Brandon Vigliarolo reports:
The US government’s Login.gov identity verification system could be one cyberattack, or just a routine IT hiccup, away from serious trouble, say auditors, because it hasn’t shown its backup testing policy is actually in use or effective.
The US Government Accountability Office reported Tuesday that Login.gov, which is managed by the federal government’s General Services Administration (GSA) procurement branch, has mostly complied with prior recommendations to improve the seven-year-old centralized login service for US citizens. “Mostly” doesn’t include any scheme to keep an eye on the state of its data backups, however, which could be disastrous if they had to be pulled out of storage to restore damaged systems.
You know – like what a backup is supposed to be used for.
Read more at The Register.