Vocab 4 - Understanding FOCI (Glossary)

Question 1

Adjudication

Answer 1

The phase of the FOCI process where the information received from the company is reviewed and evaluated to determine what security measures will need to be put in place in order for the company to be eligible for an FCL.

Question 2

Affiliate

Answer 2

The foreign parent and each entity that directly or indirectly controls, is directly or indirectly controlled by (other than the FOCI Mitigated Company and its Controlled Entities), or is directly or indirectly under common control with the foreign parent. It does not differentiate between affiliates in the United States or those in foreign countries.

Question 3

Annual Compliance Certification

Answer 3

An annual certificate for a company under a Board
Resolution certifying that the Resolution and all attached schedules are true and correct as of the date of each respective certification.

Question 4

Annual Implementation and Compliance Report

Answer 4

A report generated by a company under a mitigation agreement that lists events, activities, obligated processes, and acts of noncompliance that happened during the reporting period.

Question 5

Board Resolution (BR)

Answer 5

A legally binding document from the organization’s governing
board acknowledging the foreign investors and denying them access to classified or controlled information. Board resolutions are adequate in cases where the foreign investor
has a minority stake in the company, is not a member of the governing board, and has no right to appoint or elect a member of the board.

Question 6

Convertible Debentures

Answer 6

Bonds which the holder can exchange for shares of voting

stock.

Question 7

Committee on Foreign Investment in the United States (CFIUS)

Answer 7

An inter-agency committee authorized to review proposed mergers, acquisitions, or takeovers that could result in control of a U.S. business by a foreign interest in order to determine the effect of such transactions on the national security of the U.S.

Question 8

Defense Counterintelligence and Security Agency (DCSA)

Answer 8

The DCSA is an agency of the Department of Defense (DoD) located in Quantico, Virginia. The Under Secretary of
Defense for Intelligence provides authority, direction and control over DCSA. DCSA supports national security and the service members, secures the nation’s technological
base, and oversees the protection of U.S. and foreign classified information in the hands of industry. DCSA accomplishes this mission by clearing industrial facilities, accrediting information systems, facilitating the personnel security clearance process, delivering security education, training, and certification, and providing information technology services that support the industrial and personnel security missions of the DoD and its partner agencies.

Question 9

Electronic Communications Plan (ECP)

Answer 9

The ECP puts in place policies and procedures regarding effective oversight of communications. This includes all media, such as telephones, teleconferences, video conferences, facsimiles, cell phones, PDAs, and all other computer communication, including emails and server access. It applies to communications between contractor personnel, the foreign parent and affiliates, and subsidiaries. The ECP is designed to deter and detect influence by the foreign owner, and unauthorized attempts to gain access to classified or controlled information.

Question 10

Electronic Data Gathering, Analysis, and Retrieval Database (EDGAR)

Answer 10

The SEC’s electronic filing system that makes SEC filings publicly available.

Question 11

Facility Security Clearance (FCL)

Answer 11

An administrative determination that, from a security point of view, a company is eligible for access to classified information of a certain category and all lower categories.

Question 12

Facility Security Officer (FSO)

Answer 12

A U.S. citizen employee, appointed by a contractor, who will supervise and direct security measures necessary for implementing the NISPOM and other federal requirements for classified information.

Question 13

Foreign Ownership, Control, or Influence (FOCI)

Answer 13

A U.S. company is considered to be under FOCI whenever a foreign interest has the power, direct or indirect, whether or not exercised, and whether or not exercisable through the ownership of the U.S. company’s securities, by contractual arrangements or other means, to direct or decide matters
affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts.

Question 14

FOCI Action Plan

Answer 14

A method applied to negate or mitigate risk of foreign ownership or control. Also referred to as a mitigation instrument. Includes the BR, SCA, SSA, PA, and VTA.

Question 15

FOCI Mitigation

Answer 15

The instruments and agreements put in place to reduce the effect of FOCI on a company’s management decisions, and thus reducing the risk of unauthorized access to classified information.

Question 16

FOCI Process

Answer 16

The actions taken by DCSA to ensure a company is not under FOCI to such a degree that granting the FCL would be inconsistent with the national interest of the United States, thus rendering a company eligible for a FCL. The process has four phases: Identification, Adjudication, Mitigation, and Review.

Question 17

FOCI Signatory Company

Answer 17

The legal entity that signed the FOCI Mitigation Instrument,
typically the corporate or home office.

Question 18

Government Contracting Activity (GCA)

Answer 18

An element of an agency designated by the agency head and delegated broad authority regarding acquisition functions.

Question 19

Government Security Committee (GSC)

Answer 19

A permanent subcommittee of the board of directors made up of the Outside Director(s), Proxy Holders, or Voting Trustees and any directors that hold personnel security clearances.

Question 20

Industrial Security Representative (IS Rep)

Answer 20

DCSA employee that serves as the liaison between the company and DCSA and has overall industrial security oversight of the company.

