5 things to do before bidding on US DoD contracts

The Canada-US Defence Production Sharing Agreement (DPSA) allows Canadian exporters to participate on equal footing with U.S. suppliers when seeking to do business with the U.S. DoD. But before any Canadian company can start selling to the U.S. DoD, they should think about doing the following five things first.

1. Joint Certification Program (JCP)/DD 2345

The Joint Certification Program (JCP) is a program that allows Canadian and United States contractors to apply for access to Department of Defense/Department of National Defence (DOD/DND) unclassified export-controlled technical data/critical technology on an equally favourable basis.

DD Form 2345 (DD 2345) is the application form that Canadian and American contractors must submit to get certified to bid, work on contracts and conduct research requiring access to unclassified military technical data.

In my experience, this process takes anywhere from a week to a month. It involves filling out a form and taking some online training. The potential contractor does most of the work and does not require input from a government department. Once completed, submit the form to PSPC (Public Services and Procurement Canada), who is part of the joint certification program, and they will complete the review and approval process.

Apply for certification in the Joint Certification Program 


The next step is to register with In general, the process is very straightforward as it involves answering questions and uploading documents relevant to your organization.

Being a registered supplier enables DoD contracting officers to find you more easily as they often use as a market research tool. Contracting officers use the NAICS code to create a list of suppliers offering the required goods and services. From there, the contracting officers could directly contact you to obtain more information about your goods/services.

Some Canadian exporters have run into issues in registering and re-certifying themselves on, and to help Canadian contractors, CCC is working with DoD partners to a schedule a training session – stay tuned!


3. Control Goods Program (CGP)

Individuals and organizations need to register in the Controlled Goods Program (CGP) to examine, possess or transfer controlled goods in Canada. The CGP is Canada’s answer to the ITAR (International Traffic in Arms Regulations). ITAR 126.5 provides some exemptions to Canada regarding the U.S. munition list (U.S. ML), but Canadian businesses in the defence industrial base must register in the control goods program.

Before registering for the program, get educated about it. PSPC’s website provides information and program forms. In my experience, registering for the program could take up to four to six months.

Information about Canada’s Controlled Goods Program 

4. Security Clearance

PSPC’s Contract Security Program (CSP) helps your organization obtain the security clearance to participate in government solicitations and contracts. A security clearance from the Government of Canada is the same as one from the U.S. DoD.

Previously, any organization could submit a security clearance request and it would be processed. Today, PSPC will only initiate the process if a contractual relationship already exists or if the company is being considered for a contract award. If you are submitting a proposal to the DoD or planning to participate in a DoD RFP, you can request CCC to sponsor your security clearance request, however, CCC will only advocate for your application if it determines that the opportunity will materialize in the near term.

Security requirements for contracting

5. Contract Security Program (CSP)

The CSP provides security screening of organizations and their personnel for solicitations and contracts with security requirements. The program not only requests information about individuals, it may also require information about the organization, employees, building and facilities, subcontractors and international contracts.  The CSP process takes time, effort and sometimes money, so I would only recommend it to those who really need it.

Security screening for government contracts

Webinar Q&As

FREE! There is no cost. The DPSA program is a matter of policy for the government, and we have an appropriation to maintain our relationship with the U.S.

The CSP is mainly required for controlled goods perspective, so goods with military or national security significance. This list includes automatic weapons, firearms, ammunition, bombs, fighter jets, tanks, missiles, chemicals, explosives, and related equipment and components. It also has strategic goods like global navigation satellite systems, ground control stations, nuclear weapon design and testing equipment, and missile technology like rocket systems, unmanned air vehicle systems, propulsion components and equipment.

You may have goods that may eventually become part of the controlled goods ecosystem, but while they are in the innovation phase or used for commercial applications, they are not considered controlled goods.

SBIR (Small Business Innovation Research) and the STTR (Small Business Technology Transfer), are exception programs for American small and medium enterprises. They’re set-asides, so they’re only available to U.S. entities. Canadian contractors cannot apply for SBIR/STTR but can partner with a U.S. entity. These types of partnerships occur and are permittable as defined in FAR 19 and the legislation around these set-aside programs.

Yes, NCAGE is a requirement. If you go to our DoD resource page, there’s a step-by-step procedure to find your NCAGE code. The resource also tells you how to find NAICS codes.

The CGP assesses the Canadian contractor ability to examine, possess or transfer controlled goods in Canada.

The contract security program (CSP) is a security review from all levels. So, it is not just about individuals – it’s the facilities and everything required to deliver on that contract. It’s a very in-depth review that sometimes requires investment of time and money as there is a likelihood you will have to upgrade your facilities. We see that often when companies think they’re meeting certain specifications, and PSPC will conduct their review and say that you must upgrade to a specific requirement. Be prepared to invest and spend time to get this certificate.

When considering bidding on a U.S. solicitation, you should signal to CCC that you plan to submit a proposal. This allows us to propose language to be included in the solicitation, signaling to the contracting officer that if the Canadian contractor is selected, it will be a government to government agreement. Not engaging with CCC proactively slows down the process.

Another reason why it’s important to include us early is because DoD is very bureaucratic and vast, and perhaps that organization has never worked with Canada before. With early warning, we can assess the organization, reach out to them, and socialize who we are and how this relationship will work if they choose to work with a Canadian contractor. Again, being proactive allows us to work with the proper chain of command.

Right now, the NIST (National Institute of Standards and Technology) standards are flowed down for cyber, IT, or some information-sharing contracts. That’s transitioning to the CMMC program (Cybersecurity Maturity Model Certification). Eventually, all contracts will have CMMC clauses, but we’re not there yet. For any current IT or cyber contracts, CCC ensures that the Canadian contractor are meeting the NIST standards as required by the contract.

It applies to goods and services.

Yes, we do. Remember that the Buy America policy does not apply to defence acquisitions given the Department of Defense’s reciprocal agreements with 26 countries, including Canada. The DoD has deemed it inconsistent with the public interest to impose restrictions on these nations.

DoD bases usually look for services within the area of operation. Unless you have local operations, it would be challenging for a Canadian supplier to do business with an overseas base. If you did have an overseas location and could provide service to the DoD, it would be separate from the Canada-U.S. agreement.

CMMC will be an evolution of the NIST standards and will be a requirement on all government contracts once finalized and codified into law.

FedRAMP (Federal Risk and Authorization Management Program) is a relatively new program for the federal government’s adoption and use of cloud services. CCC is still trying to find the right expert to work with, and if we can find a FedRAMP expert, we will bring them in for a future webinar.

It depends on where the products come from and where it’s produced. The U.S. has called out anything made in China – they don’t want it in their supply chain. In general, whatever Canadian suppliers are providing should come from Canada. Here are some useful resources on prohibited source:

  • Federal Acquisition Regulation (FAR) – Prohibited Sources | Acquisition.GOV
  • Defense Federal Acquisition Regulation Supplement (DFARS) Subpart 225.7 – PROHIBITED SOURCES | Acquisition.GOV

OTAs (Other Transaction Authority) are accessible to partner nations who are part of the National Technology Industrial Base (Canada, UK, Australia, and New Zealand) as encouraged by the DoD. But each program executes OTA differently and so we can challenge any requirement where there is a preference for U.S.-based companies as it diverges from the broader DoD guidance.

No, they would work directly with the American subsidiary and submit their bid with them.

Think you have a product or service that DoD would be interested in?

Contact us to find out how to get started selling to the U.S. DoD:

Search |

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.