GSA Partners With NIST to Address Login.gov Identity Authentication Issues

Sonny Hashmi, the commissioner of the Federal Acquisition Service at the General Services Administration, said the GSA is working with the National Institute of Standards and Technology to build a common set of controls for Login .gov that validate digital identities, noting the importance of the identity authentication platform to the digital transformation of federal agencies. 

Hashimi’s remark during a keynote at a Carahsoft event follows the release of a report from the GSA Office of the Inspector General revealing that the agency falsely claimed that Login .gov complies with a higher privacy protection level, Nextgov reported. 

According to the report, the GSA billed customer agencies over $10 million for Identity Assurance Level 2-compliant services, which the platform does not provide.

Compliance with IAL2 can be achieved using facial recognition but GSA refused to employ the technology, citing accuracy concerns. Hashimi said the GSA is already making progress in resolving the issue. NIST is currently making changes to its digital identity proofing standards and exploring new technologies that will allow entities to be IAL-2 compliant without using facial recognition.

According to Hashimi,  the GSA is also making other improvements to the authentication platform to make it usable for all Americans, including unhoused individuals and people without cell phones or credit histories.