After-the-Hack Survival Guide

Post Breach Rules Require Password Resets

Remember that huge GSA hack? Remember how they subsequently lost all your usernames and passwords? Now it’s time to deal with the fallout.

Since then, GSA assessed “the underlying vulnerability in all of its information systems and is immediately applying stricter security measures, including more stringent password management and Multi-Factor Authentication”. The measures apply to eBuy, Advantage Spend Analysis Program (ASAP), Schedule Input Program (SIP), Reverse Auctions and 72A Reporting System accounts.

What does this mean for contractors? For 72A reporting, you’ll have to visit https://72a.gsa.gov/ to reset your password. VSC users should have received an email with links and instructions to reset your VSC password. In case it got filtered to your spam, you can find reset instructions here. System features will be inaccessible until you reset your password. GSA advises users having trouble to contact the Vendor Support Center Monday through Friday8:00 a.m. to 5:30 p.m. EDT at 877-495-4849 or vendor.support@gsa.gov. Through tomorrow (12 June), VSC offers extended hours of 8:30 a.m. to 9:30 p.m. If this is all way too confusing for you, we are here to help at 301-913-5000 or admin@ezgsa.com.

Sign your Name on the Dotted Line

Actions needed for Schedule 75 Contract holders

On January 10, GSA released plans for Mass Mod A598, and now they’re following through. Changes for Schedule 75, Office Supplies, include new business rules, new TAA compliance standards, new environmental guidance, and a new letter of supply.

Contract holders must sign the new Letter of Supply, GSA Business Rules, and Critical Information Specific to Schedule 75, and return them to GSA by the deadline on June 30, as well as supplying new TAA Operating Procedures. Otherwise, their contracts will fall out of compliance, and GSA may take action such as removal of the GSA pricelist from GSAAdvantage, or cancellation of the contract itself.

After contractors complete all required documents, they should upload the files to a new Terms and Conditions modification in eMod. GSA will then finalize the modification and incorporate into the GSA MAS Schedule Contract.

For the necessary documents, and more information, visit the solicitation. And of course, EZGSA is always here to help you with questions! Call 301-913-5000 or email mbotello@ezgsa.com.

Ride the On-Ramp to OASIS

GSA to add On-Ramps to OASIS unrestricted pools

On May 9, GSA announced plans to add vendors to two underused OASIS pools: pool two for financial services, and pool six for aircraft R&D.

OASIS, a set of 10-year government wide multiple-award-contracts, totals $60 billion for knowledge-based services such as management and consulting services. GSA plans to make 15 contract awards for pool two, and two contract awards for pool six. A final RFP should be released by May 31, after which vendors will have 30 days to submit proposals.

Since fiscal year 2015, most contract holders on most pools haven’t won many orders. GSA is currently focusing on the pools with the lowest spending levels. Contractors considering a bid should assess themselves against the self-scoring evaluation in the original solicitation. There are currently no minimum scores for the pools on the table.

 

Office Relocation SIN Relocating!

Are you a Schedule 48, SIN 653-8 contractor? This office relocation area of the Transportation, Delivery, and Relocation Schedule is disappearing into the ether, and soon. GSA has decided to consolidate two very similar SINs under two different schedules.

  • If you also have a Schedule 71 IIK contract, SIN 712-3, you are golden and don’t have much to worry about — your services are already covered under the other contract; GSA will simply cancel your Schedule 48 SIN (or the entire Schedule if 653-8 is your only SIN).
  • For those with only the single 653-8 SIN on Schedule 48, GSA will move your services onto SIN 712-3. Typical government-ese bureaucratic work will be involved, but it’s not too egregious.
  • For those who have additional SINs on Schedule 48, you have a choice of deleting the relocating SIN and keeping your Schedule, as well as applying for the 71 IIK SIN after 1 July; OR delete the other Schedule 48 SINs, canceling the contract and transitioning to 71 IIK and then re-applying through streamline for Schedule 48.

Whew. Confusing, right? Fear not, we are here to help. Give us a call at 301-913-5000, and we’ll get you through it!

Say it ain’t so SAM…

So yes, GSA’s SAM (the System for Award Management) is as vulnerable to hacking and fraud as any other database, and now we have the proof. Apparently the Inspector General’s office has found that payments purportedly sent by the government never arrived at their intended contractors’ offices and instead were sent to a third party. Reason being that someone went in and changed the address. Hackers hackers everywhere.

GSA has contacted some contractors, but it is likely that more fraud is out there. We suggest you check your SAM to ensure your address and DUNS number are correct. If you see inconsistencies, contact your Contracting Officer and the Federal Service Desk (866-606-8220) immediately. If there has been fraud associated with your SAM registration, you will need to go through the usual rigamarole to prove that you are you, including notarizing a letter, etc.

For more information, contact us here at EZGSA (301-913-5000) or go to the active GSA page.