A mission critical process of the IRS Network Management Control Center (NMCC) is to ensure all devices and servers within the global NMCC network are updated with the latest vulnerability patches.
NMCC is mandated to respond to the IRS Computer Security Incident Response Center (CSIRC) within 48 hours on hardware impacted by those vulnerabilities flagged with critical priority and 72 hours on those flagged with high priority
Heavily relying on e-mail and spreadsheets, the original process required the NMCC Advisory Manager to surveil the CSIRC Advisory Bulletin and manually notify, assign, and track completion of vulnerability patching throughout the NMCC Engineering Team.
The completion of those tasks resulted in emails and spreadsheets, leaving no traceability, performance metrics, or other insights from the process
Taking much of the NMCC team away from core work actives, this critical process became a heavy burden across the department
Solutions and Results:
Working directly with the NMCC manager, through ongoing meetings and software development, we successfully automated this entire process by authoring a series of custom written integration scripts
These scripts ran concurrently on both a scheduled basis and in real-time, handling the assignment, tracking, and reporting of system to the CSIRC. Microsoft SharePoint was also leveraged in this new system to capture all necessary information critical to the process
A reduction of manual labor by 90% across the department
A 45% increase in quarterly advisory completion, leading to 98% average achieved annually
A weekly average of 35% increase in system patching
Recognition from the IRS CTO in the annual performance report
Interest from other IRS departments to implement a similar process