FAQ
What is the VA Authentication Federation Infrastructure (VAAFI)?
What does VAAFI do?
Do I need to be a Veteran to use VAAFI?
What is a credential?
How do I know what level of credential I need?
Who is participating with VAAFI?
I already have accounts for the VA systems I access online – why should I use VAAFI?
Can I have more than one VAAFI credential?
Do I need more than one VAAFI credential?
What is a Level of Assurance?
What is Identity Proofing?
How do I receive a VAAFI federation credential from DOD DS Access (DS Logon)?
What if I lose or forget my password for my DS Logon credential?
How do I contact the VA to ask questions, submit compliments, complaints and suggestions regarding VAAFI?
What is the VA Authentication Federation Infrastructure (VAAFI)?
VAAFI is a VA authentication computer system that strives to enhance the online experience of Veterans and others with seamless transitions between supported VA and DoD applications and web sites. VAAFI accomplishes this by simplifying the login, or authentication, process and allowing a Veteran to log in one time and subsequently access multiple VA and DoD applications and web sites without having to log in each time to each application.
VAAFI was formerly part of the federal government E-Authentication initiative. As such, certain E-Authentication branding may still be seen until all materials have been rebranded. (e.g. www.va.gov/eauth)
What does VAAFI do?
In the past, each web site or application you visited wanted to provide you with a username and password for use on that system only. This forced you to keep up with many, often different, usernames and passwords for different web sites. In the VAAFI federation, a username and password that is issued to you (one example of an online credential) will be usable at multiple participating VA applications. VAAFI allows participating members to take advantage of work already accomplished by other federation members. As the federation grows, so will the number of VA applications that will accept your credential.
One of the main goals of the VAAFI federation is to simplify the process for users to do business with the VA electronically.
Do I need to be a Veteran to use VAAFI?
At the current time you need to be a Veteran, Service Member or eligible dependent to acquire VAAFI's most popular credential, DS Logon. Furthermore, you need to be registered in the Defense Enrollment Eligibility Reporting System (DEERS). Most Veterans are already enrolled in this system, spouses and dependents are also often enrolled. At this time there is no VAAFI credential available to the general public but such a credential is planned for 2013.
What is a credential?
The simplest example of an online credential is a username and password pair. You are probably familiar with entering usernames and passwords, and this is all you need for most web sites. However, there are different levels of credentials that are issued based on the security requirements of the application you are accessing. For example, a doctor who is accessing the medical records of several Veterans across the Internet will need a stronger credential than a simple username and password pair, such as a digital certificate or smartcard.
There are different levels of credentials that are issued based on the security requirements of the application you are accessing. The National Institute of Standards and Technology (NIST) has defined four assurance levels. Levels 1 and 2 are user IDs and passwords, while levels 3 and 4 require additional security measures.
How do I know what level of credential I need?
As a general rule, if you are using the credential to access only your own information, level 2 is sufficient. In most cases, the application or web site you are accessing will accept multiple levels and only display application features appropriate for your level. The application should also tell you when you could get additional features with a higher level credential.
Who is participating with VAAFI?
The current participating VA application partners are eBenefits, My HealtheVet (MHV) and the Remote Order Entry System (ROES). The participating credential-issuing partner is DoD DS Access (via DS Logon). Government-issued smartcards such as DoD's Common Access Card (CAC) and VA's Personal Identify Verification (PIV) Card are also accepted.
The following is a matrix of which credentials are supported by which applications:
| __My HealtheVet__ | __ROES__ | __eBenefits__ | ||
| __DS Logon__ | Through eBenefits Links only |  |
|
|
| __CAC/PIV__ | |
Please check back in the future, as this list will be continually updated with each new partner that joins the federation.
I already have accounts for the VA systems I access online – why should I use VAAFI?
Traditionally, each online government service, such as an application or web site, issued its own credential that could only be used at that application or site. Under this approach, people who use many different online government services tend to have many different credentials. One of the problems with having many user IDs and passwords is that people may not be able to remember them all and so they tend to write them down. This increases the risk that an unauthorized person will discover and use those credentials. By enabling end users to reuse credentials they already have rather than creating new credentials every time they try to access a new service, VAAFI helps reduce the risks, and hassles, associated with having too many credentials.
