How DiligenceDesk reads federal data.

The orchestrator, the eight data sources, the deterministic verdict ladder, and the things automated screening cannot replace. Built so a procurement officer can defend the verdict in writing.
/ 01 · ANCHOR

Identity resolution comes first.

The most expensive failure mode in federal contractor screening is reviewing the wrong entity. DiligenceDesk starts every audit by resolving the user's query (legal name, UEI, or CAGE) against sam.gov. The matching SAM record becomes the canonical legal entity for the rest of the audit.

Downstream risk signals attach to that anchored identity. Labor enforcement, sanctions list hits, performance context, and cyber exposure are all queried against the resolved legal name, not the user's raw input. A clean screening on the wrong company is not a clean screening.

/ 02 · INPUTS

The eight federal data sources.

Every source is queried in real time. Responses are cached in Upstash Redis for up to twenty-four hours per query to reduce upstream rate-limit pressure. No proprietary or paywalled datasets are used.

SAM.gov
Entity registration, exclusions, NAICS, PSC. Identity anchor for the audit.
DOL WHD
Wage & Hour Division enforcement. Willful and repeat-violator flags.
OSHA
Occupational Safety & Health Administration inspection and citation history.
ITA CSL
Department of Commerce Consolidated Screening List. Entity List, Denied Persons, Unverified List, sanctions.
USAspending
Federal contract and grant award history. Top agencies, total obligated, recent awards.
SEC EDGAR
Public-company filings (10-K, 10-Q, 8-K) for financial signal.
GLEIF
Legal Entity Identifier and parent / subsidiary chain.
NIST NVD
National Vulnerability Database. CVE / CVSS exposure mapped via CPE.
Section 889
Local registry of prohibited-manufacturer MAC and OUI ranges.

Each source produces evidence the verdict engine can weigh. Source-level outages are tolerated: if SEC EDGAR is unreachable for a particular query, the verdict is computed without it and the response notes the missing pillar rather than failing the audit.

/ 03 · SYNTHESIS

The verdict ladder.

Verdicts are deterministic. Same inputs always produce the same verdict. The ladder is evaluated top to bottom; the first matching rule wins.

FAIL
Prohibited hardware match (Section 889), active SAM.gov exclusion, severe labor violations (willful or repeat), or a high-severity Consolidated Screening List hit. Stop the workflow until reviewed.
WARNING
Expired SAM.gov registration, moderate Consolidated Screening List hit, or involvement in a sensitive sector (weapons, ammunition, nuclear ordnance, defense aerospace) even with a clean screening record. Requires human review.
PASS
Active SAM.gov registration, no exclusions, no sanctions hits, no prohibited hardware, no involvement in a CRITICAL or HIGH sensitive sector. Continue with standard procurement review.
NEUTRAL
No federal records found anywhere. Most companies in the world are simply not federal contractors. Verify identity manually before drawing conclusions.
/ 04 · SENSITIVE SECTORS

Sector-risk overlay.

A clean screening record is necessary but not sufficient when the vendor operates in a sensitive sector. DiligenceDesk reads the NAICS and PSC codes from the SAM.gov record and maps them against a registry of high-sensitivity industries: weapons (PSC 10), nuclear ordnance (PSC 11), ammunition manufacturing (NAICS 332992-994), defense aerospace (NAICS 3364, PSC 15-18), and similar.

A vendor with a clean record but a CRITICAL or HIGH sector match surfaces as WARNING rather than PASS. The summary text identifies the sector by name so the reviewer knows why. This is what catches a defense contractor that has no sanctions but does sell weapons systems.

Why this matters
The most common failure mode in tools that only check sanctions lists is a clean defense aerospace contractor reading identically to a clean bakery. Both are eligible for federal work, but only one needs an extra layer of human review before award. The sector overlay surfaces that distinction without manual classification.
/ 05 · HONEST SCOPE

What DiligenceDesk does not replace.

Automated federal-data screening is the first pass, not the whole picture. The tool is intentionally conservative about what it claims:

  • Formal legal review of FAR, DFARS, or Section 889 obligations.
  • Agency-specific responsibility determinations.
  • Deeper supply-chain or beneficial-ownership investigations beyond GLEIF.
  • Export-control review beyond the ITA Consolidated Screening List.
  • Manual source verification when an upstream federal dataset looks stale or incomplete.
  • Counsel review of severe-violation FAIL verdicts before award decisions.

The DOL Wage & Hour Division dataset has known data-lag issues; recent enforcement actions may not appear for weeks. NVD CPE matching produces false positives for any vendor with generic product naming (a small company called "Blue" will collide with unrelated products). DiligenceDesk surfaces evidence for review, not conclusions for the file.

/ 06 · COMMON QUESTIONS

Frequently asked.

How fresh is the data?
Each source is queried in real time. Responses are cached in Upstash Redis for up to 24 hours per query.
Is the verdict reproducible?
Yes. The ladder is deterministic. Same inputs always produce the same verdict.
What if a source is down?
The verdict is computed without it. The response notes the missing pillar rather than failing the audit.
Where is the code?
Public on GitHub at github.com/OrygnsCode. The orchestrator, verdict engine, and per-source modules are all readable.
How does DiligenceDesk resolve the correct legal entity?
DiligenceDesk begins every audit by querying SAM.gov with the user-provided name, UEI, or CAGE code. The matching SAM.gov record becomes the canonical identity used for the rest of the audit, so labor, performance, and sanctions checks are never run against the wrong company.
What data sources does DiligenceDesk use?
SAM.gov for entity registration and exclusions; DOL Wage & Hour Division for labor enforcement; Commerce ITA for the Consolidated Screening List; USAspending.gov for federal award history; SEC EDGAR for public-company filings; GLEIF for legal-entity-identifier and ownership lookups; NIST NVD for CVE / CVSS cyber exposure; and a local Section 889 prohibited-manufacturer registry for MAC / OUI hardware screening.
What does a PASS verdict mean?
PASS means the entity appears active in SAM.gov, has no federal exclusions, no Consolidated Screening List hits, no prohibited-hardware matches, and no operation in a CRITICAL or HIGH sensitive sector. It is appropriate to continue standard procurement review.
What does a WARNING verdict mean?
WARNING means the audit found signals that need human review before treating the vendor as low risk: expired SAM.gov registration, a moderate screening-list hit, or sensitive-sector involvement (weapons, nuclear ordnance, defense aerospace) even on an otherwise clean record. Non-severe labor violations surface with a WARNING label but do not on their own override the verdict.
What does a FAIL verdict mean?
FAIL indicates disqualifying evidence: an active SAM.gov federal exclusion, a high-severity or critical screening-list hit, a Section 889 prohibited-manufacturer match, or severe labor violations. Procurement should stop and the issue should be reviewed by compliance or counsel before continuing.
What does DiligenceDesk not replace?
It does not replace formal legal review of FAR / DFARS / Section 889 obligations, agency-specific responsibility determinations, deeper supply-chain or export-control investigations, or manual source verification when an upstream dataset looks stale. It is a first-pass tool that produces evidence and a verdict; the final award decision still requires human judgment.

See the verdict engine on your own vendors.

Free, no account, runs in seconds. Reconciled across eight federal data sources with sector-risk overlay.