Advanced Search

Decree 4553 Of 27 December 2002

Original Language Title: Decreto nº 4.553, de 27 de Dezembro de 2002

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

DECREE N. 4,553? FROM December 27, 2002

Dispose about the safeguard of data, information, documents and sensitive materials of interest from the security of society and the State, within the framework of the Federal Public Administration, and gives other arrangements.

THE PRESIDENT OF THE REPUBLIC, in the use of the attribution that confers it on art. 84, incisos IV and VI, paragraph "a" of the Constitution, and with a view to the provisions of the art. 23 of Law No. 8,159, of January 8, 1991,

DECRETA:

CHAPTER I

OF THE PRELIMINARY PROVISIONS

Art. 1º This Decree discipline the safeguarding of data, information, documents and sensitive materials, as well as of the areas and facilities where they tramway.

Art. 2º They are considered to be originally sigilous, and will be as such classified, data or information whose unrestricted knowledge or disclosure may entail any risk to the safety of the society and the State, as well as those necessary for the resguarding of the inviolability of the intimacy of private life, honour and of the image of the people.

Single paragraph. Access to sensitive data or information is restricted and conditioned on the need to get to know.

Art. 3º A production, handling, consultation, transmission, maintenance and guarding of data or sensitive information will observe special safety measures.

Paragraph single. Every authority in charge of the data tract or sensitive information will arrange for the personnel under your orders to fully know the established security measures, by caretaking for their faithful fulfillment.

Art. 4º For the effects of this Decree, the following concepts and definitions are established:

I? authenticity: asseveration that the data or information are true and reliable both at the origin and the destination;

II? classification: attribution, by the competent authority, of degree of secrecy to given, information, document, material, area or installation;

III? commitment: loss of security resulting from unauthorized access;

IV? security credential: certificate, granted by competent authority, which entitifully enables a person to have access to data or information in different degrees of secrecy;

V? declassification: cancellation, by the competent authority or by the deadline transcourse, of the classification, making ostensible data or information;

VI? availability: ease of retrieval or accessibility of data and information;

VII? degree of secrecy: gradation attributed to data, information, area or installation considered to be secretive in due to its nature or content;

VIII? integrity: incolumity of data or information at source, transit, or destination;

IX? investigation for accreditation: enquiries on the existence of the indispensable requirements for granting security credential;

X? legitimacy: asseveration that the issuer and the receiver of data or information are legitimate and reliable both at the origin and the destination;

XI? marking: brand betting signaling the degree of secrecy;

XII? special security measures: measures aimed at ensuring secrecy, inviolability, integrity, authenticity, legitimacy and availability of data and sensitive information. Also aim to prevent, detect, annul, and record actual or potential threats to these data and information;

XIII? need to know: personal condition, inherent in the effective exercise of office, function, employment or activity, indispensable for a person possessing security credential, to have access to sensitive data or information;

XIV? ostensible: unclassified, whose access can be franchised;

XV? reclassification: alteration, by the competent authority, of the classification of data, information, area or classified installation;

XVI? secrecy: secrecy; of restricted knowledge to accredited persons; protection against non-authorial disclosure; and

XVII ? visit: person whose entry was admitted, in exceptional character, in a sigilous area.

CHAPTER II

OF SECRECY AND SECURITY

SECTION I

From Classification According to Sigilo's Grade

Art. 5º The sensitive data or information will be classified into top secret, secret, confidential and reserved, on the grounds of its content or of its intrinsic elements.

§ 1º Are passable as ultra-secret, among others, data or information regarding sovereignty and national territorial integrity, military plans and operations, international relations of the Country, research and scientific and technological development projects of interest of the national defense and economic programs, whose unauthorized knowledge can entail exceptionally serious damage to the security of society and the state.

§ 2º Are liable to be classified as secret, among others, data or information regarding systems, facilities, programs, projects, plans or operations of interest of national defense, the diplomatic and intelligence matters and the plans or details, programs or strategic facilities, whose unauthorized knowledge could entail serious damage to the security of society and the state.

§ 3º Are passable as confidential data or information which, in the interests of the Executive Power and the parties, should be of restricted knowledge and whose unauthorized disclosure could frustrate their goals or entail harm to the safety of society and the state.

