GAO sees e-Authentication challenges

"Electronic Government: Planned e-Authentication Gateway Faces Formidable Development Challenges"

Challenges facing the e-Authentication gateway may make it difficult to accomplish the goals of the initiative, General Accounting Office officials said.

The General Services Administration has not established authentication profiles for the 24 e-government initiatives and plans to speed up the acquisition process, which increases the risk the gateway will not work as intended, according to a GAO report released today.

The e-Authentication gateway to provide a consolidated electronic authentication service for e-government initiatives was supposed to go live last month, but the deadline was pushed to March 2004. GSA now plans to accelerate the acquisition process for the gateway by awarding a contract in December for the March 2004 delivery, GAO officials said. The hastened schedule will be a challenge, the report said.

"The modest progress achieved to date calls into question the likelihood that the project can successfully field an operational gateway, even within the revised schedule," the report stated.

The report identified four problems facing the project. According to GAO, GSA has not:

-- Completed comprehensive policies and guidance for interoperability among authentication systems, making it hard to decide which technologies to use.

-- Defined user requirements. As of August 2003, assessments had been conducted on just half of the initiatives to determine their authentication needs.

-- Determined technical standards for interoperability.

-- Created an investment strategy to support full-scale development.

The GAO recommended GSA revise the schedule for deploying a fully-operational version of the gateway based on realistic milestones. The GAO also suggested that GSA:

-- Ensure that a framework of authentication policies is developed and implemented.

-- Establish a process to complete risk assessments for the initiatives that requires authentication services.

-- Define key technical interfaces for interoperability.

-- Define specific funding from agencies.

-- Establish security and privacy policies for the gateway.

In a letter responding to the report, GSA Administrator Stephen Perry said his agency has made progress on the initiative.

"For example, policies, frameworks, processes and procedures are under development simultaneously with system development and are at a more mature level than depicted in the draft report," he wrote.

The gateway was operational as of June 2003, providing authentication services to five Social Security Administration applications, Perry said. It is ready to be used with the Homeland Security Department's disaster management initiative, he added.

"GSA is pleased with this progress but realizes there is a long way to go to achieve the vision that the President's Management Council approved for this initiative," he wrote.

Prior to the GAO report's public release, Rep. Tom Davis (R-Va.) this week told the GSA he wants an explanation of delays in the e-Authentication project.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.