I don't understand the point of this proposal. Information already gets various levels of control added to it. There are the obvious and well-known Secret and Top Secret classifications, but for unclassified information there's FOUO (formerly used; stands for for official use only) and CUI (currently used; stands for controlled unclassified information). Release of FOUO and CUI information could result in penalties depending on the particular information involved.

Documents also include dissemination statements about who is allowed access to it. This seems like it's just an extra, unnecessary control when all the controls needed are already in place. If they use and enforce the current approaches already available, then these NDAs aren't really needed (for government information, for gov't employees with access to proprietary data from, say, a contractor an NDA may still be appropriate).

My understanding is that this NDA is far broader in scope than CUI. CUI restrictions only apply to information explicitly marked or identified as CUI.

The draft NDA would apply to “confidential government information,” defined much more broadly than CUI to include non‑public internal operations, personnel matters, deliberative or pre‑decisional materials, and other information an agency deems sensitive, whether or not it falls under existing CUI categories -- it's an open-ended personnel instrument defined by the administration rather than an information handling regime tightly anchored to statutory/regulatory bases than span administrations.

In other words, it's a tool to allow the administration to go after someone who leaks anything the administration doesn't want leaked for open ended reasons.

[oops. That was intended as a response to Jtsummers]