IRS Faulted for Cybersecurity Weaknesses
The Internal Revenue Service continues to fall short in its cybersecurity efforts, according to a new report.
The report, from the Treasury Inspector General for Tax Administration, found continued weaknesses within the IRS’s cybersecurity program in three specific areas: information security continuous monitoring, configuration management, and identity and access management. The report also spotlighted weaknesses in the IRS’s electronic authentication process controls. Other areas in need of fixes include physical security controls, backing up and restoring data, and SharePoint controls.
TIGTA has identified “Security for Taxpayer Data and IRS Employees” as the number one management and performance challenge facing the IRS for the sixth year in a row. Weaknesses in the IRS’s IT program could lead to compromised, disrupted, or outdated computer operations, the report warned.
The IRS has been updating its systems to discourage identity theft and tax refund fraud, the report acknowledged. During the 2016 filing season, the IRS added three new data elements to its Return Review Program, and as of March 25, the IRS caught $72 million in suspected tax return refund fraud thanks to the new data elements. The IRS has been testing more new data elements that it may implement in the future.
In response to legislation passed by Congress, the IRS has continued to develop systems to implement the Affordable Care Act and other tax law changes.The agency successfully tested the functionality and security of the Affordable Care Act Compliance Validation System. The IRS has also built the Foreign Account Tax Compliance Act Program Withholding & Refund Release 2.0 system to deal with FATCA requirements, but the report said the system has not delivered the intended results. TIGTA also reported on concerns about the IRS’s information technology contract administration controls and the enterprise e-mail acquisition.