Georgia Tech Procurement Assistance Center

Mandatory breach notification requirements are coming for government contractors

By

The Biden Administration is imminently expected to release an executive order that will require government contractors to notify the government in the event of a cybersecurity breach.  Despite the relatively steady rise in cyberattacks and breaches over the years and the enactment of consumer data breach disclosure laws in all 50 states, there is currently no standardized reporting requirement for government contractors.  However, the Biden administration has promised executive action on the issue, largely in response to a cyberattack by a suspected nation-state against multiple software companies, including the SolarWinds software company.

Continue reading at:  Husch Blackwell

You’d better ‘feed’ SAM regularly — especially before you submit a bid

By

Effective October 26, 2018, the Federal Acquisition Regulation (FAR) requires businesses who are pursuing federal contracts to be registered in the System for Award Management (SAM) prior to their submission of a bid, proposal, or quote to a federal agency.

Think of this as the need to “feed” information about your company into the SAM database, including updates to that information, on a regular basis.

There are only a few exceptions to this new policy (exceptions may be found at FAR 4.1102).

In the context of federal contracting, SAM is essentially the federal government’s vendor database.  By registering in SAM, businesses indicate their compliance and agreement with the federal government’s standard “representations and certifications” requirements.  Updating your SAM record must be done at least annually for a vendor to maintain “active” status is SAM.

The new rule clarifies what had been ambiguity as to when vendors must be registered in SAM in order to be eligible to receive contract awards.  (See details in our earlier article on this subject here.)  With the FAR change, it’s now clear that registration must be accomplished before a vendor submits a response to an Invitation for Bid (IFB), a Request for Proposal (RFP), or a Request for a Quotation (RFQ).

If you need help with your company’s SAM registration, feel free to contact a Procurement Counselor with the Georgia Tech Procurement Assistance Center (GTPAC).  All of our contact information is listed by location at: https://gtpac.org/team-directory.

If you are located outside of the state of Georgia, you can find the procurement technical assistance center (PTAC) nearest you at: http://www.aptac-us.org/contracting-assistance.

Remember: There is never a fee to register in SAM as a government contractor. PTACs are available to provide you with no-cost help to get you through the process.

 

Effective Oct. 26, you must be registered in SAM before you submit a federal bid, proposal or quote

By

It’s official: If you intend to pursue a federal contract, your business must be registered in the System for Award Management (SAM) before you submit a bid, proposal, or quotation.  The new rule that makes this clear goes into effect on October 26, 2018.

Any wiggle room that may have existed in the past has been eliminated.  SAM registration is now imperative if you are interested in federal contracting.

It used to be that SAM registration was required before a contract could be awarded. The Federal Acquisition Regulation (FAR) at Subpart 4.1102(a) made that clear.  But that requirement was always a bit ambiguous since another provision of the FAR (Subpart 52.204-8(d)) said that bidders and proponents had to complete the representations and certifications in SAM as a condition of making their offer.  As a matter of practical interpretation, most federal contracting officers simply made sure that an offeror’s SAM registration was complete before awarding the offeror a contract.

That latitude goes away on October 26, 2018.  On that date, FAR Subpart 4.1102 is officially amended to require all entities (i.e., vendors, including joint ventures) to be registered in SAM at the time they submit an offer (a bid or proposal) or submit a quotation to a federal agency.  In essence, vendors who are not registered in SAM are ineligible to submit offers or quotes – effective October 26, 2018.

Keep in mind that the SAM registration process can take time to complete.  If you’re planning to compete for a federal contract in the future, you should complete your SAM registration as far in advance as possible.  And, if you are already registered in SAM, remember that your SAM registration must be renewed at least annually – and renewed whenever any part of your registration needs to be updated.

If you need help with your company’s SAM registration, feel free to contact a Procurement Counselor with the Georgia Tech Procurement Assistance Center (GTPAC).  All of our contact information is listed by location at: https://gtpac.org/team-directory.

If you are located outside of the state of Georgia, you can find the procurement technical assistance center (PTAC) nearest you at: http://www.aptac-us.org/contracting-assistance.

Remember: There is never a fee to register in SAM as a government contractor. PTACs are available with no-cost help to get you through the process.

