GAO had been asked to perform the assessment in 2022 in light of an inspector general report finding that the GSA had “misled” other agencies about the user authentication capabilities of login.gov. Image: tsingha25/Shutterstock.com
By: FEDweek StaffFederal agencies that are using GSA’s login.gov portal for verifying the identity of members of the public accessing online accounts with them have experienced a mix of benefits and challenges, the GAO has said.
GAO had been asked to perform the assessment in 2022 in light of an inspector general report finding that the GSA had “misled” other agencies about the user authentication capabilities of login.gov and “knowingly” billed them as if the site met standards that it did not meet. That report found that over a three-year period through mid-2021, for example, 18 of the 22 contracts with other agencies stated that the service met or was consistent with those standards from National Institute of Standards and Technology when in fact it wasn’t.
Officials of customer agencies had told the IG that the lack of compliance created a greater risk of fraud against their programs and left them vulnerable to being held responsible for allowing improper access.
In its assessment, the GAO said that the GSA “not yet fully addressed” those standards, saying a test of remote identity proofing is still ongoing with no projected completion date. It further found that of the 24 Cabinet departments and largest independent agencies, 21 are now using login.gov, although six also use third-party services. Of the total, 16 reported improved operations, 11 reported enhanced users’ experiences, and seven reported reduced costs vs. other identity verification services.
However, 12 raised issues related to lack of compliance with the NIST standards, for example concern about security risks to agency systems if hackers gained access to them and the need to perform additional security reviews to assess their level of risk. Nine identified technical issues such as “not having visibility into authentications, high failure rates, and lack of fraud controls,” and eight cited cost issues, including that they were “not able to get a multi-year pricing plan from login.gov, which they were able to get from other identity proofing vendors.”
The report said the GSA agreed with recommendations to address NIST digital identity guidance, technical issues raised by user agencies, and lessons learned from its ongoing pilot.
Key Bills Advancing, but No Path to Avoid Shutdown Apparent
TSP Adds Detail to Upcoming Roth Conversion Feature
White House to Issue Rules on RIF, Disciplinary Policy Changes
DoD Announces Civilian Volunteer Detail in Support of Immigration Enforcement
See also,
How Do Age and Years of Service Impact My Federal Retirement
The Best Ages for Federal Employees to Retire
How to Challenge a Federal Reduction in Force (RIF) in 2025
Should I be Shooting for a $1M TSP Balance? Depends…
