It seems material weakness in information security controls has become an issue, but perhaps not a new one in the history of the Internal Revenue Service.
The report says “deficiencies remain concerning material weaknesses in internal control over unpaid tax assessments and information security,” while also acknowledges that measures have been made in attempt to rectify the shortfall.
“During fiscal year 2011, IRS continued to make strides in addressing its deficiencies in internal control,” the report says. “For example, to address its information security deficiencies, IRS formed cross-functional working groups to identify and remediate specific at-risk information security control areas and made improvements in several system-level information security controls.”
The agency has reportedly improved controls and addressed some issues by encrypting data transfer for the Integrated Financial System, for example.
The GAO report still indicates inconstant database maintenance, access control weakness, and unencrypted protocols for sensitive information as specific weaknesses.