19 min readAutonomous Agents

Implementation Guide: Monitor SAM.gov / FedBizOpps for Solicitations & Maintain ITAR/EAR Export Control Compliance Checks on Outbound Technical Documents

Step-by-step implementation guide for deploying AI to monitor sam.gov / fedbizopps for solicitations & maintain itar/ear export control compliance checks on outbound technical documents for Government & Defense clients.

Use CaseImplementation Guide

Software Procurement

Microsoft Azure OpenAI Service (Azure Government)

Microsoft Azure OpenAI Service (Azure Government)

Microsoft Azure GovernmentGPT-5.4Qty: Consumption-based

GPT-5.4: ~$0.005/1K input, ~$0.015/1K output. Opportunity briefing package: ~$5–$15. Document ITAR screening (10-page document): ~$1–$3.

Required for AI-assisted opportunity qualification briefings and export control classification analysis. All documents containing technical data subject to ITAR/EAR must be processed within the FedRAMP High boundary.

SAM.gov API

SAM.gov API

GSAFree

$0

Continuous monitoring of federal contract opportunities. See UC-07 and UC-15 for API configuration. Rate limit: 1,000 requests/hour standard; contact eRulemaking for higher limits if needed for large capability profiles.

Microsoft Azure Logic Apps (Azure Government)

Microsoft Azure Logic Apps (Azure Government)

Microsoft Azure GovernmentConsumption-based

~$0.000025/action

Orchestrates both the SAM.gov monitoring loop (scheduled execution) and the ITAR/EAR document screening workflow (event-triggered on document upload to designated SharePoint locations).

Microsoft SharePoint GCC High (Document Control)

Microsoft SharePoint GCC High

MicrosoftSharePoint GCC High

Included

Included in M365 GCC High

The ITAR/EAR screening workflow monitors specific SharePoint document libraries designated as "Outbound Technical Data" queues. Documents uploaded to these libraries trigger automatic screening before release is authorized.

Microsoft Purview (Document Labeling and Release Control)

Microsoft Purview

MicrosoftDocument Labeling and Release Control

~$15/user/month add-on if not on E5; Included in M365 E5 GCC High

Applies export control sensitivity labels to documents and enforces release holds pending ECO review. Labels include: ITAR Controlled, EAR99, EAR Controlled (with ECCN), and Cleared for Release. Documents with ITAR Controlled or EAR Controlled labels cannot be shared externally until a Cleared for Release label is applied by the ECO.

Descartes Visual Compliance (Export Screening — Optional)

Descartes Visual Compliance

Descartes Systems GroupSaaS annual subscription

$5,000–$20,000/year depending on transaction volume

Commercial export compliance screening platform that checks individuals, companies, and shipment destinations against denied parties lists (DPL, SDN, entity list, debarred parties). Complements the AI document screening — the AI classifies document content, Visual Compliance screens the recipient/destination. Both checks are required for complete export control compliance.

Prerequisites

  • Export Control Classification Number (ECCN) library: Before deploying ITAR/EAR document screening, the contractor must have a product/technology ECCN library — a documented mapping of each product line, technology area, and type of technical data to its ECCN (for EAR-controlled items) or USML category (for ITAR-controlled items). This library is the reference the AI screening uses to classify outbound documents. Work with the contractor's ECO or export control attorney to build this library — do not configure screening without it.
  • Empowered Official (EO) identification: For ITAR-controlled items, the contractor must have a designated Empowered Official — a U.S. person with authority to sign export license applications and certify ITAR compliance. Identify the EO before configuring the screening workflow — escalated items go to the EO for review.
  • Export Control Officer (ECO) access: The ECO (or a person designated by the EO) must be the reviewer of all flagged documents. The MSP configures the workflow; the ECO makes release decisions.
  • Denied parties list integration: Export control requires screening recipients against the U.S. Government's denied/restricted parties lists before any controlled release. Either integrate with a commercial screening tool (Visual Compliance, AEB, Thomson Reuters) or establish a manual screening process — the document content screening in this guide does not substitute for recipient screening.
  • Technical data inventory: Work with engineering and program management to identify all document repositories containing export-controlled technical data (design files, drawings, software source code, specifications, test data). These repositories are the scope of the ITAR/EAR screening workflow.
  • IT admin access: Azure Government subscription, SharePoint GCC High (site collection admin), Microsoft Purview admin, Logic Apps, export screening tool API credentials.

