A new report by the Government Accountability Office calls for new guidance on implementing alternative methods for knowledge-based verification to secure online applications for government benefits. The call comes amid concerns about the 2017 Equifax data breach that targeted personal data of people who applied online for benefits and services, GAO said in the report issued Friday.
In the same year, the National Institute of Standards and Technology issued a guidance restricting agencies from using knowledge-based verification. However, some agencies raised concerns in implementing alternative methods due to problems with high costs, convenience and technological maturity.
“NIST's guidance does not provide direction to agencies on how to successfully implement alternative identity-proofing methods with currently available technologies for all segments of the public,” GAO said. The watchdog report suggests that NIST update its guidance and assist agencies to adopt new and secure remote identity proofing processes.
The agencies covered by the guidance are the General Services Administration, the Internal Revenue Service, Department of Veterans Affairs, U.S. Postal Service, the Centers for Medicare and Medicaid Services and the Social Security Administration. GAO said the agencies should also develop plans to strengthen identity proofing to better secure online applications. NIST, SSA, USPS and VA agreed with GAO's recommendations, while CMS refused to follow the watchdog report.