U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The Internal Revenue Service Does Not Have a Cloud Strategy and Did Not Adhere to Federal Policy When Deploying a Cloud Service

Report Information

Date Issued
Report Number
2017-20-032
Report Type
Audit
Joint Report
Yes
Participating OIG
Treasury Inspector General for Tax Administration
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View Report

Recommendations

The Chief Information Officer should prioritize and complete an enterprise-wide cloud strategy that is in alignment with Federal guidance.

The Chief Information Officer should ensure that the process of managing the IRS's cloud inventory is formalized using automated methods and updated on a periodic and ongoing basis as part of the enterprise-wide cloud strategy.

The Chief Information Officer should designate an authorizing official, complete the required Federal Risk and Authorization Management Program (FedRAMP) Security Assessment Report, and issue an agency-specific Authority to Operate letter for the Form 990 cloud service.

The Chief Information Officer should ensure that the Form 990 cloud service includes a service level agreement that defines acceptable service levels to be provided by the cloud service provider in measurable terms.
Recommendation rejected by IRS