRECTOR OF NATIONAL DRUG CONTROL POLICY

THE DIRECTOR OF THE NATIONAL COUNTERTERRORISM

CENTER

THE DIRECTOR OF THE FEDERAL BUREAU OF

INVESTIGATION

THE DIRECTOR OF THE CENTRAL INTELLIGENCE AGENCY

THE CHAIRMAN OF THE JOINT CHIEFS OF STAFF

THE DIRECTOR OF THE NATIONAL SECURITY AGENCY

THE DIRECTOR OF THE DEFENSE INTELLIGENCE AGENCY

THE CO-CHAIRS OF THE PRESIDENT’S INTELLIGENCE

ADVISORY BOARD

THE ADMINISTRATOR OF DRUG ENFORCEMENT

THE DIRECTOR OF THE NATIONAL GEOSPATIAL

INTELLIGENCE AGENCY

THE ARCHIVIST OF THE UNITED STATES

SUBJECT: Integration, Sharing, and Use of National Security Threat Actor Information to Protect Americans

Section 1. Policy.

The United States Government’s ability to effectively analyze, evaluate, integrate, correlate, and share classified national security information and other information concerning threat actors and their networks, and then use that information to support a broad array of national security missions and activities, is an essential component of our national security strategy. Equally important is the United States Government’s ability to conduct these activities in a manner that: (a) appropriately protects the security and integrity of that information and its origins; (b) properly considers, approves, and monitors the information’s application and use, consistent with applicable law and Presidential guidance; (c) ensures relevant operational deconfliction and security; and (d) maintains and uses the information in a manner that appropriately protects individuals’ privacy, civil rights, and civil liberties, including by providing appropriate redress. Our continuing efforts to achieve these goals requires both systematic collaboration across national security components and integrated practices that fully utilize our collective data holdings to support vital national security missions.

Therefore, to protect against actors who threaten our Nation, it is the policy of the United States to: (a) lawfully identify, integrate, and make available thorough, accurate, and timely national security threat actor information; (b) effectively manage that information within appropriate policy frameworks and technical architectures, including data repositories, integrated systems, and cloud architectures; (c) where appropriate and consistent with applicable law, deliberately use that information to support national security activities; and (d) where appropriate and consistent with applicable law, share relevant and releasable information, products, and outputs with foreign governments, international organizations, and State, local, territorial, tribal, and private-sector partners where required to support activities that benefit national security. National security threat actor information comprises identity attributes and associated information about individuals, organizations, groups, or networks assessed to be a threat to the safety, security, or national interests of the United States that fall into one or more of the categories listed in the annex to this memorandum.

This memorandum shall be implemented in a manner that is consistent with applicable law and Presidential guidance; safeguards intelligence sources, methods, and activities; protects otherwise sensitive information and preserves the integrity of sensitive operations and investigations; and appropriately protects privacy, civil rights, civil liberties, and other constitutional and statutory rights, including through compliance with applicable guidelines governing the collection, retention, and dissemination of personally identifiable information.

Sec. 2. Definitions.

The following definitions shall apply throughout this memorandum:

Associated information: Information that demonstrates the meaningful (i.e., non-incidental) associations, capabilities, intentions, and activities of an individual, organization, group, or network.

Identity attributes: Information (including biometric and biographic data) that can be used independently or in combination with other data to identify a specific individual.

Sec. 3. Implementation.

To strengthen the ability of the United States Government to protect against individuals who threaten our national security interests or the safety of United States citizens, and consistent with applicable law and the policy set forth in section 1 of this memorandum:

The Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence shall lead, in consultation and coordination with the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Secretary of Energy, and the Director of the Central Intelligence Agency, the development and implementation of appropriate technical architectures and corresponding policy frameworks to advance the integration, sharing, and use of identity attributes and associated derogatory information for each individual category of evaluated national security threat actor information described in the annex to this memorandum. The technical architecture and corresponding policy framework for each category shall be developed in a manner that appropriately protects the security and integrity of information; enables the appropriate analysis, sharing, and use of information to the extent permitted by and consistent with applicable law; ensures relevant operational deconfliction and security; and provides for the maintenance and use of such information in a manner that appropriately protects individuals’ privacy, civil rights, civil liberties, and other constitutional and statutory rights, including through compliance with applicable guidelines governing the collection, retention, and dissemination of personally identifiable information.

Through the development, implementation, and ongoing execution of each technical architecture’s policy framework, the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, in coordination with the Secretary of State, the Secretary of the Treasury, the Secretary of Energy, and the Director of the Central Intelligence Agency, shall regularly assess both the technical architectures and the current or proposed applications and uses of the evaluated national security threat actor information they manage to determine if the architectures or any of their specific applications or uses should be enhanced, modified, or terminated. These assessments shall consider the potential risks and benefits to national security, legal or policy concerns, and the resource implications of enhancing, modifying, or terminating any aspect of the technical architectures or their applications and uses. Further, these assessments shall define the appropriate access protocols, data standards, security safeguards, and operational deconfliction mechanisms required to meet legal, policy, or mission requirements. These assessments shall be a continuing responsibility for the heads of the executive departments and agencies (agencies) identified in this subsection.

