Implementation of the Taxpayer First Act Provision Regarding the Management and Purchase of Information Technology Resources Needs Improvement

Disable all software on the unauthorized list and add them to the blocked list until the user can demonstrate a business need and has obtained approval for software use in accordance with requirements.

Update the Application Control Solution Standard Operating Procedures to reflect the deny-all, permit-by-exception policy for the use of software on information systems in alignment with requirements.

The CIO should develop performance metrics to assess the ACS team’s effectiveness in managing unauthorized software.