A person typing on a laptop with digital holograms displaying cybersecurity-related icons

Improving cybersecurity defenses at the IRS

Key takeaways

The Internal Revenue Service (IRS) tapped long-trusted partner Maximus to address technology, process, and culture challenges as it transitioned to Zero Trust Architecture (ZTA) to improve agency-wide cybersecurity. The Maximus team improved security processes; leveraged modern technologies to address security gaps; and worked with stakeholders to improve employees’ cybersecurity mindset. Results included reduced attack surface, greater network defenses and visibility, and improved FISMA compliance. 

Addressing technology, processes, and culture to improve cybersecurity.

Situation

The IRS is tasked with continuously safeguarding sensitive personal data and taxpayer information for millions of Americans each year, in addition to maintaining the availability and security of critical systems, applications, and infrastructure. This task was made more difficult by the agency’s legacy systems, which were not designed with modern cybersecurity principles in mind. 

 

Challenge 

The IRS needed a trusted partner on its journey to implement ZTA that could implement new technologies and capabilities; address change management processes to introduce cyber modernization plans while mitigating any disruption to core processes; and facilitate internal culture change to instill a higher level of cyber savviness across the agency. 

 

Solution 

Maximus provided: 

  • Comprehensive and tailored ZTA strategy
  • Information security continuous monitoring
  • Cybersecurity risk assessments
  • Development of incident response dashboards
  • Advanced identity and access management, network segmentation, and security analytics
  • Development of comprehensive incident response plans
  • Design of cybersecurity training and awareness programs

A comprehensive approach to Zero Trust architecture  

 

How We Did It 

As a trusted IRS partner for 30+ years, Maximus conducted a thorough vulnerability assessment and developed a comprehensive, tailored ZTA strategy, including:

  • Improving security processes and compliance: We applied the Continuous Diagnostics and Mitigation (CDM) Program established by the Department of Homeland Security (DHS) laid the groundwork for modern tools, integration services, and dashboards to reduce attack surface; increase network and security posture visibility; and improve Federal Information Security Modernization Act (FISMA) compliance.
  • Leveraging modern technology: Our experts deployed advanced solutions and technologies to address security gaps, enabling the agency to ensure only authorized access to sensitive systems and data; isolate potential attacks; and detect and respond to threats in real time
  • Instilling culture change and cyber savvines: We worked closely with IRS stakeholders to conduct extensive employee training and ZTA awareness programs, helping to mitigate resistance to new processes and tools; empower employees maintain a more secure IRS enterprise; and provide reporting tools that enable prompt alerts for any suspicious activities

 

Results

  • Reduced attack surface across the agency’s networks
  • Significantly improved security defenses and network visibility
  • Improved incident response capabilities
  • Improved FISMA compliance
  • Alignment with the 2021 Executive Order on Cybersecurity
  • Improved cybersecurity mindset and stakeholder involvement
[The IRS] is already well underway in the world of Zero Trust Architecture implementation for sure.
Jena Whitley, Director of Enterprise Services, U.S. Treasury Inspector General for Tax Administration

 

The IRS’s ZTA journey is a model for other agencies’ progress toward ZTA and has elevated the agency as a leader in cybersecurity best practices within the federal government. 

 

Interested in learning how Maximus can help you optimize cybersecurity across your organization?