Mitigation Process

Companies entering into the National Industrial Security Program (NISP) are required to obtain a facility security clearance (FCL). An FCL is an administrative determination that a company is eligible for access to classified information at the appropriate level. A company must meet certain requirements before it can be processed for an FCL (NISPOM 2-102). A company is not eligible for an FCL if a reasonable basis exists to conclude that the nature and extent of its FOCI factors are such that foreign dominance over the management of the operations of the facility may adversely impact the performance of classified contracts. Accordingly, a company entering into the NISP is required to complete a Certificate Pertaining to Foreign Interest (SF-328) and other supporting documents to determine the source and extent of the FOCI. All documentation must be submitted via the National Industrial Security System (NISS).

Once a company's sponsorship is approved, a welcome email is generated from the NISS system explaining the steps for moving the FCL process forward. Once the in-process company is registered in NISS, it will have to complete an initial FCL package.

Once a company completes an FCL package, it will be initially reviewed by DCSA to ensure accuracy and completeness. After this initial review the completed FCL package will be forwarded to DCSA Headquarters for final review. If it is determined that FOCI is present, a FOCI Action Officer from DCSA Headquarters will contact the company within a week of receiving the FCL package regarding any additional documentation that may be needed. Once all documentation has been received from a company related to its FOCI, a DCSA Headquarters FOCI Action Officer will contact the company within 30 days regarding any requirement for FOCI mitigation. A company's inability to provide all the required documentation needed to process the FCL, including but not limited to information to adjudicate its FOCI or emplace FOCI mitigation, will result in discontinuation of the FCL process.

At any point in the process, a company in-process for an FCL and known to be under FOCI can submit a FOCI Action Plan to its respective DCSA Headquarters FOCI Action Officer. A complete FOCI Action Plan helps facilitate the FOCI mitigation process. The following link provides a list of potential documentation needed for a complete FOCI Action Plan:

Download the FCL Orientation Handbook

Required Documentation

All documents should be submitted through e-FCL.

Certificate Pertaining to Foreign Interest (SF-328) 

A company being sponsored for an FCL is required to submit a consolidated SF-328 which includes information for all the lower-tier cleared entities within the corporate family (NISPOM -2-302). In cases, the in-process company has uncleared U.S. parent companies, the highest-tier uncleared U.S. Parent must submit the consolidated SF-328 for all U.S. tiers above the cleared entity. The SF-328 must be dated, signed, and certified.

Key Management Personnel (KMP) listing

All entities in the ownership chain must submit the KMP listing. The KMP listing shall identify all elected and appointed positions listed in the governance documents. The KMP listing shall be certified as being accurate, current, and complete by an authorized official of the organization.

Organizational Chart

An organization chart must be submitted, and it shall reflect all U.S. and foreign parent companies including their affiliates. The organization chart shall identify the associations between the cleared facilities and the ultimate parents, including the percentages of ownership, FCL status, CAGE codes and other helpful information explaining the relationship among the companies in the chain of ownership.

Contract Security Classification Specifications (DD Form 254)

In order to help facilitate the processing of your company for a facility security clearance, it is recommended that DD Form 254s are submitted to ensure DCSA is aware of the access requirements.

Download DD Form 254