Doc:DoD 5220.22-M Chapter 2

From FISMApedia
Jump to: navigation, search


Security Clearances

Section 1. Facility Clearances (FCLs)

2-100 General
  An FCL is an administrative determination that a company is eligible for access to classified information or award of a classified contract. Contract award may be made prior to the issuance of an FCL. In those cases, the contractor will be processed for an FCL at the appropriate level and must meet eligibility requirements for access to classified information. However, the contractor will not be afforded access to classified information until the FCL has been granted. The FCL requirement for a prime contractor includes those instances in which all classified access will be limited to subcontractors. Contractors are eligible for custody (possession) of classified material if they have an FCL and storage capability approved by the CSA.
a. An FCL is valid for access to classified information at the same or lower classification level as the FCL granted.
b. FCLs will be registered centrally by the U.S. Government.
c. A contractor shall not use its FCL for advertising or promotional purposes.
2-101 Reciprocity
  An FCL shall be considered valid and acceptable for use on a fully reciprocal basis by all Federal departments and agencies, provided it meets or exceeds the level of clearance needed.
2-102 Eligibility Requirements
  A contractor or prospective contractor cannot apply for its own FCL. A GCA or a currently cleared contractor may sponsor an uncleared company for an FCL. A company must meet the following eligibility requirements before it can be processed for an FCL:
a. The company must need access to the classified information in connection with a legitimate U.S. Government or foreign government requirement.
b. The company must be organized and existing under the laws of any of the fifty states, the District of Columbia, or Puerto Rico, and be located in the United States or its territorial areas.
c. The company must have a reputation for integrity and lawful conduct in its business dealings. The company and its key managers must not be barred from participating in U.S. Government contracts.
d. The company must not be under FOCI to such a degree that the granting of the FCL would be inconsistent with the national interest.
2-103 Processing the FCL
  The CSA will advise and assist the company during the FCL process. As a minimum, the company will:
a. Execute CSA-designated forms.
b. Process key management personnel for PCLs.
c. Appoint a U.S. citizen employee as the FSO.
2-104 PCLs Required in Connection with the FCL
  The senior management official and the FSO must always be cleared to the level of the FCL. Other officials, as determined by the CSA, must be granted PCLs or be excluded from classified access pursuant to paragraph 2-106.
2-105 PCLs Concurrent with the FCL
  Contractors may designate employees who require access to classified information during the negotiation of a contract or the preparation of a bid or quotation pertaining to a prime contract or a subcontract to be processed for PCLs concurrent with the FCL. The granting of an FCL is not dependent on the clearance of such employees.
2-106 Exclusion Procedures
  When, pursuant to paragraph 2-104, formal exclusion action is required, the organization's board of directors or similar executive body shall affirm the following, as appropriate.
a. Such offie.
a. Such officers, directors, partners, regents, or trustees (designated by name) shall not require, shall not have, and can be effectively excluded from access to all classified information disclosed to the organization. They also do not occupy positions that would enable them to adversely affect the organization's policies or practices in the performance of classified contracts. This action shall be made a matter of record by the organization's executive body. A copy of the resolution shall be furnished to the CSA.
b. Such officers or partners (designated by name) shall not require, shall not have, and can be effectively denied access to higher-level classified information (specify which higher level(s)) and do not occupy positions that would enable them to adversely affect the organization's policies or practices in the performance of higher-level classified contracts (specify higher level(s)). This action shall be made a matter of record by the organization's executive body. A copy of the resolution shall be furnished to the CSA.
2-107 Interim FCLs
  An interim FCL may be granted to eligible contractors by the CSA. An interim FCL is granted on a temporary basis pending completion of the full investigative requirements.
2-108 Multiple Facility Organizations (MFOs)
  The home office facility must have an FCL at the same, or higher, level of any cleared facility within the MFO. The CSA shall determine the necessity for branch offices to be cleared.
