![[Icon]-FH-Spinner-Horizontal-Light.avif](https://static.wixstatic.com/media/efdf16_e523c19ac0fa4875b8e3c4f83e0444b5~mv2.avif/v1/fill/w_147,h_34,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_avif,quality_auto/%5BIcon%5D-FH-Spinner-Horizontal-Light.avif)
Section 847 Compliance: 5 Critical Questions Your Acquisition Team Should Be Asking DCSA Right Now
- CANDA Solutions
- Nov 7
- 6 min read
Updated: Nov 18
Executive Overview
Section 847 implementation is coming within 12-18 months. DCSA (Defense Counterintelligence and Security Agency) will manage this expansion of FOCI (Foreign Ownership, Control, or Influence) vetting—historically limited to classified contracts—to unclassified DoW (Department of War) contracts valued at or above $5 million. This shift extends FOCI assessment from approximately 2,000 annual cases to an estimated 41,000 cases, affecting up to $200 billion in acquisitions.
In May 2024, DoW issued Instruction 5205.87, establishing the framework for conducting FOCI reviews during source selection, though the enforceable DFARS clause remains in development. This represents a fundamental shift from reactive FOCI mitigation to preventative vetting before contract award.
For acquisition teams, key questions may still remain: What do you know about DCSA's approach to this mission-critical vetting process? With DCSA's history of technology deployment challenges—including NBIS implementation that began in 2017—how is preparation progressing? Industry has received helpful, but limited guidance on the expected process, timeline confidence, or how to prepare for successful implementation.
For procurement leaders, this uncertainty presents operational risk. Vetting delays could extend already lengthy DoW procurement cycles, impacting mission delivery.
The window for asking questions and helping shape practical implementation is narrowing. Here's what acquisition teams should consider discussing with DCSA.
What Triggers the $5M Threshold?
Organizations are seeking clarity on whether the $5M threshold applies to individual contract value or cumulative portfolio value. For instance, does a $4.9M base contract with options exceeding $5M trigger vetting requirements? Does it apply to prime contracts only, or do subcontracts count toward the threshold?
While Section 847 includes exemptions such as COTS (Commercial Off-The-Shel) products, DoW retains authority to require vetting where national security risks exist, including access to personally identifiable information or cybersecurity systems. Understanding these threshold calculations and exemptions helps organizations assess which contracts may be subject to vetting.
Recommended approach
Request written clarification from DCSA on threshold calculations, including treatment of options, modifications, and portfolio aggregation rules.
Clear documentation helps everyone plan effectively and ensures system requirements support scalable implementation.
What Information Does DCSA Actually Need to Assess FOCI?
The scope of required beneficial ownership documentation is still being defined. What information will satisfy FOCI assessment requirements? What format will DCSA accept? What level of detail is expected for complex offshore interests or multi-tiered ownership structures? When must information be submitted relative to contract award timelines?
Section 819 of the FY2021 NDAA further requires ongoing monitoring and disclosure of beneficial ownership changes during contract performance; not just at award. Prime contractors must also develop processes for collecting, storing and securing ownership information from subcontractors and ensuring compliance across the supply chain.
Recommended approach
Work with DCSA to understand the intended vetting checklist and the recently updated Standard Form 328 (SF-328) requirements.
Consider proposing standardized templates that streamline submission workflows while ensuring completeness—this benefits both industry and DCSA by reducing iterative clarifications.
What's DCSA's Processing Capacity?
Understanding DCSA's current processing capabilities and projected capacity under Section 847 helps with planning. How many cases can DCSA handle per month? What turnaround times should industry expect? How will the system handle predictable volume spikes during major procurement cycles?
Why this matters
Section 847 establishes a 25 business day expectation for DCSA to render vetting determinations. DCSA has set a separate non-statutory goal of 120 days for cases tied to contractual contingencies. If mitigation measures are required, contractors have 90 days post-award to implement them—but that timeline only begins after DCSA's review and the contracting officer's determination are complete.
Given the projected increase from 2,000 to 41,000 FOCI cases annually, understanding whether DCSA can maintain these timelines is critical for acquisition planning. While DCSA has increased Risk Management Unit staffing, the scale of expansion raises legitimate capacity questions.
Recommended approach
Look for published Service Level Agreements (SLAs) that provide predictable timelines for planning.
Review your acquisition portfolios now to identify potential concerns rather than waiting for implementation. Understanding these timelines helps align Section 847 requirements with broader acquisition schedules.
How Will DCSA's System Integrate With Your Procurement Tools?
The technical implementation approach significantly impacts operational efficiency. Will contracting officers manually track vetting status outside existing procurement systems? Experience shows that manual handoffs between systems can create delays, introduce errors, and face challenges under volume pressure.
