Facility Clearance (FCL): What Defense Contractors Need

A Facility Clearance (FCL) is the administrative determination by the Defense Counterintelligence and Security Agency (DCSA) that a contractor organization is eligible to access classified national security information up to a specified level. Without an active FCL, a contractor cannot legally receive, generate, or store classified material — a threshold that gates participation in a substantial portion of defense and intelligence contracting. This page explains what an FCL is, how one is obtained and maintained, the scenarios that trigger a requirement, and the key distinctions that shape clearance decisions.

Definition and scope

An FCL is granted to an organization — not to individual employees. It authorizes the contractor's physical location (or locations) to operate as a cleared facility and to sponsor employees for individual Personnel Security Clearances (PCCs). The FCL level mirrors the classification levels established under Executive Order 13526: Confidential, Secret, or Top Secret. A contractor holding a Secret FCL, for example, may access Secret-level information but cannot receive Top Secret material without a higher FCL on record.

The National Industrial Security Program (NISP), governed by Executive Order 12829 and implemented through the National Industrial Security Program Operating Manual (NISPOM), establishes the framework within which FCLs are issued and maintained. DCSA serves as the primary Cognizant Security Agency (CSA) for the majority of defense contractors, though the intelligence community maintains separate cognizant security authorities for certain programs.

The scope of an FCL is bounded geographically by the specific cage codes and physical addresses listed in the facility's sponsorship documentation. A parent company holding an FCL does not automatically extend that clearance to subsidiaries or affiliates — each legal entity and operating location requires its own determination. Contractors involved in defense contracting across multiple sites frequently maintain separate FCLs for each cleared facility.

How it works

The FCL process follows a defined sequence administered by DCSA:

1. Sponsorship — A federal agency or cleared prime contractor formally sponsors the applicant through DCSA's Industrial Security Facilities Database (ISFD). A contractor cannot self-initiate an FCL; sponsorship from an agency with a classified need is required.
2. Submission of required documents — The contractor submits organizational documents including articles of incorporation, ownership structure, foreign ownership disclosure, and a list of senior officials requiring access.
3. Key Management Personnel (KMP) vetting — Every officer, director, and principal with influence over facility operations must undergo an individual background investigation commensurate with the FCL level sought.
4. Foreign Ownership, Control, or Influence (FOCI) determination — DCSA assesses whether any foreign entity has the ability to direct, decide, or influence the contractor's operations in ways that could harm national security. FOCI findings do not automatically disqualify a contractor; mitigation instruments such as a Special Security Agreement (SSA), Security Control Agreement (SCA), or Board Resolution can be negotiated.
5. Facility inspection and accreditation — For contractors who will store classified material on-site, physical security areas (such as a Closed Area or a Sensitive Compartmented Information Facility) must be inspected and accredited before classified material can be received.
6. FCL grant — Upon satisfactory completion of all steps, DCSA records the FCL in ISFD and the contractor may begin receiving classified information at the authorized level.

Ongoing compliance requires an annual self-inspection, timely reporting of adverse information on cleared personnel, and immediate reporting of security incidents to DCSA under 32 CFR Part 2004.

Common scenarios

Classified solicitation response — A prime contractor wins a contract requiring access to Secret-level technical specifications. The contracting officer verifies the company's FCL through ISFD before releasing the solicitation package. If no FCL exists, the contractor must be sponsored and cleared before classified work begins.

Subcontractor on a classified program — A prime contractor with a Top Secret FCL subcontracts sensor integration work that requires access to Secret-level interface control documents. The prime must verify the subcontractor holds an equivalent or higher FCL through a DD Form 254, Contract Security Classification Specification, before transmitting any classified material.

Foreign acquisition triggering FOCI review — A cleared mid-tier defense electronics firm is acquired by a foreign-headquartered parent. The acquisition requires immediate notification to DCSA, a FOCI assessment, and likely negotiation of a mitigation agreement before the facility can continue operating under its existing FCL.

Classified IT system accreditation — A contractor awarded an IT services contract under a classified program must not only hold an FCL but must also have its information systems accredited under the Risk Management Framework (RMF) as outlined in NIST SP 800-37 before processing classified data.

Decision boundaries

The clearest boundary in FCL determinations is the distinction between Possessing and Non-Possessing facilities:

• A Possessing Facility stores classified material on-site and requires accredited storage capability — at minimum, a GSA-approved security container for Confidential and Secret material, or a formally accredited vault for Top Secret.
• A Non-Possessing Facility holds an FCL but does not store classified material on its premises. Cleared employees access classified information only at government facilities or other cleared locations. Non-possessing status reduces physical security overhead but does not diminish the FCL's legal status or personnel clearance obligations.

A second critical boundary concerns the relationship between FCL level and program access. Holding a Top Secret FCL does not grant access to Sensitive Compartmented Information (SCI) or Special Access Programs (SAPs). Those categories require separate program-specific authorizations beyond the standard NISP framework — a distinction that affects contractors pursuing work on intelligence community contracts or certain advanced development programs.

FCL eligibility is also distinct from security clearance requirements held by individual employees. A facility can hold an FCL while individual employee clearances remain pending investigation, though employees cannot access classified material until their individual clearances are granted.

Contractors registered in SAM.gov and pursuing classified awards should initiate FCL sponsorship discussions with the relevant contracting officer early in the acquisition cycle — sponsorship delays are among the most common causes of classified contract start-date slippage.

Facility clearances interact with DFARS compliance obligations, particularly clauses governing the safeguarding of classified information and the reporting of cyber incidents on classified programs. Contractors should also understand how FCL requirements relate to cybersecurity maturity model certification obligations, which apply to unclassified controlled information flowing through the same supply chains.

For a broader orientation to the government contracting landscape in which FCL requirements arise, the government contractor authority index provides structured navigation across program types, compliance obligations, and contract vehicles.