The IRS needs to address information security control weaknesses that place financial and taxpayer data at risk, GAO has said.
It said the agency continues to make progress in addressing information security control weaknesses and improving its internal control over financial reporting but that remaining weaknesses could affect the confidentiality, integrity, and availability of financial and sensitive taxpayer data.
For example, the agency does not always install appropriate patches on all databases and servers to protect against known vulnerabilities, sufficiently monitor database and mainframe controls, or appropriately restrict access to its mainframe environment, according to GAO-14-405.
It traced the weaknesses to ineffective implementation of portions of the agency’s information security program.