2-109 Parent-Subsidiary Relationships
  When a parent-subsidiary relationship exists, the parent and the subsidiary will be processed separately for an FCL. As a general rule, the parent must have an FCL at the same, or higher, level as the subsidiary. However, the CSA will determine the necessity for the parent to be cleared or excluded from access to classified information. The CSA will advise the companies as to what action is necessary for processing the FCL. When a parent or its cleared subsidiaries are collocated, a formal written agreement to use common security services may be executed by the two firms, subject to the approval of the CSA.
2-110 Termination of the FCL
  Once granted, an FCL remains in effect until terminated by either party. If the FCL is terminated for any reason, the contractor shall return all classified material in its possession to the appropriate GCA or dispose of the material as instructed by the CSA.
2-111 Records Maintenance
  Contractors shall maintain the original CSA designated forms for the duration of the FCL.

Section 2. Personnel Security Clearances

2-200 General

a. An employee may be processed for a PCL when the contractor determines that access is essential in the performance of tasks or services related to the fulfillment of a classified contract. A PCL is valid for access to classified information at the same or lower level of classification as the level of the clearance granted.
b. The CSA will determine eligibility for access to classified information in accordance with the national standards and notify the contractor that eligibility has been granted. The CSA will notify the contractor when an employee's PCL has been denied, suspended, or revoked. The contractor shall immediately deny access to classified information to any employee when notified of a denial, revocation or suspension. When the CSA has designated a database as the system of record for contractor eligibility and access, the contractor shall be responsible for annotating and maintaining the accuracy of their employees’ access records. Specific procedures will be provided by the CSA.
c. Within an MFO or within the same corporate family, contractors may centrally manage eligibility and access records.
d. The contractor shall limit requests for PCLs to the minimal number of employees necessary for operational efficiency, consistent with contractual obligations and other requirements of this Manual. Requests for PCLs shall not be made to establish "pools" of cleared employees.
e. The contractor shall not submit a request for a PCL to one agency if the employee applicant is cleared or is in process for a PCL by another agency. In such cases, to permit clearance verification, the contractor should provide the new agency with the full name, date and place of birth, social security number, clearing agency and type of investigation
f. Access to SCI and SAP information is a determination made by the granting authority.
2-201 Investigative Requirements
  Investigations conducted by a Federal agency shall not be duplicated by another Federal agency when those investigations are current within 5 years and meet the scope and standards for the level of PCL required. The types of investigations required are as follows:
a. Single Scope Background Investigation (SSBI). An SSBI is required for TOP SECRET, Q, and SCI access. Investigative requests shall be made using the electronic version of the Questionnaire for National Security Positions (SF 86).
b. National Agency Check with Local Agency Check and Credit Check (NACLC). An NACLC is required for a SECRET, L, and CONFIDENTIAL PCLs. Investigative requests shall be made using the electronic version of the SF 86.
c. Polygraph. Agencies with policies sanctioning the use of the polygraph for PCL purposes may require polygraph examinations when necessary. If issues of concern surface during any phase of security processing, coverage will be expanded to resolve those issues.
d. Reinvestigation. Contractor personnel may be subject to a reinvestigation program as specified by the CSA.
e. Financial Disclosure. When advised by the GCA that an employee is required to complete a Financial Disclosure Form, the contractor shall ensure that the employee has the opportunity to complete and submit the form in private.
2-202 Procedures for Completing the Electronic Version of the SF 86
  The electronic version of the SF 86 shall be completed jointly by the employee and the FSO or an equivalent contractor employee(s) who has (have) been specifically designated by the contractor to review an employee’s SF 86.
a. The FSO or designee shall inform the employee that the SF 86 is subject to review and shall review the application solely to determine its adequacy and to ensure that necessary information has not been omitted. The FSO or designee shall provide the employee with written notification that review of the information is for adequacy and completeness, information will be used for no other purpose within the company, and that the information provided by the employee is protected by reference (m). The FSO or designee shall not share information from the employee’s SF 86 within the company and shall not use the information for any purpose other than determining the adequacy and completeness of the SF 86.
b. The FSO or designee shall ensure that the applicant’s fingerprints are authentic, legible, and complete to avoid subsequent clearance processing delays. The FSO or designee shall retain an original, signed copy of the SF 86, the Authorization for Release of Information and Records, and Authorization for Release of Medical Information until the clearance process has been completed. The FSO or designee shall maintain the retained documentation in such a manner that the confidentiality of the documents is preserved and protected against access by anyone within the company other than the FSO or designee. When the applicant’s eligibility for access to classified information has been granted or denied, the retained documentation shall be destroyed.
