Cell phone number
Your first pet’s name
A fingerprint
An utility bill
What do all these things have in common? They are the means by which we assert our identity. Whether it is to authenticate, authorize, or verify, everyone one of us has participated in one of these actions. A quick diagram to help distinguish between these three actions: authenticate, authorize, and verify.
For many of us, these actions are the norm, whether it’s unlocking our phone or creating an account for an online service. Across federal agencies it has become critical to ensuring a secure experience for constituents. Although these actions have become more and more normalized, a new balancing game has emerged, that of equity and security. Agencies like the VA have migrated to a more modern identity credential with strong authentication protection to increase security, which has resulted in frustration for some Veterans. Whereas before, Veterans may have been able to assert their identity by answering a few questions about themselves, in order to meet higher identity assurance levels, they would now need to present a government issued ID. While presenting identification is definitely a stronger security control, every Veteran has an identity, but not every Veteran has identification.
To strike the balance of security and equity, agencies must navigate supporting the needs of its constituents while also striving to achieve compliance, assurance, and modern security to protect those same constituents. Under VA CEDAR IDIQ, MO is informing VA’s navigation of that balance. As prime contractor, MO is working closely with Login.gov to develop meaningful in-person experiences to verify Veteran identities. To ensure that VA is able to build a regulated login experience that is compliant and protects Veterans, MO is working with NIST to design meaningful user touch points as VA modernizes its login services. Learn more in our previous article on identity.