WASHINGTON - The Internal Revenue Service (IRS) is making steady progress toward complying with a Federal Government initiative to improve the security of external computer network connections, though improvements could be made.
That is a finding of a new report publicly released today by the Treasury Inspector General for Tax Administration (TIGTA).
The Office of Management and Budget's Trusted Internet Connection (TIC) initiative aims to improve agencies' security posture and incident-response capabilities through enhanced monitoring and situational awareness of all external network connections.
TIGTA evaluated the IRS's three TICs to ensure that the connections comply with Department of Homeland Security requirements. The Administration expects Federal agencies to achieve 100 percent compliance with TIC requirements by Fiscal Year 2014.
Although the IRS has made good progress implementing the TIC requirements, TIGTA's review revealed areas where improvements could strengthen the security posture of the TICs. For example, the IRS:
- Was not logging administrative activity on TIC equipment;
- Had not completed actions to fully implement TIC requirements for a data loss prevention program; and
- Was not regularly scanning TIC equipment to ensure timely discovery and mitigation of vulnerabilities or misconfigurations.
TIGTA made six recommendations to the IRS's Chief Technology Officer, including: capturing and reviewing administrator activity on TIC devices; implementing a data loss prevention solution; and implementing vulnerability scans on TIC equipment. The IRS agreed with all of TIGTA's recommendations and has planned appropriate corrective actions to address them.