Why did we do this review?
We initiated this evaluation in response to media coverage involving federal employees who took their government-furnished mobile devices abroad without authorization. Employees taking their devices abroad is an inherent security challenge but enhanced controls can minimize this risk and protect sensitive data.
The overall objective of this evaluation was to assess the IRS’s efforts to prevent the unauthorized use of mobile devices in foreign countries.
What did we find?
We reviewed the IRS’s Fiscal Year (FY) 2024 mobile device usage reports for smartphones and tablets. We identified 173 instances of IRS employees’ mobile devices connecting to a foreign cellular network without a corresponding travel authorization to use their work equipment overseas. The connections were associated with 121 employees in 37 countries, spanning 5 continents.
Location of Unauthorized Foreign Connections in FY 2024
 The mobile phone vendor provides the IRS with monthly reports for devices with foreign connections, but the IRS does not monitor these reports for international use. Instead, the IRS only monitors the monthly reports to confirm charges were authorized.
IRS officials request authorization to bring government-furnished mobile devices on international travel using Form 1321, Authorization for Official Travel. The form must be uploaded on all employees’ travel vouchers. This form is useful for determining when an employee is traveling overseas. However, the form does not track specific mobile devices being taken overseas to determine whether the devices should be sanitized and reimaged after returning to the United States.
Having trouble viewing this email? View it as a Web page.
|