2-203 Common Adjudicative Standards
  Security clearance and SCI access determinations are based upon uniform common adjudicative standards.
2-204 Reciprocity
  Federal agencies that grant access to classified information to their employees or their contractor employees are responsible for determining whether such employees have been previously cleared or investigated by the Federal Government. Any previously granted PCL that is based upon a current investigation of a scope that meets or exceeds that necessary for the clearance required shall provide the basis for issuance of a new clearance without further investigation or adjudication unless significant derogatory information that was not previously adjudicated becomes known to the granting agency.
2-205 Pre-employment Clearance Action
  If access to classified information is required by a potential employee immediately upon commencement of their employment, a PCL application may be submitted to the CSA by the contractor prior to the date of employment provided a written commitment for employment has been made by the contractor, and the candidate has accepted the offer in writing. The commitment for employment will indicate that employment shall commence within 30 days of the granting of eligibility for a PCL.
2-206 Contractor-Granted Clearances
  Contractors are no longer permitted to grant clearances. Contractor-granted CONFIDENTIAL clearances in effect under previous policy are not valid for access to RD, FRD, COMSEC information, SCI, NATO information (except RESTRICTED), and classified foreign government information (FGI), or for Critical or Controlled Nuclear Weapon Security positions.
2-207 Verification of U.S. Citizenship
  The contractor shall require each applicant for a PCL who claims U.S. citizenship to produce evidence of citizenship.
2-208 Acceptable Proof of Citizenship

a. For individuals born in the United States, a birth certificate is the primary and preferred means of citizenship verification. Acceptable certificates must show that the birth record was filed shortly after birth and it must be certified with the registrar's signature. It must bear the raised, impressed, or multicolored seal of the registrar's office. The only exception is if a State or other jurisdiction does not issue such seals as a matter of policy. Uncertified copies of birth certificates are not acceptable. A delayed birth certificate is one created when a record was filed more than one year after the date of birth. Such a certificate is acceptable if it shows that the report of birth was supported by acceptable secondary evidence of birth. Secondary evidence may include: baptismal or circumcision certificates, hospital birth records, or affidavits of persons having personal knowledge about the facts of birth. Other documentary evidence can be early census, school, or family bible records, newspaper files, or insurance papers. All documents submitted as evidence of birth in the U.S. shall be original or certified documents.
b. If the individual claims citizenship by naturalization, a certificate of naturalization is acceptable proof of citizenship.
c. If citizenship was acquired by birth abroad to a U.S. citizen parent or parents, the following are acceptable evidence:
(1) A Certificate of Citizenship issued by the Department of Homeland Security, U.S. Citizenship and Immigration Services (USCIS) or its predecessor organization.
(2) A Report of Birth Abroad of a Citizen of the United States of America
(3) A Certificate of Birth.
d. A passport, current or expired, is acceptable proof of citizenship.
e. A Record of Military Processing-Armed Forces of the United States (DD Form 1966) is acceptable proof of citizenship, provided it reflects U.S. citizenship.
2-209 Non-U.S. Citizens
  Only U.S. citizens are eligible for a security clearance. Every effort shall be made to ensure that non-U.S. citizens are not employed in duties that may require access to classified information. However, compelling reasons may exist to grant access to classified information to a non-U.S. citizen. Such individuals may be granted a Limited Access Authorization (LAA) in those rare circumstances where the non-U.S. citizen possesses unique or unusual skill or expertise that is urgently needed to support a specific U.S. Government contract involving access to specified classified information and a cleared or clearable U.S. citizen is not readily available. In addition, the LAA may be processed only with the concurrence of the GCA.
