Delays in implementing a computer security tool resulted in the lack of continuous monitoring for security issues on employee workstations at the Internal Revenue Service, according to a new report.
The
“Effective continuous monitoring allows security weaknesses to be promptly identified and mitigated, reducing the likelihood of a security breach,” said TIGTA Inspector General J. Russell George in a statement. “Any interruption in such monitoring can jeopardize the security of computers and data and leave taxpayer information vulnerable to unauthorized disclosure and theft.”
TIGTA initiated the audit to determine whether the IRS is effectively and efficiently implementing its continuous monitoring tool to monitor security settings on employee workstations and laptop computers.
TIGTA recommended that the IRS review the total actual life cycle costs for projects at least quarterly and review variances between actual costs and the originally proposed estimated costs. The report also suggested the IRS manage costs by considering the postponement of projects with long-term delays, and escalate ongoing project delays to the higher level Security Services and Privacy Executive Steering Committee.
The IRS agreed with TIGTA’s recommendations and plans to take corrective actions.
“The security and privacy of taxpayer information is of utmost importance to us, and your report recommendations will further assist us in continuing to improve our information technology security posture,” wrote IRS chief technology officer Terence V. Milholland in response to the report.