A recent watchdog report highlights the need for the IRS to strengthen its security controls for the expanded use of the single sign-on service, Login.gov.
In its report, the Treasury Inspector General for Tax Administration (TIGTA) commended the IRS’s cybersecurity team within the Information Technology unit for promptly completing an initial analysis of Login.gov’s security.
However, the report identified significant gaps in the IRS's requirements for how credential service providers (CSPs) should capture and provide “sufficient audit log content.”
The IRS has been using Login.gov, the single sign-on service housed within the General Services Administration, since 2022.
TIGTA recommended that the IRS’s chief information officer be tasked with developing and occasionally updating “consolidated guidance” on all audit trail data elements that credential service providers “must capture and provide for IRS IAL2 applications.” See more TIGTA recommendations.