Actions Have Been Taken to Improve Security Controls for the Planned Expanded Use of Login.gov; However, Additional Security Improvements Are Needed

Date Issued

Tuesday, July 23, 2024

Submitting OIG

Treasury Inspector General for Tax Administration

Other Participating OIGs

Treasury Inspector General for Tax Administration

Agencies Reviewed/Investigated

Internal Revenue Service

Report Number

2024-200-032

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 2 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
2	No	$0	$0
Ensure that a process is in place to validate that all audit trail data elements, including investigative elements provided by TIGTA Office of Investigations, are being captured and can be provided by Login.gov prior to using its identity proofing services for IRS IAL2 applications.
5	No	$0	$0
Appropriate IRS management works in conjunction with Login.gov management to assess the extent and impact that the critical vulnerability had on the users who authenticated via Login.gov to access IRS applications and may have had their Personally Identifiable Information sent to unauthorized locations outside of the United States.