Taxpayer Digital Communications Platform Security and Access Controls Need to Be Strengthened

IRS Cloud Continuous Monitoring Strategy Standard Operating Procedures is updated requiring that security reviews for continuous monitoring begin when the CSP is first FedRAMP authorized.

FedRAMP security reviews for continuous monitoring are conducted to ensure that the AWS GovCloud’s security posture remains sufficient for the TDC platform.

The Chief Information Officer should ensure that adequate oversight is provided to ensure that eGain MSP personnel timely upgrade antivirus software in accordance with IRM requirements.

Management oversight is provided to ensure that the eGain MSP timely remediates identified security vulnerabilities in accordance with the remediation time frames for Internet-accessible systems.

The IRS System Security Plan for Taxpayer Digital Communications is updated to reflect the correct vulnerability remediation time frame and that the TDC platform is an Internet-accessible system.