IG says IRS needs audit trails for Unix systems

IG says IRS needs audit trails for Unix systems

The IRS needs to extend more effort to monitor its Unix computers, the Treasury Department inspector general for tax administration says.

Overall, the IRS has made significant progress on improving its creation and use of systems audit trails to detect unauthorized actions on networks and systems that process sensitive data, according to a new IG report.

The IRS Office of Mission Assurance has developed an enterprisewide strategy to conduct routine reviews of system audit trails. It also has set standards for use of audit trails and implemented procedures for the review of those audits.

The service has carried out this strategy for desktop computers running Microsoft Windows and for most mainframes.

But the gathering and monitoring of audit data for Unix systems has stalled because the software the IRS bought to analyze the trail of data is not working, the IG found.

'The use of automated software to analyze the data is likely to be the difference between unused audit trail data and a robust program,' said Gordon Milbourn III, acting deputy IG for audit.

The IRS will continue to work on assuring adequate monitoring of its Unix systems, IRS mission assurance chief Daniel Galik said. But because the agency plans to replace its old Unix systems next year and has a plan in place for audits generally, agency officials want the IG to stop citing the issue as a material weakness.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected