Hundreds, if not thousands, of government contractors are hopeful that starting June 29 the System for Award Management (SAM) finally will be fixed.
That’s the day the General Services Administration said the SAM.gov portal will implement a new way for vendors to log in, change their information, renew their entries or enter data for the first time. It also will reduce the nearly three month requirement to send notarized paper letters to make changes or apply for registration.
Insight by Carahsoft: Learn how the FedRAMP PMO and its partners believe the end result of many of ongoing initiatives is a better, faster and cheaper cloud security program by downloading this exclusive ebook.
GSA said June 11 that it will use the Login.gov services to activate their registration. The agency said vendors still will have to submit a notarized letter within 30 days, but the document is not required to get started.
This is good news for more than 11,000 — 942 new vendors and 10,547 existing vendors as of about 30 days — currently going through the process ago to renew or sign up on SAM.gov as well as the unknown number stuck in the backlog created since March. That was when GSA told users that some contractors were victims of fraud through the SAM.gov portal for a second time in five years.
GSA started requiring notarized letters after it found a third-party changed the financial information of “a limited number” of contractors registered on SAM.gov and redirected payment for services or products to incorrect bank accounts. GSA sources say today it takes three to four weeks to get a notarized letter through the current process while, at least, one vendor says that number is closer to 40 days on average.
“GSA has been faster this week as we have had a couple more get through the process than normal, but that doesn’t have to do with login change,” said Christie Jackson, a lead case manager for US Federal Contractor Registration. It provides services to help vendors get through federal procurement registration processes like SAM.gov or the SBA 8(a) program. “They are getting more pressure to get them through before this big flip.”
A GSA spokeswoman said the agency is actively processing new entity registrations and annual renewals every day.
“GSA posted step-by-step instructions for domestic and international entities for easy reference. The introduction and use of notarized letter templates has increased the acceptance rate and is the recommended process,” the spokeswoman said. “GSA’s Integrated Award Environment (IAE) is rapidly deploying SAM system enhancements to mitigate against the identified fraud threats. Our focus has been to reduce the registration processing time for those entities who are registering solely to seek federal assistance.”
Jackson said since March the entire SAM.gov registration process has been in chaos.
She said the average wait time to get through to the Federal Service Desk—the SAM.gov help desk—by phone or online chat has been two-to-four hours. Additionally, she has several clients who have lost thousands of dollars and wasted dozens of hours trying to update or renew their registration.
“I have a live chat open — that started at 1 p.m. and it says the average wait time is two hours and three minutes so we are now pushing four hours right now,” Jackson, who has worked for the company for seven years, said on Wednesday. “And when you do get through, their favorite answer is ‘we don’t know.’”
Jackson said the backlog and wait times caused by the fraud incident is having real world effects on US Federal Contractor Registration clients.
“I had one recently bought property that was part of a building GSA was leasing and he couldn’t get rent payment for two months and burned through his savings to keep everything afloat while waiting for the rent payment,” she said. “We ended up sending three letters before approved.”
Jackson said before the fraud incident, US Federal Contractor Registration could change a point of contact or an address almost automatically and nothing would take more than a day or two at most. Additionally, she said she used to process more than 100 registrations or changes a week, but in the last month she got 25 registrations approved by GSA.
“We’ve tried to talk to GSA but they don’t give us much,” Jackson said. “We were telling our clients to send a letter to their senators as a way to add some pressure from another side.”
This will be the second major implementation for Login.gov after GSA implemented it for the USAJobs.gov site in February. The GSA spokeswoman said the implementation to SAM.gov will be similar to the USAJobs.gov effort.
“Login.gov leverages the cloud to scale up our infrastructure as needed. During the USAJobs.gov launch, login.gov monitored performance and did not see any issues serving the increased traffic. As we do with every major launch, we made minor enhancements to increase the usability for specific user groups. Post launch, we continued to iterate by making other enhancements to better the experience for the USAJobs.gov population,” the GSA spokeswoman said. “As with every Login.gov integration, we will coordinate closely with the SAM.gov team before, during, and after the launch to continue to increase security, usability and privacy for the SAM.gov users.”
Christoph Mlinarchik, the owner of Christoph LLC, federal contracting consultancy, said the move to multi-factor authentication is a great first step and one that should’ve been in place years ago and would’ve prevented the fraudulent activity in the first place.
“This incident is a vivid reminder that the federal government desperately needs to invest more in cybersecurity and information technology. Hacking and cybercrime is a trillion-dollar racket, and it has national security implications for the critical contractors in the intelligence, security, and defense supply chain,” he said. “There’s a digital war going on and some don’t understand they’re in it. Many contractors don’t realize they’re a target and a liability if they don’t have adequate cybersecurity protocols. America can lose a battle without firing a shot if adversaries steal vital technology or trade secrets, and contractors are prime targets.”
“We created a Login.gov account. I’m not sure it’s going to be easier as you need to get a security key, get a confirmation email and then a phone text with a six-digit code. And it has to be used in 10 minutes, which makes it difficult when you are trying to serve customers,” she said. “With SAM.gov now, we can send a link and the client has 48 hours to activate it. And even with that link, some of them can’t figure it out. This will be a lot more difficult. I understand why they are doing it, but wiping out every log in to SAM.gov is not going to make it faster.”
The good news is getting rid of the requirement for notarized letters will address the immediate need of most vendors. Additionally, there has been little to no public complaints about how Login.gov has worked with USAJobs.gov, which bodes well for SAM.gov.
The real test for both SAM.gov and Login.gov will come over the next six weeks if the site and service can handle the incoming use and not crash.