Date Issued
Report Number
2020-20-045
Report Type
Audit
Joint Report
Yes
Participating OIG
Treasury Inspector General for Tax Administration
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
Recommendations
The Chief Information Officer should ensure that personnel are properly trained to understand and comply with IRS policies and procedures governing hardware asset management.
The Chief Information Officer should establish a reconciliation procedure that includes communication between the affected functions that update and validate the IBM mainframe platform hardware asset inventory.
The Chief Information Officer should develop and approve a risk-based decision for deviating from IRM 10.8.32, which requires mainframe computers to automatically update malicious code protection mechanisms, and configure these mechanisms to perform weekly scans of the information system.
The Chief Information Officer should ensure that the CARD Data Collection Matrix is updated with procedures to include validated subject matter experts, data sources, and all reportable mainframe logical partitions connected to unclassified networks to ensure that accurate information is reported to the Department of the Treasury.