I understand that the PMO required the KSI dashboards be public for the Pilot, but I want to officially voice my dissent against this position. Our solution goes a layer or 2 deeper than the requirements and we are including some potentially sensitive information that could be exploited by competitors or other malicious actors. I assert that the dashboards and the subsequent trust center with all the downloadable artifacts - would require a layer of authentication integrated with a central IdP like Login.gov. Key stakeholders at agencies could enroll and view the dashboards - both as during normal operations as a consumer of the service but also in evaluation of the product before procurement. The 3PAO of record could also create an account and get access to the dashboard as part of the annual audit to validate its accuracy.
I understand that the PMO required the KSI dashboards be public for the Pilot, but I want to officially voice my dissent against this position. Our solution goes a layer or 2 deeper than the requirements and we are including some potentially sensitive information that could be exploited by competitors or other malicious actors. I assert that the dashboards and the subsequent trust center with all the downloadable artifacts - would require a layer of authentication integrated with a central IdP like Login.gov. Key stakeholders at agencies could enroll and view the dashboards - both as during normal operations as a consumer of the service but also in evaluation of the product before procurement. The 3PAO of record could also create an account and get access to the dashboard as part of the annual audit to validate its accuracy.