Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
General Services Administration
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
====Login.gov Digital Identity Standards controversy==== In April 2022, the Office of Inspector General (OIG), Office of Inspections, initiated an evaluation of the GSA's [[Login.gov]] services.<ref>{{Cite web|url=https://www.gsaig.gov/content/gsa-misled-customers-logingovs-compliance-digital-identity-standards|title=GSA Misled Customers on Login.gov's Compliance with Digital Identity Standards | GSA Office of Inspector General|website=www.gsaig.gov}}</ref> OIG initiated this evaluation based on a notification received from GSA's Office of General Counsel identifying potential misconduct within Login.gov, a component of GSA's Technology Transformation Services (TTS) under the Federal Acquisition Service (FAS). OIG's evaluation found that GSA misled their customer agencies when GSA failed to communicate Login.gov's known noncompliance with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3, Digital Identity Guidelines.<ref>{{Cite web |date=2023-03-07 |title=GSA Misled Customers on Login.gov's Compliance with Digital Identity Standards |url=https://www.gsaig.gov/sites/default/files/ipa-reports/GSA%20Misled%20Customers%20on%20Login.gov%27s%20Compliance%20with%20Digital%20Identity%20Standards%20%28JE23-003%29_Redacted.pdf |access-date=2024-09-24 |website=GSAIG}}</ref> Notwithstanding GSA officials' assertions that Login.gov met SP 800-63-3 Identity Assurance Level 2 (IAL2) requirements, Login.gov has never included a physical or biometric comparison for its customer agencies. Further, GSA continued to mislead customer agencies even after GSA suspended efforts to meet SP 800-63-3. GSA knowingly billed IAL2 customer agencies over $10 million for services, including alleged IAL2 services that did not meet IAL2 standards. Furthermore, GSA used misleading language to secure additional funds for Login.gov. Finally, the GSA lacked adequate controls over the Login.gov program and allowed it to operate under a hands-off culture. OIG found that because of its failure to exercise management oversight and internal controls over Login.gov, FAS shares responsibility for the misrepresentations to GSA's customers. In response to OIG's report, GSA management agreed with the findings and recommendations.{{citation needed|date=March 2025}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)