GAO called on GSA to demonstrate that it has fully implemented its data protection policy to test data backups. Image: tsingha25/Shutterstock.com
The GSA has made improvements in data protection features of its Login,gov service but still has not fully put in place policies and procedures for testing the integrity of its backup data, a GAO report has said.
GAO said that despite a push for other agencies to adopt login.gov for verifying identity and fraud prevention in online services they provide to the public, for most of the 2020-2023 period it offered “fewer capabilities compared to commercial solutions (e.g. biometrics). For example, Login.gov did not provide identity proofing services in alignment with the National Institute of Standards and Technology’s standards until October 2024.”
One result was that over that time, agencies spent some $209 million on commercial services, more than six times what they spent for Login.gov services. Of the 24 Cabinet departments and largest independent agencies, three used only third-party providers and six others used Login.gov only in conjunction with such providers.
Although not mentioned in the GAO report, a 2023 report from the inspector general’s office at GSA found that the agency had intentionally “misled” other agencies about the user authentication capabilities on Login.gov and “knowingly” billed them as if the site met standards that it did not meet.
Currently, although login.gov has implemented four of five key privacy practices, it has not fully implemented those for testing the integrity of its backup data, said the report. “According to GSA, the control was not fully documented and implemented because Login.gov’s security engineering team was not fully staffed until January 2024. At the conclusion of our review, GSA provided its updated policy for testing Login.gov’s backup data.
“However, it is not yet evident that the policy has been fully implemented or if it is achieving the intended results. Until GSA demonstrates that it has fully implemented its data protection policy to test data backups, Login.gov officials will have less assurance that they are consistently and effectively ensuring the integrity and availability of its data,” it said.
The GSA agreed with a recommendation to fully implement the policy to test its data backups.
Key Bills Advancing, but No Path to Avoid Shutdown Apparent
TSP Adds Detail to Upcoming Roth Conversion Feature
White House to Issue Rules on RIF, Disciplinary Policy Changes
DoD Announces Civilian Volunteer Detail in Support of Immigration Enforcement
See also,
How Do Age and Years of Service Impact My Federal Retirement
The Best Ages for Federal Employees to Retire
How to Challenge a Federal Reduction in Force (RIF) in 2025
Should I be Shooting for a $1M TSP Balance? Depends…