Treasury Inspector General for Tax Administration
March 5, 2013
TIGTA - 2013-07
Contact: David Barnes
WASHINGTON - Delays in implementing a computer security tool resulted in the lack of continuous monitoring for security issues on employee workstations at the Internal Revenue Service (IRS), according to a new audit report released today by the Treasury Inspector General for Tax Administration (TIGTA).
“Effective continuous monitoring allows security weaknesses to be promptly identified and mitigated, reducing the likelihood of a security breach,” said J. Russell George, Treasury Inspector General for Tax Administration. “Any interruption in such monitoring can jeopardize the security of computers and data and leave taxpayer information vulnerable to unauthorized disclosure and theft,” he said.
TIGTA initiated this audit to determine whether the IRS is effectively and efficiently implementing its continuous monitoring tool to monitor security settings on employee workstations and laptop computers.
TIGTA found that the IRS’s Treasury Enhanced Security Initiatives project, which includes the continuous monitoring tool for workstation security, has experienced several delays. In addition, the project’s oversight board did not take required actions to manage the delays or associated costs.
TIGTA recommended that the IRS: (1) review total actual life cycle costs for projects at least quarterly and review variances between actual costs and the originally proposed estimated costs; (2) manage costs by considering the postponement of projects with long-term delays; and (3) escalate ongoing project delays to the higher level Security Services and Privacy Executive Steering Committee.
The IRS agreed with TIGTA’s recommendations and plans to take corrective actions.
Read the report.
Note: The difference between the date TIGTA issues an audit report to the Internal Revenue Service and the date TIGTA publicly releases the report is due to TIGTA's internal review process to ensure that public release is in compliance with Federal confidentiality laws.
A special plugin is required to view PDF documents. To obtain the free PDF reader, please visit the Adobe web site.