New SF-328 for Foreign Ownership, Control, and Influence Assessments Approved, Publication Imminent

Client Alert | 2 min read | 05.09.25

On May 7, 2025, the Defense Counterintelligence and Security Agency (DCSA or the “Agency”) announced the approval^[1] of a revised and expanded Standard Form (SF) 328, Certificate Pertaining to Foreign Interests. Contractors and subcontractors engaged in work involving classified information use the SF-328 for disclosures relating to foreign ownership, control, or influence—and the form will soon be required for contractors and subcontractors in the unclassified space for certain covered contracts. Publication of the updated form has not yet occurred but is expected as soon as this weekend (May 10-11). New SF-328 forms will be required for initial and changed condition packages initiated on or after May 12 according to a National Industrial Security System (NISS) communication today.

The SF-328 is a key element of DCSA’s evaluation of foreign ownership, control, and influence (FOCI). This updated form is intended to be used by entities for purposes outside the traditional national security clearance requirements. The form is expected to require broader disclosures to provide DCSA with greater depth of information for use in the evaluation of entities’ foreign relationships. The form will, according to DCSA, be accompanied by comprehensive instructions to address what is required for affirmative responses. DCSA anticipates this will allow it to process submissions more quickly by providing greater clarity to contractors about the nature of the information that DCSA is looking for in the first instance. However, this likely will require entities to invest additional time in preparing the initial SF-328.

Once available, the new SF-328 will be required for new actions including submission of facility clearance (FCL) applications, changed condition packages, and annual FOCI Risk & Compliance reports. The new form will also be required for entities submitting FOCI information in compliance with a new DFARS Rule implementing Section 847 of the FY2020 National Defense Authorization Act which will require FOCI vetting for certain unclassified contracts.^[2] DCSA has stated through its NISS communication on May 9 that existing SF-328s do not need to be resubmitted.

Crowell will publish a follow-up summary of the new SF-328 once published.

Key Takeaways

Cleared entities and entities that otherwise are required to submit SF-328s should consider:

monitoring for any updates from DCSA about new SF-328 filing requirements;
reviewing the new SF-328 once published to evaluate whether the company or entity has undergone changes requiring reporting under the new form and guidance; and
beginning updates to SF-328s or initial preparations of SF-328s early, including identifying all company or entity stakeholders under the new SF-328 guidance.

[1] Approval was announced through DCSA’s official Facebook Account and official LinkedIn account. A NISS communication today also noted that the new SF-328 was approved as of May 1, 2025.

[2] For additional information on the Section 847 implementation preparations, see Crowell & Moring’s summary of DoD Instruction 5205.87, Mitigating Risks Related to Foreign Ownership, Control, or Influence for Covered DoD Contractors and Subcontractors and DCSA’s Section 847 website: https://www.dcsa.mil/Section847/ which anticipates the publication of a new DFARS clause implementing Section 847 within the next 12-18 months.

Contacts

Stephanie L. Crawford
Counsel
- Washington, D.C.
  - D | +1.202.624.2811
c2NyYXdmb3JkQGNyb3dlbGwuY29t
Adelicia R. Cliffe
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2816
YWNsaWZmZUBjcm93ZWxsLmNvbQ==
Michael E. Samuels
Partner
- Washington, D.C.
  - D | +1.202.624.2711
bXNhbXVlbHNAY3Jvd2VsbC5jb20=
Allison Skager
Counsel
- Los Angeles
  - D | +1.213.310.7957
YXNrYWdlckBjcm93ZWxsLmNvbQ==
Kaitlin E. Illidge
Industrial Security Analyst | Facility Security Officer
- Washington, D.C.
  - D | +1.202.508.8908
a2lsbGlkZ2VAY3Jvd2VsbC5jb20=

Insights

Client Alert | 4 min read | 06.25.26

Twin Executive Orders Seek to Spur Quantum Leap in Technology and Cybersecurity

On June 22, 2026, President Trump signed two executive orders, “Securing the Nation Against Advanced Cryptographic Attacks” (Quantum Security EO) and “Ushering in the Next Frontier of Quantum Innovation” (Quantum Innovation EO), marking the most significant federal action on quantum technology since the Quantum Computing Cybersecurity Preparedness Act of 2022, which directed agencies to harden their information systems against quantum-enabled hacking. The orders seek to speed the development of quantum computers, which are advanced processors that can calculate multiple possibilities simultaneously and thus solve problems exponentially faster than traditional computers. At the same time, the orders look to protect against the danger that quantum technology can “break” traditional encryption by easily decoding it. Of particular note for government contractors, the Quantum Security EO directs agencies to update federal acquisition regulations to require contractors by 2031 to adopt information processing standards that resist quantum-enabled codebreaking....

Client Alert | 7 min read | 06.24.26
DOJ’s National Security Division Announces First Declination Under New Corporate Enforcement Policy With Parallel BIS Settlement
Client Alert | 3 min read | 06.24.26
OhioHealth Settlement and White House Report Signal Broader Federal Focus on Restrictive Hospital Contracting
Client Alert | 4 min read | 06.23.26
EPA Hands Over AI Data Center Regulation to States and Communities to Develop Best Practices

View All Insights