Doing Business with ATI

Partnering with ATI | Ethics & Compliance | Cybersecurity

We developed this information for the purpose of providing our consortia members, subcontractors and suppliers with the ability to quickly reference information that they will need to work with our company and navigate the federal marketplace.

At Advanced Technology International (ATI), a nonprofit organization, is committed to our collaborative technology development model. Forming mutually beneficial relationships with our large business, small business and academia partners is key to that model, as we strive for excellence in delivery of outstanding technology innovation outcomes to our customers.

This information is one means of providing effective engagement with all of our industry partners, including the opportunity to connect with small, minority, women and veteran-owned small businesses interested in working with us.

We hope you find this information helpful. Please feel free to contact our Corporate Contracts office if there are any questions or you need additional information.


Natalie A. Corella

Executive Vice President,
Contracts and Compliance
ATI
315 Sigma Drive
Summerville, SC 29486
843-760-3361
natalie.corella@ati.org

Scott A. Savoie
Vice President,
Corporate Contracts
ATI
315 Sigma Drive
Summerville, SC 29486
843-760-4356
scott.savoie@ati.org

Obtaining a Dun & Bradstreet D-U-N-S® Number

In order to register in the System of Award Management (SAM), an organization will first need to receive a Dun and Bradstreet number (D-U-N-S®). Your business Tax ID number, bank account, bank routing number and business address are necessary to apply for this number.

View the PDF for more information on this process.

System for Award Management (SAM)

All companies desiring to do business with the Federal Government are required to have an active record on the Government’s System for Award Management (SAM).

SAM is the Official U.S. Government system that consolidated the capabilities of CCR/FedReg, ORCA and EPLS. There is NO fee to register.

ATI subcontractors and suppliers can also complete the Representations and Certifications in SAM.gov in lieu of the ATI Representations and Certifications.

ATI Training video: How to Register for a DUNS Number and Setting Up Your SAM Account.

See How to Register in SAM for further information.

Obtaining a DD Form 2345 - Militarily Critical Technical Data Agreement

DD Form 2345 is required by U.S. contractors that wish to obtain access to unclassified technical data disclosing militarily critical technology with military or space application that is under the control of, or in the possession of the U.S. Department of Defense (DoD).

Many of ATI's managed consortia require prospective members to obtain a DD Form 2345. In order to obtain a DD Form 2345, an organization is required to have a cage code. An organization must register in the System for Award Management (SAM) in order to obtain a cage code. Lastly, in order to register in SAM, an organization will first need to receive a Dun and Bradstreet number (D-U-N-S). Your business Tax ID number, bank account, bank routing number and business address are also necessary.

ATI Training video: Doing Business with the Federal Government, DD2345.

How to obtain a DD Form 2345.

Small Business Requirements

It is the intent of ATI that small businesses are given an equitable opportunity to compete for ATI purchases consistent with the efficient performance of our business. Each division in ATI will comply with the intent of the requirements set forth by FAR 52.219. Should your business meet any of the small business criteria listed, you are encouraged to contact sbadmin@ati.org to be registered as a vendor with ATI and be considered for future purchases and business needs.

For subcontracts that are subject to the Federal Acquisition Regulations, Small Business Classifications include (these are all self-certified classifications, except for the HubZone):

  • Small Disadvantaged Business (SDB)
  • Woman Owned (WO)
  • HubZone - (HubZone Certification Application)
  • Veteran Owned (VO)
  • Service Disabled Veteran (SDVO)
  • Historically Black Colleges and Universities (HBCU)
  • Minority Institutions (MI)

For more information, please visit the following useful websites:

Representations and Certifications (Reps and Certs)

In accordance with FAR Subpart 4.12, ATI is prohibited from awarding a procurement funded under a U.S. Government contract unless the seller certifies that it complies with certain U.S. Government policies and laws. In order to facilitate this requirement, your contracts or purchasing representative will request that you complete ATI’s Representations and Certifications via the Vendor Portal when required. (If you are currently registered in SAM, there are still a few additional representations and certifications that are required.)

For questions regarding ATI’s Reps and Certs policies, please contact: vendoradmin@ati.org and a representative from the contracts team will contact you.

Vendor Management System

ATI maintains a database of all vendors, suppliers and subcontractors who are and have done business with us. For your convenience, we have developed a new vendor portal allowing new and existing ATI vendors to self-register their company. Please contact your contracts or purchasing representative who can add your company into the system, which will then generate an email containing your user ID and password.

A step-by-step training video has been provided for our vendors:  ATI Vendor Portal Training.

Below is a list of downloadable versions of the vendor forms needed by ATI in order for your company to become a vendor, supplier or subcontractor to our company. These forms are also available via the vendor portal.

For questions regarding the ATI Vendor Portal, please contact your contracts/purchasing representative or contractforms@ati.org.

Invoicing and Prompt Payment

ATI’s standard payment terms are NET 30 days from the date an acceptable invoice is received. However, other payment terms may be negotiated with your contracts representative. Please refer to your subcontract agreement or purchase order for the applicable payment terms.

In order to facilitate prompt payment of invoices submitted to ATI, we ask that you please forward your invoices to afgforms@ati.org.

Please refer to your subcontract agreement or purchase order for guidance on submitting an acceptable invoice.

Payment Inquiries may be directed to your ATI subcontract representative or afgforms@ati.org

Contracting

ATI is committed to providing procurement services of the highest quality to exceed the expectations of all of our business partners. We ensure that ATI agreements reflect the best value for our clients and partners. It is our goal to build long term, mutually favorable relationships with our suppliers, subcontractors, team members and clients based on trust,honesty, and candor.

We welcome your questions and feedback as we strive to achieve our goals.

Please contact us!

Ethics & Compliance

In accordance with FAR 52.203-13, ATI has implemented a Supplier Code of Conduct, which outlines the expectations we hold for our suppliers, and reflects the high ethical standards we set for our own associates, Board of Directors, partners and suppliers.

The Supplier Code of Conduct applies for all contracts over $5.5 Million and a performance period in excess of 120 days. We value our relationship with your organization and thank you for being part of the continued success of ATI.

If you should have any questions regarding ATI's Supplier Code of Conduct, or need further assistance, please contact:

Natalie A. Corella
Chief Compliance Officer
ATI
315 Sigma Drive
Summerville, SC 29486
843-760-3361
natalie.corella@ati.org

Department of Defense (DoD) Hotline

The mission of the DoD Hotline is to provide a confidential, reliable means to report violations of law, rule or regulation, mismanagement, gross waste of funds, abuse of authority and classified information leaks involving the Department of Defense; as well as the detection and prevention of threats and danger to the public health and safety of the Department and our Nation.

Anyone may file a complaint with the DoD Hotline at 1-800-424-9098 to report fraud, misuse and misrepresentation relating to DoD contract. 

A report can also be made through the Fraud Waste and Abuse website.

Additional Ethics and Compliance Resources

For more information on adherence to laws and establishing effective Ethics and Compliance Programs, please visit the following websites.

Below is a list of Integrated Compliance Solutions providing online training, hotline services, policy management, reporting and analytics, and more:


Cybersecurity - Adhering to New DoD Requirements

In October of 2016, DoD adopted a final rule amending the Defense Federal Acquisition Regulation (DFARS) which requires contractors to report on network penetrations. While the main elements of the DFARS Clause 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) of the clause remained intact, the final rule and DFARS clause 252.204-7012 did include several updates and clarifications. However, please be advised that your company should adhere to the version of the DFARS clause contained in your subcontract agreement.

