Two separate Internal Revenue Service programs are making progress at improving data security, but both could use some improvement, according to two recent reports from the Treasury Inspector General for Tax Administration.
The initiatives — the Data at Rest Encryption Program and the Endpoint Detection and Response Solution — focus on different areas, but both are aimed at addressing the service’s major goal of enhancing security of taxpayer data and protection of IRS resources.
The Data at Rest Encryption Program was started to protect the enormous amount of private taxpayer data that resides in IRS systems by encrypting it while not in use. Thus far, the program has identified and tested the necessary systems, but it has not deployed them.
TIGTA recommended that the program follow the proper project management processes, and that it encrypt data before transferring it to private collection agencies. The IRS agreed with the recommendations.
The Endpoint Detection and Response Solution, meanwhile, aims to monitor and improve security around “endpoint devices,” like laptops, desktop computers, storage devices and other hardware that connect users to IRS networks and systems. The service launched the solution in May 2020 to analyze these items, and then determine if established security rules are being followed or if they reveal any signs of being compromised.
TIGTA recommended that the IRS’s chief information officer make sure all workstations are properly updated with the solution, that Homeland Security credentials are used for access to the solution, and that a process be implemented for identifying users who are no longer active. The IRS agreed with all the recommendations.
