Home / News / Inspector General: IRS Cybersecurity Center Should Improve Incident Reporting, Employee Training Activities

Inspector General: IRS Cybersecurity Center Should Improve Incident Reporting, Employee Training Activities

The Treasury Department‘s inspector general for tax administration has urged the Internal Revenue Service‘s cybersecurity center to address gaps in its employee training and incident reporting and response efforts.

TIGTA said in a report published Aug. 28 it reviewed 100 cyber incidents in fiscal years 2015 and 2016 and found that IRS’ Computer Security Incident Response Center generally prevented, identified, reported and addressed incidents but showed inconsistencies.

IRS’ CSIRC was required to report 64 of the 100 incidents to the Treasury Department’s CSIRC but did not disclose 22 incidents until IRS was notified of the non-compliance in February.

The report also revealed that some CSIRC employees and contractors did not comply with training requirements of the Federal Information Security Modernization Act as well as mandated internal specialized security training for FY 2015 and 2016.

TIGTA added that CSIRC developed an incident response plan but did not update the plan to meet federal guidelines.

The inspector general called on IRS’ chief information officer to address incident reporting inconsistencies; capture incident response costs; ensure compliance of employees and contractors with specialized security training requirements; and remove access privileges of non-compliant contractors.

Check Also

Report: HHS to Field Blockchain Tool for Health Acquisition Platform by Thanksgiving

An official from the Department of Health and Human Services has announced that a blockchain technology-based platform designed to facilitate a streamlined acquisition process will be operational this Thanksgiving, Bloomberg Government reported Friday.

Leave a Reply

Your email address will not be published. Required fields are marked *