GAO: Lack of controls impair IRS’s ability to ensure that its financial and taxpayer information is secure from internal threats. IRS Commissioner Douglas Shulman: Agency Complies with spirit of NIST Guidance. IRS will furnish GAO with a detailed corrective action plan to address auditors’ concerns. GAO also said unpatched and outdated software exposed IRS to known vulnerabilities, and the agency had not enforced backup procedures for a key system. IRS also did not promptly correct known vulnerabilities.”]
Source: https://www.cuinfosecurity.com/gao-lack-controls-puts-irs-data-at-risk-a-4595