2-210 Access Limitations of an LAA
  An LAA granted under the provisions of this Manual is not valid for access to the following types of information:
a. TOP SECRET information.
b. RD or FRD.
c. Information that has not been determined releasable by a U.S. Government designated disclosure authority to the country of which the individual is a citizen.
d. COMSEC information.
e. Intelligence information.
f. NATO Information. However, foreign nationals of a NATO member nation may be authorized access to NATO Information provided that: (1) A NATO Security Clearance Certificate is obtained by the CSA from the individual's home country; and (2) NATO access is limited to performance on a specific NATO contract.
g. Information for which foreign disclosure has been prohibited in whole or in part; and
h. Information provided to the U.S. Government in confidence by a third party government and classified information furnished by a third party government.
2-211 Interim PCLs
  Applicants for TOP SECRET, SECRET, and CONFIDENTIAL PCLs may be routinely granted interim PCLs, as appropriate, provided there is no evidence of adverse information of material significance. The interim status will cease if results are favorable following completion of full investigative requirements. Non-U.S. citizens are not eligible for access to classified information on an interim basis.
a. An interim SECRET or CONFIDENTIAL PCL is valid for access to classified information at the level of the eligibility granted, except for RD, COMSEC Information, and NATO information. An interim TOP SECRET PCL is valid for access to TOP SECRET information, RD, NATO Information, and COMSEC information at the SECRET and CONFIDENTIAL level. Access to SCI and SAP information based on an interim PCL is a determination made by the granting authority.
b. An interim PCL granted by the CSA negates any existing contractor-granted CONFIDENTIAL clearance. When an interim PCL has been granted and derogatory information is subsequently developed, the CSA may withdraw the interim pending completion of the processing that is a prerequisite to the granting of a final PCL.
c. When an interim PCL for an individual who is required to be cleared in connection with the FCL is withdrawn, the individual must be removed from access or the interim FCL will also be withdrawn.
d. Withdrawal of an interim PCL is not a denial or revocation of the clearance and may not be appealed.
2-212 Consultants
  A consultant is an individual under contract to provide professional or technical assistance to a contractor in a capacity requiring access to classified information. The consultant shall not possess classified material off the premises of the using (hiring) contractor except in connection with authorized visits. The consultant and the using contractor shall jointly execute a consultant certificate setting forth respective security responsibilities. The using contractor shall be the consumer of the services offered by the consultant it sponsors for a PCL. For security administration purposes, the consultant shall be considered an employee of the using contractor. Consultants to GCAs shall be processed for PCLs by the GCA in accordance with GCA procedures.

Section 3. Foreign Ownership, Control, or Influence (FOCI)

2-300 Policy
  Foreign investment can play an important role in maintaining the vitality of the U.S. industrial base. Therefore, it is the policy of the U.S. Government to allow foreign investment consistent with the national security interests of the United States. The following FOCI policy for U.S. companies subject to an FCL is intended to facilitate foreign investment by ensuring that foreign firms cannot undermine U.S. security and export controls to gain unauthorized access to critical technology, classified information, and special classes of classified information.
a. A U.S. company is considered under FOCI whenever a foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable through the ownership of the U.S. company's securities, by contractual arrangements or other means, to direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts.
b. Whenever a company has been determined to be under FOCI, the primary consideration shall be the safeguarding of classified information. The CSA is responsible for taking whatever interim action is necessary to safeguard classified information, in coordination with other affected agencies as appropriate.
c. A U.S. company determined to be under FOCI is ineligible for an FCL unless and until security measures have been put in place to negate or mitigate FOCI. When a contractor determined to be under FOCI is negotiating an acceptable FOCI mitigation/negation measure, an existing FCL shall continue so long as there is no indication that classified information is at risk of compromise. An existing FCL shall be invalidated if the contractor is unable or unwilling to negotiate an acceptable FOCI mitigation/negation measure. An existing FCL shall be revoked if security measures cannot be taken to remove the possibility of unauthorized access or adverse affect on classified contracts.
