New SAM Security Measures Coming Soon!

The Hawaii PTAC follows the latest updates in Federal Procurement.  Register your Hawaii business for our free services at www.hiptac.org

By Aaron Boyd,
Senior Editor, Nextgov

New capabilities being added in May to beta.SAM.gov—the General Services Administration’s consolidated procurement website—will come with new, stringent security protocols requiring certain users to verify their accounts are connected to real-world people.

On May 24, the entity registration functions of SAM.gov will be moved over to beta.SAM.govand the latter will lose the “beta” and become the one and only SAM.gov. At that time, GSA plans to institute new security measures for entity registration—voluntary at first but mandatory come October.

As GSA consolidates all of its procurement tools into a single site, the agency has been incorporating Login.gov as the single sign-on for all of these capabilities. When the System for Award Management, or SAM, registration functions are ported over, the system will take advantage of Login’s identity proofing capability for an added layer of security.

The identity proofing—verifying that an online account is connected to a specific, real person—will be for users who manage organizations’ SAM registration, which includes the unique identifier used to reference entities receiving federal contracts and grants and all the identifiable information about that organization.

“Your entity registration contains sensitive data that, if exposed, could cause harm or damage to your entity,” GSA officials wrote in a post on Interact, the agency’s outreach site. “Verifying the identity of entity administrators helps everyone ensure that entity data remains in the right hands.”

The new security measures will only apply to entity administrators who have admin access to their organization’s SAM registration. General users of current beta.SAM tools will still be able to access those through standard Login.gov security.

To start, identity proofing will include collecting a user’s Social Security number, a verifiable phone number and an image of their driver’s license—or other state-issued ID.

 

%d bloggers like this: