Information Security: Further Efforts Needed to Address Significant Weaknesses at the Internal Revenue Service

United States Government Publishing Office publisher pbl distributor dst United States Government Accountability Office author aut Government Organization text government publication eng GAOREPORTS Legislative Agency Publications gao legislative 2010-08-12 U.S. Government Printing Office 2007-03-30 monographic deposited born digital 33 p. GA 1.13:GAO-07-364 https://www.govinfo.gov/app/details/GAOREPORTS-GAO-07-364 P0b002ee180392a2e f:d07364 DGPO 2010-08-12 2011-03-24 GAOREPORTS-GAO-07-364 machine generated eng fdlp REPORT GAOREPORTS-GAO-07-364 GAO-07-364 Computer security Confidential information Data integrity Information security Internal controls Physical security Program evaluation Risk assessment Risk management Servers Tax administration systems Tax information confidentiality Program implementation Other Written Product A67589

Information Security: Further Efforts Needed to Address Significant Weaknesses at the Internal Revenue Service In fiscal year 2006, the Internal Revenue Service (IRS) collected about $2.5 trillion in tax payments and paid about $277 billion in refunds. Because IRS relies extensively on computerized systems, effective information security controls are essential to ensuring that financial and taxpayer information is adequately protected from inadvertent or deliberate misuse, fraudulent use, improper disclosure, or destruction. As part of its audit of IRS's fiscal years 2006 and 2005 financial statements, GAO assessed (1) IRS's actions to correct previously reported information security weaknesses and (2) whether controls were effective in ensuring the confidentiality, integrity, and availability of financial and sensitive taxpayer information. To do this, GAO examined IRS information security policies and procedures, guidance, security plans, reports, and other documents; tested controls over five critical applications at three IRS sites; and interviewed key security representatives and management officials. https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-07-364/html/GAOREPORTS-GAO-07-364.htm https://www.govinfo.gov/content/pkg/GAOREPORTS-GAO-07-364/pdf/GAOREPORTS-GAO-07-364.pdf GAO-07-364 https://www.govinfo.gov/app/details/GAOREPORTS-GAO-07-364 Other Written Product GAO-07-364; Information Security: Further Efforts Needed to Address Significant Weaknesses at the Internal Revenue Service; Computer security Confidential information Data integrity Information security Internal controls Physical security Program evaluation Risk assessment Risk management Servers Tax administration systems Tax information confidentiality Program implementation United States Code Title 31 Section 720 31 U.S.C. 720 United States Statutes at Large Volume 116 Page 2946 116 Stat. 2946 United States Public Law 347 (107th Congress) Public Law 107-347