SAM is located at: https://sam.gov.  But before beginning the SAM registration process, you must first take care of the following:

  1. Obtain a DUNS Number by registering your Legal Business Name and Physical Address with Dun & Bradstreet (D&B).  If you don’t already have a DUNS Number, you can request a DUNS Number for FREE from D&B at: http://fedgov.dnb.com/webform
  2. Make sure you have a Taxpayer Identification Number (TIN) associated with the Legal Business Name registered with D&B.  To obtain information from the IRS on how to obtain a TIN, visit: https://www.irs.gov/individuals/international-taxpayers/taxpayer-identification-numbers-tin
  3. Have your bank’s routing number handy, including your bank account number and your bank account type (i.e., checking or savings).  You’ll need this information to set up Electronic Funds Transfer (EFT) in SAM.  The federal government makes virtually all contract payments via EFT.
  4. The first time you log in to SAM.gov, you’ll be asked to create a login.gov user account (if you don’t already have one). Going forward, you will use your login.gov username and password every time you log in to SAM.gov. Existing SAM.gov usernames and passwords no longer work.

Facing Chinese cyberthreat, Pentagon to bake better contractor security into buying decisions

By

In the wake of reports China hacked a Navy contractor for sensitive data on submarine warfare, Pentagon officials said they want to build better security into the military’s acquisitions process to better protect the defense industry from Beijing’s tampering.

But it’s unclear whether the defense industry has bought into the nascent effort.

“It is no longer sufficient to only consider cost, schedule and performance when acquiring defense capabilities,” Deputy Under Secretary of Defense for Intelligence Kari Bingen told lawmakers on June 21st.

“We must establish security as a fourth pillar in defense acquisition and also create incentives for industry to embrace security, not as a cost burden, but as a major factor in their competitiveness for U.S. government business.”

Keep reading this article at: https://www.fifthdomain.com/congress/2018/06/21/pentagon-to-bake-better-contractor-security-into-buying-decisions/

New login required for SAM

By

To do business with the federal government, you need an account in the System for Award Management (SAM).

Whether you already have a SAM account or need to set one up, you need to know there is a new login procedure.

All users attempting to login to SAM are now automatically re-directed to first create a Login.gov user account.  If you already have a SAM username and password they no longer work, and you will be unable to access your SAM account until you have created a Login.gov account.

Creating a Login.gov Account
In order to create a Login.gov account, you will need each of the following:
  1. The email address and password associated with your SAM account.
  2. Access to the same email account to receive all confirmation emails.
  3. A working telephone number through which you can receive the security code that will be sent to you from Login.gov.
Need help with any step of the SAM registration process?

Never fear!  The Georgia Tech Procurement Assistance Center (GTPAC) will provide you with help at no charge.  Simply contact the GTPAC counselor located nearest you; our staff directory is at: http://gtpac.org/team-directory.  (Businesses located outside the state of Georgia can obtain free help from their nearest procurement technical assistance center.  Consult the national contact list at: http://www.aptac-us.org/find-a-ptac.)

Other recent changes to SAM

Each business must mail an original, signed notarized letter to GSA’s Federal Service Desk within thirty (30) days of their SAM activation or risk having their SAM registration deactivated.

Because of recent fraudulent activity associated with the SAM database, the General Services Administration (GSA) issued a rule in late March 2018 that requires all SAM registrants (“entities”) to provide an original, signed notarized letter identifying your company’s “authorized Entity Administrator.”   The notarized letter must follow a strict format.  GSA’s notarized letter template is available here: SAM_Notary_Letter_Template_4.12.18_GSA_version

In instances where businesses have federal contract awards or contract payments pending, GTPAC — and the other PTACs across the country — can offer special assistance to expedite the processing of their notarized letters.  When contacting your PTAC counselor, be sure to let us know if you are facing either of those two circumstances.

Don’t get stuck with an expired SAM registration — be alert to changes in the renewal process

By

If your business is registered in the federal government’s System for Award Management (SAM), you must renew your registration annually.

Be alert: Change is coming!

Whether you are familiar with the SAM renewal process or a newcomer to the process, things are about to change on June 29th.

