Home / News / GAO: Feds Need New Guidance to Protect Online Applications

GAO: Feds Need New Guidance to Protect Online Applications

Jeff Brody

A new report by the Government Accountability Office calls for new guidance on implementing alternative methods for knowledge-based verification to secure online applications for government benefits. The call comes amid concerns about the 2017 Equifax data breach that targeted personal data of people who applied online for benefits and services, GAO said in the report issued Friday.

In the same year, the National Institute of Standards and Technology issued a guidance restricting agencies from using knowledge-based verification. However, some agencies raised concerns in implementing alternative methods due to problems with high costs, convenience and technological maturity.

“NIST's guidance does not provide direction to agencies on how to successfully implement alternative identity-proofing methods with currently available technologies for all segments of the public,” GAO said. The watchdog report suggests that NIST update its guidance and assist agencies to adopt new and secure remote identity proofing processes.

The agencies covered by the guidance are the General Services Administration, the Internal Revenue Service, Department of Veterans Affairs, U.S. Postal Service, the Centers for Medicare and Medicaid Services and the Social Security Administration. GAO said the agencies should also develop plans to strengthen identity proofing to better secure online applications. NIST, SSA, USPS and VA agreed with GAO's recommendations, while CMS refused to follow the watchdog report.

Check Also

Air Force Revising Medical Treatment Model for Active, Non-Active Duty Airmen

The U.S. Air Force is reforming its health care model to establish separate treatment operations for active and non-active duty servicemen, Federal News Network reported Monday. Lt. Gen. Dorothy Hogg, surgeon general for the Air Force, told the publication that the new model for preventative and personalized health care is aimed at clearly defining responsibilities under the military branch’s missions for medical readiness.