Federal CAI Procurement Due Diligence Checklist

A practical CAI/OSINT procurement checklist. Covers provenance, exclusions, contract terms, and delivery controls. Request the brief.

CAI/OSINT procurement due diligence

This checklist is designed for contracting officers, privacy counsel, and mission owners evaluating commercially available information (CAI) and OSINT-derived signals. It focuses on what reduces downstream risk: provenance, exclusions, contract terms, and delivery controls that match federal governance realities.

Core diligence categories

Provenance: source categories, lineage, and sensitive-category handling.
Contract terms: permitted use, retention, deletion SLA, and audit rights.
Operational controls: data minimization and protected-location exclusions where applicable.
Delivery: chain-of-custody documentation and FedRAMP-compatible delivery paths as required.

For mission-oriented context, see federal intelligence. For enforcement-driven diligence, start with the GSDSI resource on FTC consent orders.