Beginning June 29, 2018, two changes take place:

  • A new login process for SAM takes effect.  As a result of the new process, all users attempting to log in to SAM will be automatically be re-directed to create a Login.gov user account.  Your current SAM username and password will no longer work beginning on June 29th, and you will be unable to access your SAM account until you have created a Login.gov account.  (See “Creating a Login.gov Account” below.)
  • You’ll have more time to submit a notarized letter.  Businesses who create or update their registration in SAM also will no longer need to have an approved Entity Administrator notarized letter on file before their registration is activated or renewed.  Once your SAM account is activated, you’ll have 30 days to submit the notarized letter.  (See “Creating a Notarized Letter” below.)
Creating a Login.gov Account
In order to create a Login.gov account, you will need each of the following:
  1. The email address and password associated with your SAM account.
  2. Access to the same email account to receive all confirmation emails.
  3. A working telephone number through which you can receive the security code that will be sent to you from Login.gov.

Remember, once June 29, 2018 arrives, your SAM username and password will be deactivated, and you will no longer be able to access your SAM account with those credentials.

Creating a Notarized Letter

Each business must mail an original, signed notarized letter to GSA’s Federal Service Desk within thirty (30) days of their SAM activation or risk having their SAM registration deactivated.

Because of recent fraudulent activity associated with the SAM database, the General Services Administration (GSA) issued a rule in late March 2018 that requires all SAM registrants (“entities”) to provide an original, signed notarized letter identifying your company’s “authorized Entity Administrator.”   The notarized letter must follow a strict format.  GSA’s notarized letter template is available here: SAM_Notary_Letter_Template_4.12.18_GSA_version

Need help with any step of the SAM registration or renewal process?

Never fear!  The Georgia Tech Procurement Assistance Center (GTPAC) will provide you with help at no charge.  Simply contact the GTPAC counselor located nearest you; our staff directory is at: http://gtpac.org/team-directory.  (Businesses located outside the state of Georgia can obtain free help from their nearest procurement technical assistance center.  Consult the national contact list at: http://www.aptac-us.org/find-a-ptac.)

In instances where businesses have federal contract awards or contract payments pending, GTPAC — and the other PTACs across the country — can offer special assistance to expedite the processing of their notarized letters.  When contacting your PTAC counselor, be sure to let us know if you are facing either of those two circumstances.

Free help available to aid businesses with new SAM registration and renewal requirements

By

If your business needs assistance in either establishing or renewing your registration in the federal government’s vendor database known as the System for Award Management (SAM), you can get free help.

Whether you are seeking SAM registration for the first time or you need to accomplish your annual renewal in SAM, the Georgia Tech Procurement Assistance Center (GTPAC) will provide you with help at no charge.  (Businesses located outside the state of Georgia can obtain free help from their nearest procurement technical assistance center.  Consult the contact list at: http://www.aptac-us.org/find-a-ptac.)

New SAM Registration Requirements

There are new registration and renewal procedures that are now in place.  Because of recent fraudulent activity associated with the SAM database, the General Services Administration (GSA) issued a rule in late March 2018 that requires all registrants (“entities”) to provide an original, signed notarized letter identifying your company’s “authorized Entity Administrator.”   The notarized letter must be submitted and approved before your registration will be activated.

The notarized letter template is available here: SAM_Notary_Letter_Template_4.12.18_GSA_version

An update to the notarized letter rule was issued by GSA on June 11, 2018.  The update is in two parts:

  1. Effective June 11, 2018, entities who create or update their registration in SAM to apply only for federal assistance opportunities such as grants, loans, and other financial assistance programs  no longer need to have an approved Entity Administrator notarized letter on file before their registration is activated.  (Note that this does not include entities competing for federal contracts.)
  2. Effective June 29, 2018, all non-Federal entities who create or update their registration in SAM also will no longer need to have an approved Entity Administrator notarized letter on file before their registration is activated.  This rule includes businesses that are competing for, or that currently have, federal contracts.

It is important to note that all entities must mail the original, signed notarized letter to GSA’s Federal Service Desk within thirty (30) days of activation or risk having their SAM registration deactivated. 

New SAM Log-In Requirements Take Effect June 29, 2018
GSA is also implementing a new login process for SAM which takes effect on June 29, 2018.  As a result of the new process, all users attempting to log in to SAM on or after June 29, 2018 will be automatically directed to create a Login.gov user account.  Your current SAM username and password will no longer work beginning on June 29th, and you will be unable to access your SAM account until you have created a Login.gov account.
In order to create a Login.gov account, you will need each of the following:
  1. The email address and password associated with your SAM account.
  2. Access to the same email account to receive all confirmation emails.
  3. A working telephone number through which you can receive the security code that will be sent to you from Login.gov.

