For the second time, the GAO says the IRS must implement an agencywide information security program to shore up information security weaknesses.
The Internal Revenue Service (IRS) must do more to address information security weaknesses in its computerized systems, the Government Accountability Office (GAO) said today in a report .
The IRS relies on those systems to help collect taxes, process returns, and enforce federal tax laws.
This is the second time the government watchdog agency has warned the IRS about information security gaps. The GAO previously identified 98 weaknesses, and today's report notes that only 29 were "corrected and mitigated" since the last review, meaning 70 percent remain.
Examples of lingering weaknesses include insufficiently complex passwords, excessive data access granted to individuals who don't need it, and slow security patch installations.
The GAO also fears that the IRS hasn't strengthened its controls to prevent network break-ins. These problems persist, says the GAO, because the IRS has yet to fully implement its agencywide information security program. Without it, GAO worries the IRS won't be able to ensure "that financial and taxpayer information is adequately protected from inadvertent or deliberate misuse, fraudulent use, improper disclosure, or destruction."
In response to the GAO report, the IRS said it will develop a "detailed corrective action plan" to fully implement the recommended agencywide information security program.