H.R. 9152: Veterans Electronic Trust and Records Authentication Act

This bill, known as the Veterans Electronic Trust and Records Authentication Act (VETRA Act), aims to establish a pilot program within the Department of Veterans Affairs (VA) to modernize the systems used for verifying the digital identities of veterans and other beneficiaries. The main goals of the program include:

1. Modernization of Identity Verification

The pilot program will work on replacing outdated authentication methods that heavily rely on knowledge-based or single-factor verification. Instead, it will implement multi-layered, high-assurance digital identity solutions that enhance security. This change aims to:

• Reduce fraud and improper payments.
• Improve secure access to VA digital service platforms for veterans and eligible individuals.
• Evaluate the cost savings and operational efficiencies from the new systems before a full-scale deployment.

2. Selection of Platforms

For the pilot program, the VA Secretary will choose up to three high-volume digital service platforms. These platforms may include systems for:

• Disability compensation claims.
• Veterans health care enrollment.
• Administering educational benefits.
• Administering home loan benefits.

3. Implementation Approach

The pilot will be implemented with a risk-tiered approach to identify different levels of assurance needed based on:

• The sensitivity of the transactions.
• The risk of fraud.
• The potential harm from unauthorized access.

This means that authentication requirements will vary depending on the nature of the transaction, allowing for adaptive mechanisms that adjust based on contextual risk signals.

4. Standards for Digital Solutions

Any digital identity solutions adopted under the pilot must adhere to specific standards:

• They should be commercially available and not solely developed for the VA.
• They must achieve Identity Assurance Level 2 (IAL2) certification.
• Multi-factor authentication must be included as per established guidelines.
• They must comply with federal cybersecurity and privacy requirements.

5. Funding

The pilot program is authorized to use up to $25 million from the VA’s Information Technology Systems budget for its execution. This funding is specifically allocated, with no additional funds authorized for this section.

6. Reporting and Evaluation

The VA Secretary will submit various reports regarding the pilot program, including:

• An initial implementation plan within 120 days of the bill’s enactment.
• An interim performance report on program outcomes within one year, covering metrics like authentication rates and fraud reduction.
• A final report prior to a specified termination date, summarizing the program's comprehensive evaluation and recommendations for wider implementation.

Additionally, the General Accountability Office (GAO) is required to independently evaluate the pilot program 18 months after it launches, providing insights into its effectiveness and recommendations for future actions.

7. Duration

The authority for this pilot program will expire two years after the bill's enactment, with no assumptions made about its continuation unless explicitly authorized by subsequent legislation.

Relevant Companies

None found