§ 4º Are passable from classification as reserved data or information whose unauthorized disclosure may compromise plans, operations or objectives in them foreseen or referred to.

Art. 6º The classification in the ultra-secret degree is of competence of the following authorities:

I? President of the Republic;

II? Vice President of the Republic;

III? Ministers of state and assimilation; and

IV? Commanders of the Navy, the Army and the Aeronautics.

Single paragraph. In addition to the authorities established in the caput, they may assign a degree of secrecy:

I? secret, the authorities who exert directing, command or managerial functions; and

II? confidential and reserved, the civil and military servers, in accordance with specific regulation of each Ministry or the organ of the Presidency of the Republic.

Art. 7º The terms of duration of the classification referred to in this Decree vigorously as of the date of production of the data or information and are as follows:

I? top secret: maximum of fifty years;

II? secret: maximum thirty years;

III? confidential: maximum of twenty years; and

IV? reserved: maximum of ten years.

§ 1º The term of the ultra-secret classification may be renewed indefinitely, in accordance with the interest of the security of society and the state.

§ 2º Also considering the interest in the safety of the society and the State, may the authority responsible for classification in the secret, confidential and reserved grades, or hierarchically superior competent authority to have the matter, renew the term of duration, a single time, per period never higher than those prescribed in the caput.

SECTION II

From Reclassification and Dissorting

Art. 8º Data or information classified in the degree of ultra-secret secrecy will only be able to be reclassified or declassified, upon decision of the authority responsible for its classification.

Art. 9º For the secret, confidential and reserved degrees, you can the responsible authority by the classification or hierarchically superior competent authority to have the subject matter, respected the interests of the security of the society and the State, to amend or cancel it, by means of a skilled expedient of reclassification or declassification addressed to the holder of the custody of the data or sensitive information.

Single paragraph. In the reclassification, the duration of duration restarts from the date of the formalization of the new classification.

Art. 10. The declassification of data or information in the secret, confidential and reserved degrees shall be automatic after transcend the deadlines set out in the incisos II, III and IV of the art. 7º, save in the case of renewal, when then the declassation will occur at the end of your term.

Art. 11. Data or sensitive permanent guard information that is the object of declassification will be forwarded to the competent public archival institution, or to the permanent file of the public body, public entity or public character institution, for purposes of organization, preservation, and access.

Single paragraph. They consider permanent guard the data or information of historical, probatory and informative value that should definitely be preserved.

Art. 12. The indication of the reclassification or declassification of data or sensitive information should appear on the covers, if any, and of the first page.

CHAPTER III

OF DATA MANAGEMENT OR SENSITIVE INFORMATION

SECTION I

From the Procedures for Document Classification

Art. 13. The pages, paragraphs, sections, component parts or the attachments of a classified document may merit different classifications, but the document as a whole will be assigned the highest degree of secrecy conferred on any of its parts.

Art. 14. The classification of a group of documents that form a set must be the same as assigned to the classified document with the highest degree of secrecy.

Art. 15. The publication of the secretive acts, if it is the case, shall be limited to their respective numbers, dates of dispatch and amendments, worded so as not to compromise secrecy.

Art. 16. The maps, plans-relief, letters and photocartas based on aerial photographs or their negatives will be classified in the grounds of the details that reveal and not of the classification attributed to the photographs or negatives that gave them origin or of the lowered guidelines to obtain them.

Art. 17. Extracts from sigilous documents may be drawn up, for their disclosure or execution, upon express consent:

I? of the classifying authority, for ultra-secretive documents;

II? of the classifying authority or the hierarchically superior competent authority to have on the matter, for secret documents; and

III? of the classifying authority, the addressee or the hierarchically superior competent authority to have on the matter, for confidential and reserved documents, except when expressly vetted in the document itself.

Paragraph single. To the excerpts that it treats this article will be assigned degrees of secrecy equal to or lower than those assigned to the documents that gave them origin, save when elaborated for purposes of disclosure.