Installation Steps

Step 1: Configure the Autonomous SAM.gov Opportunity Monitor

Build a fully autonomous monitoring agent that runs continuously, qualifies new opportunities, and delivers briefing packages without human initiation.

sam_autonomous_monitor.py
python
# Autonomous SAM.gov monitoring agent running on Azure Functions timer
# trigger

# sam_autonomous_monitor.py
# Autonomous SAM.gov monitoring agent — runs on Azure Functions timer trigger

import requests, json, os, datetime
from openai import AzureOpenAI
from azure.storage.blob import BlobServiceClient

SAM_API_KEY = os.environ["SAM_GOV_API_KEY"]
AOAI_CLIENT = AzureOpenAI(
    azure_endpoint=os.environ["AZURE_OPENAI_ENDPOINT"],
    api_key=os.environ["AZURE_OPENAI_KEY"],
    api_version="2024-08-01-preview"
)

# Load contractor profile from Azure Blob (update without code changes)
def load_contractor_profile() -> dict:
    blob_client = BlobServiceClient(
        account_url=f"https://{os.environ['STORAGE_ACCOUNT']}.blob.core.usgovcloudapi.net",
        credential=os.environ["STORAGE_KEY"]
    )
    container = blob_client.get_container_client("contractor-config")
    blob = container.get_blob_client("profile.json")
    return json.loads(blob.download_blob().readall())


def search_and_qualify_opportunities(profile: dict) -> list:
    """Search SAM.gov and automatically qualify opportunities against profile."""
    from sam_monitor import search_new_opportunities  # Reuse from UC-07

    raw_opportunities = search_new_opportunities(profile.get("qualification_criteria", {}))

    qualified = []
    for opp in raw_opportunities:
        # Quick autonomous qualification
        quick_score = autonomous_qualify(opp, profile)
        if quick_score["go_no_go"] in ["GO", "INVESTIGATE"]:
            qualified.append({**opp, "quick_score": quick_score})

    return qualified


def autonomous_qualify(opp: dict, profile: dict) -> dict:
    """Autonomously qualify an opportunity against contractor profile."""

    prompt = f"""You are an autonomous opportunity qualification agent for a defense contractor.
Quickly assess this opportunity against the contractor profile.

OPPORTUNITY:
{json.dumps(opp, indent=2, default=str)[:2000]}

CONTRACTOR PROFILE SUMMARY:
Capabilities: {', '.join(profile.get('capabilities', []))}
Certifications: {', '.join(profile.get('certifications', []))}
Contract vehicles: {', '.join(profile.get('contract_vehicles', []))}
Min value: ${profile.get('min_value', 0):,}
Max value: ${profile.get('max_value', 999999999):,}
Preferred NAICS: {', '.join([str(n) for n in profile.get('naics_codes', [])])}
Excluded keywords: {', '.join(profile.get('excluded_keywords', []))}

Return JSON only:
{{
  "go_no_go": "GO|INVESTIGATE|NO-GO",
  "quick_score": [1-10],
  "top_fit_reason": "single sentence",
  "top_risk": "single sentence or null",
  "recommended_action": "Full analysis|Watch|Pass|Industry Day only",
  "alert_bd_team": true/false
}}"""

    response = AOAI_CLIENT.chat.completions.create(
        model=os.environ["AZURE_OPENAI_DEPLOYMENT"],
        messages=[{"role": "user", "content": prompt}],
        temperature=0.0, max_tokens=300,
        response_format={"type": "json_object"}
    )
    return json.loads(response.choices[0].message.content)


def generate_opportunity_briefing(opp: dict, profile: dict) -> str:
    """Generate a 1-page opportunity briefing package for the BD team."""

    briefing_prompt = f"""Generate a concise 1-page opportunity briefing for the BD team.

