HomeMission CentersCritical Technology ProtectionIndustrial Security Integration & Application (ISIA)Business Analysis & Mitigation Strategy (BAMS)


Business Analysis & Mitigation Strategy (BAMS)

This division has three functional areas of operation namely: Business Analysis, Mitigation Strategy and Integration.

Business Analysis highlights vulnerabilities to the defense industrial base through its mission of identifying foreign ownership, control, or influence (FOCI) within cleared U.S. contractors. Leveraging various government and commercial resources, efforts are coordinated with internal and external elements yielding written business analysis products contributing towards a comprehensive risk-based analysis and mitigation product which in-turn provides customers with an understanding of risks to classified national security information and technology, and informing the implementation of the appropriate mitigation and countermeasures.

Mitigation Strategy’s mission is to mitigate risks associated with foreign ownership, control, or influence (FOCI) in the National Industrial Security Program. Mitigation Strategy negotiates and emplaces contractual agreements that require FOCI companies to acknowledge and mitigate those risks. These steps could include reorganizing corporate boards; reviewing electronic communications; physically separating from FOCI affiliates; and training employees on FOCI issues. Mitigation Strategy also supports oversight of FOCI companies to ensure mitigation measures are fully implemented and compliance with the FOCI mitigation agreements.

Risk Integration directly supports both business analysis and mitigation strategy by providing subject matter expertise in the areas of business, acquisition and intelligence, and international law leading to a comprehensive understanding of companies and the industries in which they operate, the technologies they produce or support, and the regulatory environments inherent in foreign countries . This expertise is provided along the entire length of the business analysis and mitigation strategy lifecycle. Additionally, risk integration is responsible for completing impact assessments which assess the magnitude of loss should an asset be compromised. The impact assessment when combined with a threat assessment and vulnerability assessment form the foundation of DSS’ Risk Based Analysis and Mitigation framework which focuses on quantifying risk to inform and support internal and external partners’ decisions.

Please send inquiries concerning negotiating a FOCI Agreement, implementing a FOCI Agreement, or general FOCI agreement questions, to the FOCI Operations Division Mailbox: dss.quantico.dss-hq.mbx.foci-operations@mail.mil; include your company's name and CAGE code if they are already under a FOCI Agreement.

Please send inquiries concerning National Interest Determinations (NIDs), including requesting and processing NIDs, to the FOCI National Interest Determination Mailbox: dss.quantico.dss-ipp.mbx.nid@mail.mil; include your company's name and CAGE code.