Module 10: Compliance Q&A Mastery

ClariFAR's Q&A tool at /chat answers FAR, DFARS, and CMMC compliance questions with cited regulatory sources. The quality of your answer depends heavily on how you ask the question.

Questions that get good answers:

Specific clause questions: "What does FAR 52.219-14 require for small business set-aside contracts?" This gives the tool a specific clause to look up and explain. You get the exact regulatory text with a citation.

Threshold questions: "What is the current simplified acquisition threshold?" Direct, factual, verifiable. The tool returns the number and the regulatory source.

Applicability questions: "Does DFARS 252.204-7012 apply to a $200K IT services contract with no CUI?" This gives the tool enough context (dollar amount, contract type, data type) to provide a relevant answer.

Comparison questions: "What is the difference between FAR 52.204-21 and DFARS 252.204-7012?" The tool explains both and highlights the differences (15 basic controls vs. 110 NIST controls).

Questions that get poor answers:

Vague questions: "How do I comply?" Comply with what? Which clause? Which contract type? The tool cannot guess your context.

Legal advice questions: "Should I file a protest?" ClariFAR provides regulatory information, not legal advice. It will cite the protest procedures at FAR 33.1 but will not tell you whether your specific situation warrants a protest.

Specific contract questions: "Is my contract compliant?" ClariFAR does not have access to your contract. It can explain what a clause requires in general, but it cannot review your specific contract documents.

Multi-part questions: "What are the cybersecurity requirements, and how do they interact with the Buy American Act, and what about small business subcontracting?" Break this into three separate questions. You will get better answers for each.

Best practice: one question, one topic, enough context.

Good: "For a small business on a DoD IT services contract under $350K, which cybersecurity clause applies: FAR 52.204-21 or DFARS 252.204-7012?"

This tells the tool: your size (small), your customer (DoD), your work type (IT services), the dollar range (under $350K), and what you want to know (which cyber clause). The answer will be specific and actionable.

ClariFAR cites its sources. Every answer includes regulatory citations (FAR section numbers, DFARS clause numbers, NIST control families). But you should verify critical citations before relying on them for a proposal or compliance decision.

Why verify? Regulations change. The ClariFAR corpus is updated regularly, but there can be a lag between a regulatory change and the corpus update. For high-stakes decisions (proposal submissions, compliance certifications), verify against the authoritative source.

How to verify a citation:

Step 1: Note the citation from ClariFAR's answer. Example: "Per FAR 15.403-4(a)(1), certified cost or pricing data is required for contracts over $2,000,000."

Step 2: Go to ecfr.gov (the Electronic Code of Federal Regulations). This is the authoritative, continuously updated source for all federal regulations.

Step 3: Navigate to Title 48 (Federal Acquisition Regulations System). Chapter 1 is FAR. Chapter 2 is DFARS.

Step 4: Find the cited section. You can use the search function or navigate the table of contents. For "FAR 15.403-4(a)(1)," go to Title 48 > Chapter 1 > Part 15 > Subpart 15.4 > Section 15.403-4 > paragraph (a)(1).

Step 5: Compare the regulatory text to ClariFAR's summary. Verify that the key facts match: dollar amounts, applicability criteria, required actions.

When to verify:

Always verify before submitting a proposal. If your proposal cites a FAR section, confirm the section number and content are current.

Always verify before making a certification. If you are self-certifying compliance in SAM.gov or in a proposal, verify the exact requirements you are attesting to.

Verify threshold amounts. Dollar thresholds change with inflation adjustments and NDAA updates. The SAT, TINA threshold, and micro-purchase threshold are all subject to periodic adjustment.

When NOT to bother verifying:

General learning questions where you are building understanding, not making a decision. If you ask "What is the Buy American Act?" to learn the concept, the ClariFAR answer is sufficient for educational purposes.

Quick reference checks during meetings or conversations. ClariFAR is reliable for quick lookups, but always verify critical citations against eCFR before acting on them.