The Secretary of Defense, the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, in consultation with the Secretary of State, the Secretary of the Treasury, and the Secretary of Energy, shall jointly identify, as between themselves, the department or agency (or component thereof) best suited to serve as the executive agent for each individual category of national security threat actor information. The executive agent shall be responsible for developing and maintaining that category’s specific technical architecture, its corresponding policy framework, and an appropriate governance mechanism to facilitate the capability reviews described in subsection (B) of this section.

Within the parameters defined by the appropriate policy frameworks developed under subsection (A) of this section, the heads of all agencies shall, to the maximum extent permitted by law and the greatest extent practicable in light of the need to protect sources and methods, sensitive information, and the integrity of ongoing operations and investigations, maintain and make available evaluated national security threat actor information within the relevant technical architectures.

For all applications and uses of national security threat actor information managed within the technical architectures established under subsection (A) of this section that seek or would be reasonably likely to result in the denial of a benefit or protected interest, the heads of the agencies responsible for such applications or uses shall first ensure that appropriate and lawful procedures and safeguards exist to protect individuals’ privacy, civil rights, civil liberties, and other constitutional and statutory rights, and provide appropriate protections before the application or use goes into effect.

The Secretary of Commerce, acting through the Director of the National Institute of Standards and Technology and in coordination with the Director of National Intelligence, shall, as part of its ongoing coordination of the development, publication, and evolution of national standards, lead a standing interagency effort, which shall include relevant elements of the Intelligence Community, to establish specific models for information exchange and corresponding application profiles for identity attributes relevant to the implementation of this memorandum. These national standards shall, to the extent practicable, be consistent with relevant voluntary international standards when such standards advance national security interests.

The heads of the agencies shall, to the extent practicable, implement the standards, formats, and application profiles developed pursuant to subsection (F) of this section within their system acquisition and research and development activities.

The Director of National Intelligence shall work with Intelligence Community elements to explore and implement solutions for standardizing and publishing key identity attributes captured within intelligence information reports in machine readable formats to support automated processing within the technical architectures established under subsection (A) of this section, in accordance with approved standards, formats, and application profiles established under subsection (F) of this section.

The Director of the Office of Science and Technology Policy, in coordination with the Attorney General, the Secretary of Homeland Security, the Director of National Intelligence, and the heads of other appropriate agencies, shall, through the National Science and Technology Council, work with departments and agencies to align and synchronize Federally-funded research and development activities that seek to enhance the integration, management, and use of national security threat actor information.

The Deputies Committee of the National Security Council may supplement, modify, or remove the categories of national security threat actors established pursuant to this memorandum. Upon approval by the Deputies Committee, changes to these categories shall be formally documented by updating the annex to this memorandum.

Within 270 days of the date of this memorandum, the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, in coordination with the Secretary of State, the Secretary of the Treasury, and the Secretary of Energy, shall, through the Assistant to the President for Homeland Security and Counterterrorism, submit to the President a plan to implement this memorandum.

The Assistant to the President for Homeland Security and Counterterrorism shall, consistent with National Security Presidential Memorandum–4 of April 4, 2017, or any successor document, coordinate, facilitate, review, and, as appropriate, make recommendations concerning all policy aspects regarding the integration, sharing, and application and use of national security threat actor information and its implementation.

Sec. 4. General Provisions.

This memorandum does not alter existing statutory and regulatory authorities or responsibilities of agency heads to carry out operational activities or provide and receive information.

This memorandum is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

DONALD J. TRUMP

ANNEX

A. Cyber threat actors:  Individuals, networks, or entities known or appropriately suspected to be associated with malicious cyber activities that affect national security, critical infrastructure, or key resources of the United States.

B. Foreign intelligence threat actors:  Individuals, organizations, or groups either (1) known or appropriately suspected to be engaged in espionage or other intelligence activities conducted against the national security interests of the United States by, for, or on behalf of foreign powers, organizations, or persons, or (2) known or appropriately suspected of seeking access to United States Government personnel, information, or assets for intelligence purposes.

C. Military threat actors:  Individuals, organizations, groups, or networks, including individuals acting as agents of a foreign government, that are not part of a foreign state’s armed forces, who are known or appropriately suspected to be engaged in activities that constitute an articulable threat to U.S., U.S. supported, or U.S.-led coalition military operations, personnel, equipment, or facilities.

D. Transnational criminal actors:  Individuals, organizations, groups, or networks known or appropriately suspected to be engaged in an ongoing pattern of serious illegal activity involving a foreign jurisdiction and the United States or the jurisdictions of at least two sovereign states that threaten the national security interests of the United States or other global security interests, to include the security of citizens, welfare of communities, economic prosperity and trade, and regional stability.

E. Weapons proliferators:  Individuals, organizations, groups, or networks known or appropriately suspected to knowingly direct, participate in, or support the illicit acquisition or propagation of weapons of mass destruction (chemical, biological, radiological, or nuclear), advanced weapon systems, conventional weapons, improvised weapons systems, or their related technologies, materials, expertise, or means of delivery.