U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology: SharePoint Controls Need Improvement to Mitigate Risks and to Ensure That Possible Duplicate Costs Are Avoided

Report Information

Date Issued
Report Number
2016-20-075
Report Type
Audit
Joint Report
Yes
Participating OIG
Treasury Inspector General for Tax Administration
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View Report

Recommendations

The Chief Information Officer should ensure that an automated tool is identified, deployed, and routinely executed to identify SharePoint sites containing PII and SBU data.

The Chief Information Officer should ensure that SharePoint site collections containing PII or SBU data have approved PCLIAs.

The Chief Information Officer should ensure that an SA&A considers the SharePoint product, sites, and data within the appropriate authorization boundary and assesses key security controls.

The Chief Information Officer should coordinate with the respective business unit commissioners to ensure that the SharePoint site collection owners and administrators enable audit trails of key user activities on their sites and that they review audit trails on a regular basis.

The Chief Information Officer should coordinate with the respective business unit commissioners to ensure that SharePoint site owners and administrators perform quarterly reviews of user accesses in order to ensure that only authorized users with a business need have access to perform their assigned responsibilities.