The Treasury Inspector General for Tax Administration (TIGTA) has decided that certain information security programs and practices of the Internal Revenue Service (IRS) failed to meet US Federal Information Security Modernization Act (FISMA) requirements.
During its annual evaluation for the 2015 fiscal year, TIGTA found that the IRS’s Information Security Program generally complied with the FISMA requirements. However, three security program areas – Continuous Monitoring Management, Configuration Management, and Identity and Access Management – failed to meet those requirements overall, because they were lacking many of the performance attributes specified by the Department of Homeland Security.
TIGTA stated: “Until the IRS takes steps to improve its security program deficiencies and fully implement all security program areas in compliance with FISMA requirements, taxpayer data will remain vulnerable to inappropriate and undetected use, modification, or disclosure.”
“The IRS collects and maintains a significant amount of personal and financial information about taxpayers,” said J Russell George, the TIGTA. “As custodians of this sensitive information, the IRS has an obligation to protect it against unauthorized access or loss.”
Concern has risen this year about the extent of tax fraud linked to identity theft in the United States. The problem is being seen as particularly pressing after the IRS recently admitted that the personal information of 334,000 taxpayers was compromised during the data breach in May this year.
SOURCE: Mike Godfrey | Tax-News.com