A compliance matrix is the first document your proposal team should build after receiving an RFP — and the last thing most teams get to. The result is proposals that miss requirements, fail to address evaluation criteria with sufficient emphasis, and lose points for non-compliance that had nothing to do with technical quality.
This post gives you a free compliance matrix template you can adapt for any government proposal — populated with real requirements from a NAVSEA SeaPort-NxG solicitation — explains how to build it correctly using APMP and Shipley best practices, and covers the five most common compliance matrix mistakes that cost contractors points on technically strong proposals.
⚡ Skip the manual build. Our Proposal Kickoff Accelerator generates a full-spectrum compliance matrix automatically — Section L, Section M, SOW/PWS, and Section H requirements all mapped, with cross-references between L and M, page limits captured, and pass/fail items flagged.
See How It Works →What a compliance matrix does — and doesn't do
A compliance matrix maps every requirement in the solicitation to the specific proposal section that addresses it. It's not a summary of the RFP. It's not a checklist of what you plan to write. It's a mapping document — a navigation tool that ensures every requirement has an owner, a location in the proposal, and a cross-reference back to the solicitation.
The matrix has to pull from more than just Section L and Section M. APMP and Shipley both teach the same lesson: compliance and responsiveness are different things. Section L tells you how to write the proposal. Section M tells you how you'll be scored. But the Statement of Work (Section C / PWS / SOO) tells you what you're actually being asked to deliver, and Section H (Special Contract Requirements) plus the attachments contain pass/fail terms that don't always appear in Section L. A matrix that only tracks L and M is half a matrix.
Done correctly, a compliance matrix has four benefits: it prevents non-compliance by making every requirement explicit; it forces the team to think about proposal structure before writing begins; it gives reviewers a roadmap for checking compliance; and it makes the proposal easier to evaluate — which evaluators appreciate and often reward, consciously or not.
The free compliance matrix template
Below is a working compliance matrix populated with real requirements from a recent NAVSEA SeaPort-NxG solicitation (Records Administration & Management Services, N0018926QD041). It shows the full-spectrum approach: requirements pulled from Section L, Section M, the SOW/PWS, Section H, and Key Details — each tagged by source and mapped to a proposal volume and section. Adapt this structure for your solicitation.
| Requirement ID | Source | Requirement Text | Proposal Volume | Proposal Section | Compliance Status | Notes |
|---|---|---|---|---|---|---|
| Section L — Instructions to Offerors | ||||||
| L-1.0 | Section L | Submit a description of prior contract experience similar to PWS, demonstrating viability as a WOSB-certified SeaPort-NxG competitor. Firms with limited direct experience may address commitment of personnel or teaming partners. | Step One | 1.0 Viability Determination | Will Comply | Page limit: 2 pages, single-sided. 12pt font (10pt graphics/tables/headers). Due April 21, 2026, 12:00 PM ET. |
| L-2.0 | Section L | Present a detailed, forward-looking, actionable plan describing how PWS requirements will be accomplished, focusing on innovation, efficiency, risk mitigation, and measurable results. Generic statements or paraphrasing are inadequate. | Vol I | 2.0 Performance Approach | Will Comply | 10-page limit (cover sheet & TOC excluded). 8.5"x11", 1-inch margins, 12pt Times New Roman, single-spaced. Excess pages not evaluated. |
| L-2.3 | Section L | Address receiving and processing Navy-wide messages using GOES, C2OIX, BMHS, and U.S. Message Text Format Editor Program. | Vol I | 2.3 Message Center Operations | Will Comply | Part of 10-page limit for Performance Approach. |
| L-3.0 | Section L | Identify three (3) most relevant contracts/efforts within past five (5) years using Past Performance Information Form (Attachment 02). Detailed explanation of relevance required. | Vol I | 3.0 Past Performance | Will Comply | At least one year of performance must be completed on each. No separate page limit (within Volume I 10 pages). |
