The Treasury Department‘s inspector general for tax administration has urged the Internal Revenue Service‘s cybersecurity center to address gaps in its employee training and incident reporting and response efforts.
TIGTA said in a report published Aug. 28 it reviewed 100 cyber incidents in fiscal years 2015 and 2016 and found that IRS’ Computer Security Incident Response Center generally prevented, identified, reported and addressed incidents but showed inconsistencies.
IRS’ CSIRC was required to report 64 of the 100 incidents to the Treasury Department’s CSIRC but did not disclose 22 incidents until IRS was notified of the non-compliance in February.
The report also revealed that some CSIRC employees and contractors did not comply with training requirements of the Federal Information Security Modernization Act as well as mandated internal specialized security training for FY 2015 and 2016.
TIGTA added that CSIRC developed an incident response plan but did not update the plan to meet federal guidelines.
The inspector general called on IRS’ chief information officer to address incident reporting inconsistencies; capture incident response costs; ensure compliance of employees and contractors with specialized security training requirements; and remove access privileges of non-compliant contractors.