New SF-328 Released and Embedded Guidance Seeks More Information Up Front
Client Alert | 26 min read | 05.16.25
On May 12, 2025, the Defense Counterintelligence and Security Agency (DCSA) released a new SF-328[1] consisting of 9 questions and 6 pages of instructions that detail the types of supporting documentation requested and identify information required by different responding entities (e.g., corporate, non-profit, academic, etc.). With this SF-328, DCSA is seeking certain frequently requested information and documents with initial SF-328 submissions rather than obtaining these documents through communications or revised SF-328 submissions. Additionally, when completed, the new SF-328 is considered Controlled Unclassified Information (CUI).
The form now consists of 9 questions rather than 10 as shown below[2]:
May 2025 SF-328
November 2018 SF-328

The new SF-328 expressly states that the form is authorized for use in the National Industrial Security Program, to carry out Section 847 of the 2020 NDAA[3], the DoD Enhanced Security Program, the DoD Small Business Innovation Research and Small Business Technology Transfer (SBIR/STTR) programs, and the DoD Cybersecurity Maturity Model Certification (CMMC) program. The form also acknowledges that applicable Freedom of Information Act (FOIA) exemptions will be invoked by the government to withhold the document from public disclosure when submitted by an entity in confidence and properly marked.
Key Takeaways
Cleared entities and entities that otherwise are required to submit SF-328s should consider:
- reviewing the new SF-328 to evaluate whether the company or entity has undergone changes requiring reporting under the new form and guidance; and
- beginning updates to SF-328s or initial preparations of SF-328s early, including identifying all company or entity stakeholders under the new SF-328 guidance.
Crowell is available to support preparation of the new SF-328 and related filings and further discuss questions concerning the new form.
Insights
Client Alert | 2 min read | 06.06.25
USPTO Director Clarifies Burden on IPR Petitioners Relying on Prior Art Cited During Prosecution
Acting USPTO Director Coke Morgan Stewart recently issued a Director Review decision on May 19, 2025, in Ecto World, LLC v. RAI Strategic Holdings, Inc, IPR2024-01280, Paper 13 (PTAB May 19, 2025), that was subsequently designated as precedential by the Patent Trial and Appeal Board (PTAB). The decision seeks to eliminate inconsistencies amongst PTAB panels in using its discretion to deny institution under 35 U.S.C. § 325(d).
Client Alert | 5 min read | 06.05.25
Client Alert | 3 min read | 06.04.25
CMS Issues Letters to Hospitals on Gender-Affirming Care Practices
Client Alert | 3 min read | 06.04.25
English Court of Appeal Clarifies Law Regarding Negligent Valuations