d. If the company does not have possession of classified material, and does not have a current or impending requirement for access to classified information, the FCL shall be administratively terminated.
e. Changed conditions, such as a change in ownership, indebtedness, or the foreign intelligence threat, may justify certain adjustments to the security terms under which a company is operating or, alternatively, that a different FOCI negation method be employed. If a changed condition is of sufficient significance, it might also result in a determination that a company is no longer considered to be under FOCI or, conversely, that a company is no longer eligible for an FCL.
f. The Federal Government reserves the right and has the obligation to impose any security method, safeguard, or restriction it believes necessary to ensure that unauthorized access to classified information is effectively precluded and that performance of classified contracts is not adversely affected.
g. Nothing contained in this section shall affect the authority of the Head of an Agency to limit, deny or revoke access to classified information under its statutory, regulatory or contract jurisdiction. For purposes of this section, the term "Agency" has the meaning provided at reference (i), to include the term "DoD Component."
2-301 Factors
  The following factors relating to the company, the foreign interest, and the government of the foreign interest, as appropriate, shall be considered in the aggregate to determine whether an applicant company is under FOCI, its eligibility for an FCL, and the protective measures required:
a. Record of economic and government espionage against U.S. targets.
b. Record of enforcement and/or engagement in unauthorized technology transfer.
c. The type and sensitivity of the information that shall be accessed.
d. The source, nature and extent of FOCI, including whether foreign interests hold a majority or substantial minority position in the company, taking into consideration the immediate, intermediate, and ultimate parent companies. A minority position is deemed substantial if it consists of greater than 5 percent of the ownership interests or greater than 10 percent of the voting interest.
e. Record of compliance with pertinent U.S. laws, regulations and contracts.
f. The nature of any bilateral and multilateral security and information exchange agreements that may pertain.
g. Ownership or control, in whole or in part, by a foreign government.
2-302 Procedures
  A company is required to complete a Certificate Pertaining to Foreign Interests when applying for an FCL or when significant changes occur to information previously submitted. In the case of a corporate family, the form shall be a consolidated response rather than separate submissions from individual members of the corporate family.
a. If there are any affirmative answers on the Certificate Pertaining to Foreign Interests, or other information is received which indicates that the applicant company may be under FOCI, the CSA shall review the case to determine the relative significance of the information in regard to:
(1) Whether the applicant is under FOCI,
(2) The extent and manner to which the FOCI may result in unauthorized access to classified information or adversely impact classified contract performance; and
(3) The type of actions, if any, that would be necessary to negate the effects of FOCI to a level deemed acceptable to the Federal Government. Disputed matters may be appealed and the applicant shall be advised of the government's appeal channels by the CSA.
b. When a contractor with an FCL enters into negotiations for the proposed merger, acquisition, or takeover by a foreign interest, the contractor shall submit notification to the CSA of the commencement of such negotiations. The submission shall include the type of transaction under negotiation (stock purchase, asset purchase, etc.), the identity of the potential foreign interest investor, and a plan to negate the FOCI by a method outlined in 2-303. The company shall submit copies of loan, purchase and shareholder agreements, annual reports, bylaws, articles of incorporation, partnership agreements, and reports filed with other Federal agencies to the CSA.
c. When factors not related to ownership are present, positive measures shall assure that the foreign interest can be effectively mitigated and cannot otherwise adversely affect performance on classified contracts. Examples of such measures include modification or termination of loan agreements, contracts and other understandings with foreign interests; diversification or reduction of foreign-source income; demonstration of financial viability independent of foreign interests; elimination or resolution of problem debt; assignment of specific oversight duties and responsibilities to board members; formulation of special executive-level security committees to consider and oversee matters that affect the performance of classified contracts; physical or organizational separation of the contractor component performing on classified contracts; the appointment of a technology control officer; adoption of special Board Resolutions; and other actions that negate or mitigate foreign influence.
