Tech

GAO hits IRS (again) over bad IT security

The Government Accountability Office took the Internal Revenue Service to task in a newly released report, saying the agency responsible for collecting taxes has not implemented a number of information security protocols related to taxpayer systems.

By Greg Otto

March 28, 2016

The Government Accountability Office took the Internal Revenue Service to task in a report Monday, saying the tax agency has not implemented a number of information security protocols related to systems storing taxpayer data.

According to the GAO report, the IRS has failed to integrate multi-factor authentication; restrict access to servers severely enough; ensure sensitive user authentication data were encrypted; and properly limit access to restricted areas.

The audit found that a host of the problems are a result of the agency failing to adhere to its information security plan.

“IRS had not updated key mainframe policies and procedures to address issues such as comprehensively auditing and monitoring access,” the report reads. “In addition, IRS did not include sufficient detail in its authorization procedures to ensure that access to systems was appropriate. Further, IRS had not ensured that many of its corrective actions to address previously identified deficiencies were effective.”

The IRS has taken several lumps from auditors in past 18 months. Last November, the GAO released a report saying the IRS isn’t managing and safeguarding its financial IT systems properly. Last year’s “Get Transcript” hack was a key example cited in a government-wide report that criticized the government on its cybersecurity operations.

An internal watchdog, the Treasury Inspector General for Tax Administration, has also been critical of the agency information security policies. In October 2014, TIGTA found that IRS would not meet the government’s user authentication standards until 2018.

The IRS agreed with the GAO’s recommendations.

You can read the full report here.

GAO hits IRS (again) over bad IT security

More Like This

SSA database to flag synthetic identity fraud has cost issues, GAO finds

Government websites aren’t created equal. GSA’s 10x program aims to change that

GAO finds spotty agency compliance with IDEA Act requirements

Top Stories

Data, talent, funding among top barriers for federal agency AI implementation

Announcing the 2024 FedScoop 50

House Republicans probe NIST on facial recognition for federal digital identity verification

White House’s final ‘Trust Regulation’ aims to bolster confidence in federal statistics

CISA official: AI tools ‘need to have a human in the loop’

Login.gov announces availability for facial recognition technology

More Scoops

Most agency AI inventories are ‘not fully comprehensive and accurate,’ GAO reports

Only 3 agencies have hit deadline for cyber event logging standards, GAO finds

IRS plans to test modernized taxpayer data system after 2024 filing season

Financial regulators have work to do on developing and tracking fintech skills of staff, watchdog says

National lab’s mismanagement of property put sensitive information and tech at risk, watchdog states

Watchdog calls for State Department to assess cybersecurity risks

GAO in ‘experimentation phase’ with AI model to query reports, inform its work

Latest Podcasts

A look at next week’s hearing on unidentified anomalous phenomena

Login.gov launches facial recognition option; the White House issues final Trust Regulation

HHS is working on a new AI strategic plan; Budget woes for government’s science and technology efforts

Meet the winners of the 2024 FedScoop 50; And, how the DOE sees itself counteracting the AI industry’s ‘profit motive’

Tech

Defense

Cyber

FedScoop TV