Security Control Agreement Template for the United States
Generate a bespoke document
What is a Security Control Agreement?
The Security Control Agreement serves as a critical tool in U.S. national security infrastructure, specifically designed for situations where companies with foreign ownership or investment require access to classified information or contracts. This agreement type emerged from the need to balance national security interests with international business operations. It provides a framework for implementing and maintaining security controls, reporting mechanisms, and governance structures that satisfy federal requirements while allowing business operations to continue. The agreement must comply with NISPOM, FIRRMA, and other relevant federal regulations, and is typically required when foreign ownership or control exists but does not warrant a more restrictive Proxy Agreement or Voting Trust Agreement.
About the Security Control Agreement
A Security Control Agreement is a specialized legal instrument that allows companies with foreign ownership or investment to access classified U.S. government contracts and information while maintaining strict security protocols. This agreement creates a framework that balances national security interests with legitimate international business operations, ensuring compliance with federal regulations while enabling commercial activities.
When do you need this document?
You need a Security Control Agreement when your company has foreign ownership or investment and seeks to bid on or perform classified government contracts. This situation commonly arises when foreign investors hold significant stakes in U.S. defense contractors, technology companies working on sensitive projects, or businesses seeking facility security clearances. The agreement becomes necessary when the Committee on Foreign Investment in the United States (CFIUS) or the Defense Counterintelligence and Security Agency (DCSA) determines that foreign influence poses potential security risks but can be mitigated through structured controls rather than complete divestiture or proxy arrangements.
Key legal considerations
The agreement must establish robust security controls that isolate foreign parties from classified information and decision-making processes. Key provisions include creating a Government Security Committee with cleared U.S. citizens who oversee security matters, implementing information barriers to prevent unauthorized access, and establishing reporting requirements to government agencies. You must carefully define the scope of restricted activities, specify which personnel can access classified areas, and outline procedures for handling security violations. The agreement should address technology transfer restrictions, export control compliance, and protocols for board meetings where classified matters might arise. Additionally, consider provisions for regular security audits, employee screening procedures, and termination clauses that protect classified information if the arrangement ends.
Legal requirements in United States
Under U.S. federal law, Security Control Agreements must comply with the National Industrial Security Program Operating Manual (NISPOM), which establishes comprehensive requirements for protecting classified information in industry. The Foreign Investment Risk Review Modernization Act (FIRRMA) expanded CFIUS authority to review and impose conditions on foreign investments that could affect national security. Your agreement must satisfy Department of Defense security requirements and may need approval from relevant government agencies before implementation. The Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR) may impose additional restrictions on technology sharing and export activities. Compliance with the Defense Production Act of 1950 may also be required for companies involved in critical defense manufacturing. Regular reporting to the Defense Counterintelligence and Security Agency and other oversight bodies is typically mandatory, and failure to maintain required security standards can result in contract termination or facility clearance revocation.
GOVERNING LAW
Applicable law
This Security Control Agreement is drafted to comply with United States law. Key legislation includes:
Explore 208,390+ legal templates
Explore 208,390+ legal templates
Genie's Security Promise
Genie is the safest place to draft. Here's how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie's AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it