Date Issued
Report Number
2022-20-006
Report Type
Audit
Joint Report
Yes
Participating OIG
Treasury Inspector General for Tax Administration
Agency Wide
Yes (agency-wide)
Questioned Costs
$0
Funds for Better Use
$0
Recommendations
The Chief Information Officer should enforce current guidance to conduct periodic reviews of the scanning exception list to ensure that vulnerability scanning exceptions are properly documented and devices lacking required documentation are added back to the vulnerability scanning footprint as required.
The Chief Information Officer should ensure that privileged access scans are completed on required devices to determine the full extent of vulnerabilities affecting the installed operating systems and applications.