The Endpoint Detection and Response Solution Has Been Deployed to Most Workstations and Is Operating As Intended, but Improvements Are Needed

The Chief Information Officer should ensure that User and Network Services personnel promptly review the workstations in the in use inventory status and on the network to ensure that the Endpoint Detection an d Response solution is properly deployed to all workstations.

The Chief Information officer should ensure that the Endpoint Detection and Response solution is deployed on all workstations that will be brought online and used for IRS business prior to being issued to users.

The Chief Information Officer should ensure that User and Network Services personnel inform the Cybersecurity function of systems no longer on the network (e.g., retired, stolen, or excessed) so it can update its Endpoint Detection and Response inventory list when assets are no longer viable within the enterprise.

The Chief Information Officer should ensure that Homeland Security Presidential Directive-12 credentials are used for access to the Endpoint Detection and Response solution, as required for access to all systems.

The Chief Information Officer should develop an effective process to identify all Endpoint Detection and Response solution users who are inactive beyond time requirements.