U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Compliance Data Warehouse Security Needs Improvement

Report Information

Date Issued
Report Number
2024-200-042
Report Type
Audit
Joint Report
Yes
Participating OIG
Treasury Inspector General for Tax Administration
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0

Recommendations

The Chief Data and Analytics Officer should ensure that the agency’s audit trail repository accurately displays and reports all CDW login information.

The Chief Information Officer should ensure that the Compliance and Audit Monitoring team is reviewing all required CDW actionable audit events.

The Chief Information Officer should ensure that automated mechanisms are incorporated into the actionable audit event escalation process.

The Chief Information Officer and Chief Data and Analytics Officer should develop procedures to ensure that identified vulnerabilities are timely remediated as required, and, if the required remediation time frame cannot be met, corrective action plans for unremediated vulnerabilities should be timely created based on agency security policies.

The Chief Data and Analytics Officer should develop procedures to ensure that all CDW servers are included in configuration compliance scans as required.