The Data at Rest Encryption Program Has Made Progress With Identifying Encryption Solutions, but Project Management Needs Improvement

The Chief Information Officer should ensure that the Data at Rest Encryption program follows Enterprise Life Cycle (ELC) requirements, including those for regular milestone exits prior to deployment to a production environment, and ensure that ELC artifacts are reviewed, updated, and approved as required.

The Chief Information Officer should ensure that the Data at Rest Encryption program follows the established process to develop and baseline the Integrated Master Schedule, and verify the existing schedule information is accurate, including realistic time frames and task start and end dates.

The Chief Information Officer should ensure that the Data at Rest Encryption program receives adequate management oversight, including following established processes, to timely address significant changes to the DARE program scope, risks, or constraints.

The Chief Information Officer should ensure that data at rest is encrypted prior to being transferred from the IRS to the Private Collection Agencies.