The last time we focused on the duties and responsibilities of a Facility Security Officer (FSO), much of the buzz was around SEAD 3 and FOCI. CMMC was just three years in, and overseeing cleared personnel was mostly about the physical facility and what you did onsite.
Fast forward to today, and the FSO isn’t just your all-in-one compliance engine. They are an operational backbone that keeps defense contractors running effectively — especially in the face of tech modernization initiatives, updated regulations, and emerging threats.
This guide breaks down the current role of the FSO, how these roles have rapidly evolved, and the nuanced challenges you must be prepared to face:
FSO Job Functions: Same Foundation; New Additions
Risk management is still the foundation of an FSO’s job. Defense contractors lean on these folks to handle the tedious compliance and security work so they can focus on delivering solutions for DoD missions.
Here’s what that actually looks like today:
Overseeing the Industrial Security Program
An FSO manages the entire facility security program that contractors need to maintain a Facility Clearance (FCL). Without the program, there’s no FCL. And without the FCL, you can’t compete for, let alone win, classified government contracts.
This means implementing physical security controls that align with the National Industrial Security Program Operating Manual (NISPOM). And where the original manual focused primarily on documents and reporting, today’s requirements added some new wrinkles.
The 2024 revisions include changes in handling continuous vetting (CV) and modernizing facility and IT security systems.
Regardless of the updates, an FSO must stay up-to-date with NISPOM requirements.
Compliance with Federal Regulations
Compliance used to feel like a checklist. Now it’s something an FSO continuously adapts to. So beyond the core NISPOM requirements, an FSO also navigates:
- Enhanced FOCI reporting with automated monitoring, new disclosures, and added reviews for unclassified contracts requirements per the 2024 and May 2025 updates
- CMMC 2.0 implementation deadlines, which was effective November 10th, 2025
- AI frameworks from the newer DoD Responsible AI and NIST AI RMF guidelines for AI/ML use and security
- Supply chain security mandates that extend requirements to subcontractors and vendors per Zero Trust, DFARS clauses, CMMC, and Executive Order 14028.
Cleared Personnel Management
An FSO keeps plenty busy ensuring clearances are kept. But overseeing these personnel is pretty cumbersome. Luckily, the technology has kept up with the need.
For example, the Defense Information System for Security (DISS) made it so FSOs could automate clearance tracking and run real-time, continuous vetting of personnel rather than periodic reviews.
On the flip side, emerging threats changed the training requirements for cleared personnel. Per Executive Order 14110, FSOs have to find and use training programs that include AI awareness and deepfake identification modules alongside the traditional security topics.
Visitor Management at Cleared Facilities
Visitor management has always been a massive responsibility for the FSO. But it was usually concentrated around operating check-in stations so people could move throughout a cleared facility securely.
Now, it’s about the integrated security ecosystem. FSOs oversee adoptions and use of:
- Biometric verification systems that connect to government databases
- Predictive analytics that flag unusual visit patterns or access attempts
- Mobile-based pre-screening that starts security protocols before visitors arrive
- Integration between physical access and network access controls
Federal Audits and Reports
The FSO remains the primary point of contact for audits. But one change in the last few years is how audits and reporting are done. It’s much more data-driven and automated thanks to some of the tools available.
FSOs spend lots of time ensuring compliance dashboards and reports are cleaned, filtered, and ready for government auditors. They’re documenting and updating materials on their own security controls. And tracking cleared personnel activities, including foreign contacts and travel, as well as participation in continuous vetting or insider threat training programs, and incorporating these into their reports.
FSOs also spend time coordinating with cybersecurity, on-site facility security, and other personnel to keep reporting systems unified.
Collaborating with Other Stakeholders to Achieve Broader Goals
If you read our blog post on the top security trends of last year, you’d recall that FSOs are increasingly having to merge functions and collaborate with their colleagues.
- With CISOs → Implementing zero-trust architectures and security controls mandated for defense contractors
- With IT teams → Making sure AI tools and ML models are deployed, and used responsibly by their users
- With HR systems → Providing continuous vetting data for clearances and ensuring insider threat programs are adopted effectively
- With supply chain or partnerships managers → Assessing third-party risk for subcontractors, vendors, and teaming partners
The Evolution Into Today’s FSO: What’s Changed Since 2023
Two transformative shifts have pivoted the FSO role since 2023:
- The AI integration mandate
Where AI was optional in 2023, it’s now mandated both as a security tool and a security concern. So today’s FSO must play the role of AI security manager by understanding how to:
- Secure AI training data and models (a new classified data category).
- Implement AI-powered monitoring without compromising privacy and security.
- Comply with 2024 DoD ethical AI requirements for contractors.
- The shift to continuous evaluation and auditing
The concept of an “audit” has gone from a scheduled event to a constant, data-fed reality. With tools feeding the Defense Information System for Security (DISS), FSOs now operate in an environment of continuous vetting and near-real-time compliance management. They’re constantly:
- Maintaining always-audit-ready dashboards that mirror what government assessors see.
- Responding to automated alerts on personnel and systems instead of preparing for annual reviews.
- Integrating disconnected data streams (physical access, cyber logs, personnel reports, etc.) into a single, coherent security narrative for oversight.
FSOs Are STILL a Hot Commodity
FSOs were in high demand in 2023. And they’re in high demand now. DoD budgets keep ticking up year by year, which means a larger market for defense contractors. Most notably, in recent news, the Golden Dome project, funded through the SHIELD vehicle, is expected to exceed hundreds of billions $ over the next few years.
And many of those dollars are specifically surrounding supply chain security, modernizing cybersecurity / preparing for emerging threats, and AI research. These are compliance requirements put on the shoulders of — you guessed it — the FSO!
It also seems that the experience gap for FSOs is widening and making them harder to recruit. Nearly 25% of the current defense contracting workforce is at or beyond retirement age. FSOs require a combined skill set in cloud security, AI governance, security analytics, third-party risk management, clearance processing, and other areas, in addition to facility security. Few (if any) professionals have this combination.
Emerging Challenges to FSOs Entering 2026 and Beyond
Daily operational challenges still linger from 2023 to now. For example, many FSOs are still using spreadsheets and sticky notes to manage assets, facility areas, files, and inventory. It’s different now because of pressure from both DoD and competitors to modernize.
FSOs are also in constant “drift” — forced to train cleared personnel on threats they didn’t even think of 24 months ago, and tracking endless compliance changes on different schedules.
By now, FSOs can feel the fatigue and burden of compliance and audit overload. They also have to balance security with innovation as the defense industry races to bring in AI/ML capabilities over the next few years.
What’s the Cost of Falling Behind?
If you’re not preparing your FSO for success in 2026, be ready to absorb the costs:
- Losing out on contract opportunities: Contractors that can’t modernize effectively, maintain proven security programs, or stay compliant will position themselves out of bid contention.
- FSO retention issues: It’s hard enough to find one FSO; imagine having to replace them constantly because of burnout and not having resources for success.
- Audit and national security risks: A poor industrial security program can compromise classified information, increase the risk of failed audits, and put our national security in jeopardy.
- Innovation barriers: Defense contractors can’t adopt AI/ML properly or modernize their tech stack per DoD standards.
Simplify FSO Responsibilities, and Amplify Capabilities with MathCraft
Two years was a lot of time for the FSO role to evolve. What was once a strict compliance and security position is now the person leading the charge for responsible AI use and modernizing the industrial base.
Now it’s time to lead with confidence with the platform built for the 2026 FSO. Learn how your role can be simplified via the MathCraft suite. Whether it’s prescreening, tracking, and protecting facility visitors, automating reporting for cleared personnel via a self-service portal, or governing your entire industrial security program in one module, we have a tool for you.