GSA Switches to Multi-Factor Authentication in the Mass Modification System
Resources and Insight | 4 Min Read
GSA contractors have been getting a lot of emails over the last couple weeks. Between the updates to GSA eBuy and the Multiple Award Schedule consolidation, contractors have been flooded with new information that impacts their contract compliance and their typical contract actions. One of the more recent GSA updates is the change to the Mass Modification System which will now require Multi-Factor Authentication (MFA).
As a refresher, GSA defines a Mass Modification as a “government-initiated modification that occurs when a uniform change occurs schedule-wide,” such as a change in terms and conditions. The focal point of the change to the Mass Mod system is the use of Multi-Factor Authentication to increase security. Contractors should have received the email regarding the new Mass Mod system on August 6 and the new system went into place on August 8. We understand if this has been overwhelming, because we have also been receiving the emails regarding our own GSA Schedule contract and several of our clients' contracts. So let’s go over how this change will impact you as a GSA Schedule contractor.
What Changed in the Mass Mod System?
Beginning August 8, 2020, all Mass Mods application users are required to register for Multi-Factor Authentication in order to log-in to the new Mass Mod system.
For those familiar with the previous Mass Modification system, once a Mass Modification was released, contractors would receive notifications via email. For each Mass Modification, authorized negotiators on the contract received an email with a unique PIN number specific to that Mass Mod. The authorized negotiator would enter the contract number to the Mass Mod system, utilize the PIN to log in, and then would receive a one-time code to their email in order to start the review of the terms and conditions changes. If contractors could not find their mass mod PIN in their email, they were able to contact their administrative contracting officer to get the PIN reset.
The main change that contractors should be aware of with the new system is the elimination of the unique PIN number for Mass Modifications. To accept Mass Modifications moving forward, contract authorized negotiators will need to register for and activate an account with the MFA system to view all outstanding Mass Mods.
Once users are in the MFA system with an activated account, they will need to set up a form of Multi-Factor Authentication, similar to that of the FAS Sales Reporting System.
Only after the MFA is complete will users be able to view pending/outstanding Mass Mods. This change to Multi-Factor Authentication aligns with GSA's overall IT modernization efforts to build and maintain a more modern and secure infrastructure for its IT systems.
What Do You Need to Do About the Mass Modification Now?
It’s important to note that only authorized negotiators listed on the contract will be able to sign Mass Mods, and GSA recommends that only authorized negotiators who are able to sign on behalf of the company (or those with signatory authority) should sign Mass Modifications in the new system.
This means contractors must have the most current authorized negotiators listed on their contract to utilize the new MFA process. Be sure to double check that your current authorized negotiators are up to date and that individuals listed in the eMod system have the proper signatory authority. Contractors needing to update the authorized negotiator(s) on their contract must submit an administrative modification in the eMod system.
You will need the MFA capability to sign the Multiple Award Schedule (MAS) Solicitation Refresh #4 Mass Mod beginning on August 14, 2020. This Mass Modification implements Section 889 Part B of the FY19 National Defense Authorization Act (NDAA) by incorporating FAR clause 52.204-25. Get a refresher on Part A of Section 889 and for more information regarding Part B, check out this recent GSA Interact Post.
Contractors should note that the change to the Multi-Factor Authentication system only impacts the Mass Mod portal. It does not remove or impact the digital certification requirement for the eOffer/eMod application. GSA still requires that at least one individual at the company holds an active digital certificate to keep your contract current through the eOffer/eMod system in order to remain compliant throughout the life of the contract.
Make Sure to Stay on Top of These Changes
As GSA continues to go through changes, be sure that you are staying compliant with your GSA terms and conditions. You can keep up to date with all Multiple Award Schedule changes by following the Winvale blog and newsletter. If you have any questions about GSA's new updates, the Winvale team is here to help.