The Internal Revenue Service (IRS) is making significant progress to improve computer security at its facilities. IRS has acknowledged the seriousness of its computer security weaknesses, consolidated overall responsibility for computer security management within one office under its Chief Information Officer, reevaluated its approach to computer security management, and developed a high-level plan for mitigating weaknesses cited by GAO. (See GAO/AIMD-97-49, Apr. 1997.) GAO found that IRS has addressed the risks associated with 63 percent of the weaknesses discussed in that report. Despite this progress, serious weaknesses persist at five facilities GAO visited during its earlier audit, and GAO identified additional weaknesses at those locations and at a sixth facility included in this review. These weaknesses affect the agency's ability to control physical access at its facilities and sensitive computing areas, control electronic access to sensitive taxpayer data and computer programs, prevent and detect unauthorized changes to taxpayer data or computer software, and restore essential IRS operations following an emergency or natural disaster. Until these weaknesses are corrected, IRS tax processing centers are at risk of disruption. Moreover, sensitive taxpayer data could be revealed to unauthorized persons, improperly used or modified, or destroyed, thereby exposing taxpayers to loss or damages arising from identity fraud and other financial crimes.

Click here for the full GAO Report, PDF Version, 22pgs. 153K