New SF-328 for Foreign Ownership, Control, and Influence Assessments Approved, Publication Imminent

On May 7, 2025, the Defense Counterintelligence and Security Agency (DCSA or the “Agency”) announced the approval^[1] of a revised and expanded Standard Form (SF) 328, Certificate Pertaining to Foreign Interests. Contractors and subcontractors engaged in work involving classified information use the SF-328 for disclosures relating to foreign ownership, control, or influence—and the form will soon be required for contractors and subcontractors in the unclassified space for certain covered contracts. Publication of the updated form has not yet occurred but is expected as soon as this weekend (May 10-11). New SF-328 forms will be required for initial and changed condition packages initiated on or after May 12 according to a National Industrial Security System (NISS) communication today.

The SF-328 is a key element of DCSA’s evaluation of foreign ownership, control, and influence (FOCI). This updated form is intended to be used by entities for purposes outside the traditional national security clearance requirements. The form is expected to require broader disclosures to provide DCSA with greater depth of information for use in the evaluation of entities’ foreign relationships. The form will, according to DCSA, be accompanied by comprehensive instructions to address what is required for affirmative responses. DCSA anticipates this will allow it to process submissions more quickly by providing greater clarity to contractors about the nature of the information that DCSA is looking for in the first instance. However, this likely will require entities to invest additional time in preparing the initial SF-328.

Once available, the new SF-328 will be required for new actions including submission of facility clearance (FCL) applications, changed condition packages, and annual FOCI Risk & Compliance reports. The new form will also be required for entities submitting FOCI information in compliance with a new DFARS Rule implementing Section 847 of the FY2020 National Defense Authorization Act which will require FOCI vetting for certain unclassified contracts.^[2] DCSA has stated through its NISS communication on May 9 that existing SF-328s do not need to be resubmitted. 

Crowell will publish a follow-up summary of the new SF-328 once published.

Key Takeaways

Cleared entities and entities that otherwise are required to submit SF-328s should consider:

• monitoring for any updates from DCSA about new SF-328 filing requirements;
• reviewing the new SF-328 once published to evaluate whether the company or entity has undergone changes requiring reporting under the new form and guidance; and
• beginning updates to SF-328s or initial preparations of SF-328s early, including identifying all company or entity stakeholders under the new SF-328 guidance.