TREASURY INSPECTOR GENERAL
FOR TAX ADMINISTRATION
THE GENERAL CONTROLS ENVIRONMENT OVER THE
INTERNAL REVENUE SERVICE'S UNISYS 2200
SYSTEMS CAN BE IMPROVED
Reference No. 199920063
The Internal Revenue Serviceís (IRS) Unisys 2200 mainframe computers are an integral part of its tax processing system. Virtually all transactions affecting a taxpayerís account are processed through these Unisys systems before being posted to the full taxpayer account on IRSí Masterfile database. The Unisys systems process tax returns that are sent to IRSí service centers by taxpayers. In addition, these systems house databases used by the Integrated Data Retrieval System for on-line retrieval of taxpayer information. The IRS will be migrating from a Unisys 2200 to a Unisys 4800 environment as part of the service center mainframe consolidation and will be operating under a more current version of the operating system.
The overall objective of the review was to determine whether general controls in place over the Unisys 2200 operating system are sufficient to protect sensitive data. The scope of this review encompassed system policies as they relate to security controls. We conducted our review in the IRSí National Office and on-site at the Andover (ANSC) and Austin (AUSC) Service Centers and the Martinsburg Computing Center (MCC). In addition, we reviewed system reports from the Cincinnati, Fresno, and Philadelphia Service Centers.
The general controls over the operating system environment of the Unisys 2200 mainframe computers are adequately defined to protect sensitive data. Specifically, each user is uniquely recognized and verified by the operating system. In addition, discretionary access controls (e.g., file ownership and access control records) are enforced through the security software residing on the mainframe computer. Access to most sensitive taxpayer data files, as well as any security-related actions, are monitored by management.
We identified several areas in which controls could be adhered to more uniformly and where procedures should be established to provide improved system control, security, and standardization. Memoranda dealing with site-specific control weaknesses have been issued to the responsible local officials. This report addresses systemic issues that require corrective actions throughout the IRS.
Although the Unisys 2200 mainframe computers will become obsolete due to the IRSí mainframe consolidation efforts, steps need to be taken now to better prepare the Unisys 2200 systems for consolidation. In addition, due to the similarities in the operating systems of both systems, control improvements identified on the Unisys 2200 systems should also be implemented on the Unisys 4800 systems to improve its control environment.
Access to Sensitive Taxpayer Data Files by System Users Is Not Always Reported to Management
Over 6,200 files at the 5 service centers are established in a way that permits any system user to view their contents. From a judgmentally selected sample of 109 such files at the ANSC and AUSC, we identified 10 files that contained taxpayer data. Since these files are not properly recorded on the system, accesses to them are not recorded on weekly reports used by management to monitor access to taxpayer data by system users.
Access Control Settings Are Not Consistent among Some Common System Files
Over 10 percent of the files common to the Unisys production environment at 4 service centers contain inconsistencies in access control settings, such as file ownership and clearance (security) levels. The inconsistencies appear to be an unintentional side effect of actions taken to recover files or solve system problems. These inconsistencies may cause problems in the Unisys 4800 consolidated environment. The Office of Management and Budget (OMB) suggests that part of a consolidation strategy should be the development of a plan to optimize data center operations, which would be achieved in part through standardization of the operating system.
Many Cataloged Files Have No Owner Designated or Are Not Owned by Current System Users
Over 1,200 files at 5 service centers were either recorded without an assigned owner or assigned to a user-identification (user-id) that was no longer active on the system. Files with incorrect ownership assignments can cause problems during the consolidation from the Unisys 2200 to the Unisys 4800 environment. MCC personnel informed us that problems arose in moving improperly owned files during the mock move between the Brookhaven Service Center and MCC. Although a temporary solution was found for the actual conversion, the solution left the IRS with the continued existence of improperly owned files. Internal Revenue Manual (IRM) guidelines do not address the need to reassign ownership for the files meeting these two conditions.
Use of the System MASTER Account Is Not Traced to Individual System Users
In the current Unisys 2200 environment, there is no mechanism available to account for individual use of the MASTER user-id for the system. The MASTER user-id on the Unisys 2200 is one of the most powerful user-ids on the system, enabling its user to access all areas of the system. Although the MASTER user-id was used primarily by the security analysts at ANSC and AUSC as their sole user-id, several other users also had access to the password in emergency situations. The IRM requires that the system security officer or systems administrator be able to selectively audit the actions of one or more users based on individual identity. These audits should include all actions of the MASTER user-id.
The User Profile Deviation Process Has Not Been Working as Intended
Our review of deviation forms used to request modifications to standard Unisys 2200 user profiles indicated that a number of profile changes made by the service center personnel had not been reviewed or signed by the responsible IRS National Office functions. These omissions were due in part to required IRS National Office functions not receiving the deviation forms for review. The IRSí Unisys 2200 Access Standards require completion and approval of a deviation form when changes to the standard profiles are needed for system users to perform their duties. Since the security system of the Unisys 2200 system is very complex, modifications made without proper review and approval can have unforeseen serious consequences.
Several Treasury and Office of Management and Budget Requirements for Automated Information Systems Have Not Been Met on the Unisys 2200 Mainframes
Department of Treasury directives require that all Treasury automated information systems transmitting sensitive but unclassified information meet a C2 level of protection (see Appendix V). The IRSí Unisys 2200 systems are operating in a non-C2 compliant environment and without an approved waiver of compliance. In addition, we were unable to locate documentation for the testing of the systemís security features.
The OMB requires that controls over general support systems include a system security plan. The OMB also requires that Federal agencies determine the adequacy of their systemsí security, which may be conducted using a risk-based approach. We were unable to locate documentation of risk factors or a security plan for the Unisys 2200 systems.
Managementís Response: IRS management agreed with the facts cited in the report and is taking appropriate corrective action. Managementís comments are included in the body of the report, where appropriate, and a complete text appears as Appendix VII.