OPPORTUNITY:
{json.dumps(opp, indent=2, default=str)[:3000]}

CONTRACTOR PROFILE:
{json.dumps(profile.get('summary', {}), indent=2)}

Format as:
## OPPORTUNITY BRIEF — [Title]
**Agency:** | **NAICS:** | **Posted:** | **Response Due:** | **Est. Value:**
**Set-Aside:** | **SAM Link:** [URL]

### FIT ASSESSMENT (Quick Score: X/10)
- 3 bullet strengths
- 2 bullet risks or gaps

### KEY REQUIREMENTS (from description)
- 5 most important requirements

### RECOMMENDED ACTION
[GO — assign capture manager / INVESTIGATE — request more info / PASS — reason]

### NEXT STEPS (if GO/INVESTIGATE)
- [ ] Action 1 — Owner — Due date
- [ ] Action 2 — Owner — Due date

[AI-GENERATED BRIEFING — BD Director Review Required Before Gate Decision]"""

    response = AOAI_CLIENT.chat.completions.create(
        model=os.environ["AZURE_OPENAI_DEPLOYMENT"],
        messages=[{"role": "user", "content": briefing_prompt}],
        temperature=0.2, max_tokens=1000
    )
    return response.choices[0].message.content


def deliver_daily_digest(qualified_opps: list, profile: dict):
    """Deliver daily opportunity digest via Microsoft Teams and email."""
    import requests

    if not qualified_opps:
        return  # No qualifying opportunities today

    # Compose digest
    digest = f"## SAM.gov Daily Opportunity Digest — {datetime.date.today().isoformat()}\n\n"
    digest += f"**{len(qualified_opps)} qualifying opportunities identified today**\n\n"

    go_opps = [o for o in qualified_opps if o['quick_score']['go_no_go'] == 'GO']
    investigate_opps = [o for o in qualified_opps if o['quick_score']['go_no_go'] == 'INVESTIGATE']

    if go_opps:
        digest += f"### 🟢 GO ({len(go_opps)} opportunities)\n"
        for opp in go_opps:
            digest += f"- **{opp['title']}** ({opp['agency']}) — Score: {opp['quick_score']['quick_score']}/10 — Due: {opp.get('response_date', 'TBD')}\n"
            digest += f"  _{opp['quick_score']['top_fit_reason']}_\n"
            digest += f"  [SAM.gov Link]({opp.get('sam_url', '#')})\n\n"

    if investigate_opps:
        digest += f"### 🟡 INVESTIGATE ({len(investigate_opps)} opportunities)\n"
        for opp in investigate_opps:
            digest += f"- **{opp['title']}** ({opp['agency']}) — Score: {opp['quick_score']['quick_score']}/10\n"

    # Post to Teams via webhook
    teams_webhook = os.environ.get("TEAMS_OPPORTUNITY_WEBHOOK")
    if teams_webhook:
        payload = {
            "type": "message",
            "text": digest[:2000]  # Teams message length limit
        }
        requests.post(teams_webhook, json=payload)

    # Send detailed email with full briefing packages
    # (Email delivery via Microsoft Graph API to BD team distribution list)
    print(f"Daily digest delivered: {len(go_opps)} GO, {len(investigate_opps)} INVESTIGATE")

Step 2: Configure the ITAR/EAR Document Screening Workflow

Build the automated screening pipeline that classifies outbound technical documents for export control content and routes flagged documents to the ECO before release.

itar_ear_screener.py
python
# Automated export control screening for outbound technical documents

# itar_ear_screener.py
# Automated export control screening for outbound technical documents

from openai import AzureOpenAI
import os, json, datetime

client = AzureOpenAI(
    azure_endpoint=os.environ["AZURE_OPENAI_ENDPOINT"],
    api_key=os.environ["AZURE_OPENAI_KEY"],
    api_version="2024-08-01-preview"
)

