You’ve just received a solicitation, and buried in Section H is an insurance requirement table listing five coverage types, specific endorsement forms, and a cancellation notice provision that your current broker has never heard of. This is the moment most government contractors realize their broker doesn’t understand the contracting space. Government contractor insurance requirements aren’t a mystery, but they are specific, and the gap between what FAR minimums say and what your contracting officer actually expects can kill a proposal before it ever gets evaluated. This guide breaks down the exact policies, minimum limits, endorsement language, and compliance steps you need to satisfy those requirements, whether you’re a prime on a GSA schedule, a sub deploying personnel overseas, or an 8(a) firm just entering the federal market. Risk Reconnaissance LLC, an Atlanta-based brokerage specializing in government and defense contractor programs, put this together so you spend your time building your program, not educating your broker.
Government contractor insurance requirements: the FAR baseline
FAR Subpart 28.3 and clause 52.228-5 establish the federal insurance floor, but they don’t set one uniform package. The contracting officer determines which coverages apply based on contract type, work performed, and risk exposure. That said, several coverages appear consistently across federal contracts and serve as your starting point for any government contractor insurance requirements analysis.
Workers’ compensation and employer’s liability
Workers’ compensation is mandatory on federal contracts and must comply with applicable federal and state laws. Employer’s liability carries a FAR minimum of $100,000 per occurrence, with a limited exception for states that use exclusive monopolistic funds that don’t permit private coverage. These numbers represent the legal floor, not the realistic expectation for most contracts.
Commercial general liability and automobile coverage
FAR Subpart 28.307 sets the CGL minimum at $500,000 per occurrence for bodily injury when the contracting officer requires this coverage. Automobile liability for vehicles used in contract performance requires at least $200,000 per person and $500,000 per occurrence for bodily injury, plus $20,000 per occurrence for property damage. Property damage under CGL has no fixed FAR minimum; the contracting officer sets that number based on the contract’s specific risk profile. Standard limits are $1,000,000 occurrence and $2,000,000 aggregate.
Why the contracting officer’s judgment overrides the baseline
FAR explicitly empowers contracting officers to require higher limits based on contract risk, work location, and agency policy. The FAR minimums are a regulatory floor, and most real-world contracts exceed them significantly. A service contract at a federal facility might require $2M CGL; a DoD IT contract might require $5M professional liability and $5M cyber, illustrative figures that vary widely by agency, data sensitivity, and acquisition type. Reading the contract schedule’s insurance section is always more important than memorizing FAR minimums.
Coverage types triggered by contract type and work location
Beyond the universal baseline, certain contracts carry additional insurance triggers that catch contractors off guard. Knowing which triggers apply to your specific contract type and performance location is what determines whether your program holds up under review.
Professional liability and E&O for service and IT contracts
Professional liability, also called errors and omissions (E&O), is not addressed in FAR minimums but may be required by contracting officers on most service, engineering, and IT contracts. Most commonly seen as a requirement by Prime contractors. Typical limits run $1M to $5M per claim for civilian agency work. DoD IT contracts and cleared contracts handling controlled unclassified information (CUI) routinely require $5M or more. As cybersecurity risk has grown in prominence, reflected in part by CMMC assessment requirements, some agencies have raised their insurance asks to reflect the sensitivity of the data involved, though specific limits vary by contract and agency. Separate cyber liability coverage at $5M or higher appears with increasing frequency in DFARS-driven IT solicitations, with required coverage elements that commonly include ransomware, data exfiltration, breach notification costs, and regulatory fines; limits and elements vary by solicitation. For context on the DoD’s evolving requirements, see the discussion of the DoD finalizes cybersecurity rule.
Defense Base Act coverage for overseas and contingency performance
Defense Base Act (DBA) insurance is the statutory workers’ compensation equivalent for employees working outside the United States on government contracts. This is not optional coverage; it is a federal legal requirement under the Defense Base Act, and it applies to prime contractors and subcontractors alike. Any firm deploying personnel overseas under a DoD or federal contract must carry DBA coverage before those personnel ever board a plane. Applicability can depend on factors including employee nationality and contract type, and the Department of Labor administers waiver processes in certain circumstances, so early legal and brokerage review is essential. Generalist brokers frequently misclassify this exposure, try to satisfy it with a standard domestic workers’ comp endorsement, or miss it entirely. That gap creates direct liability exposure for the contractor and the prime if a sub fails to carry it. For a practical compliance walkthrough, see our Defense Base Act Insurance: GovCon Compliance Guide 2025, and for an industry explanation of why DBA is mandatory on overseas contracts, read Defense Base Act coverage, why it’s mandatory for overseas contracts.
