New Security Changes for GSA

New Security Changes for GSA

Sunday evening GSA systems sent out a notification to all schedule holders that GSA systems have updated security for logins and that all GSA Contract vendors are required to reset their passwords before they will have access to GSA systems again. (more…)

National security system

National security system means any telecommunications or information
system operated by the United States Government, the function,
operation, or use of which–
    (1) Involves intelligence activities;
    (2) Involves cryptologic activities
related to national security;
    (3) Involves command and control of
military forces;
    (4) Involves equipment that is an
integral part of a weapon or weapons system; or
    (5) Is critical to the direct
fulfillment of military or intelligence missions. This does not include
a system that is to be used for routine administrative and business
applications, such as payroll, finance, logistics, and personnel
management applications.

Information Security

Protecting information and information systems from unauthorized
access, use, disclosure, disruption, modification, or destruction in
order to provide:
    (1) Integrity, which means guarding
against improper information modification or destruction, and includes
ensuring information nonrepudiation and authenticity;    
(3) Availability, which means ensuring timely and reliable access to,
and use of, information.

SAM Security Vulnerability

SAM Security Vulnerability

It was recent identified that the System for Award Management (SAM) has a security vulnerability.  ACTIONS MAY BE NEEDED, KEEP READING

GSA stated “registered SAM users with entity administrator rights and delegated entity registration rights had the ability to view any entity’s registration information, including both public and non-public data at all sensitivity levels.”

Names, taxpayer identification numbers (TINs), marketing partner information numbers and bank account information for about 183,000 individuals.

Although Identity theft is usually associated to individuals, it can also target companies.  There is a GSA bulletin that mentions the software problem was discovered on March 8, 2013.  It was fixed two days later and GSA explains it is  doing a “full security review” of the system.  Currently, there is no information on that bulletin how long the vulnerability existed or why there was a gap of days between fixing the problem and notifying users. (more…)

Pin It on Pinterest