GAO sees e-Authentication challenges

"Electronic Government: Planned e-Authentication Gateway Faces Formidable Development Challenges"

Challenges facing the e-Authentication gateway may make it difficult to accomplish the goals of the initiative, General Accounting Office officials said.

The General Services Administration has not established authentication profiles for the 24 e-government initiatives and plans to speed up the acquisition process, which increases the risk the gateway will not work as intended, according to a GAO report released today.

The e-Authentication gateway to provide a consolidated electronic authentication service for e-government initiatives was supposed to go live last month, but the deadline was pushed to March 2004. GSA now plans to accelerate the acquisition process for the gateway by awarding a contract in December for the March 2004 delivery, GAO officials said. The hastened schedule will be a challenge, the report said.

"The modest progress achieved to date calls into question the likelihood that the project can successfully field an operational gateway, even within the revised schedule," the report stated.

The report identified four problems facing the project. According to GAO, GSA has not:

-- Completed comprehensive policies and guidance for interoperability among authentication systems, making it hard to decide which technologies to use.

-- Defined user requirements. As of August 2003, assessments had been conducted on just half of the initiatives to determine their authentication needs.

-- Determined technical standards for interoperability.

-- Created an investment strategy to support full-scale development.

The GAO recommended GSA revise the schedule for deploying a fully-operational version of the gateway based on realistic milestones. The GAO also suggested that GSA:

-- Ensure that a framework of authentication policies is developed and implemented.

-- Establish a process to complete risk assessments for the initiatives that requires authentication services.

-- Define key technical interfaces for interoperability.

-- Define specific funding from agencies.

-- Establish security and privacy policies for the gateway.

In a letter responding to the report, GSA Administrator Stephen Perry said his agency has made progress on the initiative.

"For example, policies, frameworks, processes and procedures are under development simultaneously with system development and are at a more mature level than depicted in the draft report," he wrote.

The gateway was operational as of June 2003, providing authentication services to five Social Security Administration applications, Perry said. It is ready to be used with the Homeland Security Department's disaster management initiative, he added.

"GSA is pleased with this progress but realizes there is a long way to go to achieve the vision that the President's Management Council approved for this initiative," he wrote.

Prior to the GAO report's public release, Rep. Tom Davis (R-Va.) this week told the GSA he wants an explanation of delays in the e-Authentication project.