to individual projects, to provide all projects with a common set of security components that can be used by developers.
The lack of a technical framework and review process for security creates a great risk of one or more disastrous compromises of IRS operations, data, and taxpayer privacy. As stated in Chapter 2 of this report, the IRS must increase the maturity of its development processes immediately, including the methods by which security requirements are promulgated, implemented, and enforced.
The security simulation and modeling tools to perform enterprise-wide analysis, detailed security trade-offs, identification and measurement of metrics, and throughput analysis are not available or integrated into the normal security design process. This is a major weakness of the TSM program. These tools are vital to the current and future security success of TSM projects and should be acquired and used immediately.
A fixed password access control system for user verification is inadequate and should be replaced immediately by a strong authentication solution, using commercially available products.
The IRS must act soon and decisively to prevent serious security problems that easily could undermine all of the other benefits to be provided by TSM.