The General Services Administration’s (GSA) technology group was tasked with creating Login.gov, a service that federal agencies would use to create accounts permitting restricted access to government websites detailing personal or sensitive information. The service was required under the National Institute for Standards and Technology (NIST), and included offering a hacker- and impersonator-resistant option for agencies dealing with the most sensitive data, which would conform to a NIST standard called Identity Assurance Level 2 (IAL2).
GSA earned $187 million off the service after telling a government funding board that its solution met NIST’s exacting standards, and $10 million more from agencies who purchased the highest-security solution from GSA on the basis of its representations.
But GSA knew that its system was anything but compliant with IAL2, because it disregarded one of its most important security features: Using biometrics such as facial recognition, eye scans, or fingerprints to prove those seeking access to sensitive data were who they claimed to be.
Join the conversation as a VIP Member