Active Directory Oversight Needs Improvement and Criminal Investigation Computer Rooms Lack Minimum Security Controls

The Chief, CI, with assistance from the Chief Information Officer, should ensure that local Computer Operations Administrators are properly trained to understand and comply with IRS policies and procedures governing Limited Areas and provide oversight to ensure that these policies and procedures are kept current.

The Chief, CI, with assistance from the Chief Information Officer, should ensure that business units with failing configuration compliance scores are provided feedback and remediation guidance.

The Chief, CI, with assistance from the Chief Information Officer, should ensure that applications used as compliance checkers use up-to-date guidelines to provide recognized, standardized, and established benchmarks that stipulate contemporary secure configuration settings.

The Chief, CI, with assistance from the Chief Information Officer, should review all user accounts in the CI forest and ensure that they are in compliance with IRM policy regarding account disabling, quarantining, and removal and that CI AD architecture is capable of automating the process for discovering and disabling inactive accounts.

The Chief, CI, with assistance from the Chief Information Officer, should ensure that user account passwords are appropriately configured to expire and require that PIV cards be used in accordance with policy.