Thursday, March 17, 2011

IRS Makes Progress To Correct Previously Reported Information Security Weaknesses

IRS continues to make progress in its campaign to correct previously reported information security weaknesses, the Government Accountability Office (GAO) said in a report released on March 15. (GAO-11-308) However, control weaknesses over key financial and tax processing systems continue to threaten the confidentiality, integrity, and availability of financial and sensitive taxpayer information, GAO said. “Specifically, IRS did not consistently implement controls that were intended to prevent, limit, and detect unauthorized access to its financial systems and information,” the report said. As an example, the report stated that IRS did not sufficiently restrict users' database access to the lowest possible level consistent with their job descriptions. In addition, 65 of 88 (or 74%) of previously reported weaknesses remain unresolved or unmitigated. “An underlying reason for these weaknesses is that IRS has not yet fully implemented key components of its comprehensive information security program,” GAO said. “IRS has various initiatives underway to bolster security over its networks and systems; however, until the agency corrects the identified weaknesses, its financial systems and information remain unnecessarily vulnerable to insider threats, including errors or mistakes and fraudulent or malevolent acts by insiders,” GAO stressed. The report can be found at

No comments: