ARTICLE
16 October 2024

Key Takeaways From ACI's 7th National Forum On FOCI

BI
Buchanan Ingersoll & Rooney PC

Contributor

With 450 attorneys and government relations professionals across 15 offices, Buchanan Ingersoll & Rooney provides progressive legal, business, regulatory and government relations advice to protect, defend and advance our clients’ businesses. We service a wide range of clients, with deep experience in the finance, energy, healthcare and life sciences industries.
Buchanan attorneys attended and presented at the 7th National Forum on Foreign Ownership Control and Influence (FOCI). When a cleared government contractor...
United States International Law

Buchanan attorneys attended and presented at the 7th National Forum on Foreign Ownership Control and Influence (FOCI). When a cleared government contractor (in effect a U.S. company performing classified work for the U.S. federal government) becomes subject to certain foreign ownership, control or influence, the Defense Counterintelligence and Security Agency (DCSA) must ensure that such FOCI is mitigated in order for the company to maintain its clearance.

Leadership from DCSA presented on recent issues and updates relevant to the FOCI community. Much of the conference centered around the Department of Defense's (DOD) recently proposed update to the Cybersecurity Maturity Model Certification (CMMC) rules that require security for every contractor information system that will process, store, or transmit controlled unclassified information (CUI) or federal contract information (FCI). The proposed rule demonstrates that DOD will use the CMMC to enforce cybersecurity and ensure that all entities in the defense industrial base (DIB) that receive DOD contracts with CUI or FCI systems implement appropriate certification assessments. The proposed rule reflects DOD's commitment to strengthening cybersecurity policies and preventing cybersecurity incidents, especially in light of supply chain-focused cyber hacks such as SolarWinds.

For government contractors with certain levels of FOCI, DCSA will require mitigation involving an adequate electronic communications plan (ECP) that sufficiently addresses cybersecurity incident prevention and response. For companies dealing in export-controlled information (ECI), procedures for the handling of cyber incidents must be accounted for in an ECP. In today's environment, FOCI companies must monitor supply chain vulnerabilities to mitigate unauthorized access risks. Immediacy in response is critical to ensure the security of sensitive information and protect national security across the DIB.

Daniel B. Pickard, Chair of Buchanan's International Trade and National Security practice, presented, along with DCSA leadership, on issues connected with U.S. export controls, the Committee for Foreign Investment in the United States (CFIUS) and FOCI issues.

Buchanan has a team of international trade and national security attorneys, and government relations professionals with experience both advising DCSA seniors leaders and working with companies involved in DCSA investigations. Buchanan is well equipped to assist in navigating the complex issues related to national security and cybersecurity.

Buchanan's DCSA and Foreign Ownership and Control Issues (FOCI) Handbook outlines the circumstances under which the DCSA grants security clearances that permit companies and their personnel to perform classified work. Items addressed in the handbook are FOCI mitigation instruments, the security review and rating process, and compliance, in addition to recent developments in FOCI enforcement.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More