The IRS has major systems to manage the nation’s tax collection and administer tax codes enacted by Congress. IRS cybersecurity is in place to continuously protect the computer systems from cyber incidents, intrusions and attacks. Cybersecurity policies, maintenance, tools, controls, software programs and protocols are needed to apply and sustain the protection of taxpayer information.
Funding cuts and continuing resolutions affected program services. Security configurations were being assessed with weaknesses and potential system vulnerabilities were being continually exposed.
ISI Solution Approach and Collaboration:
ISI supported IRS Cybersecurity IT enterprise policy creation and maintenance, providing tools for systems administrators to continually validate compliance (SCAP). Working with IRS Cybersecurity stakeholders, business units, and technical teams, specified policy and support requirements were decomposed for initial security planning and traceability. Detailed research across functional and technical requirements (hardening) for systems, data and applications generated clear policy and compliance direction. Compliance Tool Applications were designed, developed and deployed to implement Information Assurance (IA) controls and secure solutions. Custom computer programming services were provided to enable and defend the IRS database and system security posture throughout the development lifecycle, providing a hardened security protocol that safeguarded systems within the enterprise. A Compliance Application Policy Checker was applied across the enterprise mainframe, UNIX and Windows configurations to ensure compliance and document the SA&A.
Successful completion of the Treasury Inspector General for Tax Administration (TIGTA) audit and the subsequent successful delivery of all the Affordable Care Act (ACA) projects. ISI established a new office, set up a new lab and secured the facility for clearance level operations, developed a Test and Development Environment for internal testing of security controls/IRS Policies (multi-tiered approach), and built secure communications with the IRS Enterprise.