GSA Needs to Verify Who’s Logging in to Login.gov

The General Services Administration has a plan to make it easier to sign in to all the government websites citizens use each day but needs industry’s help ensuring the people using this system are who they say they are.

It can be hard to remember all the usernames and passwords for every account you use online, a problem the government, with its many websites and online services, knows all too well. Enter login.gov, a website designed to provide citizens with a single sign-in to services offered by participating government agencies.

In order to provide assurance that login.gov users are who they claim, GSA released a request for proposals seeking companies that verify individuals for secure accounts. Specifically, GSA is looking for vendors able to provide five services:

• Identity Resolution: Companies must be able to correctly identify an individual within a group. To be eligible for award, vendors must demonstrate the ability to “resolve at least 50 percent of the U.S. population and return validation.”
• Address Verification: Similar to identity verification, offerors must show the ability to confirm phone numbers, postal addresses and/or email addresses for specific persons. To make the cut, vendors must be able to verify at least 10 percent of the U.S. population.
• Account Verification: Contractors must be able to digitally link a real person to their official accounts, including utilities, banking, rental payments, etc. Vendors must be able to verify at least 10 percent of the U.S. population.
• Behavioral Analytics: Because things change rapidly but security needs to be immutable, GSA wants companies that are able to perform behavioral analytics to verify identities over time. This should include “multiple dimensions such as time, geolocation, pattern of use, attribute changes for indicators of potential fraud,” among others using citizens’ digital footprints (known devices, IP address, etc).
• Government ID Verification: Finally, contractors must be able to validate government identification, such as driver’s licenses, passports and birth certificates. Vendors should be able to verify at least 10 percent of the U.S. population, either electronically or through alternate methods.

The program also needs to be able to verify people in “underserved” populations, which GSA defines as a “geographically, economically and demographically diverse group of people who, by choice or circumstance, operate partially or completely outside the traditional banking system.”

GSA is creating a blanket purchase agreement to cover this work. The initial contract will establish a 12-month base ordering period, with four additional 12-month option periods. The vehicle won’t have a ceiling on purchases, but nor will vendors have a guaranteed minimum contracting amount.

After awarding spots on the contract, GSA plans to do a post-award evaluation for each vendor to ensure their products and services integrate with login.gov and meet agencies’ needs. Once completed, GSA will begin to award task orders as needed, with plans to rotate approved vendors based on need, compliance with federal security standards, performance and discounts being offered, according to the RFP.

Interested companies have until 4 p.m. on Jan. 18 to submit.