Overseas and government property insurance triggers
FAR Subpart 28.3 also addresses war-hazard coverage and insurance for government-owned property used in contract performance. When the government requires or approves coverage for its own property, the contractor must provide it or operate under an approved alternative arrangement. Overseas contingency contracts regularly include these requirements, and they require specialized placement that most commercial brokers don’t have access to through standard markets.
How government contractor insurance requirements split between prime and subcontractor
One of the most misunderstood dynamics in GovCon insurance compliance is how requirements distribute across the contracting chain. The government doesn’t treat primes and subs identically, and assuming your coverage obligations mirror your teammate’s is a reliable path to a compliance failure.
What the government holds primes directly accountable for
On fixed-price contracts, the government isn’t always prescriptive about insurance unless the contracting officer inserts a specific clause. When that clause is present, the prime owns full compliance and is responsible for maintaining the required coverages throughout the contract’s performance period. Beyond its own coverage, the prime also takes on responsibility for verifying that all subcontractors performing work on the contract carry appropriate insurance before any work begins. The government looks to the prime when a sub’s coverage is missing or inadequate.
Flow-down obligations and what subcontractors must independently carry
Subcontractors don’t contract directly with the government, so their insurance obligations arrive through the prime’s flow-down clauses. FAR clause 52.228-5 specifically requires the prime to insert the substance of that clause into subcontracts that involve work on a government installation. Primes regularly impose stricter limits on subs than FAR requires, including additional insured endorsements, DBA coverage for any overseas personnel, and certificates of insurance submitted to the prime before mobilization. A sub who assumes that a standard domestic workers’ comp policy satisfies a federal overseas deployment requirement will get flagged quickly, and the liability for that gap often moves back up the chain to the prime.
Contractor insurance checklist: the COI and endorsement package contracting officers expect
Getting the right policies in place is only half the compliance equation. How you document and evidence that coverage is what contracting officers and primes actually verify. The certificate of insurance for government contracts and its supporting endorsements must carry specific language to be accepted.
Additional insured, primary/non-contributory, and waiver of subrogation
These three endorsements are commonly required on many federal and state government contracts. “Additional insured” names the government agency or prime as a protected party under your policy, using ISO forms CG 20 10 (ongoing operations) and CG 20 37 (completed operations) for general liability. “Primary and non-contributory,” typically evidenced through ISO form CG 20 01, confirms your coverage responds first without seeking contribution from the additional insured’s own policy. “Waiver of subrogation,” issued on form CG 24 04 for general liability or WC 00 03 13 for workers’ compensation, prevents your insurer from pursuing recovery against the protected party after paying a claim. Each of these endorsements must appear on the actual policy, not just be referenced as a note on the certificate.
Cancellation notice language and federal contractor liability limits on the certificate
FAR requires that when insurance is mandated, the policy must include an endorsement stating that cancellation or material adverse change does not take effect without the required written notice to the contracting officer. The COI must show the exact policy form, coverage type, effective dates, limits, and any required endorsement form numbers, and all of it must match the insurance clause language in the contract. A COI that lists the right limits but omits required endorsement form numbers, or uses a generic “30 days notice of cancellation” checkbox without the actual endorsement, typically won’t pass a careful KO review. For a practical, consumer-friendly breakdown of COI components, see this certificate of insurance (COI) complete guide.
Where compliance breaks down: the four most common failure patterns
Most insurance compliance failures in the GovCon space aren’t caused by contractors choosing the wrong coverage type. They’re caused by documentation errors, broker knowledge gaps, and assumptions that one number satisfies another. These are the patterns that repeatedly send proposals back to the starting line.
Assuming FAR minimums satisfy the full contract requirement
The most common error is a contractor obtaining a policy that meets the FAR 28.307 baseline, submitting the COI, and watching the KO kick it back because the contract schedule requires $2M CGL rather than the FAR’s $500K. FAR minimums and contract-specific minimums are two different numbers, and the contract schedule always controls. Read the insurance section in the contract schedule, not just the FAR clause reference number.
Using a generalist broker who can’t write the right endorsements
A broker who doesn’t regularly place government contractor insurance programs will often issue a standard COI without required endorsement forms, use incorrect additional insured language, or miss the DBA requirement entirely for overseas work. This isn’t a minor technicality. Incorrect endorsement language is treated as noncompliant, a KO who knows what they’re looking at will reject it on that basis. Proposal timelines don’t leave room for a second attempt while your broker figures out what ISO form CG 20 10 means.
Missing cyber and professional liability on IT and service contracts
Contractors who build their program around FAR’s physical risk coverages, CGL, auto, workers’ comp, often miss the professional liability and cyber liability requirements that appear in the contract schedule for service, IT, and advisory contracts. These coverages have no FAR minimum, so they don’t show up in the baseline checklist, but they appear as explicit requirements in a significant share of federal solicitations. Missing one on a contract that requires it is a clean compliance failure with no workaround at submission.
Subs who skip DBA because the prime didn’t explicitly flag it
Subcontractors performing overseas work under a DoD contract are legally required to carry DBA coverage regardless of whether the prime’s flow-down clause explicitly calls it out. The Defense Base Act imposes the obligation by statute, not just by contract. If a sub deploys personnel without DBA coverage in place and a worker is injured overseas, the sub faces direct liability exposure and the prime faces regulatory exposure for not verifying compliance before mobilization.
Getting a compliant program without starting from scratch
The compliance map for government contractor insurance requirements is readable once you know the framework. The challenge isn’t the complexity of the rules; it’s having a broker who already understands them before your first conversation.
What a GovCon-literate broker does differently
A broker who works exclusively with government and defense contractors already knows what FAR 52.228-5 says, what a contracting officer expects on the COI, and why DBA is non-negotiable for overseas deployments. Risk Reconnaissance LLC builds programs for government and defense contractors, which means contractors don’t spend the first meeting explaining what a teaming agreement is, what DFARS requires, or why the proposal deadline can’t move. The underwriters Risk Reconnaissance works with understand the contractor risk profile from the first submission, which produces faster, more accurate placement and documentation that passes KO review the first time. For more on broader commercial placements and marketplace nuances, see Navigating the Complex World of Commercial Insurance for Government Contractors, Risk Reconnaissance.
Steps to get proposal-ready coverage before your deadline
Start with the contract schedule’s insurance section, not the FAR reference. Pull the exact coverage types, limits, and required endorsements listed there. Identify whether you have overseas performance, professional services, IT work, or subcontractors deploying personnel, because each triggers coverage types beyond the FAR baseline. Then work with a broker who can structure the full program and issue endorsement-compliant documentation on the timeline your proposal requires. The compliance steps don’t change whether you’re onboarding your first federal contract or scaling into three new NAICS codes: read the schedule, match every requirement, and confirm the documentation is exact before it goes out the door. If you want a concise primer on typical requirements and common pitfalls, see our Insurance for Government Contractors, Risk Reconnaissance.
What compliance actually requires
Government contractor insurance requirements are not a one-size-fits-all FAR checklist. They depend on your contract type, your role in the contracting chain, your work location, and the specific limits and endorsements your contracting officer inserted into the contract schedule. General liability, workers’ compensation, professional liability, DBA, and cyber coverage each carry their own triggers, and the COI package that proves compliance requires precise endorsement language matched to what the KO asked for.
Getting this right before a deadline means having a broker who already understands the terrain, can communicate your risk profile to underwriters clearly, and knows which endorsement forms satisfy which requirements without needing a tutorial. The contractors who move proposals forward on time aren’t the ones with the most coverage; they’re the ones with the right coverage, documented exactly the way the contract demands.
If your current broker is asking you to explain what DBA means or why a contracting officer needs CG 20 10 on the certificate, that’s the signal. Risk Reconnaissance LLC works exclusively in this space, so your next deadline doesn’t become a compliance lesson for your broker. Reach out before the clock starts.