The IRS needs to improve the oversight its computer systems and taxpayer data as it expands its use of wireless technology, the Treasury Inspector General for Tax Administration has said.
After reviewing wireless practices at the IRS’s National Distribution Center in Bloomington, Ind., TIGTA said the agency has established a wireless security policy that was generally in compliance with federal standards; deployed continuous monitoring procedures for detecting rogue wireless access points and other computing devices; and, used a virtual private network to facilitate the secure transfer of sensitive data during remote access using wireless technology.
However, the IG said some employees were using personal unauthorized wireless devices on their laptops to connect to the IRS network, and that the agency allowed about 300 employees to access the IRS network remotely before properly testing and approving the software they used to do it.
TIGTA said the agency agreed to implement automated nationwide network scans for unauthorized wireless activity, devices, and software as well as to resume monitoring of the WLAN at the National Distribution Center at appropriate intervals to ensure all files are set in accordance with IRS security policy.
The IRS disagreed, however, that its security policy requires it to complete a security assessment and authorization on wireless technologies that it is piloting or demonstrating.
