Updating Computer Room and Tape Library Physical Access Controls at the Computing Centers Will Significantly Improve Security

The Chief, AWSS, should update the ePACS policy, specifically, the Physical Security Operations Guide and the ePACS Operation Manual, to require testing of the programming of impacted cards when a door group is established or modified, and annually to ensure that access is properly controlled to restricted or limited areas.

The Chief, AWSS, should implement a FIPS 201 compliant two-factor authentication for the computer rooms and tape library at the ECC-Memphis.

The Chief, AWSS, should repair or update security surveillance equipment and ensure that the automatic security camera pan functions properly at the perimeters of limited areas when an alarm is triggered.

The Chief, AWSS, should update and include details in procedures and guidelines for monitoring physical intrusion alarms and surveillance equipment, such as security camera monitoring and recording; automatic back-up capabilities for the Digital Video Recorders (DVR); and an alarm to alert security personnel when an active DVR has failed.

The Chief Information Officer, in coordination with the Chief, Agency-Wide Shared Services (AWSS), should align IRS policy and procedures with the Homeland Security Presidential Directive 12 (HSPD-12) and Office of Management and Budget Memorandum M-05-24 by ensuring that employees and contractors working for more than six months are issued a PIV card with the appropriate access including limited area access, which can be authenticated by the ePACS.