The IT modernization effort needs to improve access controls, physical security and other key areas, a Treasury IG warns in a newly released report.
With Americans bracing for tax hikes in January if Congress and the White House can’t resolve the "fiscal cliff" budget dilemma, taxpayers’ personal data may also take a hit.
Personal information could be at risk from the IRS’ IT modernization efforts, warns the Treasury Department’s Inspector General for Tax Administration (TIGTA) in a newly released report published Dec. 4. The IG office labels the modernization program "a major risk" to the data and cites two key systems, Modernized e-File and the Customer Account Data Engine 2, or CADE 2.
The report said IRS "has made progress to improve information security and personnel safety; however, it needs to continue to place emphasis on information and physical security programs in order to ensure that policies, procedures and practices adequately address security control weaknesses."
Among the weaknesses cited were system access controls, configuration management, audit trails, physical security, remediation of security weaknesses, and oversight and coordination on security related issues.
A summary of the IG report on the TIGTA website notes that the IRS has developed and implemented significant systems since last year’s assessment, including Release 7.0 of the Modernized e-File system in January 2012 and the daily processing and database implementation projects of CADE 2.
The CADE 2 project was in the testing phase when the IG report was written in September and was expected "to be placed into production in late 2012." CADE 2 will store all individual taxpayer account data and provide that information to "select downstream IRS systems on a daily basis."
The report says IRS data integrity testing hasn't provided sufficient assurance that CADE 2 data is consistently accurate and complete. It calls for stronger traceability controls on a database meant to become the authoritative repository of taxpayer information.
"Until the IRS addresses security weaknesses, it will continue to put the confidentiality, integrity and availability of financial and taxpayer information and employee safety at risk," the report said.
The audit was initiated as part of the TIGTA Fiscal Year 2012 Annual Audit Plan and addresses the major management challenge of modernization. TIGTA is required by the IRS Restructuring and Reform Act of 1998 to annually perform an evaluation of the adequacy and security of IRS technology.
NEXT STORY: Boca Raton adds smarts to surveillance network