GSA recently identified security vulnerabilities in its Vendor Support Center (VSC) system, in which contractor usernames and passwords were compromised.
As an immediate course of action against this threat, GSA has now implemented a Multi-Factor Authentication to protect information and make it more secure. The enhanced security applies to multiple GSA portals, which include: eBuy, the Advantage Spend Analysis Program (ASAP), the Schedules Input Program (SIP), Reverse Auctions, and the 72A Quarterly Reporting System.
As a contractor, if you are to access these portals moving forward, you must reset your GSA password. An email was sent out on Friday 6/1 in the evening from OCMS@gsa.gov which explained the changes above and notified the contractor contract administrator of these changes. A link to reset your password was not provided in this email; however, this link can be found here: https://vsc.gsa.gov/FAS/. Within this link, the Vendor Support Center (VSC) lists the 4-step process on to how to reset your password, which is outlined below:
- Log in as usual: Enter your Contract Number and Password.
- One-Time Security Code email sent: An email has already been sent to your VSC email address containing your security code.
- Enter a one-time security code: Enter the security code, in the space provided. Please note that this code will expire 30 minutes after being sent by GSA.
- Reset your password: After successfully submitting the code, you will be prompted to reset your password according to GSA Policies.
Once your password is reset, you will then have access to the GSA portals listed above. It is important to note however, that one of the portals above may need to be updated to access it moving forward. SIP must be either version 8.2a or 8.3 to use the new password, as the “Password provided by GSA” text box for these versions, supports up to 20 characters. SIP version 8.1 does not support up to 20 characters in the “Password provided by GSA” text box, but only supports 8 characters. So if your reset password is above 8 characters, you will not be able to use this version of SIP.
To upgrade your SIP program, you will need to download the newest version of SIP from the VSC website: https://vsc.gsa.gov/sipuser/sip_download.cfm. Make sure when you download the program, that you are downloading the “exe” version and that you have administrator permissions on your computer, as the program will only run under an administrator permission. Once the newer version of SIP is up and running, make sure you update your “Password provided by GSA” under the “Contractor” tab to reflect your new password. When that is done, you will be able to submit SIP uploads.
With security upgrades, its always important to know that current programs usually become outdated. So, it’s important to know the implications of the upgrade, like how it will affect current programs, and how will the programs affect work moving forward. Should you have any questions on this password reset or its implications on current GSA programs, please do not hesitate to give us a call.