Even when government itself is your constituent, you need good identity management

Modernizing digital services and making sure they stay secure requires good identity management.

Modernizing digital services and making sure they stay secure requires good identity management. Especially if there is money or financial transactions involved. For how the Treasury’s Bureau of the Fiscal Service approaches it, the Federal Drive with Tom Temin recently spoke with Joe Gioeli, deputy commissioner for transformation and modernization.

Interview transcript:

Tom Temin: Tell us, there’s so many aspects to identity and the importance clearly for the Fiscal Service, but maybe just start with a range of the constituents that you serve? Is there any element of the general public? Or is it strictly other federal entities that you have to verify payments to and for?

Joe Gioeli: Yeah, so we have a wide scope of customers, starting with federal agencies and entities through some of the shared services we provide. We also have a wide range of a public-facing service like TreasuryDirect, pay.gov, and others. And so we have a variety of identity challenges to master as a result of that.

Tom Temin: Can you provide backup, for example, if an agency authorizes payment to someone, do you have a means of saying as the actual authority because checks all come from the treasury, they don’t come from the agency name, to say, ‘Wait a minute, stop,’ not personally, but say this doesn’t add up.

Joe Gioeli: Yeah, so we don’t necessarily get directly engaged in the authorization of payments. And so our goal is to head that off upfront. And so make sure agencies have access to information that makes sure they make the right payment to the right person at the right time.

Tom Temin: And what kinds of changes are you making into the Bureau’s own systems to modernize them so that they can accommodate better ID practices.

So we’re on a transformation and modernization journey. Ultimately, from the tech perspective, we’re moving to a lot of cloud-based services, and leveraging those native services to ensure the right security and resiliency. We’re also looking at things like Enterprise APIs, and federating and making data available to agencies and to our customers earlier so they can modify their business processes and support some of that integrity work.

Tom Temin: Tell us about the Payment Integrity target team.

Joe Gioeli: So it’s the Payment Integrity Tiger Team. And in essence, they are working with the Bureau’s Office of Payment Integrity, to provide a new evolution of the services they provide. And so the Office of Payment Integrity works pretty hard to make sure that we’re making the right payment to the right person at the right time. And they have an audacious goal to reduce improper payments overall. And so this tiger team is taking on doing market research, looking for new ways to provide information that fortifies that effort, and make sure that we’re getting direct feedback from agencies to provide them consumable services.

Tom Temin: Because the feedback keeps coming from pandemic relief about how much of it is fraud. And it’s probably twice what we even have acknowledged so far, is that been a big impetus for some of the IDX management discussions we’re hearing?

Joe Gioeli: Yeah, and we know a lot of that originates at the eligibility phase where constituent goes to access a federal benefit program, and ultimately, the friction upfront around gating, you know, validation and verification of that identity. And so, in a lot of these programs, some of that eligibility criteria is difficult. Not all the information is available to the agencies to make the right determination on that identity or the parameters of the program. And so that’s where we’re trying to help to see what information we can make available to agencies to improve that process.

Tom Temin: Because there’s an added complexity here. Id management is one thing, eligibility is something else.

Joe Gioel: It is. Yep. And that falls squarely on the owner of that federal benefit program overall. But we know there’s a role we can play given the access to different data sets we have.

Tom Temin: Is it better to have complex eligibility or simple eligibility?

Joe Gioeli: Well, I guess that’s a good question. At this point, it would seem simple, but simple things are not always simple. So I guess it depends.

Tom Temin: And you also are doing a lot of work in business entity validation, which is mainly in the contracting and grant area. And I imagine there’s a lot of ripe territory there.

Joe Gioeli: Yeah, so that’s more emerging at this point. So in essence, it’s much more easy to validate an identity of an individual. There’s this representative phase and a business entity validation that needs to occur. And ultimately, you have to rely on more data sets to make that determination. So there’s a little bit more complexity in that scenario.

Tom Temin: So that gets back to the modernizing idea, you need to do a lot of almost instantaneous verification against external databases.

