IRS Commissioner Douglas Shulman responds that the IRS has reduced material weaknesses in its security controls over the past year, with the agency taking additional steps to reduce risk further in the coming year.
By exploiting high-risk vulnerabilities, hackers could attack public-facing computers to enter the websites and gain access to sensitive data, such as password, take control of a server and attack other computers on DOT's networks, DOT's IG says.
Sen. Charles Grassley of Iowa, the ranking Republican on the Senate Finance Committee, requested the audit after the loss of the Wright Brothers' original patent and maps for atomic bomb missions in Japan.
John Gilligan doesn't believe inspector general audits are worthless. If anything, some agencies IGs do a better job than others in identifying problems with IT security, says the former Air Force chief information officer and Ã¼ber-champion of the Consensus Audit Guidelines.
The Consensus Audit Guidelines -- the 20 critical IT security controls unveiled in early 2009 -- may not have been universally adopted by federal agencies, but they're having an impact on government policies toward securing information technology.
"Having milestones will help move you further down the path toward completion, but clearly some of these are complex areas," says David Powner, director of information management issues for the Government Accountability Office.
Key federal agencies say they're moving slowly to implement most of the recommendations President Obama outlined in his May 2009 cyber policy review because the White House has yet to assign them roles and responsibilities.