The Treasury Inspector General for Tax Administration performed an annual independent report on the Internal Revenue Service’s compliance with FISMA requirements pursuant to OMB’s FISMA 2010 Reporting Guidelines.
The report “determined that the IRS’s information security program was generally compliant with the FISMA legislation, OMB information security requirements, and related information security standards published by the National Institute of Standards and Technology.”
The IG found that although “the information security program was generally compliant with the FISMA legislation, the program was not fully effective as a result of the conditions identified in the following areas.
• Configuration management.
• Security training.
• Plans of action and milestones.
• Identity and access management.
• Continuous monitoring management.
• Contingency planning.
• Contractor systems/financial audit.
The complete IG report is attached below.