Summary

Pursuant to a congressional request, GAO reviewed numerous security weaknesses at the Internal Revenue Service's (IRS) Cyberfile Data Center. GAO noted that: (1) there were several operational security weaknesses at the data center that placed IRS telecommunications equipment at risk; (2) the lock to the data center was improperly installed, allowing unauthorized access to the center; (3) the center's telecommunications equipment was not being adequately protected from unauthorized personnel; (4) the center's emergency contingency plan failed to identify those individuals responsible for executing emergency disaster recovery procedures; and (5) the risk analysis conducted for Cyberfile was incomplete and failed to address the physical, operational, and communications security threats to the center.