Official text as published. Use Ctrl+F / Cmd+F to search within the document.
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9152 Introduced in House (IH)]
<DOC>
119th CONGRESS
2d Session
H. R. 9152
To direct the Secretary of Veterans Affairs to carry out a pilot
program to modernize digital identity proofing and authentication
systems of the Department of Veterans Affairs, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
June 4, 2026
Mr. Lawler introduced the following bill; which was referred to the
Committee on Veterans' Affairs
_______________________________________________________________________
A BILL
To direct the Secretary of Veterans Affairs to carry out a pilot
program to modernize digital identity proofing and authentication
systems of the Department of Veterans Affairs, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Veterans Electronic Trust and
Records Authentication Act'' or the ``VETRA Act''.
SEC. 2. DEPARTMENT OF VETERANS AFFAIRS PILOT PROGRAM TO MODERNIZE
DIGITAL IDENTITY PROOFING AND AUTHENTICATION SYSTEMS.
(a) Establishment of Pilot Program.--The Secretary of Veterans
Affairs shall, in accordance with chapter 57 of title 38, United States
Code, carry out a pilot program to modernize digital identity proofing
and authentication systems of the Department of Veterans Affairs. Under
such pilot program, the Secretary shall be responsible for--
(1) replacing legacy knowledge-based or single-factor
identity verification mechanisms with multi-layered, high-
assurance digital identity solutions;
(2) reducing fraud and improper payments;
(3) improving secure access to digital service platforms of
the Department for veterans and other individuals eligible for
benefits under laws administered by the Secretary; and
(4) assessing cost savings and operational efficiencies
before carrying out a full-scale deployment of any digital
identity solution developed pursuant to the pilot program.
(b) Selection.--The Secretary shall select, for participation in
the pilot program, not more than three high-volume digital service
platforms of the Department, each of which may consist of one or more
underlying systems, applications, or services, including--
(1) disability compensation claims system;
(2) veterans health care enrollment portal;
(3) the system to administer educational benefits; or
(4) the system to administer home loan benefits.
(c) Risk-tiered Implementation.--As part of the pilot, the
Secretary shall--
(1) map categories of digital transactions within
participating platforms to graduated levels of identity
assurance based on--
(A) transaction sensitivity;
(B) fraud risk; and
(C) potential harm;
(2) implement adaptive authentication mechanisms capable of
adjusting authentication requirements based on contextual and
behavioral risk signals; and
(3) ensure, to the extent practicable under applicable
Federal standards, more rigorous authentication requirements
are applied only where warranted by risk.
(d) Standards for Digital Identity Solutions.--Any digital identity
solution implemented pursuant to the pilot program shall--
(1) be commercially available and may not be developed
exclusively for use by the Department;
(2) be independently certified to meet or exceed Identity
Assurance Level 2 (IAL2), as defined in National Institute of
Standards and Technology Special Publication 800-63 (or any
successor document);
(3) incorporate multi-factor authentication consistent with
Authentication Assurance Level 2 (AAL2), as defined in NIST SP
800-63 (or any successor document), or higher; and
(4) comply with applicable Federal cybersecurity and
privacy requirements, including--
(A) chapter 57 of title 38, United States Code;
(B) the Privacy Act of 1974 (5 U.S.C. 522a); and
(C) the Federal Information Security Modernization
Act of 2014 (Public Law 113-283).
(e) Funding.--
(1) In general.--Of amounts authorized to be appropriated
for Information Technology Systems under chapter 57 of title
38, United States Code, the Secretary may obligate or expend
not more than $25,000,000, in the aggregate, may be obligated
to carry out the pilot program.
(2) No additional authorization.--No additional funds are
authorized to be appropriated to carry out this section.
(f) Reporting Requirements.--
(1) Implementation plan.--Not later than 120 days after the
date of the enactment of this Act, the Secretary shall submit
to the Committees on Veterans' Affairs of the House of
Representatives and the Senate a plan for implementing the
pilot program under this section.
(2) Interim report.--Not later than one year after the date
on which the Secretary commences the pilot program, the
Secretary shall submit to such committees an interim
performance report that includes--
(A) a summary of--
(i) identity proofing completion rates;
(ii) successful authentication rates;
(iii) successful account recovery rates;
and
(iv) abandonment rates during proofing,
authentication, and recovery workflows, for
each participating digital service platform,
compared to the baseline rates in effect before
commencement of the pilot program;
(B) fraud reduction metrics applicable to the
digital service platforms of the Department selected
for participation in the pilot program;
(C) an assessment of the extent to which the pilot
program has resulted in decreased overall costs to the
Department; and
(D) cybersecurity performance indicators.
(3) Final report.--Not later than 90 days before the date
specified in subsection (i)(1), the Secretary shall submit to
such committees a final report that includes--
(A) a comprehensive evaluation of the pilot
program; and
(B) legislative recommendations with respect to
modernizing digital identity and authentication systems
of the Department.
(g) GAO Evaluation and Report.--Not later than 18 months after the
date of the enactment of this Act, the Comptroller General of the
United States shall carry out an independent evaluation of the pilot
program under this section and submit to the Committees on Veterans'
Affairs of the House of Representatives and the Senate a report that
includes the findings of such evaluation. Such report shall include the
following:
(1) An assessment of--
(A) the extent to which the pilot program
successfully implemented identity proofing and
authentication mechanisms that meet or exceed Identity
Assurance Level 2 (IAL2) and Authentication Assurance
Level 2 (AAL2) standards under National Institute of
Standards and Technology Special Publication 800-63 (or
any successor document);
(B) the degree to which the pilot program reduced
identity-related fraud, improper payments, or
unauthorized account access across participating
digital service platforms;
(C) the effect of the pilot program on veteran
access to such digital service platforms, including
effects on--
(i) authentication success rates;
(ii) account recovery and support requests;
and
(iii) barriers to access for veterans--
(I) residing in rural areas;
(II) with disabilities; or
(III) with limited digital
literacy;
(D) costs associated with implementation of the
pilot program compared with the financial benefits to
the Department derived from fraud reduction,
administrative efficiencies, and avoided improper
payments;
(E) the extent to which the digital identity
solutions used in the pilot program complied with
applicable Federal cybersecurity and privacy
requirements;
(F) the extent to which the Department successfully
implemented risk-tiered authentication approaches that
adjust identity verification requirements based on
transaction sensitivity and fraud risk; and
(G) the feasibility of scaling the pilot program
across additional digital service platforms of the
Department, including compatibility with existing
Department identity infrastructure and potential
integration with Government-wide identity verification
services.
(2) Recommendations of the Comptroller General with respect
to whether the pilot program should be--
(A) expanded to additional digital service
platforms of the Department;
(B) modified to address operational or
cybersecurity risks; or
(C) discontinued.
(h) Authorization Period.--
(1) Termination date.--The authority of the Secretary to
carry out the pilot program under this section shall terminate
on the date that is two years after the date of the enactment
of this Act.
(2) No presumption of continuation.--The Secretary may not
be expand the scope or funding cap beyond the levels described
in this section unless expressly authorized by a subsequent Act
of Congress.
<all>