ETAAC recommended that the IRS should require the implementation of designated security controls and require annual self-assessments for software providers. The latter, the committee elaborated, should be supplemented by independent third-party assessments every three years conducted by commercial third-party security experts. There should also be active monitoring and oversight of the ongoing conduct and effectiveness of the security programs implemented by the digital infrastructure of the Authorized IRS e-file Provider program.

In the area of increased return accuracy, ETAAC wants the agency to work with the industry to "improve the dependencies and interactions between IRS and software developers that most affect tax software accuracy." There should also be a program to identify tax software developer best practices and specific actions taken to lower the number of rejected returns.