Facility Security Clearance Compliance Lawyer

The Department of Defense does not provide Facility Security Clearances for entire companies. The DoD only provides Facility Security Clearances for individual operating entities such as a plant, laboratory, office, college, university, or commercial structure with associated warehouse, storage areas, utilities and components. The approval process for obtaining an FCL is very complex and requires substantial documentation and preparation. Facility Security Clearance levels are Confidential, Secret and Top Secret. These are the steps required to obtain a Facility Security Clearance:

1) Sponsorship Letter: The Government Contracting Activity, or GCA, or the prime Government Contractor must submit a Sponsorship Letter to DoD on behalf of the company seeking a Facility Security Clearance.
2) Selection of a Facility Security Officer and Key Management Personnel: Each facility seeking a Facility Security Clearance must select a Facility Security Officer and Key Management Personnel. A Facility Security Officer, known as an FSO, is the primary point of contact between the Dod Defense Security Service and the facility. Key Management Personnel, known as KMPs, are individuals who have some measure of control or influence over decisions involving classified information and projects. FSOs and KMPs must be eligible to receive an Industrial Security Clearance, or ISC.
3) Phone Interview with the Facility Clearance Branch: The DSS Facility Clearance Branch will schedule a telephonic conference call with the proposed Facility Security Officer and a member of Key Management Personnel, both of whom must be familiar with the company. The FSO and KMP must also review the FCL Orientation Handbook.
4) Obtaining a Commercial and Government Entity Code: The proposed Government Contractor must obtain a Commercial and Government Entity Code, or CAGE Code from the System for Award Management database, or SAM.
5. Department of Security Services Facility Site Visit: The Department of Security Services will schedule a facility site visit. The facility site visit will cover a number of topics, including the roles and responsibilities of the Facility Security Officer and Key Management Personnel, facility security and the handling of classified information by Contractors and employees with an Industrial Security Clearance, or ISC.
6. FSO Industrial Security Clearance & KMP Industrial Security Clearance: The Facility Security Officer and Key Management Personnel must individually obtain an Industrial Security Clearance. The proposed FSO and proposed KMPs must be eligible to obtain an ISC pursuant to the NISPOM requirements. Any conduct, including criminal convictions, mentioned in the United States Code of Federal Regulations 32 C.F.R. § 147 Guidelines can result in the denial of an Industrial Security Clearance. It is important for the proposed FSO and proposed KMPs to rectify any potential personal issues before beginning the Facility Security Clearance and Industrial Security Clearance processes.
7. DD Form 441 Department of Defense FCL Security Agreement: The Department of Defense Security Agreement between the Department of Defense and the Government Contractor that confers a Facility Security Clearance is contained in DD Form 441. Attachments to the DoD Security Agreement are DD Form 441-1 and SF 328. As part of the DoD Security Agreement, the FCL is required to maintain compliance with the National Industrial Security Program Operating Manual, or NISPOM. Once the facility receives a Facility Security Clearance, the company can request that contractors or employees who need to handle classified documents or information obtain an Industrial Security Clearance, or ISC.

It is important to note that steps 3 through 6 may occur simultaneously. DSS can grant an Interim Facility Security Clearance while the application for an ISC is pending. However, Interim approval is not guaranteed and can be revoked at any time Thus, it is important for a proposed FCL to obtain the required documentation as early as possible. The required documentation for a Facility Security Clearance includes, but is not limited to:

Some facilities may require additional security plans and procedures. This will be determined by the Dod DSS prior to the issuance of a Facility Security Clearance. Additional security protocols can include a Special Access Program, further investigative procedures or Foreign Ownership, Control or Influence (FOCI) mitigation instruments. Depending on the type of facility, the facility may require adherence to other federal security measures such as Chemical Facility Anti Terrorism Standards, or CFATs.

If your company desires a facility to have a Facility Security Clearance, or FCL, contact a Facility Security Clearance Attorney for representation.

The National Industrial Security Program Operations Manual, or NISPOM, requires that the company requesting a Facility Security Clearance be free for Foreign Ownership, Control or Influence, also known as FOCI. The Department of Defense remains concerned that if a foreign government, company or individual maintains any control over a FCL, classified information could become compromised. The National Industrial Security Program, or NISP, requires FCL applicants to Form SF-328, the Certificate Pertaining to Foreign Interest. If the DoD Defense Security Service, or DSS, believes the company seeking an FCL for its facility is subject to Foreign Ownership, Control or Influence, the matter will be assigned to a FOCI Action Officer. The FOCI Action Officer will request additional documentation regarding the level of Foreign Ownership, Control or Influence over the company and facility applying for a Facility Security Clearance. Once the FOCI Action Officer receives all of the requested documentation, the FOCI Action Officer will determine if any FOCI Mitigation is required prior to providing the Facility Security Clearance.

Mitigation is the process that the Department of Defense uses to alleviate any concern about an FCL applicant who may be subject to FOCI. In most cases, FOCI mitigation requires a FOCI Mitigation Instrument pursuant to NISPOM 2-303. A FOCI Mitigation Instrument is memorialized in a FOCI Mitigation Agreement between the FCL applicant and the DoD so the applicant can obtain a Facility Security Clearance. Types of FOCI Mitigation Agreements include:

1) Board Resolution (BR): A Board Resolution can be used as a FOCI Mitigation Agreement if the foreign entity does not have the power to appoint or elect a representative to the company’s Board of Directors that operates the facility.
2) Security Control Agreement (SCA): A Security Control Agreement can be used as a FOCI Mitigation Agreement if the foreign entity can appoint or elect a representative to the company’s Board of Directors, but the foreign entity does not own or control the company operating the facility.
3) Special Security Agreement (SSA): A Special Security Agreement can be used as a FOCI Mitigation Agreement if the foreign entity owns or controls the company operating the facility and a National Interest Determination shows that the national security of the United States will not be harmed through control measures or a Government Security Committee, or GSC.
4) Proxy Agreement (PA): A Proxy Agreement can be used as a FOCI Mitigation Agreement if the foreign entity owns or controls the company operating the facility and the voting rights of the foreign owned stock are vested in cleared United States citizens.
5) Voting Trust Agreement (VTA): A Voting Trust Agreement can be used as a FOCI Mitigation Agreement if the foreign entity owns or controls the company operating the facility and the shares owned or controlled by the foreign entity are vested in cleared United States citizens.

A company operating a Facility Security Clearance with a FOCI Mitigation Agreement may require additional safeguards to protect classified information, known as FOCI Action Plans. Types of FOCI Action Plans include:
1) Affiliated Operations Plan (AOP): An Affiliated Operations Plan, or AOP, may be required to prevent foreign entities, non cleared United States citizens and other individuals working for a parent company or subsidiary company lacking a Security Clearance from accessing classified information. Affiliated Operations may also include a third party contractor affiliate providing the following services: Accounting, Administrative, Maintenance and Security.
2) Technology Control Plan (TCP): A Technology Control Plan, or TCP, may be required to prevent foreign entities, non cleared United States citizens and other individuals lacking a Security Clearance from accessing classified information through technological means. Technology includes, but is not limited to, computer hardware, computer software, data devices and telephones.
3) Electronic Communications Plan (ECP): An Electronic Communications Plan, or ECP, may be required to prevent foreign entities, non cleared United States citizens and other individuals lacking a Security Clearance from accessing classified information through electronic means. Electronic Communications include, but are not limited to, information stored on computer devices and other electronic means.
4) Visitation Plan (VP): A Visitation Plan, or VP, may be required to prevent foreign entities, non cleared United States citizens and other individuals lacking a Security Clearance from accessing classified information through personal contact within facilities. In a Visitation Plan, visits may be required to be approved, noticed a certain number of days in advance and restricted to particular areas of the facility.
5) Facilities Location Plan (FLP): A Facilities Location Plan, or FLP, may be required to prevent foreign entities, non cleared United States citizens and other individuals lacking a Security Clearance from accessing classified information through its proximity to an FCL. A Facilities Location Plan may require a number of conditions to safeguard confidential, classified information. FCLs that are collocated near an Affiliate Operation will likely require a Facilties Location Plan.

