The Internal Revenue Service will not meet the Treasury Department’s 2015 goal for full compliance with a directive requiring federal agencies to issue identification cards that allow workers to gain access to federally controlled facilities and information systems, according to a new government report that found IRS officials citing the lack of enough funding and staff as the main obstacles.

The report, from the Treasury Inspector General for Tax Administration, examined the IRS’s progress in implementing Homeland Security Presidential Directive 12 (HSPD-12) requirements for accessing IRS facilities and information systems. The Treasury Department has set a goal for its bureaus to achieve 100-percent HSPD-12 compliance by fiscal year 2015.

HSPD-12 requires agencies to issue personal identity verification, or PIV, cards that meet a government-wide standard for secure and reliable forms of identification.

“Without full implementation of HSPD-12-compliant authentication, IRS facilities, networks and information systems are at an increased risk of unauthorized access,” said TIGTA Inspector General J. Russell George in a statement.

An 85 percent majority of the IRS workforce has been issued HSPD-12-compliant PIV cards, according to the report. However, full implementation of PIV card electronic authentication for accessing IRS facilities is not scheduled until at least fiscal year 2018, and only if funding is available, TIGTA found.

In addition, major challenges remain in the area of implementing PIV card electronic authentication for accessing IRS networks and information systems, the report found. These challenges include many legacy systems and technologies in use at the IRS that are incompatible with PIV cards, and limited HSPD-12 staffing and funding for resolving these conflicts.

TIGTA recommended that the IRS’s chief technology officer and chief of agency-wide shared services ensure that all IRS facilities are equipped with HSPD-12-compliant physical access control systems. TIGTA also recommended that the chief technology officer ensure that specific requirements, staffing and scheduling are identified and adequate funding requested to ensure full implementation of mandatory PIV card access to the IRS network and information systems. The IRS should also issue an agency-wide memorandum to reiterate the requirement for full PIV card adoption, the report suggested, and ensure that HSPD-12-compliant requirements are integrated in the IRS’s lifecycle management process to ensure that new and existing systems implement this requirement.

The IRS agreed with all of TIGTA’s recommendations and has planned corrective actions to address them.

“The IRS is committed to continuously improving its security posture, but we are limited by a shortage of financial resources,” wrote IRS CTO Terence V. Milholland in response to the report. “Your report recommendations will further assist us in prioritizing activities related to mitigation of security risks associated with accessing IRS facilities, networks and information systems.”

Register or login for access to this item and much more

All Accounting Today content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access