FB pixel

Federal agencies slow to adopt two factor authentication, says White House annual report

Categories Access Control  |  Biometrics News

The majority of Federal employees are able to access Federal computer systems with nothing more than a username and password, despite President George W. Bush ordering Federal agencies to secure their information systems with strong authentication technologies more than a decade ago, according to a report by Govtech Works.

Only half of the largest Federal agencies — including General Services Administration (GSA), the Labor and Treasury departments, the Small Business Administration (SBA), National Science Foundation (NSF), and the Nuclear Regulatory Commission (NRC) — have deployed strong authentication methods across 95 percent of privileged users, according to the White House annual report to Congress on the Federal Information Security Management Act (FISMA).

President George W. Bush initially signed the Homeland Security Presidential Directive 12 in 2004, which mandated a national standard for secure government identification cards.

In 2006, the National Institute for Standards and Technology (NIST) published Federal Information Processing Standard 201, “Personal Identity Verification of Federal Employees and Contractors,” and has since revised the standards on two separate occasions.

There are currently more than 5.3 million Federal government Personal Identity Verification (PIV) cards in circulation, while the Defense Department offers a similar smart card program called Common Access Cards (CAC).

Both cards are integrated with a computer chip which stores identifying data that is fully encrypted.

The Pentagon has already achieved universal CAC compliance. Meanwhile, most Federal agencies are using the PIV card as an ID and card key for building access, but not yet as a network control device.

Hildegard Ferraiolo, PIV program lead and a computer scientist at NIST, said that while she is disappointed that agencies are not using the cards as a network control device, the Office of Personnel Management’s massive security breach last spring has encouraged many agencies to actively use the cards.

“Due to the recent cybersecurity attacks and threats, there really is a push to get the departments and agencies to use the PIV card to do user authentication,” said Ferraiolo.

OPM aims to secure its systems via two-factor authentication, with a goal to ensure that 100 percent of its PIV-enabled users are using multifactor authentication by the end of 2017.

Agency officials are also looking into other two-step authentication solutions for part-time users and subcontractors.

There are three main reasons why Federal agencies have been slow to adopt two factor authentication systems, including a need to update outdated infrastructure, the use of mobile devices, and a high job turnover and part-time workers, resulting in many employees not being eligible for a PIV card.

Increasing the adoption rate could be a matter of instilling in non-IT managers the importance of two-factor authentication to improve security, according to the White House annual report to Congress on FISMA.

Previously reported, a Department of Homeland Security official said federal personnel will soon be required to use a three-factor authentication method that includes a smartcard, a password and their fingerprints before logging onto computers.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News


Secure Technology Alliance launches template for using mobile driver’s licenses

Get used to the idea of your phone as your driver’s license. The ecosystem for mobile driver’s licenses (mDLs) continues…


Biometric identity verification launches and deals show diversity of approaches

The biometric identity verification market covers a wide variety of sectors and use cases, but the breadth is not just…


Decentralized digital identity is spreading as fresh use cases emerge

A recent post on Forrester’s website, written by VP and Principal Analyst Andras Cser, dips into how travel and mobile…


Cameroon building Digital Transformation Center to manage digital consular services

As part of a process launched last year by the government of Cameroon to modernize its consular services including the…


UK digital visas to fully replace physical immigration documents by 2025

In the UK, the Home Office has announced that it will invite those with physical immigration documents to create a…


iBeta biometric PAD evaluations grow in global prominence

Compliance with biometric presentation attack detection standards has become table stakes for numerous applications of face biometrics in particular, and…


17 Replies to “Federal agencies slow to adopt two factor authentication, says White House annual report”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events