Oversight

GAO: IRS has information security control weaknesses

gold shield on top of computer code

The Internal Revenue Service continues to have weaknesses in information security control that the Government Accountability Office fears could affect the confidentiality, integrity and availability of financial and sensitive taxpayer data.

An April 8 GAO report found that although the IRS has improved on information security control and internal control over financial reporting, significant risks remain.

The agency has failed to consistently install the appropriate patches on all databases and servers to protect against known vulnerabilities, GAO found, and also failed to sufficiently monitor database controls and appropriately restrict access to its mainframe environment. The IRS has also allowed individuals to make changes to mainframe data processing without following required procedures.

“Without effective audit and monitoring, IRS’s ability to establish individual accountability, monitor compliance with security and configuration management policies, and investigate information systems security violations is limited,” the report reads.

GAO found one of the main reasons for the ongoing weaknesses is the failure of the IRS to implement portions of its information security program, which have not always functioned as intended, such as the agency’s testing procedures for financial reporting systems.  

GAO also provided three recommendations for the IRS to fix its weaknesses: update access request procedures to ensure appropriate access privileges; update information policies and procedures; and develop a plan to address the known and newly identified vulnerabilities.

About the Author

Mike Cipriano is a GCN editorial intern, and also writes occasionally for FCW. Connect with him on Twitter: @mikecip07.

Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.