The Government Accountability Office has said the Internal Revenue Service‘s computer systems are still susceptible to threats despite the IRS’ progress in information security controls.
GAO said in a report posted Monday the tax collection agency needs to address system issues such as unpatched and outdated software and deficiencies in password settings, access restriction, sensitive user data encryption and system monitoring.
The IRS said it addressed 28 previous recommendations, but GAO said nine of those were not properly implemented.
GAO recommended for IRS to take two additional measures: resolve newly discovered vulnerabilities and implement its information security program, which entails policy updates and testing methods.
Auditors at GAO previously examined IRS financial statements for fiscal years 2014 and 2015 and found problems within the financial reporting infrastructure’s information security, audit trails and password management, ExecutiveGov reported November 2015.