HIGHLIGHTS: The Internal Revenue Service Is Not Fully Complying With the No TikTok on Government Devices Implementation Guidance Final Evaluation Report issued on December 18, 2023 Report Number 2024-IE-R003 On February 27, 2023, the OMB issued M-23-13, “No TikTok on Government Devices” Implementation Guidance, which outlines the time frame and steps to be taken to remove TikTok from Federal Government devices. The IRS took a number of steps to comply with the OMB requirement for the removal of TikTok from IRS devices. According to IRS management, they have always blocked access to TikTok on IRS computers. In October 2022, the IRS took steps to block Internet access to TikTok on 6,300 mobile devices and also noted that the TikTok application is not available for download on mobile devices. However, TIGTA determined 23 mobile devices used by the IRS’s Communications and Liaison group to monitor social media sites had access to the TikTok website and could download the TikTok application. We notified management of this concern on May 12, 2023, and in response, the IRS took corrective action to add these devices to the existing mobile device management software to ensure that the 23 devices could not access TikTok. In addition, the IRS did not update its Bring Your Own Device (BYOD) policies to comply with OMB guidance. Specifically, guidance was not updated to inform participants in the BYOD program that the TikTok prohibition also relates to their personally owned devices. Finally, the IRS does not comply with the OMB’s mandate as computers and mobile devices assigned to CI employees continue to have the functionality to access TikTok and other related websites. For example, TIGTA identified more than 2,800 mobile devices used by CI that could access TikTok’s website and approximately 900 CI employees that had the ability to get access to TikTok’s website via computers assigned to CI. As of August 2023, CI has yet to request the required exception from the Department of Treasury nor has it taken steps to block access to TikTok on computers and mobile devices assigned to its personnel. What TIGTA Recommended TIGTA made six recommendations in this report. Specifically, the IRS should remove and/or prohibit access to TikTok on the 23 unmanaged devices to ensure compliance with the OMB mandate in the Act. In addition, the IRS should work with the OMB to update the BYOD program’s policies and procedures to ensure that IRS participants comply with the Act. Furthermore, CI should ensure that access to TikTok is blocked on mobile devices and work with the OMB to determine whether an exception process is needed for the approximately 900 CI employees who can access TikTok on their computers. IRS management agreed with five recommendations. The IRS disagreed with our recommendation to block access to TikTok on more than 2,800 mobile devices used by CI.