Selling to the United States Department of War (U.S. DoW) is a major opportunity—but it comes with strict rules. To win and keep U.S. DoW contracts, Canadian companies must comply with the Federal Acquisition Regulation (FAR) and the Defense Federal Acquisition Regulation Supplement (DFARS).
Think of compliance not as a hurdle, but as a strategic advantage. Building systems that protect sensitive data, ensure lawful exports, and meet U.S. security standards positions you as a trusted, low-risk partner. This page provides a clear, structured approach to help your business get organized, stay compliant, and unlock its full potential in the world’s largest defence market.
Structured approach for FAR/DFARS compliance
Step 1: Understand Which Regulations Apply
Every U.S. DoW contract includes specific FAR and DFARS clauses. These vary by:
- Contract type (goods, services, IT systems)
- Nature of work (handling defense articles, ITAR-controlled items)
- Cybersecurity requirements (Controlled Unclassified Information)
Action:
- Review your contract carefully to identify applicable clauses.
- Prioritize high-risk areas like:
- DFARS 252.204 series (Cybersecurity & Controlled unclassified information protection)
- DFARS 252.225 series (Domestic sourcing & duty-free imports)
Step 2: Register and Maintain Authorizations
Canadian companies handling ITAR-controlled or other defence goods or technical data must:
- Register with the Controlled Goods Program (CGP) to comply with Canadian export control laws.
- Confirm eligibility under the ITAR Canadian Exemption (§126.5) and ensure your company is listed as an approved recipient.
Step 3: Build Internal Policies and Procedures
Compliance starts with strong internal governance for legal, secure, and efficient handling of defence articles, technical data, and services:
- Create a Compliance Manual covering procurement, exports, cybersecurity, and mandatory reporting.
- Assign a Compliance Officer or Team to oversee:
- Internal audits
- Employee training
- Corrective actions
- Document everything – export transactions, supplier checks, and regulatory reports.
Step 4: Train Your Team
Employees involved in contracting, procurement, or exports need:
- General FAR/DFARS training to avoid costly mistakes (Contract Clauses and Flow-Down Requirements, Supply Chain Security).
- Role-specific training for handling controlled goods, ITAR items, and cybersecurity-sensitive data.
Step 5: Implement Monitoring and Recordkeeping
- Maintain detailed records of contracts, specific clauses, shipments, temporary imports and exports, and technical data access.
- Set up internal audits to catch and fix process and compliance gaps early.
Step 6: Manage Risk
- Cybersecurity: Implement NIST SP 800-171 controls as required by DFARS 252.204-7012.
- Supply Chain: Ensure subcontractors meet the same compliance standards for controlled goods and cybersecurity.
Step 7: Coordinate compliance with CCC or U.S. DoW contract officer
- For contracts over USD $350,000, contact your CCC contract manager for compliance support.For direct U.S. DoW contracts, work closely with the Contracting Officer (CO) for:
- Guidance on applicable regulatory requirements
- Duty-free import approvals
- Waivers or exceptions
Step 8: Stay Current
- FAR and DFARS rules change regularly. Subscribe to updates from:
- Review your compliance policies annually or after major regulatory changes.