GSA misled on Login security

      A new report from the GSA Inspector General confirmed that GSA’s Login.gov service has never met NIST’s technical requirements for multi-factor identity authentication starting in 2017. Login.gov officials should have notified customer agencies that Login.gov did not comply, the IG wrote.

      However, Login.gov did not notify those agencies until February 2022, after a media report focused attention on the problems.

      GSA not only misinformed the public but also misinformed customer agencies and the government’s Tech Modernization Funding board, the IG said.

      GSA’s Federal Acquisition Service “exercised inadequate oversight and management controls over Login.gov’s day-today operations, and thus bears responsibility for Tech Transformation Services’ and Login.gov’s derelictions,” the IG wrote.

      The IG advised stronger oversight over the agency’s tech programs, and GSA agreed.

More information:
Read the report: http://bit.ly/3mMGviE.

Biden budget calls for $987M for SBA programs in fiscal 2024

GSA oversight falls short: IG

HUBZ preview map online

New regulations and final rules coming from GSA, DOL in 2023

OASIS+ update

$2.2B in FCA fraud recovery

GSA misled on Login security

Column: VA Imposes Increased Cybersecurity Rules on Government Contractors

Washington Insider: