On October 5, 2023, the Information Security Oversight Office (ISOO) and the Small Business Administration (SBA) released a Joint Notice that provides guidance on the facility security clearance (FCL) requirements for joint ventures (JVs). Government contractors participating in JVs to pursue classified work should be aware of FCL requirements for each member of the joint venture.
As outlined in a prior blog post, historically, there has been confusion as to whether a JV can rely on the FCLs of its members. Some of this confusion was resolved by the 2020 NDAA, which prohibits the Department of Defense (DOD) from requiring that a JV hold an FCL if the members of the JV each hold the required FCL. Further guidance came when SBA issued regulations similarly indicating that a small business JV may be awarded a classified contract from any procuring agency when either the JV itself or the individual partners to the JV have an FCL. Notably, these regulations further provide that the managing member of such a JV need only have an FCL when an FCL is necessary to perform the primary and vital requirements of the contract. In all other cases, the JV member performing the cleared portion of the JV’s work is the only member that must have an FCL. While SBA’s regulations would seem to make is easier for small business JVs to pursue cleared work, the National Industrial Security Program (NISP) Cognizant Security Agencies (CSAs)—which are responsible for processing FCLs—refused to follow SBA’s rules, indicating that SBA does not have the authority to regulate the FCL process.
As outlined in the Joint Notice, SBA and DOD have now reached an understanding. The key takeaways from this Joint Notice are outlined below.
- A NISP CSA will assess the business structure of the JV and sub-entities awarded (or being considered for) the classified contract to determine which of them will need to have an FCL. In part, this assessment will depend on which entity(ies) within the JV will perform on or influence the contract and the relationship between the entities and the classified information.
- The Joint Notice affirms SBA’s JV FCL regulations and the general principle that an unpopulated small business JV does not need an FCL to receive a classified contract so long as the JV member(s) performing the classified work hold the requisite FCL. The Notice explains that SBA’s rules are in alignment with NISP requirements because they aim to ensure that a JV and its members will not be involved with or otherwise influence performance on the security work or access the classified information without a clearance.
- Neither SBA nor the NISP requires an entity to possess an FCL before bidding or being awarded a classified contract. The only requirement is that entities accessing classified information go through the eligibility determination process and be cleared before performing on a classified contract. Contractors should carefully review solicitations and consult with counsel to determine whether they need to file a protest concerning solicitation requirements that conflict with this rule.
- An unpopulated small business JV formed under SBA’s regulation will generally be excluded by the CSA from access to classified information unless it has employees that perform administrative functions unrelated to contract performance on the classified contract and those employees have, or will have, access to the classified information—in which case the CSA may determine that the JV obtain an FCL. This is significant as CSAs historically maintained authority to require an unpopulated JV that was awarded a classified contract to obtain an FCL.
Looking for practical insights on gaining a competitive advantage through a deeper understanding of the government’s compliance requirements? Check out PilieroMazza’s podcasts “GovCon Live!” and “Clocking in with PilieroMazza.”