The U.S. Department of Defense has instituted a new policy requiring journalists to sign a pledge restricting their information gathering activities or risk losing their credentials to cover the military. This policy, announced on September 19, 2025, under Defense Secretary Pete Hegseth, represents a fundamental shift in the relationship between the military establishment and the press corps that reports on its activities. The directive forces reporters to agree not to gather or use any information that has not been formally authorized for release, including unclassified material, effectively creating a system where all military reporting must be pre-approved by government officials.
This development has significant implications for information security professionals who study how organizations control information flow, manage access privileges, and implement security policies. While presented as an operational security measure, the policy establishes a comprehensive framework for information control that extends beyond traditional classification boundaries. The mechanisms implemented—including restricted movement, enhanced identification, and strict enforcement protocols—resemble security models used in sensitive computing environments but applied to human information gathering activities.
**TL;DR: Key Policy Changes**
* Reporters must sign a pledge restricting unauthorized information gathering, including unclassified material
* Physical access is severely limited to specific “yellow zones” within the Pentagon
* New brightly colored press badges enhance identification and monitoring
* Broad enforcement powers allow credential revocation for vague violations including “unprofessional conduct”
* Extensive logistical restrictions on parking, filming, and movement with escorts
The core requirement of the new policy centers on a signed pledge that journalists must acknowledge. This document obligates reporters to refrain from obtaining or publishing any information—including unclassified material—unless it has been “approved for public release by an appropriate authorizing official” according to multiple news reports. The signed acknowledgment form explicitly states that press credentials “may be denied, revoked, or not renewed if a person is reasonably determined to pose a security or safety risk… based on the unauthorized access, attempted unauthorized access, or unauthorized disclosure of CNSI or CUI” [11]. This creates a contractual obligation that extends beyond traditional handling of classified information to encompass all government information regardless of classification status.
Physical access controls represent another significant component of the new security framework. The policy eliminates journalists’ 24/7 access to unclassified spaces and confines them to specific “yellow areas” on the 2nd floor between the Metro and River Entrances, which include the food court and certain corridors [17], [18]. Access to most other areas, including the offices of the Secretary of Defense (3rd floor, E-Ring) and the Joint Staff (2nd floor), now requires official approval and a government escort [1], [2], [5], [7], [16]. This compartmentalization of physical space mirrors network segmentation strategies used in secure computing environments where users are restricted to specific zones based on their clearance and need-to-know.
Identification and monitoring mechanisms have been enhanced through the introduction of new bright red or orange passes clearly marked “PRESS” to make journalists more easily identifiable within the building [1], [7], [15]. This approach resembles security systems that use color-coded badges for different access levels, enabling visual identification of individuals and their permissions. The policy also implements a stringent probationary system for new reporters involving a two-step process: a 3-month PFAC (Pentagon Facility Access Credential), followed by a 6-month PFAC, before eligibility for an annual badge [6]. This gradual trust establishment mirrors security clearance processes and zero-trust architecture implementations.
Enforcement provisions within the policy grant broad discretion to security personnel. The Pentagon reserves the right to revoke press credentials for violations including “unprofessional conduct that might serve to disrupt Pentagon operations” or “attempts to improperly obtain” controlled information [1], [2], [5], [7], [13]. The formal procedure for denial, revocation, or non-renewal of credentials allows an applicant 30 days to appeal but states that the decision of the Director of the Pentagon Force Protection Agency (PFPA) “shall be conclusive” and “does not confer any rights on any individual” [13], [14]. This establishes a security governance model with minimal oversight and maximum administrative discretion.
Logistical constraints further reinforce the information control framework. Press parking is severely restricted to a specific lot, with journalists required to request temporary clearance for each visit while providing extensive vehicle details, limited to 5 days of temporary parking per month with overnight parking prohibited [7]. All visual or audio recording on the Pentagon Reservation is prohibited unless approved in advance, including the use of cell phone cameras for apps like FaceTime or taking “selfies” [8]. Even credentialed reporters must be escorted by authorized Department of Defense personnel for any movement outside designated “yellow zones,” including for in-person interviews in offices [9], [16].
The official justification for these measures, as stated in an internal memorandum dated May 23, 2025, cites the need for “professional balance between press access and OPSEC” and directs these measures “to reduce the opportunities for in-person inadvertent and unauthorized disclosures” of classified and sensitive information [16]. Chief Pentagon spokesman Sean Parnell framed the rules as “basic, common-sense guidelines to protect sensitive information” that are in line with access policies on military bases nationwide [2]. Defense Secretary Hegseth stated on X, “The ‘press’ does not run the Pentagon — the people do… Wear a badge and follow the rules — or go home” [1], [2], [5].
Security professionals should note that this policy represents an evolution of information control mechanisms that blend physical security, personnel management, and operational security concepts. The system implements principles of least privilege, need-to-know access, and behavioral monitoring in a human intelligence context. While presented as security measures, these controls also effectively limit independent information gathering and create a managed information environment where all reporting outputs can be traced to officially sanctioned sources.
The policy has drawn significant criticism from press freedom organizations and journalism professionals. National Press Club President Mike Balsamo condemned the rules as a “direct assault on independent journalism,” warning that “If the news about our military must first be approved by the government, then the public is no longer getting independent reporting. It is getting only what officials want them to see” [1]. Former CNN Pentagon Correspondent Barbara Starr called the effort “extremely troubling” and noted it was unclear what criteria would be used to revoke passes, moving beyond the long-understood handling of classified information [2].
From a security architecture perspective, this case study demonstrates how organizational policies can be designed to control information flow through multiple layered mechanisms: contractual obligations (the pledge), physical restrictions (access zones), identification systems (colored badges), monitoring protocols (escort requirements), and enforcement procedures (revocation authority). This comprehensive approach shows how security principles can be applied to manage human information behavior in physical environments, though with significant implications for transparency and independent oversight.
The implementation of these restrictions follows earlier actions to curtail press access at the Pentagon, including evicting major news outlets such as NBC News, The New York Times, and POLITICO from their dedicated workspaces in January 2025 in favor of mostly conservative outlets [1], [5], and implementing earlier rules in May 2025 requiring escorts for reporters in certain unclassified areas [1], [2], [16]. This pattern demonstrates a gradual implementation of security controls, a common approach in security policy rollout that allows for testing and adjustment before full implementation.
For security professionals, this case offers insights into how information control systems can be designed and implemented across multiple domains—physical, digital, and human. The policy demonstrates how security principles can be extended beyond traditional technical systems to manage human information gathering activities, though such applications raise important questions about transparency, accountability, and the balance between security and other organizational values.
