IRS corrected just 29 of 105 weaknesses it previously identified. GAO also found 13 of the 29 fixes were incomplete or done improperly.The problem, auditors said, was not lack of policy but a lack of follow-through. The weaknesses mostly dealt with inside threats and weak internal controls on taxpayer information rather than outside breaches or attacks.
GAO said the IRS should take six steps in order to implement its overall information security program. It also listed 23 specific actions to fix newly detected control weaknesses. The IRS agreed to develop a plan of action to address all of these issues.
This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.
Tom Temin is the host of The Federal Drive, which airs from 6-8 a.m. on 1500 AM in the Washington, D.C. region and online everywhere. Tom has 30 years experience in journalism, mostly in technology markets. Before coming to Federal News Radio, he was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines.