The Remediation of Configuration Weaknesses and Vulnerabilities in the Registered User Portal Should Be Improved

The Chief Information Officer should ensure that the Enterprise Technology Implementation Division conducts a review of all internal risk-based decisions to ensure that: 1) at least a ***2*** exists for the vulnerabilities; 2) the *******2**********; and 3) the ***2*** accurately reflect the type of vulnerabilities that the technical team is addressing.

The Chief Information Officer should ensure that the contractor provides an accurate accounting of the status of vulnerabilities in reports that it shares with the IRS.

The Chief Information Officer should ensure that the contractor performs, at a minimum, an annual reconciliation of the IEP inventory in the CMDB to ensure that it includes the components outlined in the System Security Plan and ******2****** to support effective component accountability.

The Chief Information Officer should ensure that the Cybersecurity organization validates that the system inventory is reviewed as part of its next annual security assessment to ensure that it includes the component information deemed necessary as outlined in ********2******** and *******2*******.