The IRS is making progress in moving its use of Login.gov toward compliance with federal standards, according to a new TIGTA report, but the tax agency has more security improvements to implement around its expanded use of the single sign-on service. Where the IRS is falling short, the watchdog said, is in its requirements for how credential service providers (CSPs) capture and provide “sufficient audit log content.” TIGTA recommended that the IRS’s chief information officer be tasked with developing and occasionally updating “consolidated guidance” on all audit trail data elements that credential service providers “must capture and provide for IRS IAL2 applications,” referring to applications in which evidence supports claimed identity and applicants that are verified remotely or physically. The IRS’s CIO should also ensure that audit trail data elements are provided to Login.gov before its identity proofing services are used in IRS IAL2 applications.
Leave a Reply