VAAFI is definitely a change from the way we are used to doing things, but we think it is a change for the better. There will be no more struggling to remember obscure log-ins, passwords, and using sticky-notes to keep track of everything. With VAAFI, you may be able to use one authentication credential to log into all the participating applications you have access to. As VAAFI federation membership grows, so will the value of your VAAFI credential.
Can I have more than one VAAFI credential?
Yes, you can have multiple credentials.
Do I need more than one VAAFI credential?
Hopefully not. It might be possible that a credential you currently hold will not match the level of assurance required for a particular application. In general, if you have a higher level of credential than the application or feature requires, the system should accept the credential. If your credential is lower than required, it will not be accepted.
Because each application and credential issuer works with its own set of business rules, it is not possible for one credential to be used by all applications.
What is a Level of Assurance?
The National Institute of Standards and Technology (NIST) has defined 4 separate levels of assurance.
Level 1 would be equivalent to a self registration. The web site or application does not really need to know who you are, just that that you are the same person that registered and is using the account.
Level 2 credential requires a certain amount of confidence or “level of assurance” that you are who you say you are. This is why in person proofing is required for level 2 credentials. This is the level of assurance needed to access many important features of VA participating applications.
Levels 3 and Level 4 require additional technology besides a user ID and password to provide the additional level of confidence that is required for highly secure application requirements. This level of security would be common in military or national security situations.
What is Identity Proofing?
Identity proofing is the process that a credential issuer uses to verify you are who you say you are. Before issuing you a credential, the issuer must ensure that the person asking for the credential is that person.
With DS Logon, there are 2 methods available to be identity proofed. One method involves completing a remote proofing process online. Another method involves verifying your identity in person. In-person proofing is performed at VA Regional Offices (VAROs), TRICARE Service Centers (TSCs) and Military Treatment Facilities (MTFs).
How do I receive a VAAFI federation credential from DOD DS Access (DS Logon)?
A request for a DS Logon can be made in one of three ways:
- A DoD Sponsor can request a DS Logon for themself and eligible family members using the DoD Self-Service Access Center web site. If DoD Sponsor is self requesting using their Common Access Card (CAC), they will be able to obtain their DS Logon immediately. Otherwise, an activation code will then be sent to the DoD individual for whom the DS Logon was requested through the United States Postal Service (USPS). This will result in a Level 2 assurance credential.
- A DoD Sponsor or family member can request a DS Logon at a military identification card (ID) issuing facility when obtaining a new military ID. You will need to request for a DS Logon during the military ID issuance. The activation code will be sent to the DoD individual for whom the DS Logon was requested through the United States Postal Service (USPS). This will result in a Level 2 assurance credential.
- A Veteran may register through a link at VA's eBenefits portal. This process first grants you a Level 1 credential but immediately makes you eligible to upgrade that account to a Level 2 (Premium Account) by performing the remote proofing process.
Use the DS Access Center web site to register for a DS Logon.
Also see the DS Access FAQ for more information
What if I lose or forget my password for my DS Logon credential?
The link to reset a forgotten password is here or a forgotten username can be recovered here.
How do I contact the VA to ask questions, submit compliments, complaints and suggestions regarding VAAFI?
The VA's Inquiry Routing and Information System (IRIS) was created as a means for Veterans, their family members and other VA user communities to contact the VA. IRIS includes a topic entitled "VAAFI Project". To submit an inquiry related to VAAFI, users should follow the "Contact VA" link at the top right of the VAAFI web page. You may also go there directly from this web page by following this link.
Once you are on the IRIS Customer Entry Form, you will need to enter the type of inquiry and select "VAAFI Project" from the Topic dropdown list, then select "Next". Complete the form and select "Submit" when finished. Someone from the VA will contact you within 5 business days with a response to your inquiry.
