U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Known Exploited Vulnerabilities That Remain Unremediated Could Put the IRS Network at Risk

Report Information

Date Issued
Report Number
2023-20-048
Report Type
Audit
Joint Report
No
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
View Report

Recommendations

Timely remediate all KEVs in accordance with the time frames set forth in the CISA’s KEV Catalog.

In accordance with the directive, immediately isolate or remove from the network all assets with KEVs not remediated by the established due date.

The Chief Information Officer should assess attack signature changes to determine remediation time frames for each, and update data in the asset and vulnerability repository that include signature change dates applicable to KEVs and the remediation time frame allowed for each signature change as assessed.

The Chief Information Officer should finalize standard operating procedures on internal vulnerability management and update the Internal Revenue Manual.