Stricter regulations imposed on disclosing foreign investment in defense industries leave certain companies in a state of disarray
The Defense Department has taken a significant step to enhance transparency and manage national security risks by tightening its grip on foreign investments in U.S. defense contractors. This change is centred around the revised SF-328 form, a gating document that companies submit if they're interested in working for the Department of Defense (DoD).
The newly revised SF-328 form, effective from May 12, 2025, features nine questions instead of ten, and is eight pages long, including instructions. It requires broader disclosures and clearer documentation, particularly regarding foreign ownership, control, or influence (FOCI) oversight in U.S. defense contractors.
One key change is the integration of the SF-328 form into the National Industry Security System (NISS). This move makes compliance mandatory for all new Facility Clearance (FCL) applications, change condition packages involving FOCI developments, and mitigation agreements.
The form now asks about 5% or more direct or indirect ownership in the entity filling out the form from a foreign source, including foreign persons. It also enquires about leadership positions, such as management personnel or members of the board of directors who serve concurrently at foreign-owned companies.
Grant Schweikert, a Special Counsel at Cooley, suggests that companies involved in the Small Business Innovation Research (SBIR), Small Business Technology Transfer (STTR) programs, or Cybersecurity Maturity Model Certification (CMMC) may be required to fill out the SF-328 form in the future, even if they were not previously required.
To help companies understand the rules and requirements of providing critical technology to the government, resources are available on the Defense Counterintelligence and Security Agency (DCSA)'s website. This includes videos, links to a training resource called CDSE for new security professionals and others interested in learning about the rules and requirements.
Contractors are advised to aim for facility clearance to focus on supporting the warfighters and the government. More companies, even those working on unclassified programs, could face delays or denials if they're not prepared.
This update represents a tightening and formalization of Defense Department and DCSA oversight on foreign investments and affiliations in the defense industrial base, with the aim of improving transparency and national security risk management.
[1] Source: Federal Register [3] Source: DCSA's website
The revised SF-328 form, mandatory for various defense contractors as part of the National Industry Security System (NISS), will reimagine the federal workforce, as it may extend to small businesses in innovation, technology, and cybersecurity programs. This move in politics reflects the Defense Department's strategy to ensure technology transfers to the government adhere to stricter national security guidelines, as reported by the General-news sources. [1, 3]