# ECCN/USML reference library (customized per contractor's product lines)
EXPORT_CONTROL_LIBRARY = {
    "ITAR_USML_CATEGORIES": {
        "Cat_I": "Firearms and Related Articles",
        "Cat_II": "Artillery Projectors",
        "Cat_III": "Ammunition and Ordnance",
        "Cat_IV": "Launch Vehicles, Guided Missiles, Ballistic Missiles, Rockets",
        "Cat_VI": "Vessels of War and Special Naval Equipment",
        "Cat_VII": "Tanks and Military Vehicles",
        "Cat_VIII": "Aircraft and Related Articles",
        "Cat_XI": "Military Electronics",
        "Cat_XII": "Fire Control, Range Finder, Optical and Guidance Equipment",
        "Cat_XIII": "Auxiliary Military Equipment",
        "Cat_XV": "Spacecraft Systems and Related Articles",
        "Cat_XVI": "Nuclear Weapons Related Articles",
        "Cat_XXI": "Articles, Technical Data, and Defense Services Not Otherwise Enumerated"
    },
    "CONTRACTOR_SPECIFIC_ECCNS": {
        # Customize per contractor product line
        "radar_systems": "EAR 7A001 / USML Cat XI",
        "encryption_software": "EAR 5E002 / CCATS required",
        "military_night_vision": "USML Cat XII",
        "propulsion_systems": "USML Cat IV / EAR 9A001",
        "structural_composites_general": "EAR99",
        "commercial_off_shelf_electronics": "EAR99"
    },
    "TRIGGER_KEYWORDS": [
        # Technical keywords that may indicate export-controlled content
        "classified", "ITAR", "export controlled", "FOUO",
        "radar", "sonar", "night vision", "infrared", "laser designator",
        "explosive", "ordnance", "propellant", "warhead",
        "encryption", "cryptographic", "key management",
        "guidance system", "inertial navigation", "GPS receiver (military)",
        "stealth", "low observable", "radar cross section",
        "EAR controlled", "ECCN", "USML", "munitions",
        "military specification", "MIL-SPEC", "MIL-STD"
    ]
}

ITAR_SCREENING_PROMPT = """You are an export control compliance specialist screening
a technical document for ITAR/EAR-controlled content prior to release.

IMPORTANT LEGAL CONTEXT:
- This screening identifies potential export control issues for ECO review
- You do NOT make final release determinations — the Export Control Officer does
- When in doubt, flag for review — false positives are acceptable, false negatives are not
- ITAR violations carry civil penalties up to $1.3M per violation

CONTRACTOR'S ECCN/USML REFERENCE:
{eccn_library}

DOCUMENT METADATA:
Filename: {filename}
Document Type: {doc_type}
Intended Recipient: {recipient}
Recipient Country: {recipient_country}
Recipient Organization: {recipient_org}

DOCUMENT CONTENT EXCERPT:
{document_text}

SCREENING ASSESSMENT:

1. EXPORT CONTROL CLASSIFICATION
   - Is this document likely ITAR-controlled (USML)? [Yes/No/Uncertain]
     If Yes: Probable USML Category: [Category]
   - Is this document EAR-controlled (CCL)? [Yes/No/Uncertain]
     If Yes: Probable ECCN: [ECCN]
   - Is this document EAR99 (no license generally required)? [Yes/No/Uncertain]
   - Is additional information needed to classify? [Yes — specify what]

2. RELEASE RISK ASSESSMENT
   - Overall risk level: [HIGH/MEDIUM/LOW/CLEARED]
   - Specific controlled content identified: [list specific sections/topics]
   - Trigger keywords found: [list]

3. RECIPIENT SCREENING FLAGS
   - Is the recipient a foreign person or foreign national? [Flag if unclear]
   - Is the recipient country subject to embargo (Cuba, Iran, North Korea, Russia, Syria)? [Flag if yes]
   - Does the transaction appear to be a deemed export (releasing to foreign national in US)? [Flag if possible]

4. RECOMMENDED ACTION
   - [HOLD — ECO Review Required: reason]
   - [CLEARED — EAR99, domestic release, no foreign persons involved]
   - [LICENSE CHECK REQUIRED — controlled content + foreign recipient]
   - [IMMEDIATE HOLD — suspected embargo violation or USML without license]

5. ECO NOTES
   Specific questions or issues the ECO should address in their review.

[AI-SCREENING RESULT — EXPORT CONTROL OFFICER REVIEW REQUIRED FOR ALL HOLDS]
[All HOLD documents must remain in SharePoint until ECO clears for release]"""

def screen_document(
    document_text: str,
    document_metadata: dict
) -> dict:
    """Screen a technical document for export control content."""

