For Industry

SAM Reps and Certs

When I do market research on a vendor, your reps and certs are the first place I look. Most industry guides treat this section as a checkbox exercise; that framing costs vendors awards. Here is what your CO is actually reading and what to get right.

Home / Industry / SAM Reps and Certs

Last updated April 2026. Written from the contracting officer's side.

The Short Version

Reps and certs are the first thing your CO reads about you.

Before I open your capability statement, before I look at your past performance, before I read a word of your proposal, I'm in your SAM record looking at your reps and certs. They tell me whether you're actually a small business in the NAICS I'm soliciting under, whether you have integrity flags, whether you handle CUI, whether your equipment is on the covered telecommunications list. Wrong answers here can disqualify you before you ever get evaluated.

FAR Subpart 4.12 says reps and certs are made under penalty of the False Claims Act and incorporated by reference into your contracts. Take this section seriously. It is the most legally exposed part of your SAM record.

What's on this page
  1. What reps and certs are, in plain English
  2. Why COs go straight here during market research
  3. Small business size status (the most important one)
  4. Socio-economic categories (8(a), HUBZone, WOSB, SDVOSB)
  5. Integrity and FAPIIS disclosures
  6. Equal employment and labor compliance
  7. Anti-trafficking certifications
  8. Covered telecommunications (Section 889 / Huawei rules)
  9. Foreign ownership (DoD work)
  10. DFARS-specific certifications
  11. How to actually fill them out
  12. The pitfalls that cost vendors awards
  13. The annual update requirement

What reps and certs are, in plain English

Representations are statements about your company. They describe what you are. "We are a small business under NAICS 541512." "We have no foreign ownership." Statements of fact about your business at the time of the rep.

Certifications are promises about your conduct. They describe what you do or will do. "We comply with anti-trafficking laws." "We have not been debarred." "We do not use covered telecommunications equipment."

The federal government uses both for the same purpose: instead of asking every contractor the same hundred questions every time you bid on something, the answers live in one central place (your SAM record), updated annually, and contracting officers pull from there.

The legal basis is FAR Subpart 4.12. Two key rules from there:

  • You complete reps and certs as part of your SAM registration and update them at least annually (FAR 4.1201).
  • Contracting officers incorporate them by reference into your contracts (FAR 4.1202). When you sign a federal contract, you're signing onto your reps and certs whether you remembered them or not.

Translation: every false rep is a False Claims Act exposure, and every certification you forgot is still in force on every contract you have.

Why COs go straight here during market research

When I'm researching whether to set aside an acquisition for small business, or whether a vendor is even eligible to compete, here's the order I work in:

  1. Open SAM.gov, look up the vendor. Confirm the registration is Active.
  2. Check size status under the NAICS I'm soliciting. A vendor can be small under one NAICS and large under another. The NAICS I picked controls.
  3. Check socio-economic certifications. If I'm doing an 8(a) set-aside, I need to see the 8(a) status. If it's HUBZone, same. These have to come from SBA, not just self-certification.
  4. Check exclusions. Is the vendor on the federal exclusion list? If yes, I can't award.
  5. Check FAPIIS for integrity disclosures. Pending litigation, prior contract terminations, criminal records relevant to federal work. Doesn't always disqualify, but I'm reading it.
  6. Check Section 889 / covered telecommunications certification. If the vendor uses Huawei or ZTE equipment in the work, they can't be on the contract.
  7. For DoD work, check foreign ownership disclosures. Triggers additional review, sometimes facility security clearance considerations.

That's market research, not source selection. I haven't even read your proposal yet. If your reps and certs say one thing and your proposal says another, that's a red flag I escalate. If your reps and certs are missing or out of date, you may not even make it past initial responsibility determination.

The "small business" trap. "We're small" is not a single answer. SBA size standards vary by NAICS code: you might be small under NAICS 541512 (computer systems design services, $34M revenue threshold) but large under NAICS 561720 (janitorial services, $22M revenue threshold). Your SAM record shows your size status by NAICS, and the CO checks the specific NAICS for the acquisition. Get the wrong code or claim small status when you've grown out of it, and your bid gets pulled.

Small business size status (the most important one)

If you only get one section right, get this one. Size status drives whether you can compete on small-business set-asides, which is where most of the available contract dollars for new vendors actually live.

