IRS made limited progress toward correcting previously reported information security weaknesses. It has corrected or mitigated 29 of the 98 information security weaknesses that GAO reported as unresolved at the time of its last review. For example, IRS implemented controls for user IDs for certain critical servers, improved physical protection for its procurement system, developed a security plan for a key financial system, and upgraded servers that had been using obsolete operating systems. In addition, IRS established enterprisewide objectives for improving information security, including initiatives for protecting and encrypting data, securing information technology assets, and building security into new applications. However, about 70 percent of the previously identified information security weaknesses remain unresolved. For example, IRS continues to, among other things, use passwords that are not complex, grant excessive access to individuals who do not need it, and install patches in an untimely manner.
---------------------------------
IRS Needs to Address Pervasive Weaknesses (Jan 2008)
http://www.gao.gov/new.items/d08211.pdf
No comments:
Post a Comment