SBA Rule Fixes Joint Venture Facility Security Clearance Issue, DoD Says Not So Fast
In October, the Small Business Administration ("SBA") published a wide-ranging final rule covering many aspects of small business contracting, including joint ventures, the mentor-protégé program, past performance and experience, and a host of others. We previously covered SBA's new past performance and experience regulations and today we dive into facility security clearances ("FCL") for joint ventures ("JVs"). Notably, while the SBA's new rule is welcome news for small businesses, the Defense Counterintelligence and Security Agency ("DCSA") recently published an update that, for now, pauses the celebration.
SBA's New Rule
Under SBA's regulations, small business JVs are subject to a number of requirements to be eligible for set-aside contracts. For example, a JV not only must have an agreement that addresses all of SBA's regulatory requirements but also must be of limited duration and be unpopulated (except for administrative personnel).  Yet, even with SBA's relatively straightforward rules, JVs competing for set-aside contracts that require access to classified information will often encounter an issue that many consider to be problematic: FCLs.
Briefly, to be eligible for an award under a set-aside contract that requires access to classified information, some agencies have required a JV to hold the required FCL. This not only can happen where each JV member has the required FCL (e.g., Top Secret) but also is consistent with longstanding DCSA policy and regulation. Indeed, the DCSA FCL Orientation Handbook confirms that notion, "[i]f a classified contract is awarded to the JV, the JV needs a Facility Clearance." Yet, because small business JVs are limited purpose vehicles and are unpopulated (i.e., the entities that perform work are the JV member companies or other subcontractors) and because securing a FCL can take several months, it's no surprise that many small businesses find the JV FCL requirement to be problematic.
Fortunately, the SBA recognized this problem and revised one of its JV rules because it did not believe this type of restriction was appropriate for small businesses. Specifically, SBA's new rule provides as follows:
(4) Facility security clearances. A joint venture may be awarded a contract requiring a facility security clearance where either the joint venture itself or the individual partner(s) to the joint venture that will perform the necessary security work has (have) a facility security clearance.
(i) Where a facility security clearance is required to perform primary and vital requirements of a contract, the lead small business partner to the joint venture must possess the required facility security clearance.
(ii) Where the security portion of the contract requiring a facility security clearance is ancillary to the principal purpose of the procurement, the partner to the joint venture that will perform that work must possess the required facility security clearance.
13 C.F.R. § 121.103(h)(4). Now, while this is great news for small businesses – the final rule took effect on November 16, 2020 – the DCSA recently issued a rebuttal that, for now, pauses the celebration.
The DCSA is the cognizant security office ("CSO") that advises and assists contractors that are undergoing the process of obtaining a FCL pursuant to the National Industrial Security Program Operating Manual ("NISPOM"). As the CSO in charge of the clearance process, DCSA has the final say on whether to grant or deny a FCL. And, as with all government entities, the DCSA has its own policies, procedures, and regulations from which to follow.
To that end, earlier this month, the DCSA Office of Small Business Programs emailed industry its December Newsletter, which provides DCSA's view on "FCL for Joint Ventures."  Specifically, DCSA has requested clarification from the Information Security Oversight Office ("ISOO") on SBA's rule change and, until further notice, DCSA will continue to follow its regulations regarding JV FCLs. DCSA's update provides as follows:
The DoD has requested clarification from the Information Security Oversight Office, as the agency responsible for 32 CFR Part 2004 and the implementation and oversight of the National Industrial Security Program, on the recent rule regarding facility clearances for joint ventures. Title 13 Code of Federal Regulations (CFR), Part 121, “Consolidation of Mentor-Protégé Programs and Other Government Contracting Amendments,” a Small Business Administration rule, is in effect as of November 16, 2020, and includes a provision regarding facility security clearances for joint ventures. The Department of Defense (DoD) observes a difference between the requirements for facility security clearances, or entity eligibility determinations, for joint ventures in 13 CFR, Part 121 and 32 CFR, Part 2004, “National Industrial Security Program Directive No. 1.” Pending reconciliation of these rules and ISOO guidance, DoD will continue to follow the requirements in 32 CFR Part 2004 and DoD policies in regard to the facility security clearance requirements for entities, to include joint ventures, awarded contracts, grants, or agreements that require access to classified information.
So, despite SBA's rule change, "DoD will continue to follow" its regulations and policies regarding JV FCLs. In other words, the JV itself must possess the required FCL.
SBA's final rule is welcome news for small businesses because it addresses a problem that has long frustrated small JVs. Yet, even with SBA's new rule, DCSA has not yet addressed this issue in its policies and regulations. Therefore, in light of DCSA's update, small businesses should consider that procuring agencies will likely defer to DCSA's position on the JV FCL issue, which requires the JV to hold the required FCL. Unfortunately, for small businesses, we do not know how long the DCSA or ISOO process could take and we don't know whether DCSA or ISOO will agree with SBA's view on JV FCLs.
 SBA's final rule also clarifies that a JV may employ administrative personnel, including Facility Security Officers.
 The DCSA Office of Small Business Programs December Newsletter was attached to an email from Steve Mapes, Director, Small Business Program Office, to industry on December 4, 2020.
. . .