New SF-328 Released and Embedded Guidance Seeks More Information Up Front
Client Alert | 2 min read | 05.16.25
On May 12, 2025, the Defense Counterintelligence and Security Agency (DCSA) released a new SF-328[1] consisting of 9 questions and 6 pages of instructions that detail the types of supporting documentation requested and identify information required by different responding entities (e.g., corporate, non-profit, academic, etc.). With this SF-328, DCSA is seeking certain frequently requested information and documents with initial SF-328 submissions rather than obtaining these documents through communications or revised SF-328 submissions. Additionally, when completed, the new SF-328 is considered Controlled Unclassified Information (CUI).
The form now consists of 9 questions rather than 10 as shown below[2]:
May 2025 SF-328
November 2018 SF-328

The new SF-328 expressly states that the form is authorized for use in the National Industrial Security Program, to carry out Section 847 of the 2020 NDAA[3], the DoD Enhanced Security Program, the DoD Small Business Innovation Research and Small Business Technology Transfer (SBIR/STTR) programs, and the DoD Cybersecurity Maturity Model Certification (CMMC) program. The form also acknowledges that applicable Freedom of Information Act (FOIA) exemptions will be invoked by the government to withhold the document from public disclosure when submitted by an entity in confidence and properly marked.
Key Takeaways
Cleared entities and entities that otherwise are required to submit SF-328s should consider:
- reviewing the new SF-328 to evaluate whether the company or entity has undergone changes requiring reporting under the new form and guidance; and
- beginning updates to SF-328s or initial preparations of SF-328s early, including identifying all company or entity stakeholders under the new SF-328 guidance.
Crowell is available to support preparation of the new SF-328 and related filings and further discuss questions concerning the new form.
Contacts
Insights
Client Alert | 6 min read | 07.09.26
EU Steel Overcapacity Regulation: New Permanent Measure in Force from 1 July 2026
The EU’s steel safeguard under Implementing Regulation (EU) 2019/159 expired on 30 June 2026 and has been replaced by a new permanent instrument — the EU Steel Overcapacity Regulation (Regulation (EU) 2026/1384) (the Regulation”). It imposes tariff-rate quotas and an out-of-quota duty, similarly to the steel safeguard measures that expired. The out-of-quota duty has been raised from 25% to 50% to minimize the risk of trade diversion. The Regulation reduces duty-free imports of 26 categories of steel products into the EU by an average of 47% compared with the quotas under the until recently applicable safeguard measures.
Client Alert | 1 min read | 07.08.26
CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117
Client Alert | 1 min read | 07.08.26
Crowell & Moring and Crowell GovCon Strategies at Farnborough International Airshow 2026
Client Alert | 7 min read | 07.08.26
Illinois Imposes Transparency and Safety Obligations on Frontier AI Systems







