If your company has ever submitted a facility security clearance package to DCSA, there's a good chance it was sent back.
According to DCSA's own data, the average rejection rate for initial and upgrade FCL packages is over 70% and the average package cycles 2.5 times before it clears review.
The reasons are almost always preventable:
And the updated SF-328 form released in May 2025 has raised the bar further, expanding FOCI disclosure requirements to cover the Small Business Innovation Research (SBIR) program, the Small Business Technology Transfer (STTR) program, and unclassified Department of Defense (DoD) (also known as the Department of War) contracts over $5 million. That means more contractors are encountering this form for the first time, with more documentation at stake.
For a detailed breakdown of what DCSA evaluates and the most common rejection reasons, see our companion guide: The Facility Clearance Bottleneck: What's Really Causing FCL Delays.
The tools to help contractors stay on top of these shifting requirements haven't kept pace with the complexity.
oD has lost 40% of its small business base over the last decade, with compliance burden cited as a primary driver. The contractors who need the most help navigating the facility clearance process are the ones who can least afford it. Over time, that becomes a structural barrier to DIB participation that affects national security readiness.
That's why it attracted DARPA's attention.
DARPA recognizes that problems with FCL package quality are becoming a systemic bottleneck slowing the entire defense contracting pipeline. When 70% of packages are returned before substantive review begins, cleared work gets delayed, prime contractors wait on subcontractors who can't perform, and innovative small businesses that should be competing for classified contracts get stuck in administrative limbo.
To address this, DARPA launched a dedicated initiative to develop technology that could meaningfully improve FCL submission quality across the DIB. The agency awarded contracts to two companies to independently develop prototypes of Facility Control, a purpose-built platform designed to guide contractors through the preparation of DCSA-ready FCL packages. ISI is one of the two firms selected.
This parallel-development approach is a hallmark of how DARPA drives breakthroughs: fund two independent teams with different perspectives, let each build the strongest solution they can, and let the best approach emerge through real-world testing. It's a model that's produced some of the most consequential defense technologies of the last several decades.
Facility Control is designed to do something that no existing tool or template currently does: systematically verify that your FCL package is complete, internally consistent, and aligned with DCSA's review criteria before you submit it. Every capability is built to address a specific, documented failure point in the current process.
Instead of working from memory or a generic checklist, Facility Control will guide your team through each component of the FCL package in the sequence DCSA expects. The platform ensures nothing is skipped, nothing is submitted out of order, and every required element is accounted for before the package is transmitted through the National Industrial Security System (NISS).
This addresses one of the most basic—and most common—reasons FCL packages get returned: components are incomplete or submitted in a configuration that doesn't align with how DCSA's Entity Vetting team actually reviews them.
Before your package reaches DCSA, Facility Control's validation engine is designed to check for the deficiency triggers that account for most returns, such as incomplete FOCI disclosures on the SF-328, KMP data gaps, signatory mismatches on the DD-441, and inconsistencies between your legal organization chart and your KMP roster. When the system identifies a potential issue, it flags it for your team to review and correct.
This is the pre-submission quality layer that doesn't exist anywhere else in the current process. DCSA's own updated submission procedures make the stakes clear: if your resubmitted package still contains the same deficiencies that were flagged on first review, DCSA will remove it from the queue entirely, requiring you to start over with a new sponsorship request. A validation layer that catches these issues before submission protects you from losing your place in line.
Preparing an FCL package requires pulling information from multiple corporate documents—articles of incorporation, operating agreements, stock ledgers, prior SF-328 filings, state registration records, etc.—and entering it accurately across multiple DCSA forms. Every manual transcription step is an opportunity for the kind of data entry error or cross-document inconsistency that triggers a return.
Facility Control is designed to reduce that manual burden by extracting relevant information directly from your corporate filings, organizational documents, and prior submissions. The result is fewer transcription errors, faster preparation time, and greater consistency across the components of your package.
Facility Control is a natural extension of Security Control, our proprietary, cloud-based security management platform. Originally designed for internal use by our team of over 50+ FSOs, we rolled it out to customers in 2017 when it became clear there was nothing comparable to it on the market. Security Control reduces admin time by automating and streamlining FCL and PCL compliance tasks. Today it’s trusted by over 1,000 FSOs across the DIB for day-to-day security program management.
Our team brings direct insight into how DCSA reviews and evaluates packages: insight that shapes every element of Facility Control's design.
Over the course of more than two decades, we’ve developed the pattern-recognition capability that comes from operating at scale inside the facility clearance process. When you work with over 900 defense contractor clients, you see every permutation of corporate structure, FOCI scenario, KMP complication, and documentation gap that DCSA encounters. You learn which errors trigger returns most frequently, which form sections cause the most confusion, and where the process breaks down for first-time applicants (and even experienced filers).
Facility Control encodes that institutional knowledge into software. The platform's validation rules, workflow sequences, and extraction logic are all derived from our real-world experience helping clients achieve a 99% FCL approval rate with a 53-day average turnaround, compared to the 180-day industry average reported by DoD.
Facility Control is built for defense contractors across the full FCL lifecycle. But for some organizations, the value is immediate.
Best fit if you are:
Pursuing your first FCL
Resubmitting after a package return
An SBIR or STTR awardee waiting to begin classified work
Managing M&A activity, FOCI changes, or new facilities
An experienced Facility Security Officer (FSO) who wants a verification layer
Facility Control is officially in public beta, and you can visit this page to learn more. Here's what the timeline looks like:
This is a window that won't stay open indefinitely. If your company is preparing an FCL package currently or expects to in the next 12 months, getting on the interest list now means you'll have access to a DARPA-funded preparation tool before it's widely available.
Sign up for the Facility Control early interest list to receive product updates, get notified when demos become available, and be considered for beta participation.
Need help with your FCL package today? Facility Control is still in development, but ISI's FSO team is ready today to help you prepare and submit a DCSA-ready package now. Talk to an advisor about your current submission.
Want to understand the FCL preparation process in depth? Read our companion guide: The Facility Clearance Bottleneck: What's Really Causing FCL Delays. It covers exactly what DCSA evaluates, the most common rejection reasons, and a step-by-step preparation checklist you can use while you wait for Facility Control access.
Facility Control is an AI-assisted workflow platform that converts your uploaded governance documents into a validated, DCSA-ready Facility Clearance (FCL) package. Instead of manually assembling forms, chasing down inconsistencies, and hoping nothing is missing, Facility Control guides you through the process — extracting key data from your documents, populating required artifacts, assessing your FOCI risk profile, and exporting a complete submission package.
Facility Control is designed for two primary users: Companies pursuing their first FCL — particularly non-traditional defense contractors, tech startups, and small businesses entering the Defense Industrial Base (DIB) for the first time. Cleared defense contractors managing change conditions — ownership changes, restructuring, or any update that requires a new or amended FCL submission. Security professionals, law firms, and Facility Security Officer (FSO) consultants who support clients through the clearance process will also find Facility Control useful for streamlining package preparation.
Yes. Facility Control is offered at no cost. ISI developed Facility Control to help companies enter and operate in the defense industrial base more efficiently. There is no subscription, no per-use fee, and no hidden charges. Companies that need additional support — FSO services, CMMC readiness, or ongoing compliance management — can access ISI's broader service offerings separately.
Facility Control was developed by ISI the leading provider of outsourced Facility FSO services in the United States. The platform originated from a DARPA-funded SBIR initiative focused on modernizing and automating the FCL process and is now being commercialized by ISI for broad use across the DIB.