Taxpayer Digital Communications Platform Security and Access Controls Need to Be Strengthened

The Chief Information Officer should ensure that the Counter Insider Threat Operations branch starts reviewing the audit trails for the TDC platform.

The Chief Information Officer should reconcile between users having authorizations in the BEARS and users having access to the TDC platform and resolve any discrepancies identified by adding or removing the authorization or user account based upon whether there is a business need for access.

Develop a process and ensure adequate oversight is provided to ensure that Contact Center Support division personnel timely disables, quarantines, and removes user accounts for inactivity in accordance with IRM requirements.

Ensure that Contact Center Support division personnel, including contractors, are aware of user account management requirements.

Ensure that password settings for local user accounts are configured to expire in accordance with IRM requirements.