ISM-0037 Removed History 2008 Agencies should, by default, classify ICT security documentation as a minimum of RESTRICTED with a privacy marking of SECURITY-IN-CONFIDENCE.