U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Actions Have Been Taken to Improve the Privacy Program; However, Some Privacy Controls Have Not Been Fully Implemented and Assessed

Report Information

Date Issued
Report Number
2023-20-034
Report Type
Audit
Joint Report
Yes
Participating OIG
Treasury Inspector General for Tax Administration
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View Report

Recommendations

The Chief Privacy Officer should develop a process to track and ensure that preparers of rejected PCLIAs complete the appropriate privacy awareness training as required.

Prioritize the implementation of the remaining NIST, SP 800-53, Revision 5, privacy controls not assessed in FISMA Year 2022 to ensure adherence to Federal requirements.

Ensure that all assessed privacy control results are correctly applied to all fields in the new assessment and monitoring system and captured in the SSPs.

The Chief Privacy Officer should ensure that privacy controls for cloud systems are implemented within one year from when updated FedRAMP guidance is approved and released. However, if this is not feasible, the privacy controls should be implemented following the current established continuous monitoring testing plan.

The Human Capital Officer should implement a process to track and monitor compliance with privacy training requirements for all contractors.