    eccn_summary = json.dumps(EXPORT_CONTROL_LIBRARY["CONTRACTOR_SPECIFIC_ECCNS"], indent=2)

    response = client.chat.completions.create(
        model=os.environ["AZURE_OPENAI_DEPLOYMENT"],
        messages=[
            {"role": "system", "content": "You are a rigorous export control compliance specialist. Flag anything uncertain for ECO review. Never clear a document you are not confident is EAR99 and domestically released."},
            {"role": "user", "content": ITAR_SCREENING_PROMPT.format(
                eccn_library=eccn_summary,
                filename=document_metadata.get("filename", "Unknown"),
                doc_type=document_metadata.get("document_type", "Unknown"),
                recipient=document_metadata.get("recipient_name", "Unknown"),
                recipient_country=document_metadata.get("recipient_country", "Unknown"),
                recipient_org=document_metadata.get("recipient_org", "Unknown"),
                document_text=document_text[:5000]
            )}
        ],
        temperature=0.0,
        max_tokens=2000
    )

    screening_result = response.choices[0].message.content
    is_hold = "HOLD" in screening_result or "LICENSE CHECK" in screening_result

    return {
        "document_id": document_metadata.get("id", "Unknown"),
        "filename": document_metadata.get("filename", "Unknown"),
        "screening_timestamp": datetime.datetime.utcnow().isoformat(),
        "screening_result": screening_result,
        "hold_status": "HOLD" if is_hold else "PRELIMINARY-CLEAR",
        "requires_eco_review": is_hold,
        "eco_notified": False,  # Updated by Logic App
        "legal_disclaimer": "AI screening result only. Export Control Officer must review all HOLDs."
    }


def apply_sharepoint_release_hold(document_id: str, hold_status: str):
    """Apply or remove export control release hold via SharePoint sensitivity label."""
    import requests

    graph_token = get_graph_token()  # Reuse from other modules
    headers = {
        "Authorization": f"Bearer {graph_token}",
        "Content-Type": "application/json"
    }

    # Apply ITAR_HOLD label via Microsoft Purview
    # Label IDs are configured in the Purview compliance portal
    label_id = (
        os.environ["PURVIEW_ITAR_HOLD_LABEL_ID"] if hold_status == "HOLD"
        else os.environ["PURVIEW_CLEARED_LABEL_ID"]
    )

    label_resp = requests.post(
        f"https://graph.microsoft.us/v1.0/drives/{os.environ['SHAREPOINT_DRIVE_ID']}/items/{document_id}/assignLabel",
        headers=headers,
        json={"sensitivityLabelId": label_id}
    )

    return label_resp.status_code == 200

Step 3: Configure Logic Apps for Event-Driven ITAR Screening

Build the Logic App that triggers screening when a document is uploaded to the outbound technical data queue in SharePoint.

Azure Logic App: ITAR/EAR Document Screening (Azure Government)

TRIGGER: When a file is created or modified in SharePoint library — Site: https://[tenant].sharepoint.us/sites/TechnicalDocuments, Library: "Outbound Technical Data Queue" (Documents are deposited here by engineers before any external release)

1
Extract document metadata
2
Validate required metadata
3
Quick keyword pre-screen
4
Extract document text content
5
AI export control screening
6
Apply sensitivity label based on result
7
Update audit log

Step 1: Extract Document Metadata

  • Get file properties: filename, created by, size, file type
  • Get custom metadata: recipient name, recipient country, recipient org, document type
  • Engineers must fill these metadata fields when uploading to the queue

Step 2: Validate Required Metadata

  • Condition: recipient_country is empty OR recipient_name is empty → Send Teams message to uploader: "ITAR SCREENING BLOCKED — Please complete recipient information before document can be screened. [Link to document]"
  • Apply "METADATA INCOMPLETE" label
  • Stop flow

Step 3: Quick Keyword Pre-Screen

  • Compose: check filename and document type for obvious triggers
  • If filename contains "CLASSIFIED" or "SECRET": IMMEDIATE HOLD → Notify Security Officer immediately → Do not proceed to AI screening

Step 4: Extract Document Text Content

  • For PDF: Use Azure AI Document Intelligence (Government) to extract text
  • For Word/Excel: Use Microsoft Graph content extraction
  • Truncate to first 10,000 characters for AI screening (Most classification indicators appear in title pages and technical sections)

Step 5: AI Export Control Screening

  • HTTP POST to Azure Function: screen_document
  • Input: document text + metadata
  • Output: screening result JSON

