NOOKS TurboFCL

Help

The words, concepts, and acronyms you may encounter during the FCL application process. Some link to longer explanations elsewhere on TurboFCL.

Entries are listed in alphabetical order.

CAC (Common Access Card)

The Common Access Card (CAC) is a smart ID card issued by the U.S. Department of Defense to military personnel, civilian employees, and eligible contractors. It provides secure access to DoD systems, buildings, and networks and serves as an official identification and authentication tool.

CDSE (Center for Development of Security Excellence)

CDSE is the premier provider of security training, education, and certification for the Department of Defense, federal government, and cleared contractors under the National Industrial Security Program (NISP).

CFR (Code of Federal Regulations)

The codification of the general and permanent rules published in the Federal Register, including regulations governing the FCL process (e.g., 32 CFR Part 117, NISPOM).

COMSEC (Communications Security)

Measures and controls taken to protect communications involving classified information from unauthorized persons.

CSA (Cognizant Security Agency)

The agency responsible for overseeing the implementation of industrial security requirements, often DCSA for DOD contractors.

DCSA (Defense Counterintelligence and Security Agency)

The federal agency responsible for managing the FCL process, personnel security, and counterintelligence for government contractors.

DSS (Defense Security Service)

Consistent with Executive Order 13869, “Transferring Responsibility for Background Investigations to the Department of Defense,” the acting secretary of defense has renamed the Defense Security Service to be the Defense Counterintelligence and Security Agency (DCSA). This action became effective June 20, 2019, the National Background Investigations Bureau announced June 24.

DD 254 (DoD Contract Security Classification Specification)

Form used to convey security requirements, classification guidance, and handling procedures to contractors working on classified projects. It ensures compliance with federal regulations for safeguarding classified information.

DD 441 (DoD Security Agreement)

A contract between the government and a contractor outlining security obligations for handling classified information.

DD 441-1 (Security Agreement Addendum)

An attachment to the DD 441 specifying security agreements for each facility owned by the organization.

DOD (Department of Defense)

The federal agency responsible for coordinating and supervising all government agencies and functions directly related to national security and the U.S. armed forces. The DOD often sponsors organizations seeking FCLs.

eAPP

NBIS eApp (electronic application) and NBIS Agency are the new entry points for background investigation applications and are replacing eQIP as the system for initiating investigations. eApp contains the investigative Standard Forms (SF) federal applicants and employees use to input information required process their personnel background investigation. As a single-page solution, based on modern, simple design elements, eApp makes the application process more intuitive and easier to use for applicants initiating a background investigation.

ECA/PKI Certificate

An External Certificate Authority/Public Key Infrastructure certificate is a digital certificate used to securely authenticate identities and enable encrypted communications between entities outside the U.S. government and government systems.

e-QIP (Electronic Questionnaires for Investigations Processing)

An deprecated online system used for submitting and processing background investigation forms for personnel requiring clearances. Replaced by eApp

FCL

FCL (Facility Security Clearance) is an official determination by the U.S. government that a company or organization is eligible to access, store, and handle classified information for government contracts. It ensures that the facility meets required security standards to protect classified data, based on the level of clearance (Confidential, Secret, Top Secret) necessary for the work being performed. The FCL is granted after a thorough background investigation and review of the company's security measures.

FOCI

FOCI (Foreign Ownership, Control, or Influence) refers to a condition or situation where a company or entity performing a contract with the U.S. government is potentially influenced or controlled by foreign interests. It is a security concern because such foreign involvement might impact the ability to safeguard classified or sensitive information. FOCI mitigation is required before an FCL can be granted.

FSO (Facility Security Officer)

A designated individual responsible for implementing and overseeing the organization's industrial security program in compliance with the National Industrial Security Program Operating Manual (NISPOM).

ISFD (Industrial Security Facility Database)

A database managed by DCSA to track and store information about facilities cleared under the National Industrial Security Program (NISP).

ITPSO (Information Technology Primary Security Officer)

The individual responsible for overseeing IT and cybersecurity compliance as part of the facility's security program.

KMP (Key Management Personnel)

Executives and senior staff within the organization who must be cleared as part of the FCL process.

MIT (Mitigation Instrument Templates)

Documents or actions taken to mitigate FOCI concerns, such as proxy agreements or voting trust agreements.

NCAISS (NISP Central Access Information Security System)

The DCSA NCAISS Portal is a web-based application that provides Public Key Infrastructure (PKI)-based authentication services to DCSA applications and information systems for authorized users. Through the NCAISS Portal, an authorized user can access their DCSA NCAISS Portal account via a single sign-on (SSO) capability using PK| certificates (either a Common Access Card (CAC) or DoD-approved External Certification Authority (ECA) certificate).

NISS (National Industrial Security System)

The DCSA system of record for NISP. Used to manage and track security clearance information, facility clearances, and other industrial security data for U.S. government contractors.

All FCL sponsorship requests are submitted through NISS.

NISP (National Industrial Security Program)

A U.S. government program that oversees the safeguarding of classified information entrusted to private industry by federal agencies. It establishes requirements for contractors to protect sensitive information and ensures compliance through guidelines and security clearances.`

NISPOM (National Industrial Security Program Operating Manual)

The manual that outlines requirements, restrictions, and safeguards to prevent unauthorized disclosure of classified information.

OPM (Office of Personnel Management)

An independent agency of the United States federal government responsible for managing the civil service workforce. It plays a critical role in recruiting, retaining, and developing a high-quality workforce for the federal government.

OSBP (Office of Small Business Programs)

Mission—We maximize opportunities for small businesses to contribute to national security by providing combat power for our troops and economic power for our nation.

Vision—We are a network of small business professionals with common values, shared knowledge and regular communication who partner with acquisition professionals seeking small businesses to fulfill DoD procurement requirements and give our Service Members the competitive advantage.

OSBP&IE (Office of Small Business Programs & Industry Engagements)

DCSA's Office of Small Business Programs & Industry Engagements (OSBP&IE) promotes and fosters acquisition opportunities through education and procurement forecasting and provides consistent and transparent agency access in an effort to grow the Defense Industrial Base.

PCL (Personnel Clearance)

A security clearance granted to individuals, often required for KMPs during the FCL process.

Possessing / Non-Possessing

Terms referring to whether a company or facility currently has access to or handles classified information.

Possessing Facility

A possessing facility is one that actively handling, storing, or working with classified information or is authorized to access classified materials, either for the purpose of performing work on a government contract or because the facility stores or processes such information.

These facilities must meet the required security standards and security clearances to handle and protect classified information.

Non-Possessing Facility

A non-possessing facility is one that does not hold or have access to classified information. However, it may still need a security clearance to perform work on contracts that could eventually involve classified materials, such as future contracts or in anticipation of receiving classified information.

These facilities may be required to have a Facility Security Clearance (FCL) for certain contracts but won't have access to classified data until the contract progresses to that stage. The FCL granted to a facility is determined by whether it needs access to classified information to perform its government contract work, and whether the facility meets the necessary security requirements to protect that information.

SAP (Special Access Program)

A highly classified program requiring additional safeguarding and access restrictions.

SF 328 (Certificate Pertaining to Foreign Interests)

A standard form used to disclose any foreign ownership, control, or influence over the company seeking the FCL.

SMO (Senior Management Official)

The individual in a company with ultimate responsibility for the organization's security policies and programs. Typically, the SMO must be cleared as part of the FCL process.

STEPP (Security Training, Education, and Professionalization Portal)

Learning platform managed by the DCSAto provide training and professional development for individuals working in national security and related fields. .