A GAO audit found persistent technical issues with Login.gov despite some compliance improvements. Many federal agencies reported challenges related to visibility into authentications, high failure rates during account setup, and inadequate fraud controls. GSA announced compliance with NIST IAL2 standards but still needs to address ongoing technical difficulties and accessibility concerns.
A recent audit by the Government Accountability Office (GAO) highlighted ongoing technical challenges associated with Login.gov, an identity proofing service managed by the General Services Administration (GSA). While the majority of 24 federal agency Chief Financial Officers noted benefits from using Login.gov, they also indicated persistent technical issues, showing a need for improvement in the system’s reliability and compliance with industry standards.
Although GSA addressed concerns regarding compliance with National Institute of Standards and Technology (NIST) IAL2 standards, the GAO reported that several unresolved technical challenges persist. Agencies have encountered non-compliance issues and problems with the platform’s functionality, which needs to be rectified to ensure effective identity verification across federal services.
Login.gov operates by collecting personally identifiable information (PII) to create user accounts for federal agency access. It utilizes various security measures, such as multi-factor authentication, to protect this data. Despite these protections, multiple agencies reported difficulties, including high failure rates during account setup and inadequate visibility into authentication processes.
Specific challenges were reported by agencies such as the Department of Labor, which emphasized the necessity for real-time application authentication visibility to detect potential security threats and system performance problems. Moreover, the Small Business Administration found users experienced significant issues during the account creation phase, affecting overall user experience and access to services.
GAO found that although GSA is engaged in communications to resolve these issues, it has not provided firm timelines or solutions. The Social Security Administration, among other agencies, is collaborating with GSA to enhance fraud controls, while USAID noted limitations related to SMS authentication for employees abroad. A lack of support for certain international phone numbers remains a challenge, with no immediate plans for resolution from GSA.
The Department of Veterans Affairs mentioned that as of June, Login.gov failed to comply with the Rehabilitation Act of 1973 regarding accessibility, highlighting the need to ensure that all electronic technologies are available to individuals with disabilities. Furthermore, 15 federal agencies did not respond to the GAO’s recommendations in its draft report, indicating mixed engagement in addressing these concerns.
The GAO’s audit illustrates significant technical issues with Login.gov despite some improvements in compliance with standards. Key agencies face challenges with authentication visibility, user account accessibility, and compliance with accessibility laws. Continuous collaboration between GSA and federal agencies is essential for enhancing Login.gov’s functionality and addressing these pressing issues.
Original Source: www.biometricupdate.com