Remember, once June 29, 2018 arrives, your SAM username and password will be deactivated, and you will no longer be able to access your SAM account with those credentials.

Free Help Is Available!

As mentioned in the second paragraph of this article, GTPAC (or, if you’re located outside Georgia, your local PTAC) will help you with all aspects of the SAM registration and renewal processes.  Simply contact the GTPAC counselor located nearest you; our staff directory is at: http://gtpac.org/team-directory.

In instances where businesses have federal contract awards or contract payments pending, GTPAC and the other PTACs across the country can offer special assistance to expedite the processing of their notarized letters.  When contacting your PTAC counselor, be sure to let us know if you are facing either of those two circumstances.

Further Details

For more help with the SAM registration process, including how to protect your company’s interests, please read:

 

 

Faster detection, cleanup of network infections are goals of $12.8 million Georgia Tech project

By

Cybersecurity researchers at the Georgia Institute of Technology have been awarded a $12.8 million contract to develop fundamentally new techniques designed to dramatically accelerate the detection and remediation of infections in local and remote networks. Using novel machine learning techniques that take advantage of large datasets, the researchers will develop ways to detect network infections within 24 hours – before invaders can do serious damage.

The technical goal for the new system, dubbed “Gnomon,” is to detect changes in individual computer systems by analyzing suspicious network traffic that appears weeks or months before any evidence of malicious software – or malware – can be identified. As a proof-of-concept, the researchers will work with two major U.S. telecommunication companies and several petabytes of data in basic research aimed at detecting signals of malicious activity on their networks.

Funded by the Defense Advanced Research Projects Agency (DARPA), the four-year award is part of the agency’s Harnessing Autonomy for Countering Cyberadversary Systems (HACCS) program. Beyond rapid detection of infections, the project will also accelerate the cleanup after such infections, creating a clearer pathway in a process known as remediation.

“A compromise becomes a breach only if the original infection remains undetected long enough for the adversaries to do damage,” said Manos Antonakakis, an assistant professor in Georgia Tech’s School of Electrical and Computer Engineering and the project’s co-principal investigator. “If you look at the major breaches that have occurred, you see that the adversaries were in the systems for months. We want to identify them in a matter of hours to contain the infection before any real damage can be done.”

The new techniques to be developed will address the realization that network attacks cannot be completely blocked by existing defenses and malware-based detection systems. Dynamic intelligence will be a key feature of the system, with the intent of creating a continuously-updated dossier of every address in IPv4 space.

“Gnomon will search for illicit behavior in computer systems and network signals that indicate the start of an infection,” said Michael Farrell, chief strategist at the Georgia Tech Research Institute (GTRI), and the principal investigator on the program. “We’ll use our experience with taking down botnets – networks of infected computers – to accelerate the detection and remediation process. It’s imperative to evolve our view of the internetwork infrastructure at the same pace that the threat evolves.”

To protect millions of computers on the networks of the two companies, the researchers must find ways to identify troubling behavior on individual IP addresses without endangering the privacy of individuals. Among the signs of trouble are communications with network locations known to house malicious activity. Such communication is necessary for malicious groups to control computers that have been compromised, and to move data stolen from them.

“If you know where the infecting groups are located, you can very easily exclude most of the benign activities occurring on the network,” Antonakakis said. “We need to be able to identify what has changed in computers throughout the network, understand why the change has happened, and determine whether that change can be attributed to benign or malicious activity. This is a groundbreaking new approach to network security that will require tremendous computing power and infrastructure.”

Ever since the first viruses hit computers in the 1980s, cybersecurity has seen rapid evolution of detection and attack tactics. The success of Gnomon will likely drive adversaries to new attack techniques that may be more complex – and expensive – than existing activities. Making cyberattacks more costly to launch may reduce the profit from such activities, making them less attractive.

