Taxpayer data is vulnerable to inappropriate use, modification or disclosure, perhaps without being detected, according to a new government report that found problems with the Internal Revenue Service’s technology for configuration management and identity and access management.
The report, from the Treasury Inspector General for Tax Administration, reviewed the IRS’s compliance with the Federal Information Security Management Act, of FISMA, and found the agency to be compliant in most areas.
However, it cautioned that until the IRS takes steps to fully implement all 11 security program areas covered by FISMA, taxpayer data will remain vulnerable.
Under the FISMA legislation, the Offices of Inspectors General are required to perform an annual independent evaluation of each federal agency’s information security programs and practices. The report by TIGTA presents the results of its FISMA evaluation of the IRS’s information security program for fiscal year 2013.
Based on the evaluation, TIGTA found that nine out of 11 security program areas were generally compliant with the FISMA requirements. In addition, six of the nine security program areas included all of the program attributes specified by the Department of Homeland Security’s fiscal year 2013 Inspector General Federal Information Security Management Act Reporting Metrics, including continuous monitoring management, risk management, a plan of action and milestones, contingency planning, contractor systems and security capital planning.
Three of the nine security program areas, while generally compliant, were not fully effective due to one program attribute that was missing or not working as intended. These areas were incident response and reporting, security training, and remote access management.
However, two of the 11 security program areas were not compliant with FISMA requirements and did not meet the level of performance specified by the DHS’s FY 2013 Inspector General Federal Information Security Management Act Reporting Metrics due to the majority of the DHS-specified attributes being missing or not working as intended. These were in the areas of configuration management and identity and access management.
TIGTA did not include recommendations in the report, and no response from the IRS was included either.
For help with IRS, tax audits, tax problems, back taxes, tax settlements, tax debt, Offer in Compromise, tax help, IRS debt, a tax lien, a state tax levy, an IRS levy, an IRS tax lien, contact us. If you need IRS help and have unresolved cases with previous tax lawyers and tax attorneys, we can help find an optimal resolution for your indigenous needs. Contact us at 201-947-8081 or 646-688-2807, or email us at info@irstaxproblems.com.
