The Duties and Responsibilities of Facility Security Officers

The modern-day Facility Security Officer (FSO) is a versatile machine that allows government contractors to develop and distribute solutions to federal agencies without worrying about the rigorous back-end complexities. If not for the FSO acting as an all-in-one compliance officer, security manager (cyber and industrial), auditor, and human resources (HR) specialist, contractors in the defense and national security space would cease to operate.

What makes their job so complex is the range of hats they must wear daily and the industry’s volatility. Every year, there are new compliance updates, technological developments, and global trends that require FSOs to constantly stay up-to-date and change how they perform their job functions. Just when an FSO gets comfortable in their role, a new security threat or geo-political event emerges and puts them back at square one.  

This guide dives into the duties and responsibilities of FSOs and what they each entail. We’ll also provide insights into how the position has evolved over the last few years and outline some of the new challenges these essential personnel face.

FSO Job Functions

Defense contractors rely on experienced specialists to oversee many compliance and risk management functions of their organization so they can focus on winning bid proposals and delivering products, services, or entire programs to the federal government. They handle all tasks associated with managing industrial security operations and classified information. The primary duties and responsibilities of FSOs include:

Maintaining Industrial Security Program

As the job title suggests, an FSO must help its organization manage the facility security program to maintain a facility clearance (FCL). This means deploying the proper physical security controls and following the National Industrial Security Program Operating Manual (NISPOM) authored by the Department of Defense (DoD). Most notably, federal rule 32 CFR Part 117.   

NISPOM is the guiding source of truth for how FSOs must manage their personnel, cleared facilities, and classified information running through those facilities. It dictates control of classified documents, such as how contractors must store, mark, distribute, and destroy sensitive files. 

Ensuring Compliance with Federal Regulations

The next major duty of an FSO is their role in compliance management. They must monitor various guidelines and requirements for changes and ensure their organization follows suit. In addition to adhering to NISPOM, some other significant compliance areas include: 

• Reporting foreign travel and suspicious activity of cleared personnel per the Security Executive Agent Directive (SEAD) 3 
• Administering security controls for personnel who fall under Foreign Ownership, Control, or Influence (FOCI) criteria 
• Adhering to rules set by International Traffic in Arms Regulation (ITAR) compliance that restricts trade of military and defense technology 
• Developing a cybersecurity program per the Cybersecurity Maturity Model Certification (CMMC) program 

Ultimately, FSOs are the broker between contractors and government agencies that comprehend and conform to their guidelines.   

Overseeing Cleared Personnel

For FSOs, it’s not just about implementing programs and policies. Handling activity for cleared personnel is when the HR cap gets put on. They are responsible for submitting employees to obtain clearances, tracking investigation progress, and preparing for clearance renewal activities. 

FSOs also must ensure their personnel gets adequately trained on compliance requirements, such as FOCI reporting and other areas like industrial-security operations procedures, handling of sensitive information, and awareness of cybersecurity threats. Lastly, upon the departure of a cleared employee, the FSO needs to handle the debriefing and remove access to classified information.

Managing (Cleared) Facility Visitors

Cleared facilities, whether domestic or abroad, are deemed eligible by the federal government to access and control classified information. To maintain an FCL, a contractor must implement physical controls and processes for visitors entering, walking through, or departing a facility so that an unauthorized person cannot access sensitive information. As you may have guessed, this burden falls on the shoulders of the FSO.

Per the NISPOM guidelines, FSOs must deploy solutions for visitors to preregister to cleared facilities and include secure check-in and check-out points. They need to monitor visitors and their activities within their facility (or facilities). They should know the visitor’s identity and purpose for being there. Additionally, they need to ensure that proper authorization controls such as ID cards, badges, or signatures are being used.    

Adhering to Federal Audits and Reporting Requirements

While we already discussed how an FSO must help maintain federal compliance, oversee cleared personnel, and manage facility visitors, we didn’t cover the part where they need to review and report on those areas. Audits are a huge responsibility for FSOs that ultimately give contractors their stamp of approval to stay operational and continue having access to classified information. 

They must prepare for audits at their cleared facility to ensure it meets the guidelines of NISPOM and report all significant activities of their cleared personnel, such as suspicious behavior, foreign travel or contacts, and threatening acts by an individual. There are also audits dedicated to maintaining CMMC compliance and requirements for FSOs to generate and submit reports on the activity of facility visitors.    

Collaborating with Stakeholders to Achieve Broader Goals

We can’t forget that the FSO is a leadership role that oversees a team of security personnel. Like any executive position, the person responsible must help develop and execute strategies in functional areas that overlap with facility security operations. A typical example is in compliance management. An organization may have a compliance officer who comprehends the federal and contract requirements but coordinates with the FSO when it applies to industrial security.   

