The Big Data Analytics General Support System Security Controls Need Improvement

The Chief Information Officer should ensure that the security change management process is followed prior to new information systems being introduced to the IRS infrastructure and for changes to existing information systems.

The Chief Information Officer should ensure that a new Memorandum of Understanding between the BDA office and the Applications Development organization is established to reflect all changes in responsibilities as a result of the IPM system's transition to the BDA GSS security boundary.

The Chief Information Officer should evaluate the IPM system non-inherited security controls and ensure that these controls are included in the BDA GSS System Security Plan.

The Chief Information Officer should enforce current request and approval policy for all the BDA GSS database administrator accounts and service accounts to ensure that these accounts are compliant with the Online 5081 application requirements and that access is still required.

The Chief Information Officer should ensure that all IPM system interfacing entities have properly completed and approved Interface Control Documents and all future Interface Control Documents follow existing guidance.