Treasury Inspector General Reviews Internal Revenue Service’s Case Management Platform

The Department of the Treasury’s internal watchdog found several faults in the Internal Revenue Service‘s cloud security practices relating to Enterprise Case Management, an Amazon Web Services-hosted platform intended to replace legacy systems for processing tax audit information. In a March 27 report, the inspector general noted that the IRS failed to meet certain action plan creation and documentation requirements, implement malicious code protections, address vulnerabilities on time and monitor activity on privileged user accounts.

The IG acknowledged agency efforts to improve ECM cybersecurity during the review such as a pilot run of a server application to combat malicious code. According to the watchdog, the IRS also properly configured its servers and took steps to track previously discovered risks.

The IRS was advised to ensure that its malicious code protection procedures conform to National Institute of Standards and Technology standards and that privileged user accounts are monitored, among other recommendations, Nextgov reported Monday.