Modernization

IRS must improve oversight of third-party cybersecurity, watchdog says

GAO disagrees with officials that the agency needs further statutory authority to establish new security requirements for the IT systems of paid preparers and other filers.

By John Hewitt Jones

August 8, 2023

The IRS Service Building on Constitution Avenue in Washington DC. (Image credit: iStock / Getty Images).

The Internal Revenue Service should create a committee or new oversight structure to ensure taxpayer information is secure while it is held by third-party companies, according to the Government Accountability Office.

In a report published Monday, the watchdog said it believes the IRS could continue to implement this recommendation without the need for additional statutory authority.

The watchdog disagreed with a prior assessment by agency officials, reiterated in February, that establishing security requirements for the IT systems of paid preparers and others who file returns electronically would require additional statutory authority, and that it would be inefficient.

It said: “To fully implement this recommendation, IRS needs to develop a structure to coordinate across seven different offices working on information security-related activities, such as updating existing standards, monitoring authorized e-file provider program compliance, and tracking security incident reports. Without this structure, it is unclear how IRS can respond to changing security threats and ensure threats are mitigated.”

The audit is the latest in a line of watchdog recommendations for improving cybersecurity at the agency. In February, the GAO called on the IRS to improve its IT modernization processes, with a particular focus on measuring progress with moving systems to the cloud more closely.

This came after the Treasury Inspector General for Tax Administration in September called on the agency to improve the scope of its insider threat monitoring capabilities. In a report, that watchdog said the IRS CIO should work to ensure the agency’s insider threat team has access to all necessary information to carry out its work.

IRS must improve oversight of third-party cybersecurity, watchdog says

More Like This

IRS touts Direct File usage, while mulling the future of the program

GSA welcomes nominations for advisory committee focused on federal transparency efforts

Security flaws in IRS systems pose risk to financial statements, GAO says

Top Stories

ACLU seeks AI records from NSA, Defense Department in new lawsuit

DHS launches safety and security board focused on AI and critical infrastructure

DOJ seeks public input on AI use in criminal justice system

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

DHS picks OMB official to lead its new AI Corps

More Scoops

GSA taps Login.gov deputy director to take top role next month

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Cost estimates for IRS’s Direct File program were incomplete, GAO says

IRS needs to move quicker on its IT modernization planning, GAO says

Tech issues are part of the problem — and solution — for FOIA backlog, GAO finds

GSA working on corrective action plan following OIG report on ‘noncompliant’ video-conferencing camera purchase

DHS’s initial AI inventory included a cybersecurity use case that wasn’t AI, GAO says

Latest Podcasts

IRS must improve oversight of third-party cybersecurity, watchdog says

CISA is building an automated ransomware warning program

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

Tech

Defense

Cyber

Acquisition