2-303 FOCI Action Plans
  The following are the methods that can be applied to negate or mitigate the risk of foreign ownership or control.
a. Board Resolution. When a foreign interest does not own voting interests sufficient to elect, or otherwise is not entitled to representation on the company's governing board, a resolution(s) by the governing board shall normally be adequate. The governing board shall identify the foreign shareholder and describe the type and number of foreign-owned shares; acknowledge the company's obligation to comply with all industrial security program and export control requirements; and certify that the foreign owner does not require, shall not have, and can be effectively precluded from unauthorized access to all classified and export-controlled information entrusted to or held by the company. The governing board shall provide for annual certifications to the CSA acknowledging the continued effectiveness of the resolution. The company shall distribute to members of its governing board and to its key management personnel copies of such resolutions, and report in the company's corporate records the completion of such distribution.
b. Voting Trust Agreement and Proxy Agreement. The Voting Trust Agreement and the Proxy Agreement are arrangements whereby the foreign owner relinquishes most rights associated with ownership of the company to cleared U.S. citizens approved by the U.S. Government. Under a Voting Trust Agreement, the foreign owner transfers legal title in the company to the Trustees. Under a Proxy Agreement, the foreign owner’s voting rights are conveyed to the Proxy Holders. Neither arrangement imposes any restrictions on the company’s eligibility to have access to classified information or to compete for classified contracts.
(1) Establishment of a Voting Trust or Proxy Agreement involves the selection of Trustees or Proxy Holders, all of whom must become members of the company’s governing board. Both arrangements must provide for the exercise of all prerogatives of ownership by the Trustees or Proxy Holders with complete freedom to act independently from the foreign owners, except as provided in the Voting Trust or Proxy Agreement. The arrangements may, however, limit the authority of the Trustees or Proxy Holders by requiring that approval be obtained from the foreign owner(s) with respect to matters such as:
(a) The sale or disposal of the company's assets or a substantial part thereof;
(b) Pledges, mortgages, or other encumbrances on the company’s assets, capital stock or ownership interests;
(c) Mergers, consolidations, or reorganizations;
(d) Dissolution; and
(e) Filing of a bankruptcy petition.
However, the Trustees or Proxy Holders may consult with the foreign owner, or vice versa, where otherwise consistent with U.S. laws, regulations and the terms of the Voting Trust or Proxy Agreement.
(2) The Trustees or Proxy Holders assume full responsibility for the foreign owner’s voting interests and for exercising all management prerogatives relating thereto in such a way as to ensure that the foreign owner shall be insulated from the company, thereby solely retaining the status of a beneficiary. The company must be organized, structured, and financed so as to be capable of operating as a viable business entity independent from the foreign owner.
c. Special Security Agreement (SSA) and Security Control Agreement (SCA). The SSA and SCA are arrangements that, based upon an assessment of the FOCI factors, impose various industrial security and export control measures within an institutionalized set of company practices and procedures. They require active involvement in security matters of senior management and certain Board members (outside directors), who must be cleared U.S. citizens; provide for the establishment of a Government Security Committee (GSC) to oversee classified and export control matters; and preserve the foreign owner’s right to be represented on the Board (inside directors) with a direct voice in the business management of the company while denying unauthorized access to classified information.
(1) When a company is not effectively owned or controlled by a foreign interest and the foreign interest is nevertheless entitled to representation on the company’s governing board, the company may be cleared under an SCA. There are no access limitations under an SCA.
(2) A company that is effectively owned or controlled by a foreign interest may be cleared under an SSA arrangement. Access to proscribed information by a company cleared under an SSA may require that the GCA complete a National Interest Determination (NID) to determine that release of proscribed information to the company shall not harm the national security interests of the United States. The CSA shall advise the GCA on the need for a NID.
