FB pixel

Federal agencies slow to adopt two factor authentication, says White House annual report

Categories Access Control  |  Biometrics News
 

The majority of Federal employees are able to access Federal computer systems with nothing more than a username and password, despite President George W. Bush ordering Federal agencies to secure their information systems with strong authentication technologies more than a decade ago, according to a report by Govtech Works.

Only half of the largest Federal agencies — including General Services Administration (GSA), the Labor and Treasury departments, the Small Business Administration (SBA), National Science Foundation (NSF), and the Nuclear Regulatory Commission (NRC) — have deployed strong authentication methods across 95 percent of privileged users, according to the White House annual report to Congress on the Federal Information Security Management Act (FISMA).

President George W. Bush initially signed the Homeland Security Presidential Directive 12 in 2004, which mandated a national standard for secure government identification cards.

In 2006, the National Institute for Standards and Technology (NIST) published Federal Information Processing Standard 201, “Personal Identity Verification of Federal Employees and Contractors,” and has since revised the standards on two separate occasions.

There are currently more than 5.3 million Federal government Personal Identity Verification (PIV) cards in circulation, while the Defense Department offers a similar smart card program called Common Access Cards (CAC).

Both cards are integrated with a computer chip which stores identifying data that is fully encrypted.

The Pentagon has already achieved universal CAC compliance. Meanwhile, most Federal agencies are using the PIV card as an ID and card key for building access, but not yet as a network control device.

Hildegard Ferraiolo, PIV program lead and a computer scientist at NIST, said that while she is disappointed that agencies are not using the cards as a network control device, the Office of Personnel Management’s massive security breach last spring has encouraged many agencies to actively use the cards.

“Due to the recent cybersecurity attacks and threats, there really is a push to get the departments and agencies to use the PIV card to do user authentication,” said Ferraiolo.

OPM aims to secure its systems via two-factor authentication, with a goal to ensure that 100 percent of its PIV-enabled users are using multifactor authentication by the end of 2017.

Agency officials are also looking into other two-step authentication solutions for part-time users and subcontractors.

There are three main reasons why Federal agencies have been slow to adopt two factor authentication systems, including a need to update outdated infrastructure, the use of mobile devices, and a high job turnover and part-time workers, resulting in many employees not being eligible for a PIV card.

Increasing the adoption rate could be a matter of instilling in non-IT managers the importance of two-factor authentication to improve security, according to the White House annual report to Congress on FISMA.

Previously reported, a Department of Homeland Security official said federal personnel will soon be required to use a three-factor authentication method that includes a smartcard, a password and their fingerprints before logging onto computers.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Report explores efforts to curb environmental risks posed by identity documents

In the past couple of years, the identity industry has been involved in efforts to shift away from the use…

 

Malta opposition party demands minister’s resignation over ID card fraud scandal

Malta’s Green Party, ADPD, has intensified its demands for the resignation of a Maltese government minister following revelations of a…

 

Philippines’ central bank enters arbitration over failed ID card project

After the Philippines’ central bank decided to cancel its contract with identification system company AllCard Inc. (ACI) to produce the…

 

Visa biometrics provider VFS in talks to sell minority stake to Temasek

A significant minority stake of about 20 percent in the Blackstone-owned digital services outsourcing company VFS Global might be sold…

 

UK Virgin Islands launch digital transformation tender

Tourist hotspots Thailand, Sri Lanka, the Seychelles and the Virgin Islands are not just offering beaches and sunshine, they are…

 

UK govt encourages digital identity providers to join DIATF registry

The UK government has published guidance on entering the register for digital identity and attribute services. The register represents a…

Comments

17 Replies to “Federal agencies slow to adopt two factor authentication, says White House annual report”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events