SECTION II

Of The Document Sigiloso Controlled

Art. 18. Controlled Sigilous Document (DSC) is the one that, by its importance, requires additional control measures, including:

I? identification of the recipients in protocol and own receipt, when of the diffusion;

II? Custody Term lavrature and registration in specific protocol;

III? year-over-year lavrature of inventory, by the forwarding body or entity and by the receiving organ or entity; and

IV? transfer term lavrature, whenever you proceed to the transfer of your custody or guard.

Para. single. The term of inventory and the transfer term will be drawn up in accordance with the models set out in Annexes I and II of this Decree and will be under the guard of a control organ.

Art. 19. The ultra-secret document is, by its nature, considered DSC, since its classification or reclassification.

Paragraph single. At the discretion of the classifying authority or the hierarchically superior competent authority to have on the subject, the provisions of the caput can apply to the remaining degrees of secrecy.

SECTION III

Da Markup

Art. 20. The marking, or indication of the degree of secrecy, is to be done on all pages of the document and on the covers, if any.

§ 1º The pages will be numbered then, and each must contain, too, indication of the total pages that make up the document.

§ 2º The DSC will also express, in the covers, if any, and in all its pages, the expression "Sigiloso Document Controlled (DSC)" and the respective control number.

Art. 21. The marking on excerpts of documents, drafts, sketches and classified drawings will comply with the prescribed in art. 20.

Art. 22. The indication of the degree of secrecy in maps, photocartas, letters, photographs, or in any other sensitive images will comply with the supplementary norms adopted by the organs and entities of the Public Administration.

Art. 23. The means of storing data or sensitive information will be marked with the proper classification in proper location.

Paragraph single. They consider themselves means of storage traditional documents, discs and sound tapes, magnetic or optical and any other means capable of storing data and information.

SECTION IV

From the Expedition and the Communication of Documents Sigilous

Art. 24. The classified documents on your expedition and tramway will comply with the following prescriptions:

I? will be packaged in double envelopes;

II? in the external envelope will not build any indication of the degree of secrecy or the content of the document;

III? in the internal envelope will be affixed to the recipient and the degree of secrecy of the document, so as to be identified as soon as removed the external envelope;

IV? the internal envelope will be closed, sealed and expedited upon receipt, which will indicate, necessarily, sender, recipient and number or other indicative that identifies the document; and

V? where the subject matter is deemed to be of exclusive interest of the recipient, the personal word in the envelope containing the sensitive document will be inscribed.

Art. 25. The expedition, conduction and delivery of top-secret document, in principle, will be effected in person, by authorized public agent, being vetted with its postage.

Paragraph single. The top-secret subject communication in another way other than the one prescribed in the caput will only be allowed exceptionally and in extreme cases, requiring immediate plotting and solution, in fulfillment of the principle of opportunity and considered the interests of the security of society and the state.

Art. 26. The secret, confidential or reserved document dispatch can be made upon postal service, with option of registration, officially designated messenger, order system or, if it is the case, diplomatic suitcase.

Paragraph single. The communication of the subjects of which it treats this article could be done by other means, provided that encryption features compatible with the degree of secrecy of the document are used, as provided for in the art. 42.

SECTION V

From the Registry, from Tramitation and the Guard

Art. 27. It is up to those responsible for the receipt of signeous documents:

I? check the integrity and record, if it is the case, evidence of breach or of any wrongdoing in the correspondence received, giving science of the fact to its hierarchical superior and to the recipient, which it will inform the sender immediately; and

II? proceed to the registration of the document and to the control of your tramway.

Art. 28. The internal envelope will only be opened by the recipient, its authorized representative or hierarchically superior competent authority.

Paragraph single. Envelopes containing the personal brand will only be able to be opened by the recipient himself.

Art. 29. The signee document recipient will immediately communicate to the sender any evidence of tampering or tampering with the document.

Art. 30. The sensitive documents will be kept or guarded under special conditions of safety, as per regulation.

§ 1º For the guard of top-secret and secret documents is mandatory the use of strong vault or structure that offers equivalent or superior security.

§ 2º In the impossibility of adopting the provisions of § 1º, the ultra-secret documents should be kept under armed guard.

Art. 31. The officers responsible for the guard or custody of sensitive documents shall transmit them to their substitutes, duly conferred, when of the passage or transfer of responsibility.

Paragraph single. The provisions of this article shall apply to those responsible for the guard or custody of sensitive material.