Defense contractors could also have a separate team dedicated to cybersecurity. There’s plenty of overlap between an FSO and, say, a Chief Information Security Officer (CISO), as both have a role to play in CMMC compliance and protecting classified information — demanding a collaborative effort between the two. Similarly, IT management teams implement and maintain the technology used to secure a facility, store data, monitor assets, and track activity.

As digital transformations are essential for contractors to evolve past legacy IT systems, the FSO and IT director must work as one to modernize an organization’s infrastructure. Lastly, the FSOs significant role in overseeing cleared personnel put them, by default, in a part-time HR role. Therefore, they need to align processes and constantly stay engaged with payroll, benefits, recruiting, and other HR teams.   

The Evolution Into Today’s FSO

Defense contracting is a never-ending cycle of new developments and compliance changes. Naturally, those shifts trickle down to the FSO position — requiring vastly different responsibilities and skill sets compared to just a few years ago. Most notably, we can start with how the trends in industrial security have redefined the role. There’s a recent tendency for contractors to adapt their technology stacks for the modern era. 
For instance, the race to develop and adopt artificial intelligence (AI) has pressured companies to deploy these advanced tools to help automate tasks and gain deep analytics. There are also businesses shifting their IT environments from on-premise to cloud or hybrid infrastructures thanks to the cost flexibility and prioritizing cybersecurity due to the rise of recent threats. These have all expanded the FSO’s knowledge requirements into areas outside industrial security operations and federal compliance.

FSOs Are a Hot Commodity

The FSO is also more essential to defense contracting than ever before. It’s not just the general business and technology trends that have propped them up. We know the DoD budget increased for 2023 and only looks to tick up more and more each year. More spending, particularly on research & development (R&D), means more opportunities for defense contractors, which will grow the marketplace and demand more qualified FSOs.   

We also can’t overlook how global events have impacted the FSO’s prestige. Anytime you’re talking about a conflict, whether that be the Russia-Ukraine War or tensions with China, we see a subsequent rise in consequences such as cyber attacks, espionage, and corruption scandals. Between FOCI reporting requirements, implementing proper cybersecurity measures, and maintaining control of classified information, all global incidents ultimately drive up the necessity of FSOs.     

Emerging Challenges to FSOs

It can’t be more clear how vital FSOs are to contractors. But what exactly prevents them from achieving their goals of securing their facility and maintaining compliance, and what is the cost of not addressing these challenges head-on? Let’s first start with their day-to-day headaches:

• Coordinate and monitor all facility visits to ensure no unauthorized individual has access to classified information (often without the proper equipment)    
• Deliver security and procedural training to all cleared personnel (while trying to grasp what needs to be taught) 
• Securely manage assets, files, inventory, and facility areas that could contain sensitive data (often using sticky notes or spreadsheets) 
• Handle all tasks relating to cleared personnel to help staff obtain, maintain, and debrief from a clearance (often without the right tools to track progress) 
• Generate audit reports to maintain compliance (but have to track down the information just before submission)   

Now couple these challenges with the newer and larger-scale ones like:

• Modernizing an IT infrastructure without halting or shutting down the facility’s security operations 
• Maintaining a secure cyberspace despite threats constantly evolving each year, including a rise of insider threats
• Navigating the federal compliance space despite yearly updates 

On the surface, this could be the most difficult job in government contracting without the right resources.    

What is the Cost of Doing Nothing?

If you don’t prepare your FSO for success by proper planning, providing them with the right software tools, and supplying them with adequate staff, you’ll have to absorb all the costs of doing nothing (CODN). Some of these include recruiting expenses to constantly replace a burned-out FSO, a non-secure cleared facility, being unable to scale business operations efficiently, and slow clearance processes for your personnel.

There are also more severe consequences, like non-compliance due to a failed audit, misplaced classified documents, and a data breach from an inside or outside threat that could compromise our country’s national security. The investment made in supporting your FSO is far less expensive than the costs of hesitation or no decision.

Simplify Your FSO Responsibilities with Mathcraft

The FSO position involves many compliance and risk management activities necessary to help contractors sustain. Without the right technology at your disposal, you could find yourself trying to track visitors manually, generate audit reports from scratch, or rush to flag down cleared personnel to submit travel requests and complete training requirements. Luckily, MathCraft Security Technologies can help! 
Contact us today to learn how our suite of industrial security software allows FSOs to maintain compliance while streamlining audits, visitor management activities, and oversight tasks of cleared personnel. Through an intuitive interface and easy-to-learn features, you can keep your assets and facility safe and deploy your security programs while giving a self-service portal for employees to take ownership of their clearance requirements.