Under Instruction 5205.87, DCSA conducts the FOCI evaluation, but the contracting officer makes the final determination on whether mitigation measures are necessary. This dual-track decision-making process requires coordination between DCSA's assessment system and contracting officer workflows.
Recommended approach: Engage with DCSA to understand their planned system architecture and integration capabilities. Advocate for automated data exchange and status tracking that reduces manual intervention—integration supports speed, confidence, and reliable processing.
Who Initiates the Vetting Process?
Process ownership affects timeline control and efficiency. Does the contracting officer trigger vetting after receiving proposals, or can industry proactively submit information during proposal development? Given contracting officers' existing workload and their role as final decision-makers on mitigation measures, understanding this handoff point helps organizations plan accordingly.
DoW Instruction 5205.87 contemplates that companies will provide detailed FOCI information early in the contracting process before source selection decisions are made. However, the specific submission process and timing remain to be clarified in the forthcoming DFARS clause.
Recommended approach: Consider proposing that industry be permitted to proactively submit vetting information as part of proposal packages rather than waiting for government-initiated requests. The information could be ready and available for Acquisition acknowledgement to trigger actual vetting, potentially accelerating processing while supporting contracting officer efficiency.
Learning From Implementation Experience
NBIS implementation has faced challenges related to complexity, scalability, missed timelines, and Trusted Workforce 2.0 integration. DCSA now faces the additional challenge of scaling FOCI vetting from approximately 2,000 to 41,000 cases annually while maintaining the 25-day statutory timeline and dual-track decision-making process.
Section 847 represents a shift from DoW's reactive FOCI model to a preventative one, ensuring foreign influence risks are addressed before contract award rather than after. This proactive approach benefits mission security but requires significant operational capacity that has yet to be fully demonstrated.
Understanding these implementation dynamics helps organizations prepare for multiple scenarios. DCSA may still be determining optimal approaches for Section 847 implementation, which suggests flexibility in preparation strategies may prove valuable.
Steps Agencies Can Take Now
Engage with DCSA: The five questions above provide a framework for productive dialogue. Getting answers, even preliminary ones, supports planning and demonstrates commitment to collaborative implementation.
Map your exposure: Identify which current and planned contracts will likely trigger vetting requirements. This assessment informs resource planning and risk management approaches.
Review internal processes: Assess what ownership documentation you can access today. Communicate what's needed for entity documentation and consider augmenting procedures now, providing lead time regardless of final requirements.
Integrate into due diligence: Legal and compliance teams should integrate Section 847 assessments into transaction planning and change control policies to ensure compliance officers are notified of ownership or governance changes before they occur.
Raise readiness conversations: If engagement with DCSA reveals significant gaps, consider discussing with acquisition leadership and industry associations to help shape practical implementation approaches.
Evaluate technology partners: Solutions like Fresh Haystack are purpose-built for rapid deployment in national security contexts and may prove valuable as requirements crystallize. Speed to mission success will be important as the DFARS rule finalizes.
Looking Ahead
Section 847's DFARS clause is approaching publication. Organizations that engage early, ask clarifying questions, and begin infrastructure preparation position themselves to maintain efficient procurement timelines and mission support capabilities. Those caught unprepared may face delays that impact mission delivery and competitive positioning.
The forthcoming DFARS rule will formalize disclosure obligations, require continuous monitoring during contract performance, and demand coordinated compliance across the supply chain. Contractors who establish internal ownership tracking systems now will be better positioned to compete once the rule takes effect.
The most valuable action is starting these conversations within your organization and with DCSA. Early engagement helps create better outcomes for all stakeholders.
If your organization is preparing for Section 847 implementation and needs to accelerate supply chain vetting capabilities, we're here to help.
About CANDA Solutions: Your partner for safer, smarter modernization, delivering impact, not excuses, at every step.
CANDA Solutions is the risk management force multiplier for the national security enterprises.. For over 17 years, we've enabled federal programs to move beyond box-checking by combining practitioner-led advisory, modular risk solutions, and our Fresh Haystack platform. Trusted by the nation's most critical security agencies, we deliver execution—not just advice—so customers see measurable risk reduction, predictable cost, and lasting agility, no matter how the threat landscape shifts.
Our Fresh Haystack RIx (Risk Intelligence Multiplier) platform combines proven, prebuilt case management workflows with low-code application technology—purpose-built for personnel / industrial security, insider threat detection, and supply chain / vendor risk management. Unlike generic platforms requiring months of custom development, Fresh Haystack delivers proven blueprints that mission owners customize in hours, not months—eliminating IT bottlenecks while maintaining compliant, federal-grade operations automatically.