Some IRS Security Program Areas Not Compliant under FISMA

By Jason Bramwell
 
A new report from the Treasury Inspector General for Tax Administration (TIGTA) stipulated that until the IRS takes steps to fully implement all eleven security program areas covered by the Federal Information Security Management Act of 2002 (FISMA), "taxpayer data will remain vulnerable to inappropriate use, modification, or disclosure  possibly without being detected."
 
Under FISMA, which was enacted to strengthen the security of information and systems within federal government agencies, the Offices of Inspectors General are required to perform an annual independent evaluation of each federal agency's information security programs and practices. 
 
In Treasury Inspector General for Tax Administration  Federal Information Security Management Act Report for Fiscal Year 2013, TIGTA reported it found the IRS was not compliant with FISMA requirements in two of the eleven security program areas: configuration management and identity and access management. 
 
According to TIGTA, the two areas did not meet the level of performance specified by the Department of Homeland Security (DHS) FY 2013 Inspector General Federal Information Security Management Act Reporting Metrics due to the majority of the DHS-specified attributes being missing or not working as intended. 
 
While generally compliant, three security program areas  incident response and reporting, security training, and remote access management  were not fully effective due to one program attribute that was missing or not working as intended, according to TIGTA. 
 
The remaining six security program areas included all of the program attributes specified by the FISMA reporting metrics. Those security program areas included:
  1. Continuous monitoring management
  2. Risk management
  3. Plan of action and milestones
  4. Contingency planning
  5. Contractor systems
  6. Security capital planning
"The IRS collects and maintains a significant amount of personal and financial information on each taxpayer," the report stated. "As custodians of taxpayer information, the IRS has an obligation to protect the confidentiality of this sensitive information against unauthorized access or loss. Otherwise, taxpayers could be exposed to invasion of privacy and financial loss or damage from identity theft or other financial crimes." 
 
TIGTA stated it does not include recommendations as part of its annual FISMA evaluation and reports only on the level of performance achieved by the IRS using the guidelines issued by the DHS for the applicable FISMA evaluation period.
 

You may like these other stories...

IRS must take oath on Lerner emails: judgeMackenzie Weinger of Politico reported on Thursday that a federal judge ordered the IRS to explain under oath how it lost emails connected to Lois Lerner, the ex-IRS official at the...
The Republican-controlled House of Representatives passed a bill on Friday morning that would permanently extend the bonus depreciation tax break for businesses.The measure, HR 4718, which was crafted by Representative Pat...
The Republican-led House of Representatives is expected to pass a bill this week that would permanently extend the bonus depreciation tax break. But don’t expect President Obama to sign it.The Obama administration said...

Upcoming CPE Webinars

Jul 16
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
Jul 17
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
Jul 23
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.