| L-4.0 | Section L | Provide a complete and detailed cost breakdown with all supporting documentation for each period of performance. | Vol II | 1.0 Cost Quote | Will Comply | No page limit. Excel required for cost quote; supporting docs may be Excel/Word/PDF. Subcontractor cost may be sealed. |
| Section M — Evaluation Criteria | ||||||
| M-1.0 | Section M | Achieve a minimum 'Acceptable' rating for Factor 1 (Performance Approach) for award eligibility. | Vol I | 2.0 Performance Approach | Will Comply | Best value trade-off under FAR 16.505. Non-Cost Quote is more important than Cost Quote. |
| M-1.1 | Section M | Achieve a minimum 'Satisfactory Confidence' rating for Factor 2 (Past Performance) for award eligibility. | Vol I | 3.0 Past Performance | Will Comply | Confidence assessment rating method. |
| M-1.3 | Section M | Propose labor at 100% straight time (1,920 hours = 1 full man-year); uncompensated overtime and overtime rates will not be used in evaluation. | Vol II | 1.7 Labor Hour Basis | Will Comply | Cross-references L-4.7. Same requirement appears in both Section L and Section M. |
| SOW / PWS — Performance Work Statement | ||||||
| SOW-1.0 | SOW/PWS | Manage records through a document imaging production operation, including maintenance, corrections, and customer support using CRM tools like Salesforce. | Vol I | 2.1.1 Records Management | Will Comply | Corresponds to L-2.1. |
| SOW-4.0 | SOW/PWS | Support Millington Message Center by operating U.S. Message Text Format Editor Program, GOES, C2OIX, and BMHS systems to process Navy-wide messages. | Vol I | 2.3.1 Message Center Operations | Will Comply | Corresponds to L-2.3. |
| Section H / Key Details — Special Contract Requirements | ||||||
| GEN-2.0 | Section H | Be a 100% Women-Owned Small Business (WOSB) concern and a SeaPort-NxG contract holder. | Vol I | 1.0 General Requirements | Will Comply | FAR 52.219-30 incorporated. Non-WOSB / non-SeaPort-NxG firms will not be considered. Pass/fail. |
| GEN-6.0 | Section H | All contractor employees must obtain a DoD CAC and have a favorably completed NACLC or T3/T3R equivalent investigation (IT-II level) prior to accessing Privacy Act-protected information. | Vol I | 2.0 Performance Approach | Will Comply | Maximum SECRET. Investigation docs due 30 days prior to start. Interim approvals not authorized. Foreign nationals prohibited. |
| GEN-6.1 | Section H | Confirm and review DD Form 254 (Attachment 05) for full security classification requirements. | Vol I | 1.0 General Requirements | Will Comply With Exception | DD Form 254 was unreadable in provided documents. Critical for bid/no-bid — request clarification from CO. |
| GEN-11.0 | Section H | Comply with DFARS 252.204-7012, 252.204-7019, and 252.204-7020 (NIST SP 800-171 DoD Assessment Requirements). | Vol I | 2.0 Performance Approach | Will Comply | Bidders must have a current SPRS score on file and comply with CMMC/cybersecurity requirements. |
| Past Performance — Submission Details | ||||||
| PP-1.0 | PP Details | Identify three (3) most relevant contracts or efforts. | Vol I | 3.0 Past Performance | Will Comply | Cross-references L-3.0. |
| PP-1.4 | PP Details | Use the Past Performance Information Form (Attachment 02, dated 06/17/2008) for submission. | Vol I | 3.0 Past Performance | Will Comply | Cross-references L-3.0. |
Excerpted from a 60-row compliance matrix auto-generated from solicitation N0018926QD041. The full output also covers staffing requirements (STAFF-1.0 through STAFF-1.2), period-of-performance terms, SCA/wage determination compliance (FAR 52.222-42), incumbent transition risk, and 12 additional Section H requirements.
Seven steps to building a compliance matrix correctly
Step 1: Read Section L line by line — not just the structure
Most teams skim Section L for volume names and page limits and miss the embedded requirements. Instructions like "the offeror shall describe their approach to transitioning incumbent personnel" are often buried in the middle of a longer paragraph. Read every sentence of Section L before you populate the matrix. Highlight every "shall," "must," and "the offeror will."
Step 2: Read Section M with the same rigor
Section M tells you how you'll be scored. Every subfactor is a signal about what the evaluators will look for and weight. Your matrix should map each subfactor to the specific proposal section — not just the volume — that addresses it. If a subfactor mentions "innovative approaches," your proposal section needs to explicitly address innovation, not just imply it. Capture the rating method (adjectival, confidence assessment, color-coded) and the minimum acceptable rating for each factor.
