IRS Improved Security But Taxpayer Data Is Still At Risk

IRSThe IRS apparently did not apply a number of security controls in the past leaving taxpayer data vulnerable to “inappropriate and undetected use, modification, or disclosure”.  Taken from a Bleeping Computer wews article,


Following an audit on IRS systems during the fiscal year 2018, the U.S. Government Accountability Office (GAO) concludes that the agency still has 127 recommendations to address, most of them from past evaluations. 107 of them result from previous audits while the latest assessment added 20 new ones. The largest part relates to access controls while others are for configuration management, segregation of duties, and contingency planning. The new recommendations in GAO’s report refer to 14 new information system security control faults in the areas mentioned above.


GAO found that the IRS still has issues with identification and authentication of users, authorization of access permissions, and encryption of sensitive information. A total of eight deficiencies were uncovered in these processes. Specifically for identification and authentication, the IRS did not enforce using certificates for digitally signing PDF files some tax documents included. The agency also failed to apply its policy for password expiration dates and to use multi-factor authentication to access certain applications. On the authorization side, GAO found that an application still had a function enabled that was not needed for business purposes but permitted some user accounts to download the app’s full database or parts of it. Another problem is that individual user accounts can access certain databases supporting tax processing systems, although it is not necessary for all of them. GAO’s audit also discovered that the IRS does not encrypt certain servers, the email service, and some database connections.”



Back to the Technology News Main Page

Not Happy with your current IT Company? Advantage Industries is here to help.

Fill out the form below to schedule a no-obligation review with Advantage.


Keith Heilveil

In 1999 Advantage Industries was created to protect and promote our client’s success through the use of innovative technology. Our company is a full services technology firm that provides computer network support and solutions, managed services, cybersecurity, and custom application development for small and medium businesses in the Maryland, DC, and Virginia areas.

Looking for something specific?

Search our blog library to find the article you need.
Tim Happel

Tim Happel

Sr. Director of Sales, PMP

Get a strategic advantage over your competitors & peers by partnering with Advantage Industries.

Yes! Please Send Me A FREE Instant Quote For IT Services

Simply fill out the form below to schedule a no obligation, no hassle technology assessment with the experts at Advantage Industries.