The current version of the DFARS clause is available at: http://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm. The main elements of the DFARS clause are bulleted below: 

  • Contractors still have until December 2017 to be in full compliance with the requirements outlined in the clause and NIST 800-171 – Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations
  • For all contracts awarded prior to October 1, 2017, areas of non-compliance need to be reported to the DoD CIO’s office within 30 days after contract award via email at osd.dibcsia@mail.mil. Contractors will need a DoD-approved medium assurance certificates in order to report a cyber-incident, so they should secure this certificate ahead of time, not if/when they need it for reporting. Please go to http://iase.disa.mil/pki/eca/Pages/index.aspx for more information on obtaining a DoD approved medium assurance certificate.
  • Contractors shall submit requests to vary from NIST SP 800-171 in writing to the Contracting Officer, for consideration by the DoD CIO. Subcontractors should notify prime contractors when submitting requests to the contracting officer when requesting to vary from NIST SP 800-171 security requirements.
  • Contractors have 72 hours to report cyber incidents to the DoD CIO at https://dibnet.dod.mil. If the contractor does not have all the information required on the Incident Collection Form (ICF) at the time of the report, and if more information becomes available, the contractor should submit a follow-on report with the added information. For Subcontractors that have an ATI subcontract please refer to the DFARS Clause 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting” (October 2016). In accordance with the clause, a “Cyber Incident” means action taken
    through the use of computer networks that result in a compromise of an actual or potentially adverse effect on an information system and/or the information residing therein.
  • If the Contractor intends to use an external cloud service provider to store, process or transmit any covered defense information in performance of the contract or subcontract, the Contractor shall require and ensure that the cloud services provider meets security requirement equivalent to those established by the Government for the Federal Risk and Authorization Management Program (FedRAMP) moderate baseline. (https://www.fedramp.gov/resources/documents).
  • The Cyber DFARS clause needs to be a flow down to all suppliers and subcontractors for operationally critical support or for which subcontract performance will involve covered defense information but the clause is not prescribed for use in solicitations or contracts that are solely for the acquisition of commercially available off-the-shelf (COTS) items.
    • “Covered defense information” means unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) Registry at http://www.archives.gov/cui/registry/category-list.html, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies, and is
      • Marked or otherwise identified in the contract, task order, or delivery order and provided to the contractor by or on behalf of DoD in support of the performance of the contract;
      • Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract.

NIST 800-171 Checklist Framework

The National Institute of Standards and Technology (NIST) guidelines 800-171 Revision 1 (Protecting Controlled Unclassified Information in NonFederal Information Systems and Organizations) were released in June 2015. NIST 800-171 outlines a subset of the NIST 800-53 requirements. A detailed mapping is available in the NIST Special Publication 800-171 Revision 1, Appendix D, Table D-1, page 30.

ATI is providing a Checklist Framework (pdf format) that you can use to assist in determining if you are NIST compliant and where you may need to enhance security measures.


Compliance Resources

The following is a list of resources to assist you in identifying areas that need improvement in your security requirements checklist. These resources may also provide assistance in becoming NIST 800-171 compliant.


Additional Cybersecurity Resources


Tips to Improve Cybersecurity

  • Train employees in security principles – have standards of protocol and behavior
  • Protect hardware, networks and information – update antivirus software
  • Create mobile device action plan – use password protection, encrypt data and use security apps on phones that have access to confidential information; establish reporting procedure for lost or stolen phones
  • Back up important data and information – back up documents and information to computers and to the cloud or offsite
  • Control physical access to computers – lock up laptops when unused; create user accounts for each employee; allow administrative privileges only to trusted IT staff and personnel
  • Secure Wi-Fi networks – make sure wireless is encrypted, SSID is hidden and networks have passwords
  • Use best practices with payment cards – work with banks and processors to set up anti-fraud services; do not use the same computer to process payments and surf the internet
  • Limit employee access and authority – give employees access only to the data systems necessary for their tasks; do not allow installation of software without permission
  • Require passwords and authentication – have employees use unique passwords and require them to change these passwords every three months; consider further authentication practices with additional information; check with vendors who handle sensitive information

Information Source: U.S. Small Business Administration.


The above is for information only. It is not to be considered a complete listing of all Cybersecurity resources, or guidance or a recommendation for how to comply with Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. ATI bears no risk, responsibility or liability for use of the information presented herein.