The new Facility Clearance

So, you are now realizing the dream of owning your own business as a defense contractor company with a security clearance. Your organization has been investigated, adjudicated, and now possess the coveted Facility Security Clearance (FCL) and is designated a Cleared Defense Contractor (CDC). What’s next? With application still fresh in hand, you should maintain the artifacts submitted in the application for future use. Some of these documents include: the articles of incorporation, the Foreign Ownership Control and Influence, Key Management Personnel, and more.  Keep these on file, as you will need them for the upcoming Defense Counterintelligence and Security Agency (DCSA) reviews.

Designate a Facility Security Officer

A key employee with the CDC is the Facility Security Officer (FSO). The FSO can be a designated employee doing the job as an extra duty, or a dedicated employee only performing that function. This depends on the CDC size and mission. This position is responsible for maintaining the FCL status of the organization and the Personnel Security Clearances (PSC) of employees. They will review and apply classified contract requirements based on the National Industrial Security Program Operating Manual (NISPOM), request security clearance investigations, incorporate cleared employees into the security system, build a security plan to protect classified information and be the face of the CDC for the DCSA field representative.

FCL Requirements

One of the many NISPOM requirements CDCs should follow and document is the implementation of initial security and refresher training. Training should occur immediately upon contract award so the structure is in place to execute appropriate security compliance. A well trained FSO and cleared employee staff can begin to protect classified information and contracts well before performance starts. Documenting the training during the initial DCSA review will also assist with the overall vulnerability rating and demonstrate willingness to protect classified information appropriately.

The FSO not only engages with employee security clearances, but they begin the process of creating a security program to protect classified information. The FSO should consider the costs associated with performing on classified contracts. A CDC that will be in possession of classified information at the facility may need to consider what will be necessary for the storage of classified documents or material at the facility location. Depending on the contract, this could involve purchasing multiple security containers or acquiring large storage areas for oversized material, such as weapons systems or computers. For non-possessing facilities, this does not require the storage of classified information at the CDC, but may require other types of administrative supplies.

The FSO should anticipate expenses, perform risk assessment while implementing guidance from the NISPOM, and advise on ways to reduce costs while being compliant. The earlier into the process the assessment is conducted, the better the company performs.

The FSO will require training for certification that can be conducted as self study or in residence. This training is designed to equip the FSO with the skill necessary to maintain clearances and protect classified information. Additionally, the FSO will need to receive required briefings per the DD Form 254. This document specifies special security training and briefings at levels above Confidential, Secret, and Top Secret. This information includes COMSEC, Intelligence, NATO and other categories. These briefings are first provided to the FSO, who in turn presents to cleared employees, including engineers, program managers, and senior managers performing on the classified work.

The government’s granting of the security clearance comes with a huge responsibility for the CDC. The CDC cleared employees will receive access to classified information, and the FSO is responsible for training the cleared employees to protect that classified information from unauthorized access. The FSO is required to attend DCSA training and build a security program to protect classified information. The government gives the FSO briefings and training, and then the FSOs provide that to the cleared employees. Taking the correct steps when initially granted an FCL can help ensure your company’s success into the future.

 

This series of articles is about what can be expected once a company has received their security clearance. It kicks off a series of articles about newly cleared employees and what they can expect next. This series will open chronologically with the granting of the Facility Security Clearance (FCL) and then continues with the employee Personnel Security Clearance (PCL).

Related News

Jeffrey W. Bennett is a security consultant with SFPC, SAPPC, ISOC, ISP certifications. He maintains a security blog and newsletter and is the author of many security books including DoD Security Clearance and Contracts Guidebook-What Cleared Contractors Need to Know About Their Need to Know, The Insider’s Guide to Security Clearances, and books on security certification. Visit his website www.redbikepublishing.com for more information.