Pulse

By GCN Staff

Blog archive
IRS tax form

IRS modernization could expose taxpayer data

With Americans bracing for tax hikes in January if Congress and the White House can’t resolve the "fiscal cliff" budget dilemma, taxpayers’ personal data may also take a hit.

Personal information could be at risk from the IRS’ IT modernization efforts, warns the Treasury Department’s Inspector General for Tax Administration (TIGTA) in a newly released report published Dec. 4. The IG office labels the modernization program "a major risk" to the data and cites two key systems, Modernized e-File and the Customer Account Data Engine 2, or CADE 2.

The report said IRS "has made progress to improve information security and personnel safety; however, it needs to continue to place emphasis on information and physical security programs in order to ensure that policies, procedures and practices adequately address security control weaknesses."

Among the weaknesses cited were system access controls, configuration management, audit trails, physical security, remediation of security weaknesses, and oversight and coordination on security related issues.

A summary of the IG report on the TIGTA website notes that the IRS has developed and implemented significant systems since last year’s assessment, including Release 7.0 of the Modernized e-File system in January 2012 and the daily processing and database implementation projects of CADE 2.

The CADE 2 project was in the testing phase when the IG report was written in September and was expected "to be placed into production in late 2012." CADE 2 will store all individual taxpayer account data and provide that information to "select downstream IRS systems on a daily basis."

The report says IRS data integrity testing hasn't provided sufficient assurance that CADE 2 data is consistently accurate and complete. It calls for stronger traceability controls on a database meant to become the authoritative repository of taxpayer information.

"Until the IRS addresses security weaknesses, it will continue to put the confidentiality, integrity and availability of financial and taxpayer information and employee safety at risk," the report said.

The audit was initiated as part of the TIGTA Fiscal Year 2012 Annual Audit Plan and addresses the major management challenge of modernization. TIGTA is required by the IRS Restructuring and Reform Act of 1998 to annually perform an evaluation of the adequacy and security of IRS technology.

Posted by David Hubler on Dec 06, 2012 at 9:39 AM


Featured

  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.