Step 6: Apply Sensitivity Label Based on Result

Critical

Condition: hold_status == "HOLD" → Apply "ITAR_CONTROLLED_HOLD" sensitivity label → Restrict sharing: internal only, no external sharing permitted → Send Teams Adaptive Card to ECO with title "⚠️ EXPORT CONTROL REVIEW REQUIRED" and body showing filename, uploader, recipient, and country, with actions [View Document] [Mark Cleared] [Escalate to EO] → Log to export control audit log in SharePoint

Note

Condition: hold_status == "PRELIMINARY-CLEAR" → Apply "EAR99-PRELIMINARY-CLEAR" label → Send notification to uploader: "Document preliminarily screened as EAR99. ECO spot-check applies. You may proceed with release unless notified otherwise." → Log to audit trail

Step 7: Update Audit Log

  • SharePoint list "Export Control Screening Log" fields: Document ID, Filename, Uploader, Recipient, Country, Screening Date, AI Result, Hold Status, ECO Review Date, Final Determination, ECO Name

Escalation Rules

Warning

If a document is HELD and ECO has not responded within 24 hours, escalate to Empowered Official via Teams and email.

Critical

If a document appears to violate embargo (sanctioned country recipient): immediately notify Empowered Official AND Legal Counsel. Do not release under any circumstances without legal review.

Custom AI Components

Denied Parties List Recipient Screener

Type: Prompt + Integration Screens proposed recipients against ECCN/USML classification before the full document screening, providing an early warning when the recipient itself is a concern.

Implementation:

text
SYSTEM PROMPT:
You are an export compliance analyst performing initial recipient screening.
Review the following recipient information and flag any export control concerns.

RECIPIENT INFORMATION:
Name/Organization: {recipient}
Country: {country}
Known business activity: {activity}

SCREENING CHECKS:
1. SANCTIONED/EMBARGOED COUNTRY: Is the recipient country subject to a U.S. embargo?
   (Cuba, Iran, North Korea, Russia [for military], Syria, Belarus [for military])
   → [YES — IMMEDIATE HOLD] or [No concern identified]

2. FOREIGN PERSON CONCERN: Is the recipient a foreign person or foreign national?
   (Non-U.S. citizen not lawfully admitted for permanent residence)
   → This would constitute a "deemed export" requiring license if controlled content
   → [FLAG FOR ECO] or [No concern identified]

3. RED FLAG INDICATORS: Any unusual aspects of this recipient that warrant further scrutiny?
   (Unusual end-use, atypical business sector for requested technical data, etc.)
   → [FLAG — reason] or [No red flags identified]

RECOMMENDED ACTION:
[PROCEED TO DOCUMENT SCREENING] or [HOLD — ECO Review Before Screening] or [IMMEDIATE STOP — Legal Review Required]
Note

This is a preliminary screen only. Formal denied parties list screening must be conducted via an approved commercial screening service (Visual Compliance, AEB, Thomson Reuters, etc.) before any release.

Testing & Validation

  • SAM.gov monitor accuracy test: Run the monitor against a 30-day historical period (using past SAM.gov data) and compare GO/NO-GO recommendations against actual bid decisions made during that period. Target: ≥80% alignment between AI recommendations and actual decisions for GO opportunities.
  • Monitor false negative test: Manually identify 5 qualifying opportunities from SAM.gov that the monitor should have detected. Verify all 5 appear in the monitoring output within 24 hours of posting.
  • ITAR document screening sensitivity test: Submit 10 documents with known export control status (verified by the ECO) — 5 ITAR-controlled, 5 EAR99. Verify the AI correctly flags all 5 ITAR-controlled documents as HOLD. Zero tolerance for false negatives on ITAR-controlled documents.
  • ITAR screening false positive rate test: Submit 10 clearly EAR99 documents (commercial specifications, publicly available data). Verify false positive rate (documents incorrectly flagged as HOLD) is below 20%. False positives increase ECO workload but are acceptable — false negatives are not.
  • SharePoint hold enforcement test: Apply the ITAR_CONTROLLED_HOLD sensitivity label to a test document and verify it cannot be shared externally or downloaded by unauthorized users. Verify the label cannot be removed by the document owner — only the ECO can clear it.
  • ECO notification delivery test: Upload a test document that will trigger a HOLD. Verify the ECO receives the Teams Adaptive Card notification within 5 minutes. Verify the [Mark Cleared] button in the card correctly updates the sensitivity label and audit log.
  • Sanctioned country recipient test: Submit a test document with recipient country set to Iran. Verify: (a) the workflow immediately flags as HOLD, (b) the Empowered Official and Legal Counsel receive immediate notification, (c) no release path is available without legal review override.
  • Audit log completeness test: After 10 test screenings (mix of HOLDs and clears), verify the export control audit log contains complete records for all 10 with correct timestamps, uploader names, screening results, and ECO actions.
  • Metadata validation test: Upload a document without completing the recipient metadata fields. Verify the workflow blocks screening and sends the metadata-required notification to the uploader.
  • Daily digest delivery test: Verify the SAM.gov digest is delivered to the Teams channel and email distribution list by 08:00 ET daily, even when zero qualifying opportunities are found (send a "no qualifying opportunities today" message).

Client Handoff

Handoff Meeting Agenda (90 minutes — BD Director + ECO / Empowered Official + Legal Counsel + IT Lead)

1
SAM.gov monitoring demonstration (20 min)
2
ITAR/EAR screening workflow demonstration (25 min)
3
Legal and compliance review (20 min)
4
Contractor profile maintenance (15 min)
5
Documentation handoff

1. SAM.gov monitoring demonstration (20 min)

  • Show live contractor profile configuration
  • Demonstrate the monitoring agent running against current SAM.gov data
  • Walk through a sample opportunity briefing package
  • Review the daily digest delivery format

2. ITAR/EAR screening workflow demonstration (25 min)

  • Upload a test ITAR-controlled document and show the screening result
  • Upload a test EAR99 document and show the preliminary clear result
  • Walk through the ECO review and clearance process
  • Demonstrate the Empowered Official escalation for sanctioned country test

3. Legal and compliance review (20 min)

  • ECO/EO confirms the AI screening criteria match the contractor's classification methodology
  • Confirm the ECO is the sole person authorized to clear HOLD documents
  • Review the audit trail and its value for DDTC/BIS compliance evidence
  • Confirm denied parties screening procedure (manual or commercial tool) is documented

4. Contractor profile maintenance (15 min)

  • Walk through the contractor profile JSON configuration
  • Confirm BD Director will update the profile when capabilities or contract vehicles change
  • Review the ECCN/USML library and confirm ECO has reviewed and approved its accuracy

5. Documentation handoff

Maintenance

Daily Tasks (Automated)

  • SAM.gov monitor runs at 06:00 ET and delivers digest
  • ITAR screening triggers in real time on document upload

Weekly Tasks

  • ECO reviews all HOLD documents that have not been cleared within 5 business days
  • BD team reviews GO opportunities from the week and assigns capture managers

Monthly Tasks

  • Azure OpenAI consumption review
  • Export control audit log review — ECO spot-checks 10% of PRELIMINARY-CLEAR documents
  • SAM.gov monitor performance metrics: opportunities identified, GO/INVESTIGATE/NO-GO breakdown

Quarterly Tasks

  • ECCN/USML library review with ECO — update for any new product lines or technology areas
  • Review denied parties screening process — verify commercial screening tool subscription is current
  • Update sanctioned country list if U.S. Government has added or removed countries

Annual Tasks

  • Full export compliance program review with legal counsel — ensure AI screening tool is disclosed in export compliance program documentation
  • Contractor profile full refresh with BD Director
  • SAM.gov API key renewal if required

Alternatives

Govly (Integrated BD Intelligence Platform)

See UC-07. Govly provides the SAM.gov monitoring component as a managed SaaS service without custom development. Best for: Contractors who want a vendor-managed opportunity monitoring solution. Tradeoffs: Less customizable than the custom agent; no ITAR screening integration.

Restricted Party Screening Only (No Document Screening)

For contractors with low risk of ITAR-controlled document releases (e.g., predominantly services contractors), deploy only the SAM.gov monitor and recipient screening components — skip the full document content screening. Significantly reduces implementation complexity and cost. Best for: Services-only contractors with no technical data requiring ITAR review. Not appropriate for product-line contractors with export-controlled hardware or software.

Want early access to the full toolkit?

All Government & Defense solutions