Officials from the General Services Administration (GSA) misled Federal agencies for years by falsely claiming that its identity-proofing website,, met government standards for identity-proofing, according to a March 7 report from GSA’s inspector general (IG).

GSA knowingly billed customer agencies over $10 million for services that purported to meet National Institute of Standards and Technology (NIST) digital identity guidelines – Identity Assurance Level 2 (IAL2) requirements – but did not. Specifically, the IG found 18 interagency agreements that claimed that met or was consistent with IAL2 between September 2018 and January 2022.

In addition, the IG found that GSA officials used misleading language to secure additional funds for, including in its Technology Modernization Fund (TMF) application. received a whopping $187 million TMF funding award in late 2021.

GSA “lacked adequate controls over the program and allowed it to operate under a hands-off culture,” the IG said. Because of this failure to manage “oversight and internal controls over” the IG found that GSA’s Federal Acquisition Service (FAS) shares responsibility for the misrepresentations.

“FAS exercised inadequate oversight and management controls over’s day-to-day operations, and thus bears responsibility for [Technology Transformation Services (TTS)] and’s derelictions. FAS’s failure to establish management controls allowed TTS’s hands-off culture to continue unchecked and empowered to mislead customer agencies,” the report states.

“The misrepresentations about’s compliance with the NIST IAL2 standard were completely unacceptable,” Sonny Hashmi, GSA FAS Commissioner, said in a statement to MeriTalk.

“When we uncovered those misrepresentations in early 2022, we immediately referred the matter to the Inspector General and initiated a series of actions to strengthen transparency, accountability, and oversight to correct the problem. As the Inspector General rightly reports, this was a serious issue, but one GSA identified and addressed,” Hashmi said.

Among the actions taken by GSA, is strengthening the program to “ensure it better delivers for the needs of customers and meets high standards of security, equity, and integrity,” Hashmi said.

In addition, Hashmi explained that GSA is conducting a top-to-bottom review of, including its financial management, acquisition, personnel, compliance, and product aspects, and expects to finish that review in late spring of this year. GSA has also reassigned the former director, hired a new director, and created a steering committee, according to the report.

The IG also made five recommendations to the GSA FAS Commissioner:

  • Establish adequate management controls over Technology Transformation Services (TTS);
  • Ensure adequate documentation of policies, decisions, procedures, and essential transactions involving TTS programs, including, and records management following GSA standards;
  • Implement a comprehensive review of billings for IAL2 services;
  • Establish a system for internal reviews of TTS programs to ensure that they comply with relevant standards; and
  • Adopt a policy to notify each customer agency seeking identity and authorization assurance services whether meets all applicable NIST published standards and the services specified in the interagency agreements.
Read More About
More Topics
Lisbeth Perez
Lisbeth Perez
Lisbeth Perez is a MeriTalk Senior Technology Reporter covering the intersection of government and technology.