News

US tax agency systems are insecure

Antony Savvas

Taxpayer information held on the US Internal Revenue Service (IRS) computers is still at risk because of continuing security control weaknesses.

A report by the US Government Accountability Office (GAO) says, “These weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification or loss, possibly without detection, and place IRS operations at risk of disruption.”

The GAO assessed IRS progress in correcting previously reported information security weaknesses at two sites, and determined whether controls in place ensured the confidentiality, integrity and availability of taxpayers’ data.

Although the GAO found that the IRS had made some progress, it found the tax collection agency had failed to fix 40 previously reported IT security flaws. In addition, it found new weaknesses too.

For instance, the IRS had not put in place effective access controls for network management, user accounts and passwords, and user rights and file permissions.

It also failed on the logging and monitoring of security-related events.

The IRS had also failed to physically secure computer resources, and to prevent unauthorised changes to system software.

“Until the IRS fully implements a comprehensive agency-wide information security programme, its facilities and computing resources, and the information that is processed, stored and transmitted, will remain vulnerable,” said the GAO report.

The IRS has told the GAO it is now addressing the reported problems across its operations.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy