Actions Need to Be Taken to Improve the Data Loss Prevention Solution and Reduce the Risk of Data Exfiltration

Date Issued

Tuesday, September 17, 2024

Submitting OIG

Treasury Inspector General for Tax Administration

Other Participating OIGs

Treasury Inspector General for Tax Administration

Agencies Reviewed/Investigated

Internal Revenue Service

Report Number

2024-200-048

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
The Chief Information Officer, in conjunction with the Chief Operating Officer, should implement more prohibitive controls for allowing users to ***************** **************
2	No	$0	$0
The Chief Information Officer, in conjunction with the Chief Operating Officer, should revise the DLP rules to be more restrictive to help prevent intentional data exfiltration.
3	No	$0	$0
The Chief Information Officer, in conjunction with the Chief Operating Officer, should continue to ensure that the managers and executives responsible for reviewing and approving BEARS ********************** requests carefully review all requests and only approve requests with sufficient and appropriate responses to the required questions.