SECTION VI

From Reproduction

Art. 32. The reproduction of the whole or part of a classified document will have the same degree of secrecy from the original document.

§ 1º A full or partial reproduction of controlled sensitive documents conditional on the express permission of the classifying authority or the hierarchically superior competent authority to have on the subject.

§ 2º Eventual copies arising from sensitive documents will be authenticated by the head of the Commission referred to in the art. 35 of this Decree, within the framework of public bodies and entities or institutions of public character.

§ 3º Will be provided certifying documents certifying that they cannot be reproduced due to their state of conservation, as long as necessary as evidence in judgment.

Art. 33. The responsible for the production or reproduction of sensitive documents shall provide for the deletion of handwritten notes, types, clichés, carbons, evidence or any other recourse, which may give rise to the unauthorized copying of the whole or part.

Art. 34. Where the preparation, printing or, if it is the case, reproduction of classified document is effected in typographies, printers, graphic workshops or similar, such operation should be accompanied by officially designated person, who will be responsible for the assurance of secrecy during the confection of the document, noted the provisions of the art. 33.

SECTION VII

From Assessment, Preservation and Elimination

Art. 35. The entities and public bodies shall constitute the Standing Committee on Evaluation of Sigilous Documents (CPADS), with the following assignments:

I? to analyze and periodically evaluate the secretive documentation produced and accumulated in the framework of its acting;

II? to propose, to the authority responsible for the classification or the hierarchically superior competent authority to have the subject matter, renewal of the deadlines referred to in art. 7º;

III? to propose, to the authority responsible for the classification or the hierarchically superior competent authority to have the subject matter, amendment or cancellation of the classified classification, in accordance with the provisions of the art. 9º of this Decree;

IV? determine the final destination of the documentation made ostensible by selecting the documents for permanent guard; and

V? authorize access to sensitive documents, in fulfillment of the provisions of the art. 39.

Single paragraph. For the perfect fulfillment of your assignments and responsibilities, CPADS can be subdivided into subcommittees.

Art. 36. Permanent documents of historical, probative and informative value may not be disfigured or destroyed, under penalty of criminal, civil and administrative liability, under the current legislation.

CHAPTER IV

DO ACESSO

Art. 37. Access to sensitive data or information in public bodies and entities and institutions of public character is admitted:

I? to the public agent, in the exercise of office, function, employment or public activity, who have a need to get to know them; and

II? to the citizen, in what concerns his or her person, to his particular interest or the collective or general interest, upon application to the competent body or entity.

§ 1º Every one who has knowledge, pursuant to this Decree, of sensitive subjects shall be subject to administrative, civil and criminal prosecution arising from the possible disclosure of them.

§ 2º The sensitive data or information requires that the procedures or processes that would appear to instruct also to pass the identical degree of secrecy.

§ 3º Will be released to the public consultation the documents containing personal information, provided that previously authorized by the holder or by his heirs.

Art. 38. The access to data or sensitive information, resurred the one provided for in the inciso II of the previous article, is conditioned on the issuance of security credential in the corresponding degree of secrecy, which may be limited in time.

Paragraph single. The security credential of which it treats the caput of this article ranks in the categories of top secret, secret, confidential and reserved.

Art. 39. Access to any secretive document resulting from agreements or contracts with other countries will meet the norms and secrecy recommendations set out in these instruments.

Art. 40. The negative clearance of access should be justified.

CHAPTER V

OF THE INFORMATION SYSTEMS

Art. 41. The communication of data and sensitive information by means of information systems will be done in accordance with the provisions of the arts. 25 and 26.

Art. 42. Re-salvaged the provisions of the single paragraph of the art. 44, the programs, applications, systems and encryption equipment for official use within the framework of the Union are considered to be secretive and should, in advance, be submitted to the compliance certification of the Executive Office of the Board of National Defense.

Art. 43. It is understood as an officer the use of code, cipher or encryption system within the framework of public bodies and entities and institutions of public character.

Paragraph single. It is vetted for use for another purpose other than for the reason of the service.

