Information Security Incidents

IRS Still Has Security Weaknesses to Address, Says GAO (April 4, 2007) According to a report from the Government Accountability Office (GAO), the IRS "has made limited progress toward correcting or mitigating previously reported information security weaknesses at two data processing sites." Two-thirds of previously identified weaknesses are still present. Areas of progress include improving password controls on servers and "enhanced audit and monitoring efforts for mainframe and Windows user activity." Problems yet to be addressed include inadequate access controls, inadequate segregation of duties and the lack of an implemented agency-wide information security program, which is required by the Federal Information Security Management Act (FISMA). GAO developed two sets of recommendations - one for the Commissioner of Internal Revenue "to take several actions to fully implement a comprehensive agency-wide information security program," and another set, limited in its scope of distribution, with recommendations for "actions to be taken to correct ... specific information security weaknesses."

Labels: IRS