Reporting Requirements

Organizations that perform work on U.S. Government classified contracts must comply with strict reporting requirements under Security Executive Agent Directive 3 and the 32 CFR Part 117 (NISPOM Rule).These requirements apply not only to cleared facilities, but also to Covered Individuals working within those organizations.

Reporting concerns, incidents, or suspicious behaviors helps protect national security and ensures organizations maintain their ability to perform classified work.

Why Reporting Matters
Security reporting is one of the most important responsibilities of anyone working in a federal contractor environment. Timely reporting:

• Helps identify and mitigate potential threats to national security
• Helps safeguard an organization’s ability to perform classified work
• Supports counterintelligence efforts.
• Protects sensitive government information.

Key reassurances:

• Self-reporting concerns about your own situation shows honesty, reliability, and integrity.
• Reporting does not automatically mean someone has done something wrong or will get in trouble.
• Following reporting requirements is not tattling — it is a professional responsibility.
• Reporting allows security professionals to review a situation, provide guidance, and resolve potential issues before they become larger problems.

Who Must Report
Reporting is everyone’s responsibility. Anyone working for or with a cleared contractor facility should report security concerns, incidents, or suspicious behavior to their Facility Security Officer.

Covered Individuals also have specific requirements to self-report certain information about themselves.

A Covered Individual is anyone who:

• Holds a security clearance
• Is in the process of obtaining a clearance
• Occupies a Sensitive Position
• Occupies a position where reporting requirements have been applied by any U.S. government agency or customer.

Sensitive positions include roles where an individual could potentially impact national security, even if they do not have access to classified information.

If you work for or with a cleared contractor facility, you likely have reporting responsibilities—even if you do not hold a security clearance.

What Must Be Reported
While it is not possible to list every reportable situation, the categories below highlight the most common reporting requirements.

All personnel should report concerns related to:

• Espionage, sabotage, terrorism, or subversive activities
• Security incidents or violations
• Suspicious contacts or information collection attempts
• Adverse information (criminal activity, financial issues, substance misuse)
• Insider threat indicators
• Foreign travel
• Foreign contacts
• Foreign influence
• Foreign financial or business interests
• Personal status changes
• Cyber intrusions, incidents, or suspicious online activity

Espionage, Sabotage, Terrorism, Subversive Activities – All personnel must report to the FSO immediately:

• Any circumstance of actual, probable, or possible espionage, sabotage, terrorism, or subversive activities directed at the United States.

Security Incidents – All personnel must report to the FSO immediately:

• Any known or suspected security incident, violation, infraction, or vulnerability—regardless of who may be responsible.
  • Spillage, Loss, compromise, or suspected loss or compromise of classified material
  • Physical or technical security vulnerabilities
  • Failure to follow proper security procedures

Suspicious Contact – All personnel must report to the FSO immediately:

• Any contact with known or suspected intelligence officers from any country
• Any attempt by any individual, regardless of nationality, to
  • Obtain illegal or unauthorized access to classified or sensitive information
  • Exploit or compromise any personnel
  • Establish unusual relationships

Adverse Information: All personnel must report to the FSO immediately:

• Any information or activities that could adversely reflect on the integrity, trustworthiness, reliability, or character of an individual or that suggests a person’s access to USG information may not be in the interest of national security. Some examples include:
  • Criminal conduct or arrests
  • Financial difficulties or unexplained affluence
  • Substance abuse/misuse
  • Significant personal conduct issues
  • Behavior indicating poor judgment or unreliability
  • Actions that could make a person vulnerable to exploitation or coercion

Insider Threat Indicators – All personnel must report to the FSO immediately:

• Any information or behavior that may indicate any other person may be a potential insider threat risk. NOTE: Insider Threat indicators are broad. Your company should have an Insider Threat Plan (ITP) that covers this in depth and should have provided you with insider threat awareness training. If you have not taken Insider Threat Awareness training or you do not have access to your company’s ITP, notify your FSO ASAP.

Foreign Travel

• Covered individuals must report to the FSO, 30 days prior to departure:
  • All foreign travel, both personal and professional.
• All personnel must report:
  • Travel to high-threat locations
  • Travel inconsistent with financial resources or official duties
  • Short trips inconsistent with logical vacation travel and that is not part of official duties

Foreign Contacts and Influence – Covered individuals must report to the FSO immediately:

• Close and continuing contact with any foreign national
  • This includes all relatives/family members, friends, acquaintances, romantic relationships, business relationships, etc., whether by phone, mail, e-mail, internet, social media, or in person
• Contact with anyone associated with any foreign person or foreign entity (Foreign entity includes: foreign-owned organizations, businesses, or governments including a foreign embassy.)
• Financial obligations to any foreign person or entity
• Any attempts to solicit a person to act as a representative of any foreign entity

Foreign Financial or Business Interests – Covered personnel must report to the FSO immediately:

• Foreign investments
• Foreign bank accounts
• Foreign real estate purchases
• Investments in any foreign entity, stocks, or person
• Employment or consulting engagements with any foreign entity or person
• Ownership of foreign state-backed, hosted, or managed cryptocurrency
• Ownership of cryptocurrency wallets hosted by foreign exchanges

Personal Status Changes – Covered personnel must report to the FSO immediately:

• Name changes (for any reason) and aliases
• Change in marital status (Marriage, Separation, or Divorce)
• Change in cohabitation status (New or ended cohabitation)
• Engagement to a foreign national
• New immediate relatives
• Change in citizenship, including obtaining dual citizenship or citizenship by naturalization
• Change in employment status or any change in requirements for access to classified

Cyber Intrusions and Incidents – All personnel must report to the FSO immediately:

• Any actual, possible, or potential penetration of information systems or use of technology to target or exploit covered entities and individuals. Some examples include:
  • Phishing attempts
  • Suspicious network activity
  • Unauthorized credential use
  • Cyber intrusions
  • Spillage
  • Online attempts to target or recruit personnel through elicitation, solicitation and marketing of services, direct requests for information

Note – RAP Back Enrollment: Individuals who undergo fingerprinting for a national security clearance are enrolled in the FBI’s Record of Arrest and Prosecution (RAP) Back Program. This program supports continuous vetting under the Trusted Workforce 2.0 framework by notifying U.S. Government agencies when updates to an individual’s criminal history appear in FBI records.

Even with continuous vetting, Covered Individuals are still required to self-report in accordance with SEAD 3.

Self-reporting concerns before they are identified through automated checks often allows issues to be addressed before they become more serious or impact an individual’s clearance eligibility. Self-reporting is often viewed as a positive indicator of honesty, reliability, and integrity during the adjudicative process.

How to Report
If you see something concerning, learn information that may be reportable, or experience a reportable situation yourself–report it to your Facility Security Officer.

If internal reporting is not possible, certain issues may also be reported to the DoD OIG Hotline. The hotline allows individuals to report: Fraud, Waste, Abuse, Whistleblower reprisal, Bribery, Contract or procurement fraud, Conflicts of interest, and certain other types of information. You can learn more about the DoD Hotline here: https://www.dodig.mil/Hotline

Using the DoD Hotline does not relieve you of your reporting obligations under SEAD 3, 32 CFR Part 117, and contractual requirements. Covered Individuals must still report required information to their Facility Security Officer.

When in doubt–report the concern to your Facility Security Officer.

Resources and Additional Learning
Reporting Requirements at a Glance
DCSA Self-Reporting
NISP Reporting Requirements
SEAD 3 – Reporting
SEAD 3 ISL2021-02
SEAD 3 Short
Adjudications – The Whole Person Concept
Reporting the Threat
Reporting Requirements Crossword
Reporting Requirements Word Search
Security Awareness Games
32 CFR Part 117 (NISPOM Rule)
32 CFR Part 147 (Adjudicative Guidelines)

As always, if you have any questions…ask your FSO! Your company’s FSO is the best person to help you navigate any questions you have about security compliance, briefing, and reporting requirements. As security professionals, we are here to help you navigate all things security and ensure you fulfill all security requirements.