A person typing on a laptop with digital holograms displaying cybersecurity-related icons

Improving cybersecurity defenses at the IRS

Key takeaways

The Internal Revenue Service (IRS) tapped long-trusted partner Maximus to address technology, process, and culture challenges as it transitioned to Zero Trust Architecture (ZTA) to improve agency-wide cybersecurity. The Maximus team improved security processes; leveraged modern technologies to address security gaps; and worked with stakeholders to improve employees’ cybersecurity mindset. Results included reduced attack surface, greater network defenses and visibility, and improved FISMA compliance.

Situation

The IRS is tasked with continuously safeguarding sensitive personal data and taxpayer information for millions of Americans each year, in addition to maintaining the availability and security of critical systems, applications, and infrastructure. This task was made more difficult by the agency’s legacy systems, which were not designed with modern cybersecurity principles in mind.

Challenge

The IRS needed a trusted partner on its journey to implement ZTA that could implement new technologies and capabilities; address change management processes to introduce cyber modernization plans while mitigating any disruption to core processes; and facilitate internal culture change to instill a higher level of cyber savviness across the agency.

Solution

Maximus provided:

Comprehensive and tailored ZTA strategy
Information security continuous monitoring
Cybersecurity risk assessments
Development of incident response dashboards
Advanced identity and access management, network segmentation, and security analytics
Development of comprehensive incident response plans
Design of cybersecurity training and awareness programs

A comprehensive approach to Zero Trust architecture

How We Did It

As a trusted IRS partner for 30+ years, Maximus conducted a thorough vulnerability assessment and developed a comprehensive, tailored ZTA strategy, including:

Improving security processes and compliance: We applied the Continuous Diagnostics and Mitigation (CDM) Program established by the Department of Homeland Security (DHS) laid the groundwork for modern tools, integration services, and dashboards to reduce attack surface; increase network and security posture visibility; and improve Federal Information Security Modernization Act (FISMA) compliance.
Leveraging modern technology: Our experts deployed advanced solutions and technologies to address security gaps, enabling the agency to ensure only authorized access to sensitive systems and data; isolate potential attacks; and detect and respond to threats in real time
Instilling culture change and cyber savvines: We worked closely with IRS stakeholders to conduct extensive employee training and ZTA awareness programs, helping to mitigate resistance to new processes and tools; empower employees maintain a more secure IRS enterprise; and provide reporting tools that enable prompt alerts for any suspicious activities

Results

Reduced attack surface across the agency’s networks
Significantly improved security defenses and network visibility
Improved incident response capabilities
Improved FISMA compliance
Alignment with the 2021 Executive Order on Cybersecurity
Improved cybersecurity mindset and stakeholder involvement

[The IRS] is already well underway in the world of Zero Trust Architecture implementation for sure.

Jena Whitley, Director of Enterprise Services, U.S. Treasury Inspector General for Tax Administration

The IRS’s ZTA journey is a model for other agencies’ progress toward ZTA and has elevated the agency as a leader in cybersecurity best practices within the federal government.