“If we can clean up our networks faster and more efficiently, that will increase the cost of the attack, making the adversaries work harder,” Antonakakis said. “If you raise the cost of an attack, the return on investment becomes smaller, while the risk of getting identified becomes higher. We would like to make the business of an attack so unprofitable and so risky for the adversaries that it will not make sense for them to conduct major operations in our networks.”

Success in developing new techniques with the first two telecommunication companies could open the door for scaling up Gnomon to other large networks in industry – and to U.S. government systems.

“Not only will deployment have an obvious benefit of improved hygiene for a significant portion of the U.S. internet infrastructure, but the public-private partnership will allow us to provide valuable feedback throughout the HACCS program on the sort of prototypes that will be necessary to have true business and mission impact in the real world,” Farrell said. “The goals are very ambitious, but if we’re successful, we’ll be able to close the gap between an infection and remediation.”

This program is the latest interdisciplinary research collaboration in cybersecurity at Georgia Tech, orchestrated by the Institute for Information Security & Privacy (IISP). In addition to the School of Electrical and Computer Engineering and GTRI, the project will include Professor Brian Kennedy from Georgia Tech’s School of Physics.

Attribution of malicious cyber activity is an established research thrust at Georgia Tech, and this new contract builds on the early success of another Department of Defense (DoD) sponsored program to enhance attribution. The “Rhamnousia” program is now a $25.3 million contract being led by the same research team of Farrell and Antonakakis.

This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under contract number HR001118C0057. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA).

Source: http://www.news.gatech.edu/2018/05/14/faster-detection-cleanup-network-infections-are-goals-128-million-project

70,000 contractors must get notarized letters in next 60 days to continue working for government

By

Up to 70,000 federal contractors are heading to their local notary to get that special stamp on a letter that’s destined for the General Services Administration to authenticate the vital details of their business, including who is the authorized “entity administrator associated with the DUNS number.”

These are the first details of the impact on vendors emerging from the latest case of fraud to affect GSA’s System for Award Management (SAM).

A GSA spokeswoman confirmed the agency already received 7,500 notarized letters.

“GSA is making internal business process improvements based on our analysis of the first set of letters received,” the spokeswoman said in an email to Federal News Radio. “We are continuously updating the instructions on SAM.gov to make it easier for entities to be in compliance. Additionally, we have posted templates on SAM.gov for entities to use when submitting their notarized letters.”

Keep reading this article at: https://federalnewsradio.com/reporters-notebook/2018/04/70000-contractors-must-get-notarized-letters-in-next-60-days-to-continue-working-for-government/

See GTPAC’s advice for surviving the compromise of the government’s vendor data base here: http://gtpac.org/2018/03/26/tips-for-surviving-compromise-of-governments-vendor-database/

SAM.gov renewals and updates will require notarized letter, effective April 27th

By

Effective April 27, 2018, all vendors who are renewing or updating their records in SAM.gov will need to comply with a new notarized letter requirement.

The General Services Administration (GSA) previously announced that because of suspicious fraudulent behavior involving vendor registrations in the SAM.gov database, it would begin requiring submittal of a notarized letter from new registrants.

With the latest announcement by GSA, the notarized letter requirement applies to all entities who are registered in the System for Award Management (SAM).  SAM is the federal government’s vendor database.  It also contains links to several other contract-related functions.

Here is the exact language of GSA’s announcement, dated April 4th: “Beginning on April 27, 2018, entities renewing or updating their registration will be required to submit an original, signed notarized letter confirming the authorized Entity Administrator associated with the DUNS number before the registration is activated.”

To assist vendors in this process, the Georgia Tech Procurement Assistance Center (GTPAC) has prepared a template.  The template is available here: SAM_Notary_Letter_Template_v1_GTPAC_03.23.2018

Update: GSA has prepared a template for preparation of the notarized letter.  The template is available here: SAM_Notary_Letter_Template_4.12.18_GSA_version

Georgia businesses who need assistance with this process should contact a GTPAC counselor for no-cost assistance.  A directory of our counselors appears at: http://gtpac.org/team-directory.

Businesses located outside the state of Georgia may obtain free help by contacting a Procurement Technical Assistance Center (PTAC) in their state.  A directory of PTACs is at: http://www.aptac-us.org/find-a-ptac.

 

Contracting News

Read More

Contracting Tips

Read More

GTPAC News

Read More

Georgia Tech News

Read More