The Cybersecurity Data Warehouse Needs Improved Security Controls

The Chief Information Officer should ensure that employees are held accountable for not following established change management policies and procedures and completing requirements as quickly as practicable, thus putting Personally Identifiable Information (PII) at risk of exposure to unauthorized access.

The Chief Information Officer should ensure that all CSDW security documentation, including but not limited to the risk assessment and system security plans, are updated and completed as required by Federal and agency policies and procedures.

The Chief Information Officer should ensure that automated controls and processes to capture and monitor the activities of all IRS personnel with access to transactional audit logs containing taxpayer data in the CSDW are implemented.

The Chief Information Officer should ensure that a complete and accurate inventory of systems that transfer transactional audit logs containing taxpayer data to the CSDW is maintained.