Back to all articles

Will DCSA Interpret the Newly Codified NISPOM to Exclude National Security and Defense Entrepreneurs?

Intelligence and defense contractors co-exist in a common national security sector of the American and global economies. But that marketplace is bounded and defined by dual systems of security: personnel and industrial. It is a business and legal environment requiring advice and assistance across many practice areas: personnel and industrial security, corporate restructuring, privacy and data security, political law, global ethics and compliance, Executive Branch and congressional investigations, and white-collar criminal defense.

In all these areas of law, the fundamentals of corporate organization are critical to the success of the federal and private sector partnership in advancing national defense.

It is the policy of the United States Government to “provide maximum practicable opportunities in its acquisitions to small business…concerns. Such concerns must also have the maximum practicable opportunity to participate as subcontractors in the contracts awarded by any executive agency….” Federal Acquisition Regulation, Part 19.201. Moreover, the Small Business Administration (SBA) and the Executive Branch itself are likewise concerned with affording “an equitable opportunity to compete for all contracts that they can perform to the extent consistent with the Government’s interest.”

However, the smaller solo-incorporated consulting firms engaged in defense work will find themselves under scrutiny from a Defense Counterintelligence and Security Agency (“DCSA”) inappropriately deciding that small businesses are holding personnel clearances for their subcontracted personnel in violation of the recent 2021 NISPOM amendment, codified in the Code of Federal Regulations under Part 32, Section 117.

As such, the prudent small business executive needs to ask whether the revenant provisions now at 32 C.F.R. § 117 still allow for defense subcontracting with access to classified information where the contract is in the name of a consulting entity rather than an individual (natural person) when the definition of the consultant under 32 CFR § 117.3 identifies an individual and not an entity.

It is a sad reality of the Defense and National Security marketplace that not all participants receive the same opportunity to compete for contracts. The small businesses often find it challenging to navigate the ever-changing regulatory framework in a marketplace dominated by Big Defense and its legions of attorneys hired from Big Law. Smaller solo-incorporated consulting firms engaging in defense work can now expect to come under scrutiny from the DCSA. This can be attributed, in part, to the recent NISPOM amendments at Part 32, Section 117 of the Code of Federal Regulations. 32 C.F.R. § 117.3 changed the definition of “individual,” limiting the term to define persons in a move that could cut the entrepreneur out of the marketplace. One needs to ask, therefore, whether the amended definition allows for the subcontracting of defense-related work with access to classified information where the contract is in the name of a consulting entity rather than a natural person.

Section 117.3 does not define “person.” Thus, whether a person can be defined to include entities, such as solo-incorporated firms, is a looming question on the minds of bidding contractors; one that cannot be answered through the NISPOM definitions alone.

How are “Consultants,” “Entities,” and “Individuals” Traditionally Defined by the Federal Government

Section 117.3 defines “consultant” as “an individual under contract, and compensated directly, to provide professional or technical assistance to a contractor in a capacity requiring access to classified information.” This definition shifts the analysis to whether or not “individual” is defined as a natural person or includes entities. Section 117.3 does not define “individual.” This is not done by agency staff and their attorneys through arbitrary and capricious means. It is necessary to turn to other federal sources for the interpretation of an “individual.”

To fill the regulatory lacuna, Department of Defense Directive 5400.11 (Oct. 29, 2014) defines “individual” as:

“A living person who is a U.S. citizen or an alien lawfully admitted for permanent residence…corporations, partnerships, sole proprietorships, professional groups, businesses, whether incorporated or unincorporated, and other commercial entities are not ‘individuals’ when acting in an entrepreneurial capacity with the DoD, but persons employed by such organizations or entities are ‘individuals’ when acting in a personal capacity (e.g., security clearances, entitlement to DoD privileges or benefits).”

The word “persons” is operative. Section 117.3(b) defines a U.S. person as “a United States citizen…or a corporation incorporated in the United States.” “Person” has been defined as “a natural person, trust or estate, partnership, corporation, professional association or corporation, or other entity, public or private.” 45 C.F.R. § 160.103. Similarly, the Internal Revenue Service defines “person” as “an individual, a trust, an estate, a partnership, an association, a company, or a corporation.” 26 C.F.R. § 1.269-1.

Similar definitions can be found throughout the United States Code and the Code of Federal Regulations. See 18 U.S.C. § 2510(6); 2 U.S.C. § 1602(14); 26 U.S.C. § 7701(a)(1).

However, it is not just by Congress that “person” is defined to include entities not limited to just natural persons. The U.S. Supreme Court held in Citizens United v. FEC that “corporations are people with rights.” In several seminal corporate rights cases, the argument has been made that corporations are persons with rights, with the Court agreeing in many cases. Additionally, Industrial Security Letters (“ISLs”) have allowed cleared contractors to process self-incorporated consultants for a PCL, provided that the consultant and members of their immediate family are the sole owners of the consultant’s company. see ISL 2006-02, subpart 12 (August 22, 2006).

Because “individual” is not defied under Section 117.3, it should be construed to include entities when looking at other sources. Similarly, a plausible reading and interpretation of the word “consultant” encompasses an entity and is not limited to a natural person. Therefore, so long as a solo consulting firm remains owned entirely by the consultant and immediate family with no foreign ownership and with only the consultant having access to classified information, they should be allowed to subcontract defense-related work. If the amendments to the NISPOM were intended to limit the definition of “individual” and “consultant” strictly to natural persons, then it must be clarified. When there are multiple definitions of a word, such as “persons,” the regulations must make it clear which definition they intend to follow. Otherwise, subcontractors, including entities, are left without clear guidance, leading to confusion in the defense bidding process.

Dan Meyer, Managing Partner of Tully Rinckey PLLC’s Washington, D.C. office, has dedicated more than 25 years of service to the field of federal employment and national security law as both a practicing attorney and federal investigator and senior executive. Dan Meyer is a member and Vice-Chair of the National Security Lawyers Association. He is a leader in advocating for service members, federal civilian employees, and contractors as they fight to retain their credentialing, suitability, and security clearances. Mr. Meyer can be reached at or at (888) 529-4543.

Lachlan McKinion is an Associate in Tully Rinckey’s Washington, D.C., office, where he focuses on national security and security clearance law and supports the needs of TR’s corporate national security clientele.

Featured Attorney

Recent Articles

Contact us today to schedule your consultation.

Get Started