The Internal Revenue Service has made slow progress in implementing federally required security settings on nearly 100,000 desktop and laptop computers, said a newly released report.
The
According to the report, the delays in implementing the settings were due to the untimely creation of a project team in January of 2008 to implement the settings, a week before the deadline for completing the installation. Once created, the team did not follow basic project management practices. The report also found that the IRS has not implemented an automated monitoring tool to detect and monitor changes to the settings after installation. In addition, the IRS has not modified its software contracts to ensure that new software operates properly with the settings.
“This report reveals a troubling situation,” said Treasury Inspector General for Tax Administration J. Russell George in a statement. “The security of IRS computers is critical. Taxpayers have every right to expect that the IRS protect their privacy and personal information to the highest possible degree. Without a complete set of security settings on employees’ computers, the IRS is at risk of business disruption and unauthorized access to taxpayer data.”
TIGTA recommended that the IRS improve its technology project management practices, consider acquiring an automated monitoring tool and prioritize the updating of software contracts. The IRS agreed with TIGTA’s recommendations.