(a) The NID can be program, project or contract specific. A separate NID is not required for each contract under a program or project. The NID decision shall be made at the GCA’s Program Executive Office level. If the proscribed information is under the classification or control jurisdiction of another agency, the GCA shall advise that agency; e.g., National Security Agency (NSA) for COMSEC, DNI for SCI, DOE for RD. These agencies may determine that release to the contractor of an entire category of information under their control may not harm the national security.
(b) The GCA shall forward the completed NID to the CSA. The CSA shall not delay implementation of a FOCI action plan pending completion of a GCA’s NID process as long as there is no indication that a NID shall be denied.
2-304 Citizenship of Persons Requiring PCLs
  Under all methods of FOCI mitigation or negation, management positions requiring PCLs in conjunction with the FCL must be filled by U.S. citizens residing in the United States.
2-305 Qualifications of Trustees, Proxy Holders, and Outside Directors
  Individuals who serve as Trustees, Proxy Holders, or Outside Directors must be:
a. Resident U.S. citizens who can exercise management prerogatives relating to their position in a way that ensures that the foreign owner can be effectively insulated from the company;
b. Except as approved by the CSA in advance and in writing, completely disinterested individuals with no prior involvement with the company, the entities with which it is affiliated, or the foreign owner; and
c. Issued a PCL at the level of the facility’s FCL.
2-306 GSC
  Under a Voting Trust, Proxy Agreement, SSA and SCA, the contractor is required to establish a permanent committee of its Board of Directors, known as the GSC.
a. Unless otherwise approved by the CSA, the GSC consists of Voting Trustees, Proxy Holders or Outside Directors, as applicable, and those officers/directors who hold PCLs.
b. The members of the GSC are required to ensure that the contractor maintains policies and procedures to safeguard classified and export controlled information entrusted to it, and that violations of those policies and procedures are promptly investigated and reported to the appropriate authority when it has been determined that a violation has occurred.
c. The GSC shall also take the necessary steps to ensure that the contractor complies with U.S. export control laws and regulations and does not take action deemed adverse to performance on classified contracts. This shall include the appointment of a Technology Control Officer (TCO) and the establishment of Technology Control Plan (TCP).
d. The contractor’s FSO shall be the principal advisor to the GSC and attend GSC meetings. The Chairman of the GSC must concur with the appointment and replacement of FSOs selected by management. The FSO and TCO functions shall be carried out under the authority of the GSC.
2-307 TCP
  A TCP approved by the CSA shall be developed and implemented by those companies cleared under a Voting Trust Agreement, Proxy Agreement, SSA and SCA and when otherwise deemed appropriate by the CSA. The TCP shall prescribe all security measures determined necessary to reasonably foreclose the possibility of inadvertent access by non-U.S. citizen employees and visitors to information for which they are not authorized. The TCP shall also prescribe measures designed to assure that access by non-U.S. citizens is strictly limited to only that specific information for which appropriate Federal Government disclosure authorization has been obtained; e.g., an approved export license or technical assistance agreement. Unique badging, escort, segregated work area, security indoctrination schemes, and other measures shall be included, as appropriate.
2-308 Annual Review and Certification

a. Annual Review. The CSA shall meet at least annually with the GSCs of contractors operating under a Voting Trust, Proxy Agreement, SSA, or SCA to review the purpose and effectiveness of the clearance arrangement and to establish common understanding of the operating requirements and their implementation. These reviews shall also include an examination of the following:
(1) Acts of compliance or noncompliance with the approved security arrangement, standard rules, and applicable laws and regulations;
(2) Problems or impediments associated with the practical application or utility of the security arrangement; and
(3) Whether security controls, practices, or procedures warrant adjustment.
b. Annual Certification. For contractors operating under a Voting Trust Agreement, Proxy Agreement, SSA or SCA, the Chairman of the GSC shall submit to the CSA one year from the effective date of the agreement and annually thereafter an implementation and compliance report. Such reports shall include the following:
(1) A detailed description of the manner in which the contractor is carrying out its obligations under the agreement;
(2) Changes to security procedures, implemented or proposed, and the reasons for those changes;
(3) A detailed description of any acts of noncompliance, whether inadvertent or intentional, with a discussion of steps that were taken to prevent such acts from recurring;
(4) Any changes, or impending changes, of key management personnel or key board members, including the reasons therefore;
(5) Any changes or impending changes in the organizational structure or ownership, including any acquisitions, mergers or divestitures; and
(6) Any other issues that could have a bearing on the effectiveness of the applicable agreement.
2-309 Limited FCL
  The United States has entered into Industrial Security Agreements with certain foreign governments. Some of these agreements establish arrangements whereby a foreign-owned U.S. company may be considered eligible for an FCL without any additional FOCI negation or mitigation instrument. Access limitations are inherent with the granting of Limited FCLs and are imposed upon all of the company’s employees regardless of citizenship.
a. A Limited FCL may be granted upon satisfaction of the following criteria:
(1) There is an Industrial Security Agreement with the foreign government of the country from which the foreign ownership is derived.
(2) Release of classified information is in conformity with the U.S. National Disclosure Policy. Key management personnel may be citizens of the country of ownership for whom the United States has obtained security assurances at the appropriate level.
b. In extraordinary circumstances, a Limited FCL may also be granted even if the above criteria cannot be satisfied if there is a compelling need to do so consistent with U.S. national security interests. In any such case, the GCA shall provide a compelling need statement to the CSA to justify the FCL and verify that access to classified information is essential for contract performance. The CSA shall acknowledge the existence of a Limited FCL only to that GCA.
2-310 Foreign Mergers, Acquisitions and Takeovers, and the Committee on Foreign Investment in the United States (CFIUS)

a. The CFIUS, an interagency committee chaired by the Treasury Department, conducts reviews of proposed mergers, acquisition or takeovers of U.S. persons by foreign interests under section 721 (Exon-Florio amendment) of the Defense Production Act (reference (n)). CFIUS review is a voluntary process and affords an opportunity to foreign persons and U.S. persons entering into a covered transaction to conformity with the U.S. National Disclosure Policy. Key management personnel may be citizens of the country of ownership for whom the United States has obtained security assurances at the appropriate level.
b. In extraordinary circumstances, a Limited FCL may also be granted even if the above criteria cannot be satisfied if there is a compelling need to do so consistent with U.S. national security interests. In any such case, the GCA shall provide a compelling need statement to the CSA to justify the FCL and verify that access to classified information is essential for contract performance. The CSA shall acknowledge the existence of a Limited FCL only to that GCA.
2-310 Foreign Mergers, Acquisitions and Takeovers, and the Committee on Foreign Investment in the United States (CFIUS)

a. The CFIUS, an interagency committee chaired by the Treasury Department, conducts reviews of proposed mergers, acquisition or takeovers of U.S. persons by foreign interests under section 721 (Exon-Florio amendment) of the Defense Production Act (reference (n)). CFIUS review is a voluntary process and affords an opportunity to foreign persons and U.S. persons entering into a covered transaction to submit the transaction for review by CFIUS to assess the impact of the transaction on U.S. national security.
b. The CFIUS review and the CSA industrial security FOCI review are carried out in two parallel but separate processes with different time constraints and considerations.
c. If a transaction under CFIUS review would require FOCI negation or mitigation measures if consummated, the CSA shall promptly advise the parties to the transaction and request that they submit to the CSA a plan to negate or mitigate FOCI. If it appears that an agreement cannot be reached on material terms of a FOCI action plan, or if the U.S. party to the proposed transaction fails to comply with the FOCI reporting requirements of this Manual, the CSA may recommend a full investigation of the transaction by CFIUS to determine the effects on national security.
d. If the CSA becomes aware of a proposed transaction that should be reviewed by CFIUS, and the parties thereto do not file a joint voluntary notice with CFIUS to initiate review within a reasonable time, the CSA shall initiate action to have CFIUS notified.