Art. 44. They apply to the programs, applications, systems and encryption equipment all the security measures provided for in this Decree for the controlled sigilous documents and the following procedures:

I? realization of periodic surveys, with the purpose of ensuring a perfect execution of the cryptographic operations;

II? maintenance of complete and up-to-date inventories of the existing encryption material;

III? designation of cryptographic systems suitable to each recipient;

IV? communication, to the superior hierarchical or to the competent authority, of any abnormality concerning secrecy, inviolability, integrity, authenticity, legitimacy and availability of encrypted data or information; and

V? identification of evidence of tampering or interception or irregularities in the transmission or receipt of data and encrypted information.

Paragraph single. The sensitive data and information, document constants produced in electronic medium, will be signed and encrypted upon the use of digital certificates issued by the Brazilian Public Key Infrastructure (ICP? Brazil).

Art. 45. Equipment and systems used for the production of documents with a degree of ultra-secret secrecy will only be able to be connected to secure computer networks, and that they are physically and logically isolated from any other.

Art. 46. The destruction of sensitive data must be done by method that overwrites the stored information. If it is not within the scope of the organ the logical destruction, physical destruction should be provided by the incineration of the storage devices.

Art. 47. Equipment and systems used for the production of documents with a secret, confidential and reserved degree of secrecy will only be able to integrate networks of computers that possess adequate encryption and security systems the protection of the documents.

Art. 48. The storage of sensitive documents, where possible, should be done in removable media that can be stored with greater ease.

CHAPTER VI

OF THE AREAS AND SIGILOUS FACILITIES

Art. 49. The classification of areas and facilities will be done on the grounds of the sensitive data or information containing or that within their interior are produced or treated, in accordance with the art. 5º.

Art. 50. The holders of the public bodies and entities and public character institutions will fit the adoption of measures aimed at the definition, demarcation, signalling, security and authorization of access to the signed-out areas under their responsibility.

Art. 51. The access of visits to areas and sigilous facilities will be disciplined by means of special instructions from the interested bodies, entities or institutions.

Paragraph single. For the purpose of this article, it is not considered to be visiting the public servant or the particular who officially perform public activity directly linked to the elaboration of study or work deemed to be classified in the interest of the security of society and of the State.

CHAPTER VII

OF THE SENSITIVE MATERIAL

SECTION I

Das Generalities

Art. 52. The holder of a body or public entity, responsible for project or research program, that judge convenient to maintain secrecy about certain material or its parts, in due process of improvement, proof, production or acquisition, should provide, in order for you to be assigned the appropriate degree of secrecy.

Single paragraph. The provisions of this article shall apply to the holder of a public body or entity or public character institutions entrusted with the supervision and control of private entity activities, for the purposes of production or export of material of interest of National Defense.

Art. 53. The holders of public bodies or entities entrusted with the preparation of plans, researches and works of improvement or of new project, proof, production, acquisition, storage or employment of sensitive material are responsible for the dispatch of the additional instructions that become necessary to the safeguarding of the matters with them related.

Art. 54. All models, prototypes, molds, machines and other similar materials deemed to be classified and which are the object of contract of any nature, such as loan, assignment, renting or leasing, will be suitably marked to indicate your degree of secrecy.

Art. 55. Data or sensitive information concerng to technical programs or improvement of material will only be provided to those who, by their official or contractual roles, to them should have access.

Paragraph single. The public bodies and entities will control and coordinate the supply to the physical and legal persons interested in the data and information necessary for the development of programs.

SECTION II

Do Transport

Art. 56. The definition of the means of transport to be used for displacement of sensitive material is the responsibility of the custodian holder and should consider the respective degree of secrecy.

§ 1º The secretive material could be carried by companies for such a contracted end.

§ 2º The necessary measures for the safety of the conveyed material will be established in prior understandings, by means of clauses specific contractual, and will be the responsibility of the contractor company.

Art. 57. Where possible, the sensitive materials will be dealt with by the criteria indicated for the dispatch of sigilous documents.

Art. 58. At the discretion of the competent authority, armed, civil or military guards may be employed, for the transport of sensitive material.