Step 3: Pull every "shall" from the SOW / PWS
This is the step that separates a compliance matrix from a responsiveness matrix — and most teams skip it. Section L tells you how to write. The Statement of Work (or PWS, or SOO) tells you what to deliver. A proposal that follows every Section L instruction but doesn't actually address the work the customer needs done will lose. Pull every requirement statement from the SOW into the matrix and tag it with its source. The example matrix above shows SOW-1.0 through SOW-5.0 mapped alongside the L and M references — that's full-spectrum compliance.
Step 4: Don't skip Section H and the attachments
Section H (Special Contract Requirements) and the solicitation attachments — DD Form 254, Past Performance forms, wage determinations, Quality Assurance Surveillance Plans — routinely contain pass/fail terms that Section L doesn't repeat. Set-aside eligibility, security clearance levels, citizenship requirements, SCA wage compliance, CMMC/cybersecurity attestations: these belong in the matrix with the same rigor as Section L instructions.
Step 5: Cross-reference L to M to SOW
Every Section L instruction should trace to a Section M criterion that evaluates it, and ideally to the SOW task that produces the response. If you can't find the M criterion for a given L instruction, that's a signal — either the requirement is administrative (pass/fail) or the evaluators will grade something the team didn't emphasize. Knowing which is the case matters. The example matrix uses the Notes column to surface these ties: "Cross-references L-4.7. Same requirement appears in both Section L and Section M."
Step 6: Assign compliance status using industry-standard language
Compliance status uses three values, not two: Will Comply, Will Comply With Exception, and Will Not Comply. "Will Comply With Exception" is the column you use when the requirement is unclear, the form is missing, or a clarification is needed from the contracting officer — like the GEN-6.1 row above where the DD Form 254 was unreadable. Don't conflate compliance status (a statement about your response) with project status (Not Started / In Progress / Done). Track those separately.
Step 7: Assign writers and reviewers before you start writing
The matrix is most useful before a single word of proposal text is written. By the time you're populating a compliance matrix during the review phase, you've already lost — you're using it to find gaps instead of prevent them. Build the matrix at kickoff, assign a writer and a reviewer to each row, and review matrix completion at every gate review (Pink Team, Red Team, Gold Team).
The five most common compliance matrix mistakes
1. Tracking compliance but not responsiveness. A proposal can comply with every Section L instruction and still fail to actually address the work in the SOW. Compliance and responsiveness are different. The matrix has to pull from the SOW/PWS, not just Sections L and M, or you'll write a proposal the evaluators can't grade against the Statement of Objectives.
2. Treating Section H and the attachments as optional. Section H (Special Contract Requirements) and attachments contain requirements evaluators look for — OCI provisions, security requirements, CMMC levels, GFP/GFE provisions, DD Form 254 specifics, wage determinations. These belong in your matrix with clear ownership. The example matrix above flagged a missing DD Form 254 as "Will Comply With Exception — critical for bid/no-bid": that's the kind of finding that surfaces when Section H is in the matrix and disappears when it isn't.
3. Confusing "address" with "respond to." Saying "Section 2.3 addresses Management Approach" doesn't mean Section 2.3 responds to every subfactor under M. Map subfactors to paragraphs, not just sections. Evaluators score at the subfactor level — your matrix has to operate at the subfactor level too.
4. Using project status instead of compliance status. "Not started" is a project management status. "Will Comply" / "Will Comply With Exception" / "Will Not Comply" is a compliance status. Conflating them hides risk: a row marked "In Progress" tells you nothing about whether the team can actually meet the requirement. Track both, in separate columns, and review compliance status at every gate review.
5. Not updating the matrix when the RFP changes. Amendments add and remove requirements. Your compliance matrix is a living document through proposal development. Assign one person to review every amendment within 24 hours of release and update the matrix — including the date of the amendment in the row, so reviewers can see what changed.
🚀 Skip the build. Our Proposal Kickoff Accelerator generates your compliance matrix automatically from the RFP — every L instruction, M criterion, SOW task, and Section H requirement mapped to a proposal volume and section. Ready at kickoff.
Learn More →The relationship between your compliance matrix and your bid/no-bid decision
A compliance matrix is useful for more than proposal management — it's also a pre-bid due diligence tool. Before you commit to responding, use a quick matrix pass to answer: Are there pass/fail requirements we can't meet? Are there key personnel positions we can't fill in time? Are there format or certification requirements that introduce risk?
If those questions surface a hard stop, it's better to find out during your bid/no-bid gate review than after you've committed two weeks of proposal resources. The Opportunity Snapshot gives you enough detail to run this pre-bid compliance check in minutes, not hours.