The IRS Has Improved Audit Trail Collection; However, Not All Audit Trail Data Are Being Collected and User Account Controls Need Improvement

The Chief Information Officer should implement a method of mapping OMB Memorandum M-21-31 requirements for all IRS systems to track and demonstrate compliance.

The Chief Information Officer should develop and implement a plan to ensure event logging data are collected from all systems that contain PII and FTI in accordance with IRM requirements.

The Chief Information Officer should direct a taxonomy reconciliation effort across the enterprise to standardize the IRS taxonomy to ensure the Next Generation ESAT program has a complete and accurate inventory of systems for its data repository.

The Chief Information Officer should ensure that the Next Generation ESAT program periodically validates receipt of required audit trail data from all source systems.

The Chief Information Officer should ensure that user inactivity on its data repository is monitored, and actions are taken on user accounts in accordance with the IRS Cloud Computing Security Policy IRM requirements.