Security clearances are one of the most tangible constraints that separate defense software development from commercial software work. For a commercial software project, the vendor assembles the most capable available team and begins work. For a classified defense program, team composition is constrained by who has — or can obtain — the clearance level required to access the program's classified information. This constraint affects hiring lead times, team size, the ability to augment capacity mid-program, and the cost structure of the engagement.

Understanding how clearances work, what organizations need at the facility level, and how to structure programs to minimize clearance-related friction is essential knowledge for any software vendor seeking to work on defense programs. This article covers the clearance landscape from the perspective of a software development organization, with practical guidance on what to expect and how to plan.

Clearance Levels: NATO Secret, Cosmic Top Secret, and National Equivalents

Security clearances exist at the national level and at the NATO level, and the two systems interact in specific ways that affect international defense programs.

At the national level, most NATO member nations operate a three-or-four-tier classification system: Confidential (or equivalent), Secret, and Top Secret, with some nations adding a Special Compartmentalized Information (SCI) category above Top Secret. The specific names vary by nation — Germany uses VS-NfD, VS-Vertraulich, VS-Geheim, and VS-Streng Geheim; the UK uses Official, Official-Sensitive, Secret, and Top Secret. Personnel clearances correspond to these tiers: a Secret clearance grants access to Secret-classified information but not Top Secret.

NATO operates its own classification system: NATO Restricted, NATO Confidential, NATO Secret, and Cosmic Top Secret (CTS). The term "Cosmic" is not an indication of a higher-than-top-secret level in the conventional sense — it is a codeword prefix applied to NATO's most sensitive classification tier. A national Top Secret clearance from a NATO member nation is generally recognized for access to NATO Secret information; access to Cosmic Top Secret requires a specific NATO-level vetting. NATO classified information is subject to NATO security policy regardless of which nation's personnel are accessing it.

For a software vendor working on international programs, the practical implication is that team members who are cleared at the national Secret level may be able to access NATO Secret material, but international program information sharing is governed by agreements between nations and by the specific classification markings on each document. Do not assume that national clearances automatically transfer to allied programs without verifying the specific bilateral or multilateral information sharing arrangements in place.

Requirements for Software Developers: Citizenship, Background Checks, and Vetting

Personnel security clearances for software developers follow the same process as for any other professional role in a defense context. The requirements vary by nation, clearance level, and program, but the common elements are consistent.

Citizenship. Most nations require that personnel holding Secret or higher clearances be nationals of the granting nation. Dual nationals may face additional scrutiny. Foreign nationals are generally ineligible for national security clearances, with limited exceptions in specific circumstances (typically for allies working on jointly-funded programs, subject to bilateral agreements). This has direct implications for software vendors with international development teams: team members who are not nationals of the relevant nation cannot hold the nation's clearances and cannot access classified information at those levels.

Background investigation. The vetting process for a Secret clearance typically involves a background investigation covering employment history, residence history, financial history, criminal records, foreign contacts and travel, and character references. The depth and scope of investigation increases with clearance level — a Top Secret investigation is substantially more extensive than a Secret investigation. The investigation is conducted by a national vetting agency (e.g., UK National Security Vetting, German GABV, US Defense Counterintelligence and Security Agency) and may take months to complete for initial clearances.

Continuous vetting. Once granted, clearances are not permanent. Most nations conduct periodic reinvestigation — typically every five to seven years for Secret, more frequently for higher levels — and cleared personnel are subject to reporting requirements for significant life events (foreign travel, financial changes, foreign contacts) that might affect their eligibility. Personnel who are already cleared are a resource that programs compete for; a vendor with a pre-cleared developer pool has a material advantage in program staffing timelines.

Timeline reality: Initial clearance investigations for software developers who are new to the defense sector can take six to eighteen months depending on the nation, clearance level, and current vetting agency caseload. Programs that require cleared developers and have not budgeted for this timeline will encounter staffing delays that affect schedule and cost. Planning for clearance processing time is not optional — it is a program management prerequisite.

Facility Security Clearance: What Organizations Need

Beyond individual personnel clearances, organizations working on classified defense programs must hold a Facility Security Clearance (FSC) — or national equivalent — that authorizes the organization itself to receive, store, and process classified information. The FSC is issued to the organization, not to individual employees, and establishes the framework within which individual clearances operate.

Obtaining an FSC requires demonstrating that the organization has established the physical security measures, information security controls, and administrative procedures required to protect classified information at the relevant level. This includes: approved secure facilities (classified meetings, secure storage for classified documents, appropriate IT systems for classified data processing); a cleared Facility Security Officer (FSO) responsible for security program administration; personnel security procedures for hiring, vetting, and managing cleared employees; and compliance with the relevant national security standard (e.g., NISPOM in the US, DEF STAN 05-138 in the UK).

The FSC must be at the appropriate level for the work being performed. A vendor with a Secret FSC cannot accept contracts that require Top Secret work without upgrading their FSC. FSC upgrades require inspection by the national security authority and must be completed before classified work begins. Organizations entering the defense market for the first time should assess what FSC level their target programs require and initiate the FSC process early — it is typically a prerequisite for contract award, not a post-award activity.

Alternatives: Controlled Unclassified Information vs. Classified

Not all defense software work requires security clearances, and understanding the boundary between classified and unclassified work is important for program planning and for vendors assessing which programs are accessible to them without the overhead of security clearance programs.

Many defense programs work with Controlled Unclassified Information (CUI) — information that requires protection but does not rise to the level of classified information. In the US context, CUI is governed by the National Archives CUI Registry and NIST SP 800-171, which prescribes information security requirements for organizations handling CUI in non-federal systems. In the UK, the equivalent category is Official-Sensitive. CUI/Official-Sensitive work requires organizational compliance with relevant security standards but does not typically require personnel security clearances.

Program architecture decisions can sometimes reduce or eliminate clearance requirements by separating classified from unclassified components. A system where operational planning data is classified but logistics management software is unclassified can be architected to allow uncleared developers to work on the logistics component while cleared developers handle the operational planning component — provided appropriate data separation is maintained. This partitioning approach requires deliberate architecture decisions early in the program and ongoing enforcement, but it can meaningfully reduce the cleared personnel requirement and thereby the cost and schedule risk associated with clearance processing.

Vendors who cannot obtain clearances (due to team nationality, FSC limitations, or timeline constraints) should not attempt programs that require them — the security failure modes are serious, and the regulatory and contractual consequences of clearance violations are severe. The better approach is to be honest about clearance capabilities during the business development phase and to target programs appropriate to the organization's cleared workforce, while building toward higher clearance levels in parallel.