Body Armor for Armed Security at Cleared Facilities — An FSO's Decision Framework

Facility Security Officers at cleared defense contractors, critical infrastructure operators, and DoD-support commercial sites oversee armed security forces that look LE-adjacent but don't follow LE procurement rules. Body armor for this force is not covered by BVP (non-LE), not governed by NISPOM (which covers information security, not physical hardening), and typically not sourced via cooperative contracts (which are public-sector).

The decision framework is different. Here it is.

The four-way split

Armed security at cleared facilities falls into four common categories:

1. Contractor-employed armed officers — the most common. A security firm (Allied, Securitas, Constellis, GardaWorld) provides licensed armed guards under a facility contract. The contractor holds the state armed-guard licenses and usually the armor policy.
2. Directly-employed facility protection — FSO-hired uniformed protection directly on the company payroll. FSO owns the armor spec.
3. Cleared DoD contractor self-protection — engineer / scientist / manager armed protection in high-threat overseas deployments. Different framework entirely; State Department D&S coordination.
4. Executive protection embedded at HQ — close-protection of named executives, typically through EP specialist firms (Gavin de Becker, Pinkerton, Global Guardian) that bring their own armor.

This article focuses on categories 1 and 2.

Armed guard state licensing drives the floor

Every state that licenses armed security guards sets a minimum standard — some states explicitly require NIJ-certified armor (CA, NY, TX); others require "body armor as appropriate" (most); a few don't mention it. The state regulation map shows where the licensing overlay tightens.

For most FSOs, the floor is:

• NIJ IIIA soft armor, concealable or external carrier at FSO discretion
• CPL-listed on date of purchase — same rule as LE, but for state licensing audit rather than BVP reimbursement

Any spec above that is a company decision.

The company decision: what threats?

A cleared facility's threat model drives whether the spec goes higher than IIIA:

• Research / R&D campus threat model: IIIA is typical; workplace violence and protest escalation are the main realistic threats
• Weapon-system / defense-factory facility: IIIA often plus a pool of Level III rifle plates for rapid-response
• Nuclear / critical-infrastructure security: Level III / IV hard armor as baseline; these facilities usually have federal oversight (NRC, DOE) that specifies the standard
• Data center with sensitive customer load: IIIA plus guard-force training on civil disturbance; rarely requires hard plate

Most FSOs spec one tier above the state floor for defensibility in the event of a workplace incident.

Procurement paths available to FSOs

FSOs buying direct for their own force:

• Direct manufacturer through corporate purchasing — clean, best pricing at volume, manufacturer will match your spec
• GSA 84 open-market access — FSOs at cleared DoD contractors often have GSA 84 access through company procurement
• Authorized dealer network — for smaller buys, your dealer directory lists 75+ authorized dealers across all six covered MFGs

FSOs whose armed force is contractor-provided:

• Your contract specifies the armor spec; the contractor's procurement handles purchasing
• Your role is the spec, not the PO. Write it into the SOW.

The paperwork FSOs actually care about

1. NIJ CPL listing printout on the date of purchase, filed with the armor roster
2. Warranty documentation per vest, per officer, with replacement cycle
3. State licensing compliance: NIJ level documented in the state's required records (varies by state)
4. Incident-response replacement procedure: if an officer takes a round, the vest is replaced — this needs to be written policy

Audits (internal compliance, customer audits at cleared facilities, state regulator surveys) consistently ask for #1 and #2. The others rarely get asked but are good practice.

The DoD-serving-cleared-facility nuance

If your facility serves DoD under a classified contract, your armed protection may be required to exceed commercial baseline — typically set by the customer (DCSA, the program office, or a specific DD-254 security classification guide) rather than NISPOM. If the customer specifies Level III hard plates for the gate force, that's the spec — irrespective of what state law would require.

Check your DD-254 and customer security briefings for the specifics.

Common mistakes

• Letting state licensing dictate the whole spec. Meets the floor, not the threat.
• Outsourcing the spec to the guard contractor. Most guard firms will provide whatever the contract says and nothing more; a vague spec means a vague outcome.
• Forgetting the replacement cycle. Guards rotate; their armor doesn't always follow. Audit your roster semi-annually.
• Not documenting the threat model. If an incident happens and the armor is questioned, "we specified IIIA because that's what they all wear" is weaker than "we specified IIIA because our threat assessment concluded X and Y."

Checklist

• Armed guard state licensing requirements documented for your state(s)
• Threat model for your facility documented
• Armor spec tied to threat model (one level above state floor is typical defensible baseline)
• Procurement path confirmed (direct / GSA 84 / dealer / contractor)
• NIJ CPL listing verified at date of purchase
• Warranty + replacement cycle documented and calendared
• Customer / DoD-specific overlay checked (DD-254 or relevant security classification guide)