How size standards work

SBA publishes size standards by NAICS code. Each NAICS has either a revenue threshold (3-year average annual receipts) or an employee threshold (average number of employees over the past 12 months), depending on the industry. If you're under the threshold for a given NAICS, you're small under that NAICS. Over the threshold, you're large.

Affiliation rules

The size calculation includes affiliates. If your company is owned by, controls, or shares ownership with another company, SBA may treat both as one entity for size purposes. Common affiliation triggers: common ownership, common management, contractual relationships that give one party control, family ties between owners. Affiliation rules are dense and case-specific. If you have any kind of corporate parent, sister company, or significant investor, talk to an attorney before claiming small business status.

What to do in SAM

For each NAICS code you list, SAM will calculate or ask you to confirm whether you're small under that code's size standard. Be honest. Use your actual 3-year average receipts or 12-month average headcount. If you're small under some NAICS but not others, that's fine and accurate.

If you grew out of small. When your average receipts cross the threshold, you have to update your SAM size status. Continuing to bid as small after you've grown out of it is a False Claims Act case waiting to happen. SBA can also re-certify size at the time of award if a competitor protests.

Socio-economic categories (8(a), HUBZone, WOSB, SDVOSB)

Beyond plain "small business," SBA recognizes several socio-economic categories. Each has its own eligibility criteria and most require formal certification, not self-attestation:

CategoryWhat It IsSelf-Cert or Certified?
8(a) Business Development Small, disadvantaged business in a 9-year SBA development program. Lots of sole-source authority, lots of set-aside opportunity. SBA-certified. Application takes months. Don't claim it without the certification.
HUBZone Small business with a principal office in a Historically Underutilized Business Zone, with 35% of employees living in a HUBZone. SBA-certified. Annual recertification required.
WOSB / EDWOSB Woman-Owned Small Business / Economically Disadvantaged Woman-Owned Small Business. Owned and controlled at least 51% by women. SBA-certified (formal program since 2020). Self-certification no longer accepted for set-aside awards.
SDVOSB / VOSB Service-Disabled Veteran-Owned Small Business / Veteran-Owned Small Business. 51% owned by service-disabled or veteran owners. SBA-certified. The SBA took over service-disabled veteran certification from the VA's CVE on January 1, 2023, with a one-year grandfather window; SBA certification has been mandatory for any agency's SDVOSB set-aside since January 1, 2024.
Small Disadvantaged Business (SDB) Small business at least 51% owned by socially and economically disadvantaged individuals. Self-certified for representation purposes. Does not by itself qualify you for a set-aside that requires 8(a) or other formal certification.
Self-certification vs. SBA certification. If you self-certify yourself as 8(a), HUBZone, WOSB, EDWOSB, SDVOSB, or VOSB without actually having the SBA certification, you are committing fraud. SBA verifies these against their own records. Industry consultants who tell you to "just check the box" are setting you up to lose contracts and face penalties.

For each category you legitimately hold, your SAM rep should reflect both your self-certification (if applicable) AND link to the SBA certification record. If the SBA database doesn't show you in a program, the CO can't award you a set-aside reserved for that program.

Integrity and FAPIIS disclosures

FAPIIS stands for the Federal Awardee Performance and Integrity Information System. It's a federal database that aggregates information about contractor integrity, including:

  • Criminal proceedings related to federal work
  • Civil judgments related to federal work
  • Administrative agreements (like settlements with agencies)
  • Terminations for default or cause
  • Non-responsibility determinations

Your SAM record asks you to disclose anything reportable in this category over the last five years (or longer for certain categories). Be specific. List the case, the resolution, and the date. The CO will look this up independently anyway. If your disclosure doesn't match what FAPIIS shows, that's worse than the original incident.

Disclosure does not always disqualify. Most COs would rather see an honest disclosure of a settled matter than discover an undisclosed one. Honest disclosure of a 5-year-old administrative agreement that was resolved is rarely an award-killer. A pattern of issues, or one big undisclosed issue we find on our own, is.

Equal employment and labor compliance

Several certifications cluster around employment law:

  • Equal Opportunity Employer compliance: complying with Executive Order 11246 and OFCCP requirements if you have 50+ employees and a contract over $50K.
  • VEVRAA (Vietnam Era Veterans' Readjustment Assistance Act): affirmative action obligations for veterans.
  • Section 503: affirmative action obligations for individuals with disabilities.
  • Service Contract Labor Standards (formerly Service Contract Act) compliance for service contracts above the threshold.
  • Wage Rate Requirements (formerly Davis-Bacon) compliance for construction contracts above $2,000.

