Security Vulnerability Management and Configuration Compliance of a General Support System and Major Application Need Improvement

Date Issued

Thursday, September 26, 2024

Submitting OIG

Treasury Inspector General for Tax Administration

Other Participating OIGs

Treasury Inspector General for Tax Administration

Agencies Reviewed/Investigated

Internal Revenue Service

Report Number

2024-200-057

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
The Chief Information Officer should timely remediate or mitigate all vulnerabilities in accordance with IRS policies.
2	No	$0	$0
The Chief Information Officer should ensure that systems are in place to reconcile the temporary and unknown repositories to verify that assets are assigned to an established group.
3	No	$0	$0
The Chief Information Officer should ensure that systems are in place to reconcile duplicate accounting of assets in the repository.
5	No	$0	$0
The Chief Information Officer should evaluate the temporary and unknown repositories to establish ownership of assets.
6	No	$0	$0
The Chief Information Officer should resolve configuration compliance settings in accordance with Federal and IRS policies.