GSA’s Office of Government-wide Policy focused on identity security, cybersecurity

By Jason Fornicola
Federal News Radio

GSA’s Office of Government-wide Policy, which is comprised of five offices, has a large policy mandate that stretches across government. The offices include Acquisition Policy; Asset and Transportation Management; Information, Integrity, and Access; Federal High- Performance Green Buildings; and Executive Councils.

Within the Office of Information, Integrity, and Access, identity security and cybersecurity remain the two main focuses, according to OGP Chief of Staff Stephanie Rivera.

“For identity security and cybersecurity, one of the big challenges is getting everybody on board, all the federal agencies,” Rivera told Federal News Radio’s Agency of the Month radio show. “We are part of several working groups, some of them led through GSA, some of them led through the White House. And the things that we’re working on are the back-end attribute exchanges, we’re working on the PIV (Personal Identity Verification) cards – which really tell you that you are OK to share some information with somebody else who also has the same credentials.


“It’s large and complex and everyone has a different system, so what we’re trying to do is write the standards and the regulations that would allow all of these different systems to talk to each other in a very secure way,” Rivera said.

The process to standardize systems and get agencies on board has been long.

“There are a number of working groups,” Rivera said. “It’s a very rigorous standardization process. Part of it is the technology, which we have to figure out to make the high side safe and secure, and also to make things that are transferred on the civilian side safe and secure as well. DoD has done a great job with the high side and it’s great when it’s in a closed system. We are looking at some open systems on the civilian side and making sure that those are also very secure, that we are able to transfer our information back and forth amongst each other like civilian agencies.

“So, first you have to get the technology settled, then you have to get to the standards operating process and you want to make sure that you’re conforming with the standards that are already out there and pushing the ball forward in the standards operations process. So it’s a very long, long process, but it needs to be long to make sure that we get it right.”

Despite rapidly changing and advancing technologies, Rivera stressed the importance of focusing on current systems while keeping an eye on new technologies to make good choices and prepare for the future.

“You don’t know what’s going to come up in five or ten years,” she said. “Probably 15 years ago nobody thought that there was going to be this smartphone tablet that you would have and be able to pull up directions and calls using voice commands. I don’t think we had anything like that yet.

“What you can do is start looking ahead and that’s what we’ve been doing. Right now we have numerous programs that are all looking to see what’s going to be coming up next in the technology world. And we’re very focused on security at the moment, so, what’s nice is that we know what our systems currently are. We don’t know what tomorrow’s systems are, but if we can be prepared for the systems today, we will be able to make adjustments that will help us tomorrow.”