Reliable Government Contractors

BlackDog Logics SAM Certification puts BlackDog into the Gold standard for Software developers

Applying to work as a government contractor takes lots of paperwork. Businesses have to request for proposal (RFP) for special qualifications and codes to be able to work with the government.

Companies also have to strictly follow the Code of Federal Regulations (DFAR and FAR) and various other labor standards. As mentioned before, everything the government spends money on is public information. If the job isn’t completed correctly or does not follow the set rules, it will be documented. That documentation is then available for the public to see at any time.

Businesses need to keep their paperwork in order too. At any time, the government can put in a request for its contracted companies to be audited

Registering with SAM is a daunting task but contractors who have successfully registered provides potential customers with a higher level of comfort that engagement with this contractor will be successful. Why?

Because to register the business entity like BlackDog Logics must go through a gauntlet verification process and certification must be renewed and verified every year.

Here are some of the verification requirements for Government Contractor certification that BlackDog Logics, who also owns Linking Logics, has successfully passed for 10 years.

BlackDog has gone through SAM accreditation for 10 consecutive years. Here is what BlackDog Logics’ successful accreditation looks like in SAM

For all the details, you can check out this link:
https://www.sam.gov/SAM/SAM_Guide/SAM_User_Guide.htm#_Toc330768939

Summary of Accreditation and certification requirements for BlackDog Logics By SAM

SAM connects to external databases that are considered to be the authoritative sources of information for specific data elements. These include D&B for business address information, ZIPInfo for congressional district information and Treasury’s Debt Management Service for delinquent debt information and SBA for the small business size protests. The data from these sources are appended to your entity registration automatically through SAM.

  • D&B is the source for DUNS number validations as explained previously. SAM will not accept a registration that has different business information (name and address) than what has been registered at D&B for the DUNS number. In addition, D&B reviews all DUNS number records in SAM to ensure that the system has the most current information. If information on a DUNS number record in D&B changes, such as an address or legal business name, and that DUNS number is registered in SAM, D&B will notify SAM of the updates. The registrant will then receive a notification that they need to come to SAM and accept the new information for their record.
  • Based on the physical address information that is used during the registration, SAM will receive the congressional district information for your business from ZIPInfo.com. This information is added to your record automatically and is adjusted as needed. If your physical address changes, then the congressional district information is also updated for your record.
  • SAM receives request for information (RFI) from the Treasury that flags your record for delinquent debt if you have a debt subject to the Treasury Offset Program. This tells contracting officers they cannot use the government purchase card to make payment to your entity. This information is received directly from the Treasury and automatically added to your record.
  • SAM receives information from the SBA (Small Business Association) in regards to certain small business certifications, such as 8a or HUBZone certified.
BlackDog’s Defense Federal Acquisition Regulation Supplement (DFARS) Requirements and Regulations

The DFARS Requirements and Regulations are detailed as follows:

  • 1) Access Control: This stipulates on limiting logical access to authorized users (in other words, just giving them enough credentials to conduct their daily job tasks).
  • 2) Awareness and Training: This states that adequate security training must be provided to all employees (which include managers, IT administrators, C-Level executives and so on) so that they are aware of the cyber threat landscape.
  • 3) Audit and Accountability: This ensures that the appropriate controls are in place in order to prevent, mitigate and investigate any malicious activity that is involved with the CUI.
  • 4) Configuration Management: An appropriate tool(s) must be implemented so that any “baseline configurations” of IT systems (which include both hardware and software) can be documented as they are used throughout their entire life cycle.
  • 5) Identification and Authentication: This regulation mandates that any user who is trying to access any IT system (or even the CUI) must be positively authenticated.
  • 6) Incident Response: A plan must be created, implemented, and practiced at regular time intervals so that any cyberattacks to an IT infrastructure can be quickly mitigated and processes restored as quickly as possible.
  • 7) Maintenance: This regulation mandates that all IT systems must be properly maintained and running in optimal condition, and that the IT Staff has the tools they need to conduct these tasks.
  • 8) Media Protection: This primarily involves the usage of portable devices, such as those of USB flash drives. It is required that they are adequately protected.
  • 9) Personnel Security: This regulation mandates that before an employee is hired, they must pass an extensive background check. This will happen before they are allowed access to any IT system that contains the CUI.
  • 10) Physical Protection: This involves the protection of the actual physical premises (as it relates to any IT assets) both from the outside and inside, and any critical infrastructure (such as the data center).
  • 11) Risk Assessment: This regulation stipulates that all IT systems must be audited on a regular basis in order to examine their vulnerabilities to cyberthreats as the system relates to the CUI (as that would be a prime target).
  • 12) Security Assessment: This involves conducting a regular audit on all IT controls that are designed to safeguard the CUI. Through this, it must be determined if these controls are still effective.
  • 13) System and Communications Protection: This regulation ensures that all lines of communication, both internal and external to the business entity, are secure with adequate layers of protection.
  • 14) System and Information Integrity: This involves making sure that the IT Staff is fully alert of and cognizant of any alerts and notifications that they receive, especially from those Security tools that are deployed at the perimeter.

You can refer to this link for more details:
https://resources.infosecinstitute.com/what-does-it-mean-to-be-dfars-compliant-in-2018/>

BlackDog’s Federal Acquisition Regulations (FAR) Compliance: Code of Business Ethics and Conduct

According to the FAR, all contracts must keep up business practices that have the highest level of honesty and integrity, and it's mandatory that they have a written code of business conduct and ethics. The FAR suggests an internal control system and training program that's related to the code of business ethics and conduct that should do the following:

  • Be appropriate for the size of the involvement in government contracting and the organization's size
  • Allow disclosure that's timely for improper conduct to the client
  • Make sure that corrective measures are followed and in place when needed.

Government contracts that go over $5,000,000 within 120 days have more defined guidelines on the language that should be used in the contracts. Once that language is in the contract, it's up to the organization to make sure the terms and conditions are carried out. It's smart to have an ethics officer to look over the ethics program in the organization and make sure all of these requirements get met on a thorough and consistent basis. Ideally, the ethics officer is someone who's a senior member of the organization and isn't directly tied to the contract’s administration.

It can be overwhelming to read the FAR, but it's essential to make sure the government contracting organization is compliant. Before enforcing the code of business ethics and conduct that's compliant with FAR, make sure to read all the language around the requirements so you fully understand what's required to establish and maintain as a contractor of the government. The rules don't enforce requirements that are mandatory for small business contracts, contracts done outside the United States, or commercial item contracts. However, the new business ethics policy serves as guidance for all government contractors.

For more details, click on this link https://www.upcounsel.com/far-compliance-policies

BlackDog’s Required Compliance List of Federal Acquisition Regulations