New Guidance on Joint Venture Classified Information Access Determinations

On October 5, 2023, the Information Security Oversight Office issued Joint Notice 2024-01: Joint Ventures and Entity Eligibility Determinations (Joint Notice) with the Small Business Administration (SBA) and in coordination with the Department of Defense (DoD) to provide government contractors with additional guidance concerning joint ventures (JVs) seeking access to classified information (an Entity Eligibility Determination (EED) or Facility Clearance (FCL)).  Among other things, this Joint Notice clarifies that companies should not rely on the SBA’s regulations for the proposition that a small business JV will never need to hold an EED. 

The Joint Notice is a response to questions arising out of a recent change to SBA regulations and a subsequent Government Accountability Office (GAO) decision.  In October 2020, the SBA issued a rule addressing the evaluation of JVs under the SBA’s programs (which we previously addressed) and providing that an agency may award a JV a contract requiring a facility security clearance where either the JV itself or the individual partners to the JV that will perform the necessary security work have a facility security clearance.  Subsequently, an August 2021 GAO pre-award protest decision held that the National Defense Authorization Act for Fiscal Year 2020 “clearly and unambiguously prohibits DoD agencies . . . from issuing solicitations that require a joint venture, rather than the members of the joint venture, hold the required facility clearance” (which we previously addressed).  (Regarding this GAO decision, the Joint Notice notes that GAO interpreted the SBA rule without addressing National Industrial Security Program (NISP) requirements and 32 CFR 2004—or how the two interconnect—“thus adding to the confusion.”)

While the Joint Notice responds to confusion about small business joint venture eligibility, the guidance is not limited solely to small business joint ventures and therefore may be of interest to all government contractors forming joint ventures.

Joint Notice JV EED/FCL Guidance

The Joint Notice clarifies that the Cognizant Security Agency (CSA) retains the ultimate responsibility to determine on a case-by-case basis which entities will be required to hold an FCL/EED before contract performance—the JV itself and/or one or more of the JV participants.[1]  As they do in other cases, on a case-by-case basis, a NISP CSA will assess the business structure of the JV and governance documents of the legal entity that has the contract award for a JV as well as the sub-entities awarded (or being considered for) the classified contract to determine which will need to have an EED.  Even so, the Joint Notice provides guidance on which JV-related entities should be required to hold an FCL in various scenarios.  

Regarding JVs that are not a separate legal entity, the Joint Notice states that, “[a] JV formed ‘by contract’ in which the JV is not a separate legal entity cannot be awarded a classified contract in its own right and cannot hold an EED.”  Instead, the legal entities that make up the JV are to be awarded the classified contract directly and must hold the necessary EED and other pre-requisites to be awarded and perform a classified contract.  Where the JV is a separate legal entity, the JV participants performing the classified work will be required to obtain an EED/FCL after receiving a classified contract, but the JV itself will only be required to obtain an EED/FCL in limited circumstances.

SBA JV Regulations

Briefly, the SBA’s current regulations contain some minimum requirements at 13 C.F.R. 121.103(h) regarding a JV’s eligibility for small business set-aside contracts.  First, a JV may be in the form of a formal or informal partnership, or it may exist as a separate limited liability company or other separate legal entity.  Second, a JV must do business under its own name and be identified as a joint venture in the System for Award Management.  Third, the JV must be unpopulated (or contain only employees to perform administrative functions) unless all parties to the JV are similarly situated.  (What this last requirement means is that for a set-aside contract solely for small businesses, all members of the JV must be small under the NAICS code assigned to the prime contract whereas for a prime set-aside under the Woman-Owned Small Business (WOSB) Program, for example, all entities must be certified as a WOSB as well as small under the NAICS code assigned to the prime contract.)

Key Considerations for Small Business Joint Ventures

This guidance is vital for government contractors who have already formed or intend to form a joint venture for purposes of bidding on and performing any small business set-aside contract that would be considered a classified contract covered by the NISP.  Contractors should consider:

1. Is the small business joint venture formed between similarly situated entities? If so, key considerations as to JV formation will be whether the parties wish to have a separate legal entity and whether to populate that legal entity. 
   
   
2. Is the small business joint venture formed between a large business mentor and small business protégé approved by the SBA as part of the SBA’s Mentor-Protégé Program? If so:
   • First, because the SBA’s regulations require that a contract awarded to such a small business joint venture be in the name of the joint venture entity or the small business partner to the joint venture, the Joint Notice would seem to dictate that such a joint venture must be in the form of a separate legal entity, because an agency would need to award a classified contract to both JV members if the JV is not a separate legal entity. (Contractors that do not wish to have a separate legal entity for their JV are advised to seek additional guidance about whether a JV in the form of a formal or informal partnership would be considered a JV “by contract” that is prohibited from itself receiving a classified contract.)
   • Second, the SBA’s regulations prohibit such a small business joint venture from being populated—in order to “enable[] the SBA to track each sub-entity’s work and ensure[] that some benefit flows back to the small business partner.” As such, the only question will be whether the joint venture will have its own personnel to perform administrative functions.
   • Third, is security work the primary purpose of the contract that the joint venture is seeking to obtain, or is access to classified information an ancillary function of the classified contract?
     • • • If security work is the primary purpose of the contract, the Joint Notice indicates that the small business managing participant of the JV must possess the required EED because it must perform meaningful work relating to the security aspects of the classified contract.
         • If security work is not the primary purpose of the contract, the Joint Notice provides for the possibility that only one JV member would need an EED (i.e., the only JV member performing all security work) or that both JV members would need an EED (if both partners to the JV will perform some security work), and the JV itself could need an EED if the JV’s structure or potential influence, access, or control over the classified information/contract indicates it must also have an EED.

We would like to thank Katie Illidge, Facility Security Officer, for her contribution to this alert.