CHAPTER VIII

OF THE CONTRACTS

Art. 59. The conclusion of contract whose object is secretive, or that its execution implies the disclosure of drawings, plants, materials, data or information of a sensitive nature, will comply with the following requirements:

I? the knowledge of the contract minuta will be conditional on the signature term of secrecy maintenance commitment by those interested in the hiring; and

II? the establishment of clauses predicting to:

a) possibility of amending the contract for inclusion of clause of security not stipulated on the occasion of its signature;

b) the obligation of the contractor to maintain secrecy concerning the object contracted, as well as to its execution;

c) the obligation of the contractor to adopt the appropriate security measures, within the framework of the activities under its control, for the maintenance of secrecy relative to the contracted object;

d) identification, for purposes of granting security credential, of the persons who, on behalf of the contractor, will have access to sensitive material, data and information; and

e) responsibility of the contractor for the security of the subcontracted object, in whole or in part.

Art. 60. To public bodies and entities, as well as to public character institutions, to which the contractors are bound, it is up to them to arrange for their tax or representatives to adopt the necessary measures for the security of the documents or secretive materials in power of the contractors or subcontractors, or in the course of manufacturing at their facilities.

CHAPTER IX

OF THE FINAL PROVISIONS

Art. 61. The willing in this Decree applies to material, area, installation and information system whose secrecy is indispensable to the security of society and the State.

Art. 62. Public bodies and entities and public character institutions will require a term of commitment to secrecy maintenance of their servers, employees and employees who directly or indirectly have access to sensitive data or information.

Single paragraph. The agents that treat the caput of this article commit to, after the shutdown, not to disclose or disclose any sensitive data or information from which they have knowledge in the exercise of office, function or public employment.

Art. 63. The officers responsible for the custody of documents and materials and for the security of areas, facilities or information systems of a classified nature shall be subject to the standards regarding professional secrecy, on the grounds of the trade, and to its code of specific ethics, without prejudice to criminal sanctions.

Art. 64. Public bodies and entities and public character institutions will promote the training, capacity-building, recycling and improvement of personnel performing activities inherent in safeguarding documents, materials, areas, facilities and information systems of a sigilous nature.

Art. 65. Any and every person who takes knowledge of sensitive document, pursuant to this Decree becomes automatically responsible for the preservation of their secrecy.

Art. 66. In the classification of the documents will be used, where possible, the least restrictive criterion possible.

Art. 67. At the discretion of the organs and entities of the Federal Executive Power will be expedited supplementary instructions, which will detail the procedures necessary for the full implementation of this Decree.

Art. 68. This Decree comes into force after forty-five days of the date of its publication.

Art. 69. They are repealed the Decrees in the 2,134, of January 24, 1997, 2,910, of December 29, 1998, and 4,497, of December 4, 2002.

Brasilia, December 27, 2002; 181º of Independence and 114º of the Republic.

FERNANDO HENRIQUE CARDOSO

Pedro Parente

Alberto Mendes Cardoso

ANNEX I

TERM OF DOCUMENT INVENTORIES

SIGILERS CONTROLLED NO ______/___

Inventory of the sensitive documents controlled by the ______________________________________________

(name of the forwarder organ or receiver)

________________, _________ of ________ of _____.

_____________________________________________________

(name, function, matriculation of the Responsible)

Witnesses:

_____________________________________________________

(name, function, matriculation)

_________________________________________________________

(name, function, matriculation)

ANNEX II

TERM DE DOCUMENT GUARD TRANSFER

SIGILOUS CONTROLLED NO ________/____

To the _________________ days of the month ____________ of the year two thousand and ___________ gathered in the ____________________________________, the Lord

____________________________________________________________________

(local) (name, function and matriculation)

replaced, and the

Sir ____________________________________________________________________________________________

(name, function and matriculation)

substitute, to confer the controlled sigilous documents, produced and received by the

____________________________________________, then under the custodi a of the first, constant of the

(organ name)

Inventory # __________/______, attachment to the present Term of Transfer, which on this date pass into the custody of the second.

Fulfilled the required formalities and conferred all the constant parts of the Inventory, were they judged as (or with the following changes), being, for the record, washed the present Term of Transfer, in three ways, signed and dated by the substituted and the substitute.

__________________, ______de _____________ of _________.

_________________________________________________________________________

(name, function, registration of the substituted)

_____________________________________________________________

(name, function, replacement tuition)