About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (May 4, 2023)

handle is hein.crs/govelmv0001 and id is 1 raw text is: Congressional Research Service informing the legislative debate since 1914 0 May 4, 2023 Login.gov: Administration and Identity Authentication In recent years, Congress and the executive branch have worked to digitize and streamline processes where members of the public interact with the federal government. In 2015, Congress required the General Services Administration (GSA) to develop and implement a single sign-on trusted identity platform for individuals accessing public agency websites (6 U.S.C. §1523(b)(1)(D)). As a result, GSA partnered with the United States Digital Services, a component of the White House Office of Management and Budget (OMB), to create Login.gov. In an August 22, 2017, announcement, GSA described Login.gov as a single sign-on solution for government websites that will enable citizens to access public services across agencies with the same username and password. Further, Login.gov aims to allow users to securely sign in to participating government websites and securely verify their identity. Login.gov provides shared authentication and identity verification services for multiple federal organizations and is subject to implementation guidance from OMB and the National Institute of Standards and Technology (NIST). At the end of FY2022, GSA reported that Login.gov had 41 million active users. However, questions remain regarding the ability of Login.gov to support shared services across agencies and state and local governments, the security of Login.gov's identity authentication, and oversight of GSA's implementation of the program. The following provides an overview of the management and funding mechanisms behind Login.gov, information on OMB and NIST requirements on conducting identity proofing and digital authentication, and information on Login.gov's adoption by federal and intergovernmental programs. Management and Funding of Login.gov GSA's Technology Transformation Services (TTS), a component of the Federal Acquisition Service (FAS), manages Login.gov. An overarching goal of FAS is to use the federal government's purchasing power to decrease duplication across agencies. TTS focuses on how agencies procure, use, and share information technology. The operations for TTS are funded via appropriations, reimbursable work, the Acquisition Services Fund (authorized by 40 U.S.C. §321), and agency contributions to the Federal Citizen Services Fund (authorized by 40 U.S.C. §323). Login gov as a Shared Service Login.gov operates as a shared service, which is a business function that is provided for consumption by multiple organizations within or between federal agencies. GSA states that the goal of shared services is to promote standardization, reduce costs, and increase customer satisfaction. OMB Memorandum M-16-11, Improving Administrative Functions Through Shared Services, created a shared services governance model for executive branch agencies and made GSA's Office of Unified Shared Services Management responsible for providing implementation direction and guidance to shared service providers. In the case of Login.gov, GSA executed 22 interagency agreements (IAAs) between 2018 and 2021, whereby GSA provides authentication services and agencies reimburse GSA for the services rendered. IAAs provide the terms, conditions, funding, and billing information under which GSA provides Login.gov services to other federal agencies. Technology Modernization Fund (TMF) In addition to GSA funding and agency reimbursements, Login.gov has also received over $187 million from the Technology Modernization Fund (TMF). The TMF awards federal agencies funds for IT modernization projects. Agencies submit project proposals for the TMF board to review and consider for funding. The board has used TMF funding in the American Rescue Plan Act of 2021 (P.L. 117-2) to prioritize modernizing high priority systems, cybersecurity, public-facing digital services, and cross- government collaboration services. IdenityProoingandDigital For Login.gov, OMB Memorandum M-19-17, Enabling Mission Delivery through Improved Identity, Credential, and Access requires agencies to comply with NIST guidance on identity proofing and digital authentication protocols. Further, Memorandum M-19-17 directs agencies to share proofing confirmations across agencies in order to reduce public burden for having to resubmit identity data. Guidance on these topics is contained in NIST Special Publication SP 800-63-3, Digital Identity Guidelines. NIST explains, Identity proofing establishes that a subject is who they claim to be. Digital authentication establishes that a subject attempting to access a digital service is in control of one or more valid authenticators associated with that subject's digital identity (NIST SP 800-63-3, p. iv). NIST guidance requires agencies to select the appropriate levels of identity proofing and digital authentication based on risks to the individual of unauthorized disclosure of their information. GSA, in providing Login.gov, offers agencies a product that conforms to certain NIST digital identity components. These components include an Identity Assurance Level (IAL), referring to the identity proofing process, and an Authenticator Assurance Level (AAL), referring to the authentication process.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most