GAO Says IRS Still Has Computer Security Problems

The Internal Revenue Service continues to have problems with the security of its computer systems, jeopardizing the confidentiality of taxpayer information, according to a new report.

The report, by the Government Accountability Office, acknowledged that the IRS made progress last year in addressing 28 of the 89 information security weaknesses that the GAO found in 2008 during a previous audit. However, 69 percent of the weaknesses and program deficiencies remain unresolved.

For example, the IRS continued to install patches in an untimely manner and used passwords that were not complex. In addition, the IRS did not always verify that remedial actions had been implemented or effectively mitigated the security weaknesses.

The GAO recommended that the IRS take a series of some 27 actions to help fully implement its agency-wide information security program, including ensuring that contractors receive security awareness training within the first 10 working days. Most of the specific recommendations were left out of the publicly available report. The IRS agreed to develop a detailed corrective action plan addressing each of the recommendations.