The IRS Doesn’t Know Who’s Accessing Its Most Sensitive Data | WHAT REALLY HAPPENED

The IRS Doesn’t Know Who’s Accessing Its Most Sensitive Data

The Internal Revenue Service hasn’t accurately cataloged all the components of its highest value hardware and software systems and doesn’t have a clear count of who has privileged access to those systems, according to an audit released Monday.

The IRS also likely isn’t patching software vulnerabilities on its highest value assets within the 30-day timeframe required for federal agencies, according to the audit from the Treasury Inspector General for Tax Administration.

Because the agency doesn’t maintain historical data about patching, however, it’s difficult to say for certain how long vulnerabilities are going unpatched, the audit states.

The term “high-value assets,” as used by federal cybersecurity professionals, essentially refers to software and hardware systems that contain the most sensitive information, including personally identifiable information about taxpayers or employees.

Comments

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA