IRS not Adequately Protecting Sensitive Financial, Taxpayer Data, GAO Says
The IRS isn't adequately protecting financial and sensitive taxpayer data, said a GAO report Monday. The IRS continued to focus on better securing information systems in fiscal 2015 by restricting access to certain financial applications and moving toward multifactor authentication,…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
said congressional investigators. But they said "significant control deficiencies remained." For instance, the agency hasn't implemented functionality to identify and authenticate users through proper password settings nor appropriately restricted access to servers. The IRS also hasn't encrypted sensitive data or audited and monitored systems to ensure compliance. "In addition, unpatched and outdated software exposed IRS to known vulnerabilities," the report said. Unless the agency effectively implements elements of its information security program such as updating policies, testing and evaluation procedures and other steps, financial and taxpayer data will remain "unnecessarily vulnerable," GAO said.