Critical information security weaknesses at the Internal Revenue Service demonstrate the importance of moving past the development of an information security program to actually implement the measures outlined in the plan.
The General Accounting Office found almost 900 weaknesses across the 11 IRS organizations included in its review, particularly in the areas of access and authorization. All of the weaknesses can be traced to IRS' incomplete implementation of its agencywide security program, according to the report dated May 30.
The IRS has made progress toward addressing security, including developing a milestone-based plan to fix vulnerabilities -- a step required by the Office of Management and Budget under the Government Information Security Reform Act of 2000 and continued under the Federal Information Security Management Act of 2002.
The link for this article located at FCW is no longer available.
