New SF-328 Released and Embedded Guidance Seeks More Information Up Front

Client Alert | 26 min read | 05.16.25

On May 12, 2025, the Defense Counterintelligence and Security Agency (DCSA) released a new SF-328 ^[1] consisting of 9 questions and 6 pages of instructions that detail the types of supporting documentation requested and identify information required by different responding entities (e.g., corporate, non-profit, academic, etc.). With this SF-328, DCSA is seeking certain frequently requested information and documents with initial SF-328 submissions rather than obtaining these documents through communications or revised SF-328 submissions. Additionally, when completed, the new SF-328 is considered Controlled Unclassified Information (CUI).

The form now consists of 9 questions rather than 10 as shown below^[2]:

May 2025 SF-328

November 2018 SF-328

The new SF-328 expressly states that the form is authorized for use in the National Industrial Security Program, to carry out Section 847 of the 2020 NDAA ^[3], the DoD Enhanced Security Program, the DoD Small Business Innovation Research and Small Business Technology Transfer (SBIR/STTR) programs, and the DoD Cybersecurity Maturity Model Certification (CMMC) program. The form also acknowledges that applicable Freedom of Information Act (FOIA) exemptions will be invoked by the government to withhold the document from public disclosure when submitted by an entity in confidence and properly marked.

Key Takeaways

Cleared entities and entities that otherwise are required to submit SF-328s should consider:

reviewing the new SF-328 to evaluate whether the company or entity has undergone changes requiring reporting under the new form and guidance; and
beginning updates to SF-328s or initial preparations of SF-328s early, including identifying all company or entity stakeholders under the new SF-328 guidance.

Crowell is available to support preparation of the new SF-328 and related filings and further discuss questions concerning the new form.

^{[1] Most browsers will show an error page when opening the SF-328 link within an internet browser window. If that occurs, we recommend that you download/save the SF-328 PDF (at the error page) and then open the downloaded PDF file from your desktop (not your browser) to view the form.}

^{[2] The 2018 form question 8 regarding nominee shares is now subsumed by the supplemental information requested in the instructions under question 1 of the 2025 form.}

Contacts

Stephanie L. Crawford
Counsel
- Washington, D.C.
  - D | +1.202.624.2811
c2NyYXdmb3JkQGNyb3dlbGwuY29t
Adelicia R. Cliffe
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2816
YWNsaWZmZUBjcm93ZWxsLmNvbQ==
Michael E. Samuels
Partner
- Washington, D.C.
  - D | +1.202.624.2711
bXNhbXVlbHNAY3Jvd2VsbC5jb20=
Allison Skager
Associate
- Los Angeles
  - D | +1.213.310.7957
YXNrYWdlckBjcm93ZWxsLmNvbQ==
Kaitlin E. Illidge
Industrial Security Analyst | Facility Security Officer
- Washington, D.C.
  - D | +1.202.508.8908
a2lsbGlkZ2VAY3Jvd2VsbC5jb20=
Jonathan M. Baker
Partner
- Washington, D.C.
  - D | +1.202.624.2641
amJha2VyQGNyb3dlbGwuY29t

Insights

Client Alert | 4 min read | 08.07.25

File First, Facts Later? Eleventh Circuit Says That Discovery Can Inform False Claims Act Allegations in Amended Complaints

On July 25, 2025, the Eleventh Circuit Court of Appeals issued its decision in United States ex. rel. Sedona Partners LLC v. Able Moving & Storage Inc. et al., holding that a district court cannot ignore new factual allegations included in an amended complaint filed by a False Claims Act qui tam relator based on the fact that those additional facts were learned in discovery, even while a motion to dismiss for failure to comply with the heightened pleading standard under Federal Rule of Civil Procedure 9(b) is pending. Under Rule 9(b), allegations of fraud typically must include factual support showing the who, what, where, why, and how of the fraud to survive a defendant’s motion to dismiss. And while that standard has not changed, Sedona gives room for a relator to file first and seek out discovery in order to amend an otherwise deficient complaint and survive a motion to dismiss, at least in the Eleventh Circuit. Importantly, however, the Eleventh Circuit clarified that a district court retains the discretion to dismiss a relator’s complaint before or after discovery has begun, meaning that district courts are not required to permit discovery at the pleading stage. Nevertheless, the Sedona decision is an about-face from precedent in the Eleventh Circuit, and many other circuits, where, historically, facts learned during discovery could not be used to circumvent Rule 9(b) by bolstering a relator’s factual allegations while a motion to dismiss was pending. While the long-term effects of the decision remain to be seen, in the short term the decision may encourage relators to engage in early discovery in hopes of learning facts that they can use to survive otherwise meritorious motions to dismiss....

Client Alert | 4 min read | 08.06.25
FinCEN Delays Implementation Date and Reopens AML/CFT Rule for Investment Advisers
Client Alert | 4 min read | 08.06.25
Series of Major Data Breaches Targeting the Insurance Industry
Client Alert | 11 min read | 08.06.25
The New EU “Pharma Package”: The “Bolar” exemption – A comparison of Commission/Parliament/Council positions

View All Insights