Privacy Statement

Privacy Statement
"For Official Use" Warning

This is a U.S. General Services Administration Federal Government computer system that is "FOR OFFICIAL USE ONLY." This system is subject to monitoring. Individuals found performing unauthorized activities are subject to disciplinary action including criminal prosecution.

 System Definition

For purposes of this Privacy Statement, the term "system" is defined as all computer applications provided by the Federal Acquisition Service (FAS) that are accessed through the URL  These applications are collectively known as "AAS Business Systems" or AASBS.

Privacy and Security Policy

1. Use of Cookies

AASBS uses cookies to temporarily record the last page you visited within your system session.

This data is used to:

  • Enhance your navigation through the system.
  • Return you to your most recent view of the orders after editing system documents.
  • Provide system administrators with the opportunity, at some point in the future, to design enhancements and to plan system upgrades based on the actual, observed usage patterns of system features. Cookies, like any other method that reveals how an application is actually used by the people who use it, are put to their best use in identifying where an application succeeds and fails, with the ultimate goal of providing a more personal, useful application.

2. What is a cookie?

A cookie is a small piece of information that is sent to your browser -- along with a Web page -- when you access a Web site. Your browser will only return this cookie information to the Internet site where the cookie originated (in this case, No other site can request it. All cookies have an expiration date and time, after which the browser stops sending the cookie. The cookies used by AASBS expire upon system logout and closure of all browser instances of the same type (Internet Explorer 8.0 or higher is recommended) as that used to access AASBS. 

3. Personalization

AAS Business Systems users must “register” in order to effectively use the application. If you provide personally identifying information when registering to use an AASBS application, then that information is only used to deliver specific content to you. The information is never shared with any third party.

We want to make it clear that we will not obtain personally identifying information about you when you visit our site, unless you choose to provide such information to us. Except for authorized law enforcement investigations, or as otherwise required by law, we do not share any information we receive with any outside parties.

4. Security

For site security purposes and to ensure that this service remains available to all users, GSA web servers employ industry-standard methods to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Unauthorized attempts to upload information or change information on GSA servers are strictly prohibited and may be punishable by law, including the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

In the specific context of this security monitoring, there is no expectation of privacy. However, only in the case of actual law enforcement investigations, will we attempt to identify individual users or their usage habits.

If you have any questions about these policies, contact us.

Rules of Behavior

1. Introduction

The following rules of behavior are to be followed by all users of AAS Business Systems. The rules delineate responsibilities of and expectations for all individuals with AASBS user accounts. Non-compliance of these rules may result in denial of access to the system or other action commensurate with the non-compliance activity.

2. Responsibilities

The AAS Business Systems Project Manager, FAS OCIO, is responsible for ensuring an adequate level of protection is afforded to AAS Business Systems, through an appropriate mix of technical, administrative, and managerial controls. The system administrator is responsible for conducting vulnerability analyses to determine if security controls are adequate.

3. Access Rules

a) Account registration:

AAS Business Systems accommodates three distinctly different user communities. The registration and approval process is unique to each type of user as follows:

  • Government clients: registration for IT Solutions Shop (ITSS) and the Governmentwide Acquisition Contracts (GWACs) Management Module (GWAC MM) is performed online by selecting the appropriate option from the "Registration" menu.
  • Contractors/Vendors/Industry Partners: registration is performed online by selecting the desired option from the "Registration" menu. Separate registration is required for ITSS/GWAC MM and the Tracking and Ordering System (TOS). 
  • GSA employees: the Registration Desk, as requested by GSA regional points of contact, performs the ITSS/GWAC MM registration. GSA employee registration for TOS is performed when requested by FEDSIM.  GSA employee registration approval and access levels for AAS Business Systems are granted after validation in the GSA Name and Address database.

Government clients and GSA employees can be Federal employees, Military members, or contractors working on behalf of an agency.

b) Logging on to AAS Business Systems.

Users that have successfully completed the registration process and have been validated by the Registration Desk will receive a unique User Identification/Account name and password. Access to AAS Business Systems is granted based on authenticating the account name and password entered by the user.

After five invalid log-on attempts, ITSS will redirect the user to an “Account Locked” page.

GSA employees can also log-on to AAS Business Systems using their GSA Active Directory user identification/account name and password.

GSA employees that have been issued a Personal Identity Verification (PIV) card will automatically be logged into AAS Business Systems when accessing the AASBS URL from a GSA-issued computer over the GSA computer network with the card inserted.  This automatic log-on is referred to in this Privacy Statement as "single sign-on" (SSO).

c) Information Accessibility

AASBS restricts access to certain information based on the type of user. Read-only and read-write access is restricted to the minimum necessary to perform the job, and is given as appropriate for the type of user and document.

4. Application Rules

a) Passwords to AASBS (not GSA Active Directory credentials)

  • Must be changed at least every 90 days.
  • Must be a minimum of 8 characters and contain at least one number, one letter, and one special character.
  • Passwords are encrypted for storage in the system; there is no ability to look up users' passwords.
  • Account holders must protect their passwords and not share them with co-workers.

b) Account Removal

  • Clients and Industry Partners are responsible for notifying AASBS when an employee has left an agency/company so the account can be deleted or reassigned.
  • GSA employee accounts are deactivated or reassigned on a case-by-case basis at the request of the responsible organization/region.
  • Accounts may be automatically disabled due to expired passwords.

c) Security

  • AASBS employs the industry standard Secure Socket Layer protocol, which encrypts data transmitted between the server and the client browser to provide maximum protection of information.

d) Session Time Out

  • In order to prevent inappropriate viewing of any material displayed on your screen, AASBS will automatically time out your session after 20 minutes of inactivity. After 15 minutes of inactivity, AASBS will display a warning prompt. You will have the option to either continue your session, ignore and close the warning prompt, or log-out of AASBS immediately.
  • GSA employees that are logged on via SSO will be automatically timed-out from a session after nine hours of inactivity.

5. Individual Accountability and Privacy

  • Activities while using AAS Business Systems are traceable to an individual account name.
  • AASBS is a U.S. General Services Administration Federal Government computer system that is "FOR OFFICIAL USE ONLY." This system is subject to monitoring. Individuals found performing unauthorized activities are subject to disciplinary action including criminal prosecution.