Swordsmyth
05-22-2018, 04:32 PM
The Internal Revenue Service hasn’t accurately cataloged all the components of its highest value hardware and software systems and doesn’t have a clear count of who has privileged access to those systems, according to an audit released Monday.
The IRS also likely isn’t patching software vulnerabilities on its highest value assets within the 30-day timeframe required for federal agencies, according to the audit (https://www.treasury.gov/tigta/auditreports/2018reports/201820029fr.pdf) from the Treasury Inspector General for Tax Administration.
Because the agency doesn’t maintain historical data about patching, however, it’s difficult to say for certain how long vulnerabilities are going unpatched, the audit states.
The term “high-value assets,” as used by federal cybersecurity professionals, essentially refers to software and hardware systems that contain the most sensitive information, including personally identifiable information about taxpayers or employees.
More at: https://www.nextgov.com/cybersecurity/2018/05/irs-doesnt-know-whos-accessing-its-most-sensitive-data/148377/
The IRS also likely isn’t patching software vulnerabilities on its highest value assets within the 30-day timeframe required for federal agencies, according to the audit (https://www.treasury.gov/tigta/auditreports/2018reports/201820029fr.pdf) from the Treasury Inspector General for Tax Administration.
Because the agency doesn’t maintain historical data about patching, however, it’s difficult to say for certain how long vulnerabilities are going unpatched, the audit states.
The term “high-value assets,” as used by federal cybersecurity professionals, essentially refers to software and hardware systems that contain the most sensitive information, including personally identifiable information about taxpayers or employees.
More at: https://www.nextgov.com/cybersecurity/2018/05/irs-doesnt-know-whos-accessing-its-most-sensitive-data/148377/