The verification habit takes 2-3 minutes per citation. For a proposal with 5-10 cited FAR sections, that is 15-30 minutes of verification. A small price for accuracy on a document that determines whether you win a contract.

These are the questions small IT contractors ask most frequently. Each one is a good starting point for using the ClariFAR Q&A tool. Try asking each one and reviewing the cited answer.

Business formation and registration: 1. "Do I need to register on SAM.gov before I can bid on government contracts?" 2. "What is a UEI and how do I get one?" 3. "How often do I need to renew my SAM.gov registration?"

Size and set-aside: 4. "What is the size standard for NAICS code 541512?" 5. "Can I self-certify as a small business or do I need SBA certification?" 6. "What is the difference between a total small business set-aside and a partial set-aside?"

Cybersecurity: 7. "What does FAR 52.204-21 require?" 8. "What is the difference between FAR 52.204-21 and DFARS 252.204-7012?" 9. "Do I need CMMC certification for a civilian agency contract?" 10. "What is a SPRS score and how do I calculate mine?"

Contract clauses: 11. "What is the simplified acquisition threshold?" 12. "When is certified cost or pricing data required?" 13. "What does the Limitation on Subcontracting clause require?" 14. "Which clauses must I flow down to subcontractors?"

Cost and accounting: 15. "What costs are unallowable under FAR Part 31?" 16. "When do I need a DCAA-adequate accounting system?" 17. "What is the difference between overhead and G&A?"

Contract administration: 18. "How quickly must the government pay my invoices?" 19. "What happens if the government terminates my contract for convenience?" 20. "How long must I retain contract records?"

Use these questions to build your personal compliance reference library. Ask each one in ClariFAR, review the answer, verify the citation, and save the result. Over time, you build a searchable knowledge base tailored to your specific business.

As you bid on contracts and perform work, you will encounter the same regulatory questions repeatedly. Building a personal compliance library saves you time and ensures consistency across proposals and compliance activities.

What goes in your library:

Clause summaries: for each clause you frequently encounter, save ClariFAR's plain-language summary along with the eCFR citation. Organize by topic (cybersecurity, small business, cost/pricing, labor).

Threshold reference sheet: a single-page document listing current thresholds: SAT ($350K), TINA ($10M), micro-purchase ($10K), subcontracting plan ($900K), small business set-aside reporting. Update this annually when thresholds change.

Compliance checklists: for each contract type you bid on, create a checklist of required compliance actions. Example for a DoD IT services contract under $350K: SAM.gov active, FAR 52.204-21 compliant, DFARS 252.204-7012 compliant (if CUI), small business reps current, timesheets daily.

Proposal boilerplate: standard language for common proposal sections that you can adapt per solicitation. Example: your cybersecurity compliance narrative, your quality management approach, your small business subcontracting approach. Write these once, customize per solicitation.

Past performance database: a spreadsheet tracking every contract and project (federal and commercial) with: client name, contract number, period of performance, value, description of work, point of contact, and relevance to future bids.

How to organize it:

Use a simple folder structure on your encrypted drive (remember, if any of this references CUI, it must be on a protected system per Module 8):

/compliance-library /clauses (saved Q&A answers, organized by topic) /thresholds (current threshold reference sheet) /checklists (per-contract-type compliance checklists) /boilerplate (standard proposal language) /past-performance (project database) /certifications (copies of your certifications, SAM.gov screenshots)

Maintenance schedule:

Quarterly: update threshold reference sheet. Run 5-10 questions through ClariFAR to check for regulatory changes that affect your common clauses.

Before each proposal: pull relevant boilerplate. Update past performance database with any new projects. Run the solicitation's clause list through the Clause Helper.

Annually: review and refresh boilerplate language. Update past performance references (remove stale contacts, add new projects). Renew SAM.gov registration.

The goal is that by your third or fourth proposal, you are not starting from scratch. You have a library of verified, cited compliance content that you adapt per solicitation. The first proposal takes 100 hours. The fifth takes 40.