Joe Gioel: Yes, that’s right. And so you need to use the data you have and the data you’re actually able to access in order to make that verification.

Tom Temin: And from just a technical standpoint, should agencies be building lakes of their own data to speed that up, even as they also have to include, say, commercial, open sources of data, which they cannot put in their lakes?

Joe Gioeli: Yeah, I look at fraud is very much like a good cyber, it’s a team sport. And I think the way to improve the conditions and some of the challenges around fraud is to share information broadly within the constraints you have, and making sure that at both a federal across federal programs, and even at state and local levels.

Tom Temin: What’s your tie-in with Login.gov? That’s kind of a shared service your shared services in another area. We’ll get to the PKI. How do you interoperate with them or cooperate with Login.gov and all this effort?

Joe Gioeli: Yeah, so we are a subscriber to their services. We firmly believe in the Login.gov services. We also use ID.me for that measure. We are very excited about Login getting in place their IL 2 Level requirement at this point. So we can further add that to our choice in the CAIA solution.

Tom Temin: Yeah. CAIA, Common Approach to Identity Assurance.

Joe Gioeli: Yes. So CAIA is basically an enterprisewide service we put together a few years ago, which allows programs to manage digital identity and a standard and consistent way, leveraging those third-party credential service providers like ID.me in Login.gov. We have really good uptake and adoption right now. We are supporting over 550 production applications across Treasury and some other federal agencies. And we’ve supported actually over 50 million authentications through CAIA since the start of Fiscal Year 24.

Tom Temin: What’s going on with biometrics in this whole regard?

Joe Gioeli: Yeah. So I think that goes back to the third-party credential service provider. It’s that requirements specifically for Identity Assurance Level 2 that requires some kind of visual proofing. In most cases, Biometrics is used in the virtual proofing aspect of things.

Tom Temin: And one aspect that Treasury has been concentrating on writ large Treasury Department is the unbanked, the underserved, the people that don’t have access to some of the systems that other citizens do? How does that roll into the whole ID effort?

Joe Gioeli: Yeah, so that’s a major concentration and focus point for us. And you know, the Login.gov team has done a really good about finding brick-and-mortar to do that specifically. So the Login.gov team, they are partnering with the U.S. Postal Service, and using that brick-and-mortar to provide that identity proofing, which we hope gets to some of the digital competency or digital access gaps that are out there.

Tom Temin: And your portfolio, though, is expanded beyond just identity management. You’re kind of the modernizing and transformational guru there.

Joe Gioeli: Yeah, our transformation and modernization organization was born from an effort the Bureau put forward called our future readiness assessment, which is really a journey we embarked on to understand what do we need to do organizationally, to make sure we can meet the mission of the future. And so my portfolio includes, you know, the chief information officer, chief financial officer, chief data officer, and the chief human resources officer, but also a couple of new roles like the chief customer officer, and the chief strategy integration officer. And ultimately, we’re here to drive transformation more holistically across the enterprise, across people, process technology and data while improving the way we deliver experience.

Tom Temin: And how long have you been there?

Joe Gioeli: So I’ve been at Fiscal as a whole for seven years. I’ve been in this role for roughly six months at this point.

Tom Temin: Wow, and before Fiscal?

Joe Gioeli: Before Fiscal, I was at the U.S. Mint. Before that, I was at the Internal Revenue Service. And so I’d like to tell people, ‘I’m making my journey around Treasury. Treasury is truly a great place to work.’ And you can show up at all these different bureaus and organizations and do something completely different. But it all lends to the same mission.

Tom Temin: All right, so do you still advocate for the retention of the penny from your background?

Joe Gioeli: I think there are other challenges around the cost these days and I’ll leave that to the professionals.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Getty Images/iStockphoto/NicoElNinopolicy and data, weapon systems, zero trust, Cybersecurity IT engineer working on protecting network against cyberattack from hackers on internet. Secure access for online privacy and personal data protection. Hands typing on keyboard and PCB

    Identity management, automation a common theme among 4 agencies’ move to zero trust

    Read more