IRS information security still poor
January 2008
The Internal Revenue Service continues to have “pervasive” information security weaknesses that put taxpayer information at risk, and it has made limited progress in fixing dozens of problems the U.S. Government Accountability Office (GAO) has previously identified, according to a GAO report released Tuesday. The IRS, the tax-collecting arm of the U.S. government, has “persistent information security weaknesses that place [it] at risk of disruption, fraud or inappropriate disclosure of sensitive information,” the GAO report said. The agency, which collected about $2.7 trillion in taxes in 2007, has fixed just 29 of 98 information security weaknesses identified in a report released last March, the new report said. “Information security weaknesses -- both old and new -- continue to impair the agency’s ability to ensure the confidentiality, integrity and availability of financial and taxpayer information,” the GAO report said. “These deficiencies represent a material weakness in IRS’s internal controls over its financial and tax processing systems.” The GAO has issued multiple reports blasting IRS information security in recent years. The latest report described an IRS data center that took more than four months to install critical patches to server software. At one IRS data center, about 60 employees had access to commands that would allow them to make “significant” changes to the operating system, the GAO said. At two data centers, administrator access to a key application contained unencrypted data log-ins, potentially revealing users’ names and passwords. Three IRS sites visited by GAO auditors had computers or servers with poor password controls, the GAO said. The IRS also had lax physical security controls in place for protecting IT facilities, the GAO report said. One data center allowed at least 17 workers access to sensitive areas when their jobs did not require it, the GAO said. The IRS’s acting commissioner said the agency made significant progress in fixing information security problems during 2007, and in a letter to the GAO, said “While we agree that we have not yet fully implemented critical elements of our agency-wide information security program, the security and privacy of taxpayer information is of great concern to the IRS.”
The Internal Revenue Service continues to have “pervasive” information security weaknesses that put taxpayer information at risk, and it has made limited progress in fixing dozens of problems the U.S. Government Accountability Office (GAO) has previously identified, according to a GAO report released Tuesday. The IRS, the tax-collecting arm of the U.S. government, has “persistent information security weaknesses that place [it] at risk of disruption, fraud or inappropriate disclosure of sensitive information,” the GAO report said. The agency, which collected about $2.7 trillion in taxes in 2007, has fixed just 29 of 98 information security weaknesses identified in a report released last March, the new report said. “Information security weaknesses -- both old and new -- continue to impair the agency’s ability to ensure the confidentiality, integrity and availability of financial and taxpayer information,” the GAO report said. “These deficiencies represent a material weakness in IRS’s internal controls over its financial and tax processing systems.” The GAO has issued multiple reports blasting IRS information security in recent years. The latest report described an IRS data center that took more than four months to install critical patches to server software. At one IRS data center, about 60 employees had access to commands that would allow them to make “significant” changes to the operating system, the GAO said. At two data centers, administrator access to a key application contained unencrypted data log-ins, potentially revealing users’ names and passwords. Three IRS sites visited by GAO auditors had computers or servers with poor password controls, the GAO said. The IRS also had lax physical security controls in place for protecting IT facilities, the GAO report said. One data center allowed at least 17 workers access to sensitive areas when their jobs did not require it, the GAO said. The IRS’s acting commissioner said the agency made significant progress in fixing information security problems during 2007, and in a letter to the GAO, said “While we agree that we have not yet fully implemented critical elements of our agency-wide information security program, the security and privacy of taxpayer information is of great concern to the IRS.”
posted by arkietechs at 6:41 AM
0 Comments:
Post a Comment
<< Home