Privacy Digest

IRS rolls out tax processing systems despite known security risks - Via NextGov :

The Internal Revenue Service deployed two major computer applications despite known security vulnerabilities that put taxpayer information and other sensitive data at risk, according to a report from the IRS inspector general released on Thursday.

The IG concluded in a September annual audit that security weaknesses in the agency's updated tax processing systems could enable malicious intruders to gain unauthorized access to taxpayer information and prevent the IRS from recovering applications during an emergency. The Customer Account Data Engine is a tax processing tool being deployed in phases to replace the existing repositories of taxpayer information, while the Account Management Services systems aim to provide employees with faster and better access to taxpayer account data.

Despite progress in rolling out the technology, "the IRS' processes for ensuring that security controls are implemented before systems are deployed failed because key organizations did not consider the known security vulnerabilities to be significant," the report stated. Furthermore, the Customer Service Executive Steering Committee, which determines whether program milestones have been met, failed to ensure that security controls were implemented, and signed off on CADE milestones despite the existence of known weaknesses. The agency's cybersecurity organization recommended accreditation of the systems, despite also knowing about the existing weaknesses.

The IRS identified the security vulnerabilities in the programs during various rounds of testing in 2007.

"Until security control vulnerabilities are corrected, the IRS is jeopardizing the confidentiality, integrity, and availability of the massive volume of taxpayer data processed and stored by the CADE and the AMS," the audit warned.

(Read Original Article - Via NextGov .)