[ISN] IRS slow on security settings, IG says

From: InfoSec News <alerts_at_private>
Date: Tue, 7 Apr 2009 03:25:33 -0500 (CDT)
http://fcw.com/articles/2009/04/06/web-irs-security-settings.aspx

By Mary Mosquera
FCW.com
April 06, 2009

The Internal Revenue Service has been slow to implement the required 
security settings on its 98,000 desktop and laptop computers, the 
Treasury Inspector General for Tax Administration said. The IRS 
implemented 102 of the 254 required security settings on its computers 
in October 2008, nine months after the deadline set by the Office of 
Management and Budget, TIGTA said in a report released today.

OMB required agencies that use Microsoft’s Windows XP or VISTA operating 
systems to adopt the Federal Desktop Core Configuration (FDCC), a 
standard set of configuration settings, by Feb. 1, 2008, to improve 
security and reduce operating costs. As of December 2008, the IRS had 
implemented 81 percent of the settings, the auditor said.

The service has faced difficulties in establishing the security settings 
because the tax agency’s 98,000 computers are in 670 locations, and the 
IRS operates 1,900 software applications, 300 of which were internally 
developed for specific IRS business processes, the report states. As 
part of the implementation effort, the IRS must test each application to 
ensure it operates properly with the FDCC settings, TIGTA said.

The creation of a project team to manage the security effort in January 
2008, one week before the deadline, slowed implementation of the 
settings, TIGTA said. The untimely creation of the project team occurred 
because some IRS officials mistakenly assumed the IRS’ current common 
operating environment met the FDCC requirements, according to the 
report.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Tue Apr 07 2009 - 01:25:33 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 07 2009 - 01:39:43 PDT