Facility Security Officers, or FSOs, are responsible for the implementation of FOCI Mitigation Agreements and FOCI Action Plans. The FSO must maintain contact with the DSS Industrial Security Representative, known as the IS Representative. If any FOCI Mitigation Agreement or FOCI Action Plan is breached or compromised, the FSO must immediately take remedial measures and notify DSS. The Facility Security Officer must also communicate any proposed changes to the FOCI Mitigation Agreement and FOCI Action Plans in place at the FCL.

If your company’s Facility Security Clearance is delayed due to FOCI, contact a Facility Security Clearance compliance attorney for assistance with a FOCI Mitigation Agreement and FOCI Action Plan.

At the beginning of the Facility Security Clearance approval process, the Department of Defense assigns an Industrial Security Representative, or ISR, to the facility. The ISR does not work for the benefit of the business entity seeking to become a Government Contractor with a Facility Security Clearance. The Industrial Security Representative works for the Department of Defense’s Defense Security Service. The ISR highlights problems and potential issues that prevent a timely DD Form 441 agreement to provide a facility with an FCL. Most delays result from non compliance with NISPOM. Any delay in Facility Security Clearance designation can result in the loss of millions of dollars in Government Contracting Activities or subcontracts from prime Government Contractors.

Many of these problems and concerns can be mitigated before the company’s facility applies for designation as an FCL. A business entity, company or corporation seeking to obtain a Facility Security Clearance for one of their facilities should retain a Facility Security Clearance Lawyer to provide comprehensive solutions to avoid potential delays to FCL designation by the Department of Defense.

Pursuant to the National Industrial Security Program Operating Manual, or NISPOM, companies with a Facility Security Clearance, or FCL, must adhere to certain guidelines. As described above, All Key Management Personnel, or KMPs, for an FCL must have an Industrial Security Clearance. Furthermore, each FCL must have a Facility Security Officer, or FSO. The Facility Security Officer must also obtain an Industrial Security Clearance.

Key Management Personnel is defined as company management, officers and senior leaders who exercise influence over decisions involving classified activity and classified contracts. Key Management Personnel must meet the same criteria required for regular applicants in obtaining an Industrial Security Clearance. Company managers, officers and leaders who are denied an Industrial Security Clearance cannot have any direct or indirect control or influence over classified activity and classified contracts. In some cases, Key Management Personnel Security Clearance denial may result in a denial of a Facility Security Clearance.

A Facility Security Officer, or FSO, is the point of contact between the company holding an FCL and the Department of Defense National Industrial Security Program, or NISP. The Facility Security Officer coordinates the Industrial Security Clearance applications for its employees and potential employees. The FSO is also responsible for implementing a Facility Security Program pursuant to DoD Directive 5220.22-M and the NISPOM. The failure of a Facility Security Officer to adhere to the duties of an FSO can result in the revocation of the Facility Security OFficer’s Industrial Security Clearance and the revocation of the company’s Facility Security Clearance, or FCL.

If you are considered Key Management Personnel, or a KMP, who is denied an Industrial Security Clearance, contact an Industrial Security Clearance denial appeal lawyer to discuss your options. If you are seeking to become a Facility Security Officer, or FSO, and are denied an Industrial Security Clearance, contact a United States Federal Security Clearance denial appeal lawyer for representation. Without a Facility Security Officer, or FSO, or Key Management Personnel, or a KMP, a facility will be unable to obtain a Facility Security Clearance, or FCL. If the Department of Defense denies a facility a Facility Security Clearance, contact a Facility Security Clearance attorney.