THE CFIUS BOOK
4.1.2. NISPOM
The NISPOM regulations control situations where a company or its personnel require access to classified information under the company’s contracts. The NISPOM prescribes the requirements and restrictions to prevent unauthorized disclosure of classified information.68 The NISPOM provides baseline standards for the protection of all classified information released by U.S. Government Executive Branch departments and agencies, though specific agencies may implement their own requirements for certain types of information.69 Most U.S. companies and contractors that work on classified contracts are aware of the essential NISPOM procedures for their clearances. However, where a foreign investor is acquiring an interest in a U.S. company, additional NISPOM requirements will apply to the new FOCI.
4.1.3. FOCI
The NISPOM allows foreign investment only to the extent that it is consistent with national security interests of the United States. In supporting those national security interests, the NISPOM prescribes FOCI guidelines for U.S. companies with FCLs in order to facilitate foreign investment by ensuring that foreign firms cannot undermine U.S. security and export controls to gain unauthorized access to critical technology, classified information, and special classes of classified information.70
The NISPOM states that a company will be considered under FOCI where: l A foreign interest has the power,
l Direct or indirect,
l Whether or not exercised, and whether or not exercisable through the ownership of the U.S. company’s securities, by contractual arrangements or other means,
l To direct or decide matters affecting the management or operations of that company in a manner which may result in unauthorized access to classified information or may adversely affect the performance of classified contracts.71
As a practical matter, this definition will likely be met to some degree each time a foreign interest invests in a cleared U.S. company.
Where a company is under FOCI, it is “ineligible for an FCL unless and until security measures have been put in place to negate or mitigate FOCI.”72 The government may impose any mitigation measures it deems necessary to ensure that “unauthorized access to classified information is effectively precluded and that performance of classified contracts is not adversely affected.”73 However, the extent of mitigation
 66