SSA has gaps in e-authentication of identities, auditors say
While more individuals apply online for benefits, OIG finds gaps in managing identity risks
- By Alice Lipowicz
- Oct 19, 2011
While managing electronic identities is becoming more important to the Social Security Administration as more retirees apply for benefits online, the SSA is falling short in meeting federal procedures for e-authentication, according to a new federal audit report.
The audit found significant gaps in the procedures used to validate identities in the SSA’s 22 citizen-to-government applications.
“We determined that none of the 22 citizen-to-government Internet applications were validated as required by federal guidelines,” Patrick O’Carroll Jr., inspector general, wrote in the Oct. 14 report.
SSA narrowly missed target for online applications in fiscal 2010
Many US voter identities don't match SSA data
Some of those applications are used for individuals to apply for benefits online, which is happening more and more often. One of the SSA’s stated mission goals is for 50 percent of retirees to apply for benefits online by the end of fiscal 2012.
Auditors found lack of proof that risk assessments were performed, shortcomings in methods for proving identities and gaps in oversight of the e-authentication processes.
“While certain aspects of SSA’s e-authentication process are generally consistent with Federal guidelines, some areas require improvement,” O’Carroll wrote.
The inspector general made six recommendations for improvement, and SSA officials agreed with all of them.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.