How does DiligenceDesk resolve the correct legal entity?

DiligenceDesk begins every audit by querying SAM.gov with the user-provided name, UEI, or CAGE code. The matching SAM.gov record becomes the canonical identity used for the rest of the audit. Downstream risk signals are attached to that identity so labor, performance, and sanctions checks are never run against the wrong company.

What data sources does DiligenceDesk use?

SAM.gov for entity registration and exclusions; U.S. Department of Labor Wage & Hour Division (WHD) for labor enforcement; Department of Commerce ITA for the Consolidated Screening List (Entity List, Denied Persons, etc.); USAspending.gov for federal contract and grant history; SEC EDGAR for public-company filings; GLEIF for legal entity identifier and ownership lookups; NIST NVD for CVE / CVSS cyber exposure; and a local Section 889 prohibited-manufacturer registry for MAC / OUI hardware screening.

What does a PASS verdict mean?

PASS means the entity appears active in SAM.gov, has no federal exclusions, no hits on the Consolidated Screening List, no prohibited hardware matches, and no operation in a CRITICAL or HIGH sensitive sector (weapons, nuclear, aerospace/defense, etc.). It is appropriate to continue standard procurement review.

What does a WARNING verdict mean?

WARNING means the audit found signals that require human review before treating the vendor as low risk. Triggers include expired SAM.gov registration, moderate Consolidated Screening List hits, or involvement in a sensitive sector such as weapons, ammunition, nuclear ordnance, or defense aerospace — even when the screening record is otherwise clean. Non-severe labor violations surface in the summary banner with a WARNING label but do not on their own override the underlying verdict.

What does a FAIL verdict mean?

FAIL indicates disqualifying evidence: an active federal exclusion on SAM.gov, a high-severity or critical Consolidated Screening List hit (denied persons, entity list), a Section 889 prohibited-manufacturer hardware match, or severe labor violations. Procurement should stop and the issue should be reviewed by compliance or counsel before continuing.

What does DiligenceDesk not replace?

DiligenceDesk does not replace formal legal review of FAR, DFARS, or Section 889 obligations; agency-specific responsibility determinations; deeper supply-chain, ownership, or export-control investigations; or manual source verification when an upstream federal dataset looks stale or incomplete. It is a first-pass tool that produces evidence and a verdict — the final award decision still requires human judgment.

Methodology: Verdict Engine, Data Sources, Limitations

/ 01 · ANCHOR

Identity resolution comes first.

The most expensive failure mode in federal contractor screening is reviewing the wrong entity. DiligenceDesk starts every audit by resolving the user's query (legal name, UEI, or CAGE) against sam.gov. The matching SAM record becomes the canonical legal entity for the rest of the audit.

Downstream risk signals attach to that anchored identity. Labor enforcement, sanctions list hits, performance context, and cyber exposure are all queried against the resolved legal name, not the user's raw input. A clean screening on the wrong company is not a clean screening.

/ 02 · INPUTS

The eight federal data sources.

Every source is queried in real time. Responses are cached in Vercel KV for up to twenty-four hours per query to reduce upstream rate-limit pressure. No proprietary or paywalled datasets are used.

SAM.gov: Entity registration, exclusions, NAICS, PSC. Identity anchor for the audit.
DOL WHD: Wage & Hour Division enforcement. Willful and repeat-violator flags.
OSHA: Occupational Safety & Health Administration inspection and citation history.
ITA CSL: Department of Commerce Consolidated Screening List. Entity List, Denied Persons, Unverified List, sanctions.
USAspending: Federal contract and grant award history. Top agencies, total obligated, recent awards.
SEC EDGAR: Public-company filings (10-K, 10-Q, 8-K) for financial signal.
GLEIF: Legal Entity Identifier and parent / subsidiary chain.
NIST NVD: National Vulnerability Database. CVE / CVSS exposure mapped via CPE.
Section 889: Local registry of prohibited-manufacturer MAC and OUI ranges.

Each source produces evidence the verdict engine can weigh. Source-level outages are tolerated: if SEC EDGAR is unreachable for a particular query, the verdict is computed without it and the response notes the missing pillar rather than failing the audit.

/ 03 · SYNTHESIS

The verdict ladder.

Verdicts are deterministic. Same inputs always produce the same verdict. The ladder is evaluated top to bottom; the first matching rule wins.

FAIL: Prohibited hardware match (Section 889), active SAM.gov exclusion, severe labor violations (willful or repeat), or a high-severity Consolidated Screening List hit. Stop the workflow until reviewed.
WARNING: Expired SAM.gov registration, moderate Consolidated Screening List hit, or involvement in a sensitive sector (weapons, ammunition, nuclear ordnance, defense aerospace) even with a clean screening record. Requires human review.
PASS: Active SAM.gov registration, no exclusions, no sanctions hits, no prohibited hardware, no involvement in a CRITICAL or HIGH sensitive sector. Continue with standard procurement review.
NEUTRAL: No federal records found anywhere. Most companies in the world are simply not federal contractors. Verify identity manually before drawing conclusions.

/ 04 · SENSITIVE SECTORS

Sector-risk overlay.

A clean screening record is necessary but not sufficient when the vendor operates in a sensitive sector. DiligenceDesk reads the NAICS and PSC codes from the SAM.gov record and maps them against a registry of high-sensitivity industries: weapons (PSC 10), nuclear ordnance (PSC 11), ammunition manufacturing (NAICS 332992-994), defense aerospace (NAICS 3364, PSC 15-18), and similar.

A vendor with a clean record but a CRITICAL or HIGH sector match surfaces as WARNING rather than PASS. The summary text identifies the sector by name so the reviewer knows why. This is what catches a defense contractor that has no sanctions but does sell weapons systems.

Why this matters

The most common failure mode in tools that only check sanctions lists is a clean defense aerospace contractor reading identically to a clean bakery. Both are eligible for federal work, but only one needs an extra layer of human review before award. The sector overlay surfaces that distinction without manual classification.

/ 05 · HONEST SCOPE

What DiligenceDesk does not replace.

Automated federal-data screening is the first pass, not the whole picture. The tool is intentionally conservative about what it claims:

Formal legal review of FAR, DFARS, or Section 889 obligations.
Agency-specific responsibility determinations.
Deeper supply-chain or beneficial-ownership investigations beyond GLEIF.
Export-control review beyond the ITA Consolidated Screening List.
Manual source verification when an upstream federal dataset looks stale or incomplete.
Counsel review of severe-violation FAIL verdicts before award decisions.

The DOL Wage & Hour Division dataset has known data-lag issues; recent enforcement actions may not appear for weeks. NVD CPE matching produces false positives for any vendor with generic product naming (a small company called "Blue" will collide with unrelated products). DiligenceDesk surfaces evidence for review, not conclusions for the file.

/ 06 · COMMON QUESTIONS

Frequently asked.

How fresh is the data?: Each source is queried in real time. Responses are cached in Vercel KV for up to 24 hours per query.
Is the verdict reproducible?: Yes. The ladder is deterministic. Same inputs always produce the same verdict.
What if a source is down?: The verdict is computed without it. The response notes the missing pillar rather than failing the audit.
Where is the code?: Public on GitHub at github.com/OrygnsCode. The orchestrator, verdict engine, and per-source modules are all readable.

See the verdict engine on your own vendors.

Free, no account, runs in seconds. Reconciled across eight federal data sources with sector-risk overlay.

Run an audit View the checklist