*********2******** Platform Management Needs Improvement

The Chief Information Officer should evaluate and implement controls to provide an age tracking capability for vulnerabilities detected by the configuration compliance-scanning tool.

The Chief Information Officer should Update the checklist adjudication process to include a reconciliation, documentation, and tracking of checks required by the IRS but not included in the vendor checklist used by the configuration compliance-scanning tool. Also, ensure that Security Requirements Checklists are timely updated with the current DISA security guide and implemented.

The Chief Information Officer should ensure that credentialed scans are completed on the Platform’s servers to determine the full extent of vulnerabilities affecting the installed operating systems and applications.

The Chief Information Officer should ensure that the backlog of vulnerabilities in the Platform is immediately resolved.

The Chief Information Officer should review the Platform’s patching processes to ensure that a process exists to track all patch-related vulnerabilities.