ID management remains a problem

Controlling proper access to government computers is a big challenge for some federal agencies, creating security issues and involving high costs.

At the Department of Health and Human Services, outgoing CTO Ken Calabrese said the agency needs more coordinated control over logical and physical security. HHS now is conducting a pilot program, and trying to figure out ways to more thoroughly prove identity in online communications between doctors and patients who use electronic health records.

At NASA, officials say there are too many people and constituent groups logging into the systems. NASA is trying to create zones or communities of interest so access to the certain areas can be limited. Still, that could leave the space agency with unresolved issues.

"The problem isn't just knowing who's on the network," Jerry Davis, NASA's deputy CIO for IT security, told InformationWeek. "When you have someone who's connected to the network and they're a true person, what are they connecting to the network with? Two-factor authentication isn't going to help if you've got a bug that does key logging or whatever."

Other agencies have their separate issues, as well. The organizational structure at the Internal Revenue Service is creating difficulties building a comprehensive identity management and authentication policy, while the Federal Aviation Administration is encountering funding issues and problems convincing line-of-business managers of the importance of strong identity management measures.

For more on identity management:
- see this InformationWeek article