Question 21

Information System Security Professional (ISSP)

Answer 21

DCSA employee who provides advice and assistance and participates in accreditation and assessments of information
systems. An ISSP is a subject matter expert on information systems security in the NISP.

Question 22

Inside Director

Answer 22

The representative appointed by the foreign interest (directly or indirectly) to serve on the Board of an SSA or SCA company. These individuals are formally excluded from access to classified information and their participation in the management of the company is limited to the extent allowed by the mitigation agreement.

Question 23

Limited Facility Security Clearance

Answer 23

A Limited FCL grants the facility the right to obtain specific information related to a program, project, or contract. It may be granted to foreign owned companies when there is an Industrial Security Agreement with the country of ownership, the release of classified information to the company is in conformity with U.S. National Disclosure Policy, and the GCA provides DCSA with a letter of compelling need.

Question 24

Key Management Personnel (KMP)

Answer 24

Company personnel who make key management decisions (generally individuals listed within corporate documents); includes but not limited to board of directors, officers, executive personnel, partners, regents, trustees, senior management officials, and other officials as determined by DCSA. KMP must be granted personnel security clearances or be excluded from access to classified information.

Question 25

KMP Exclusion Resolution

Answer 25

Resolution adopted by the company’s governing body in which the governing body agrees to exclude certain officers or directors who do not require access to classified information. This may be implemented for representatives of a foreign parent organization.

Question 26

Mitigation Instrument

Answer 26

A method applied to negate or mitigate risk of foreign ownership or control. Also referred to as a FOCI action plan. Includes BR, SCA, SSA, PA, and VTA.

Question 27

National Interest Determination (NID)

Answer 27

A written statement by the GCA affirming that the release of proscribed information to a company operating under an SSA will not harm the national security interests of the United States.

Question 28

National Industry Security Program (NISP)

Answer 28

The National Industrial Security Program (NISP) was established by Executive Order 12829 for the protection of classified information released or disclosed to industry in connection with classified contracts. The NISP applies standards for the protection of classified information released or disclosed to contractors of all federal executive branch departments and agencies. Requirements of the NISP are stated in the National Industrial Security Program Operating Manual (NISPOM).

Question 29

National Industry Security Program Operating Manual (NISPOM)

Answer 29

A manual issued in accordance with the National Industrial Security Program that prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified of classified information.

Question 30

Office of General Counsel (OGC)

Answer 30

The OCG provides legal services to the DCSA and all of its organizational elements.

Question 31

Proscribed Information

Answer 31

Top Secret (TS), COMSEC material, excluding Controlled 
Cryptographic Items when unkeyed or utilized with unclassified keys, Restricted Data (RD), Special Access Program (SAP), and Sensitive Compartmented Information (SCI).

Question 32

Proxy Agreement (PA)

Answer 32

A mitigation agreement in which the foreign owner maintains
ownership of the company but relinquishes most of his or her rights of ownership. . All voting rights are transferred to Proxy Holders, individuals who have no prior involvement with the foreign owner or the company.

Question 33

SF 328 (Certificate Pertaining to Foreign Interests)

Answer 33

A 10-question survey designed to help identify the presence of FOCI in an organization, and provides the basis around which the FOCI analysis process is organized.

Question 34

Schedule 13D

Answer 34

Discloses a change update in beneficial ownership of certain registered equity securities.

Question 35

Schedule 13G

Answer 35

Abbreviated version of Schedule 13D.

Question 36

Securities and Exchange Commission (SEC)

Answer 36

Government agency that enforces financial security laws.

Question 37

Security Control Agreement (SCA)

Answer 37

The mitigation generally used when a company is not effectively owned or controlled by a foreign interest (minority ownership) and the foreign interest is entitled to representation on the company’s governing board. The foreign owner still maintains his or her voice in the management of the business through an Inside Director but is denied access to classified or controlled information.

Question 38

Special Security Agreement (SSA)

Answer 38

A security agreement that may be imposed in cases of majority foreign ownership or control. The foreign owner has a voice in the management of the business through an Inside Director. The SSA is the most common mitigation agreement.

Question 39

Street Names

Answer 39

The term for securities held in the name of a broker or other nominee as opposed to being held by the actual owner of the certificate.

Question 40

System of Record

Answer 40

Database maintained by DCSA that is a repository of information about Department of Defense cleared contractor facilities.

Question 41

Technology Control Officer (TCO)

Answer 41

The TCO serves as the principal advisor to the GSC
concerning the protection of controlled unclassified information and other proprietary technology and data subject to regulatory or contractual control by the US Government.

Question 42

Technology Control Plan (TCP)

Answer 42

The TCP is a document that describes all security measures in place to prevent unauthorized access to classified information and controlled unclassified information, such as export-controlled information. The TCP should address physical access to the buildings and restricted areas, as well as technical access to data networks and servers.

Question 43

Total Capital Commitment

Answer 43

The total amount of money a company has raised through

investors.

Question 44

Voting Trust Agreement (VTA)

Answer 44

The most restrictive mitigation agreement. Under a VTA, the foreign owner transfers ownership of the company to the Voting Trustees.