The TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION (TIGTA) conducts a yearly audit to “assess the adequacy and security of the IRS’s information technology.”
Problems were reported in the IRS’s handling of the privacy of taxpayer data, access controls, system environment security, information system boundary components, network monitoring and audit logs, disaster recovery, roles and responsibilities, and separation of duties, as well as security policies, procedures, and documentation.
Two of five function areas of the IRS’s Cybersecurity Framework were rated “not effective,” namely its ability to identify its cybersecurity risks, and its ability to detect cybersecurity incidents. In both areas, TIGTA said that the IRS had defined policies, procedures and strategies, but that they were not consistently implemented, leaving taxpayer information at risk.
Attorney Steven A. Leahy discusses the report and its impact on taxpayer data.