TIGTA: The IRS Lacks Secure Web Servers
Mary Mosquera writes on FCW.com:
Unauthorized and insecure Web servers connect to the Internal Revenue Service’s network, which puts the agency’s computers and entire network at risk of unauthorized access to taxpayer and personally identifiable information, the Treasury Inspector General for Tax Administration said in a recent report.More here.
The IRS has 1,811 unapproved internal Web servers on the network and 2,093 internal Web servers that have some security weaknesses, the TIGTA report, released Sept. 3, states.
The IRS requires that business units register all internal Web sites and Web servers with the Modernization and Information Technology Services organization, but some fail to register their servers, the report states. The IRS might block unregistered servers from sharing information with the network.
Because no office had responsibility for the Web registration program, the IRS has not enforced the requirement, allowing Web servers to connect to the network without proper authorization and accountability, the report states.