The IRS will not meet its parent Treasury Department’s 2015 goal of being in full compliance with Homeland Security Presidential Directive 12, which requires agencies to issue personal identity verification cards that meet a governmentwide standard for secure and reliable forms of identification, an audit has concluded.
“Without full implementation of HSPD-12-compliant authentication, IRS facilities, networks, and information systems are at an increased risk of unauthorized access,” said J. Russell George, Treasury Inspector General for Tax Administration.
The IG found that while 85 percent of the IRS workforce has been issued HSPD-12 compliant personal identity verification cards, full implementation of authentication for accessing facilities will not be ready until at least fiscal 2018—and even only then if funding is available. It said the agency also faces challenges including the many legacy systems and technologies in use that are incompatible with PIV cards, and limited HSPD-12 staffing and funding for resolving the conflicts.
The IRS agreed with the recommendations to: ensure that specific requirements, staffing, and scheduling are identified and adequate funding requested to ensure full implementation of mandatory PIV card access to the IRS network and information systems; issue an IRS-wide memorandum to reiterate the requirement for full PIV card adoption; and ensure that HSPD-12-compliant requirements are integrated in the IRS’s lifecycle management process to ensure that new and existing systems implement this requirement.
The report is here: http://www.treasury.gov/tigta/auditreports/2014reports/201420069fr.pdf
