A Facility Security Officer (FSO) is the designated individual responsible for safeguarding classified information at cleared defense contractor (CDC) facilities operating under the National Industrial Security Program (NISP). In 2026, the Defense Counterintelligence and Security Agency (DCSA) enforces strict training, designation, and certification requirements for all FSOs. Whether you are newly designated or working toward professional certification such as the SFPC or ISP, this guide covers every requirement you need to meet โ from mandatory orientation training to DISS system access and SF-86 investigation processing.
A Facility Security Officer is an employee of a cleared defense contractor who is formally designated by the company to oversee and administer all aspects of the facility's classified information security program. The FSO serves as the primary liaison between the contractor and the DCSA, managing personnel security clearances, physical security controls, information system authorizations, and security education programs.
Unlike a government security officer, an FSO is a private-sector employee โ but the role carries substantial federal compliance responsibilities under the National Industrial Security Program Operating Manual (NISPOM), codified at 32 CFR Part 117. Facilities holding a Facility Clearance (FCL) at the Secret or Top Secret level must have at least one designated FSO who themselves hold a personnel security clearance at or above the facility's clearance level.
To be formally designated as an FSO, an individual must satisfy several baseline requirements set by the DCSA and the contractor's Key Management Personnel (KMP) structure:
Under 32 CFR Part 117 (NISPOM), every newly designated FSO must complete the DCSA Center for Development of Security Excellence (CDSE) FSO Orientation training within six months of being formally designated. Failure to meet this deadline can result in the DCSA placing the facility clearance under review.
Beyond initial orientation, the NISPOM requires FSOs to conduct and document annual security refresher training for all cleared employees at the facility. FSOs themselves must also complete continuing education to stay current with DCSA policy changes, new CDSE course releases, and insider threat program updates.
Key annual training obligations include:
The National Industrial Security Program is the U.S. government framework under which classified information is shared with private industry. Established by Executive Order 12829 in 1993, NISP is governed by the NISPOM (32 CFR Part 117) and administered by the DCSA as the primary Cognizant Security Agency (CSA) for the Department of Defense and most other federal agencies.
FSOs are the operational linchpin of NISP compliance at the contractor level. Their responsibilities under NISP include managing the Facility Clearance (FCL), processing personnel security clearances through DISS, maintaining visitor control logs, overseeing classified document accountability, administering the Self-Inspection program, and operating the facility's Insider Threat Program.
The SFPC is an entry-level professional certification issued by the CDSE. It is designed for security professionals with limited experience who want to validate their knowledge of the NISPOM, personnel security, physical security, and information security fundamentals. The SFPC is often the first formal credential pursued by newly designated FSOs.
To earn the SFPC, candidates must complete a prescribed set of CDSE courses and pass a proctored, multiple-choice examination. The certification is valid for two years and must be renewed through continuing professional education (CPE) credits or re-examination.
The ISP certification is the premier advanced credential in the industrial security field, awarded by the National Classification Management Society (NCMS). It is widely recognized by cleared defense contractors and the DCSA as the benchmark for experienced FSO competency.
ISP candidates must demonstrate a minimum of three years of hands-on industrial security experience, pass a rigorous 200-question examination covering all NISP program areas, and maintain the credential through 60 CPEs every three years. The ISP exam covers the full scope of FSO duties: personnel security, physical security, information systems security, classification management, international security, and special access programs.
FSOs are responsible for initiating and tracking personnel security clearance investigations through the Defense Information System for Security (DISS), the DoD's authoritative system of record for personnel security clearance data.
When a cleared employee requires a new, upgraded, or reinvestigated clearance, the FSO sponsors the request in DISS and assists the employee in completing the SF-86 (Questionnaire for National Security Positions) via the e-QIP or NBIS portal. Key FSO responsibilities in this process include:
Facility Security Officer salaries vary significantly based on geographic location, facility clearance level, employer size, and whether the FSO holds a professional certification such as the ISP. According to current labor market data for 2026:
FSOs who transition from full-time security roles into Security Manager or Director of Security positions at large primes (Lockheed Martin, Northrop Grumman, Raytheon, Booz Allen Hamilton) often see total compensation packages well above the base figures. ISP certification is frequently listed as a preferred or required qualification in senior FSO job postings.