If you want to provide classified goods or services to the U.S. government, the Defense Counterintelligence and Security Agency must first approve it. DCSA took to social media to remind stakeholders. What goes into the approval process? Three items: entity vetting, facility clearances, and foreign ownership control or influence (FOCI) review.
According to DCSA, there are approximately 12,500 contractor facilities cleared for access to classified information.
Entity Vetting
DCSA must affirm that access to classified materials be it via creation or access is required. “After a determination by DCSA that an entity has a legitimate need for access to classified information in connection with a U.S. Government or foreign government requirement, an entity may be sponsored for an FCL.”
Facility Clearances
If your facility does not have Facility Clearance (FCL), then access to classified information from the company’s workspace will not be possible. The National Industrial Security Program (NISP) was established via E.O. 12829 (January 1993) and which has regularly been updated. The NISPOM is the NISP operating manual, within which one may find the requirements necessary for an FCL. In addition, DCSA has created an easy to follow and understand checklist with primers for those engaged in the process for the first time, via their website.
DCSA has a team of Industrial Security Representatives (ISR) who are the human face to the process and who engage with the cleared industries operating under the NISP. As of August 2023, the DCSA area of operation is divided into five geographic regions and comprise 167 field locations.
There must be a contract in place to support the application for facility clearance and the need to access classified information must be present. An individual contractor may not sponsor themselves for a facility clearance and must be sponsored by the “government contracting activity” (GCA) or another cleared defense contractor. Then the process is straightforward with the submission of the DD form 254 which is handled via the National Industrial Security System (NISS) which is “the system of record for the NISP.”
Additionally, DCSA heavily emphasizes that companies should obtain a Commercial and Government Entity Code (CAGE Code) at the earliest opportunity as this is the code which is used to track engagement and if “a company does not have a CAGE code prior to initiation of the FCL process, significant delays or discontinuation of the process could occur.”
FOCI
The policy of the U.S. Government is to allow foreign investments when they are “consistent with the national security of the United States.”
Foreign control exists under FOCI, “whenever a foreign interest has the power, direct or indirect, whether exercised, and whether exercisable, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts.”
There are several factors identified by the DCSA which are taken into consideration in making the determination. They are:
- Record of economic and government espionage against U.S. targets
- Record of enforcement and/or engagement in unauthorized technology transfer
- The type and sensitivity of the information that shall be accessed
- The source, nature, and extent of FOCI
- Record of compliance with pertinent U.S. laws, regulations, and contracts
- The nature of any bilateral and multilateral security and information exchange agreements that may pertain
- Ownership or control, in whole or in part, by a foreign government
In sum, the classified engagement with government requires jumping through clearly identified hoops, which the DCSA administers, to ensure that there is a need, that there is the capacity to protect classified materials, and that these materials are not under the control of a foreign entity.
