The Defense Counterintelligence and Security Agency announced in May the approval of a revised form for disclosing foreign ownership, control, and influence.
The updated Certificate Pertaining to Foreign Interests, also known as the SF 328, marks a significant milestone in the government’s new approach to mandatory FOCI reporting, emphasizing broader disclosures to regulators engaged in evaluating national security threats from companies with foreign ties.
The new SF 328 is a key component of the government’s evaluation of FOCI risk factors, which used to be limited primarily to the approximately 1,200 companies per year that are determined eligible during the facility clearance process. Now, the SF 328 is mandatory not only for companies requiring access to classified government information, but also for companies seeking contracts for certain unclassified programs.
As a primary requirement of the facility clearance process, the SF 328 has been a source of frustration for the government contracting industry. For example, the DCSA has reported that more than 70% of applications are rejected and a majority of those rejections are related to improper documentation related to the SF 328.
The updated form was designed to clarify complicated questions and provides more comprehensive instructions to help contractors submit necessary information on the first attempt, which in turn will allow the DCSA to process facility clearance applications faster.
The revised SF 328 also expands its reach. Going forward, a completed SF 328 is required to determine eligibility for additional programs, such as the Small Business Innovation Research, Small Business Technology Transfer programs, for Cybersecurity Maturity Model Certification, as well as DOD contracts awarded to “covered contractors and subcontractors,” under Section 847 of the 2020 National Defense Authorization Act.
These changes will significantly affect contractor compliance and increase due diligence costs for investors. For those investing in or acquiring defense contractors, the updated SF 328 represents both a challenge and an opportunity. While investors will be required to provide their portfolio companies with detailed information regarding their investors and funding sources, the new requirements also make potential vulnerabilities harder to overlook.
The DCSA has said existing SF 328 filings don’t need to be resubmitted solely because the form changed. However, companies submitting initial facility clearance applications or changed conditions packages after May 12, 2025, must use the new SF 328.
We recommend facility security officers and security professionals educate company leadership immediately because the new requirements necessitate greater involvement and coordination with stakeholders (such as affiliates, investors, cleared personnel, etc.). For entities that currently hold an FCL, we recommend proactively gathering information to assess potential mitigation efforts in advance of a specific notification requiring an update.
Some frustrations about the process may continue because of additional documentation requirements, the growing number of submissions, and the evolving and complex ownership structures of many early-stage national security technology companies and investors.
Still, the revisions and added instructions clarify the DCSA’s requirements and policies (some of which have been in place for a while) and, overall, the new SF 328 should be a welcome improvement for many defense-related technology innovators.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law, Bloomberg Tax, and Bloomberg Government, or its owners.
Author Information
Grant Schweikert is special counsel at Cooley and advises government contractors and investors in M&A and venture capital transactions.
Umer Chaudhry is an associate at Cooley and assists clients—foreign and domestic—in successfully navigating complex regulations in the government contracts and national security spaces.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.