Skip to main content
|

Add a bookmark to get started

Bookmarks info
  • Home
  • Insights
  • National Security and Global Trade Alert: DCSA updates SF-328 for cleared US government contractors and academic institutions
14 May 20254 minute read

DCSA updates SF-328 for cleared US government contractors and academic institutions

Written by:Nicholas KleinBrad JorgensenPete Young

The Defense Counterintelligence and Security Agency (DCSA) announced the approval of updates made to the Certificate Pertaining to Foreign Interests, or Standard Form (SF) 328, on May 7, 2025. This revised form requires more detailed and comprehensive disclosures from US government (USG) contractors and academic institutions that currently (or intend to) hold a facility security clearance (FCL), perform on classified USG contracts, or otherwise access classified USG information.

The revised SF-328 also enhances the DCSA's ability to assess whether, and to what degree, contractors or academic institutions are operating under Foreign Ownership, Control, or Influence (FOCI), and whether any potential FOCI-related risks warrant mitigation to protect US national security interests.

Key changes to SF-328

Although the general purpose and structure of the SF-328 will essentially remain the same, there are noteworthy changes that reflect DCSA’s evolving national security concerns and perceived vulnerabilities with the previous version. For instance, the updated SF-328 appears to more heavily scrutinize and require broader and more in-depth disclosures related to:

  1. The structure, governance, and ownership of investment (private equity and venture capital) funds and joint ventures
  2. Foreign outsourcing arrangements and business or academic relationships, including those involving product and software research and development, shared services, intellectual property and technology sharing/licensing agreements, strategic partnerships, and visa applications/sponsorships
  3. Foreign indebtedness and default or bankruptcy exposure, and
  4. Gifts and programmatic funding (eg, endowments, grants, tuition, monetary and non-monetary compensation, and participation incentives) as well as revenue derived from foreign sources (eg, the aggregate revenue reporting or disclosure threshold has been lowered from 30 percent to 15 percent).

Although DCSA anticipates that the updated SF-328 and its more detailed corresponding instructions will streamline the review process by reducing the need for follow-up inquiries, it remains that compiling the information required for disclosure in the updated form may prove burdensome to cleared contractors or academic institutions with limited time, personnel, and resources. Preparing the updated form will likely require greater involvement and coordination with internal and external stakeholders (eg, affiliates, limited partner investors or shareholders, employees and senior leaders, joint venture partners, vendors, suppliers, accountants, auditors, legal counsel, and/or financial institutions).

Effective date and applicability of new SF-328

The revamped SF-328 was uploaded by DCSA to the National Industrial Security System (NISS) on May 12, 2025. It applies to all new FCL applicants, cleared entities submitting change condition packages or FCL upgrades, and entities negotiating or renewing FOCI mitigation agreements after this date. DCSA explicitly stated that industry “is not expected to submit a new SF-328 solely because the SF-328 form has been updated,” and the update will not impact FCL applications, or change condition packages that were pending in NISS on or before May 12, 2025. Whether DCSA will change its initial guidance and eventually require all cleared contractors and academic institutions to update their SF-328s, even in the absence of one of the above triggering events, or whether entities will need to do so by a certain deadline (eg, before their next annual inspection) remains to be seen.

In any case, facility security officers, senior management officials, and other key management personnel are encouraged to familiarize themselves with the new requirements, gather the information necessary for the updated SF-328, and continue to monitor the ongoing bipartisan enactment of Section 847 of the 2020 National Defense Authorization Act. This provision will require organizations with any USG contract, subcontract, or defense research assistance award with a value exceeding $5 million to be vetted for FOCI (and potentially subject to mitigation) by DCSA, even if the underlying work is unclassified.

DLA Piper’s National Security and Global Trade and Government Contracting practice groups will continue to provide updates related to the new SF-328 and any subsequent guidance issued by DCSA.

For more information, please contact the authors. 

Related insights

Publication

The second Trump Administration’s first 100 days

6 May 2025 .29 minute read

Publication

FTC pauses “click-to-cancel” rule until July 14

12 May 2025 .1 minute read

Publication

Interstellar Insights - April 2025

21 April 2025 .6 minute read

Print

Related capabilities

Regulatory and Government AffairsGovernment Contracting
Privacy policyLegal noticesCookie policyModern slaveryWhistleblowingFraud AlertSitemap

DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper's structure, please refer to the Legal Notices page of this website. All rights reserved. Attorney advertising.

© 2025 DLA Piper