Connect.gov a likely benefactor of mandated use
President Obama signed a budget bill with an amendment that mandates federal agencies deploy a trusted ID platform for citizens to access information.
The General Services Administration is assigned the task of: “implementing a single sign-on trusted identity platform for individuals accessing each public website of the agency that requires user authentication.” As stated, the platform must use multi-factor authentication for access and the GSA has one year to put the system in place.
This is a big job on a short deadline but the GSA isn’t necessary starting from scratch. Connect.Gov is designed to solve this problem for agencies, but the launch has been slow. Agencies were already supposed to be rolling out applications that consumed credentials that citizens already have, but few if any are in place.
Via Connect.Gov, someone with a Yahoo credential, for example, would be able to use it to access information on a government site. If the individual wanted to make a secure transaction they could be asked to step up their identity through a knowledge-based quiz or other method.
Connect.Gov has been quiet for the past few months. The program manager for the project at the GSA recently departed, and information on projects with agencies is scant. Earlier in the year officials said that applications using Connect.Gov were expected to be in place before the end of 2015.
Regardless, what Connect.Gov aims to do and what the budget bill wants is not an easy task. Federal agencies all have different IT infrastructures and trying to have one unifying identity system underlying it all will require considerable time and money.
There are also cultural issues among agencies that may make the deployment difficult as was seen with the acceptance of PIV smart card credentials. Even though the PIV was required for years many agencies refused to deploy systems to consume the credentials. That has seen a bit of turnaround this year with the devastating Office of Personnel and Management breach and the subsequent “cyber sprint” for acceptance.
But these cultural issues are likely to pop up again with this ID management system. Getting agency CIOs to give up control may be a tough battle.