The Internal Revenue Service failed to address more than half of the security weaknesses identified in previous audits, according to a report released by the Government Accountability Office on Friday. Inadequate monitoring of network activity and a lack of computer access controls continues to put financial and taxpayer information at risk.
The IRS made some progress on improving information security at its three data centers and another agency facility, GAO reported. The agency addressed 49 of 115 security weaknesses identified in 2008 or in prior year audits, including deployment of encryption technologies to protect information traveling on its network, as well as better auditing of network activities. The IRS also improved patching of some critical vulnerabilities and added access controls to its mainframe computer environment. [NextGov]