For most small businesses with under 50 employees, several of these don't apply or apply at reduced thresholds. Read each rep carefully and answer based on your actual workforce size and the type of work you'll perform.

Anti-trafficking certifications

Federal contractors are required to certify compliance with the federal anti-human-trafficking laws. The certification appears in your reps and certs as agreement to:

  • Not engage in severe forms of trafficking in persons during the contract
  • Not procure commercial sex acts during the contract
  • Not use forced labor
  • For contracts performed outside the US over $500K, maintain a compliance plan

This is a yes/no certification that everyone signs. The compliance plan requirement is the part most small businesses miss when they win their first OCONUS contract. If you're going to perform work outside the US over $500K, you need an actual written plan before you sign the award.

Covered telecommunications (Section 889 / Huawei rules)

Section 889 of the FY2019 NDAA prohibits federal agencies from contracting with vendors who use certain Chinese-manufactured telecommunications and video surveillance equipment. The covered manufacturers are:

  • Huawei
  • ZTE
  • Hytera
  • Hikvision
  • Dahua
  • (plus any subsidiaries or affiliates of these)

The certification has two parts (and they're separate):

  1. Part A (Section 889(a)(1)(A)): you don't provide covered equipment as part of any federal contract. Almost everyone can certify yes.
  2. Part B (Section 889(a)(1)(B)): you don't use covered equipment in your own systems anywhere in your business operations, not just on this contract.

Part B is the harder one. If your office security cameras are Hikvision, your Wi-Fi router is Huawei, or you have any covered equipment in any part of your business, you can't certify Part B. And without certifying Part B, you can't be on most federal contracts.

Audit your equipment before you certify. Walk your office. Check the brand on your security cameras, network gear, video conferencing systems, and switches. If you find any covered equipment, the answer is to remove it before certifying, not to certify and hope nobody asks. Inaccurate Section 889 certification is a False Claims Act case the federal government takes seriously.

Foreign ownership (DoD work)

If you bid on DoD-funded work, additional reps cover foreign ownership, control, or influence (FOCI). Triggers include:

  • Foreign individuals owning 5% or more of your equity
  • Foreign management or directors
  • Foreign contractual control over your operations
  • Significant foreign-source funding

FOCI reps don't automatically disqualify you from DoD work, but they do trigger additional security review and may require mitigation measures (special security agreements, proxy boards, voting trusts) before you can hold facility security clearances or work on classified contracts.

For a wholly U.S.-owned small business with no foreign investors, this section is straightforward. For anyone with foreign investors, parents, or operations, get specific guidance. FOCI is an area where the wrong answer can cost you DoD eligibility entirely.

DFARS-specific certifications

If you'll bid on DoD contracts, the DFARS adds additional certifications on top of the FAR ones. The most important to be aware of:

DFARS 252.204-7012 · Safeguarding Covered Defense Information

Requires you to implement NIST SP 800-171 cybersecurity controls and report cyber incidents to the DoD within 72 hours. If you handle Controlled Unclassified Information (CUI) for DoD, this applies. Your SAM rep includes confirming your SPRS score: the self-assessment score from the Supplier Performance Risk System (SPRS).

DFARS 252.204-7019 · NIST SP 800-171 DoD Assessment Requirements

Requires you to have completed and posted a NIST SP 800-171 self-assessment in SPRS before contract award. If you haven't done one, you can't win the contract.

DFARS 252.204-7020 · NIST SP 800-171 DoD Assessment Requirements (for subs)

Flow-down requirements for subcontractors handling CUI.

DFARS 252.225-7000 · Buy American: Balance of Payments Program Certificate

The representation that goes with the Buy American restrictions on foreign end products. (The companion contract clause, DFARS 252.225-7001, is what flows down into your contract.) Your SAM rep affirms your supply-chain compliance.

This is the short list. There are dozens of DFARS provisions that may apply depending on your work. The DoD-specific reps are where DoD work gets meaningfully harder than civilian work.

How to actually fill them out

The reps and certs section is part of your initial SAM registration and you can update it any time after. Here's the practical approach:

  1. Sign in to SAM.gov, go to your Workspace, find your active entity registration.
  2. Click into the Representations and Certifications section. SAM walks you through each rep one at a time.
  3. For each rep, do this:
    • Read the entire question slowly
    • If you don't understand a term, look it up. SAM has help text on most reps, or the FAR/DFARS provision is cited
    • Answer based on your actual situation, not what you wish was true or what makes you look better
    • If you genuinely don't know the answer, stop and figure it out before you certify
  4. Save and review. SAM will let you preview your responses. Read them again before you submit.
  5. For DoD work specifically, complete the additional DFARS provisions section. SAM will surface these based on your registration profile.
  6. Submit and confirm. Reps and certs take effect immediately in SAM, with 24-48 hours of sync time to other federal systems.
Plan 60-90 minutes for the first time through. Annual updates are faster; most vendors are just confirming nothing material changed. But the first time, slow down and read every question. Better to spend two extra hours upfront than to certify something incorrectly and lose a contract over it later.

The pitfalls that cost vendors awards

  1. Copying another company's reps and certs. Don't. Every company's situation is different. Copying someone else's answers is the fastest way to certify something untrue about your own company.
  2. Self-certifying socio-economic status without SBA certification. Marking yourself as 8(a), HUBZone, WOSB, EDWOSB, SDVOSB, or VOSB when you don't have the formal SBA certification is fraud. The CO will check the SBA database during market research and find out.
  3. Stale size status. If your business has grown over the size threshold for a NAICS code and you haven't updated, you'll be claiming small status on bids you're no longer eligible for. Competitors notice. Protests follow.
  4. Skipping Section 889 due diligence. Certifying you don't use covered equipment without actually checking your office is a False Claims Act exposure. If you have Hikvision security cameras, Huawei networking gear, or Dahua surveillance, you have to remove them before certifying Part B.
  5. Leaving FAPIIS disclosures blank or vague. If you have a reportable matter and you don't disclose it, the CO will find it independently and the result is worse than disclosing.
  6. Forgetting the annual update. Reps and certs must be updated at least annually. If you don't update them, your registration goes stale and your bids may be considered non-responsive.
  7. Inconsistency between reps and certs and your proposal. If your proposal claims small business status and your reps and certs show you as large, that's an immediate red flag. The CO has to resolve the inconsistency, and the safest resolution from their side is to disqualify you.
  8. Certifying things you haven't actually done. If a rep requires you to have a written plan, a compliance program, a self-assessment posted somewhere, or a certified policy: you have to actually have it. Certifying that you do when you don't is fraud, and it's discoverable through audits.
  9. Trusting a service provider to do reps and certs for you. A service provider can help you understand the questions, but you are the one signing under penalty of the False Claims Act. You read every rep yourself, you confirm every answer yourself.
  10. Treating reps and certs as a one-time setup. They're an ongoing legal commitment. Every contract you have references your current SAM reps and certs. When something material changes about your company, update them immediately, not at renewal time.

The annual update requirement

FAR 4.1201 requires you to update reps and certs at least annually. Most vendors do this when they renew their full SAM registration (also annual), but you can update reps and certs independently any time without doing a full registration renewal.

You should also update immediately, not wait for the annual cycle, when:

  • Your size status changes (you grew over a threshold or shrunk under one)
  • You acquire a socio-economic certification (SBA approves your 8(a) application, etc.)
  • You lose a socio-economic certification (HUBZone status withdrawn, etc.)
  • You have a new FAPIIS-reportable event (criminal proceeding, civil judgment, contract termination, etc.)
  • Your foreign ownership profile changes
  • You add or remove covered telecommunications equipment from your operations
  • Your cybersecurity posture changes materially (new SPRS score, new DFARS 7012 plan, etc.)
Reps and certs scams exist too. Same predators who run SAM renewal scams will sometimes contact you offering to "audit your reps and certs for compliance" or "update your certifications" for a fee. Don't pay them. Reps and certs are free to update in SAM, and a paid third party can't certify on your behalf anyway. Your CO is reading what you certify, not what they certify on your behalf.

Going through SAM registration for the first time?

The reps and certs section is one of fourteen things to get through. The full SAM Registration walkthrough covers the whole process: prep checklist, every screen, the realistic timeline, and the 10 most common rejections.

Read the SAM registration guide →