Tax Information Security Guidelines For Federal, State and ...
Pdf File 3,181.16KByte
Tax Information Security Guidelines For Federal, State and Local Agencies
Safeguards for Protecting Federal Tax Returns and Return Information
IRS Mission Statement
Provide America's taxpayers top-quality service by helping them understand and meet their tax responsibilities and enforce the law with integrity and fairness to all.
Office of Safeguards Mission Statement
The Mission of the Office of Safeguards is to promote taxpayer confidence in the integrity of the tax system by ensuring the confidentiality of IRS information provided to federal, state, and local agencies. Safeguards verifies compliance with IRC 6103(p)(4) safeguard requirements through the identification and mitigation of any risk of loss, breach, or misuse of Federal Tax Information held by external government agencies.
Changes for September 2016 Revision
This publication revises and supersedes Publication 1075 (October 2014) and is effective September 30, 2016. Feedback for Publication 1075 is highly encouraged. Please send any comments to SafeguardReports@. Following are the highlighted changes:
1) Editorial changes have been made throughout this document to update website references and links, as well as to renumber sections and to clarify guidance
2) Table of Contents updated. Please find "tables" listed under respective sections rather than at the end of the Table of Contents
3) Section 1.3 ? "Access Safeguards Resources Online" changed to "Access Safeguard Resources"
4) Section 1.3.1 ? Added "Website Resources"
5) Section 1.3.2 ? Added "Mailbox"
6) Section 1.4.1 ? "Federal Tax Information (FTI)" ? Added reference to include the Centers for Medicare and Medicaid and IRC 6103(p)(2)(B) Agreements
7) Section 2.7 ? Created Section 2.7.1 "On-Site Review Process" and 2.7.2 "Computer Security Review" to elaborate on the Safeguard Review Process
8) Section 2.9 ? Added "Voluntary Termination of Receipt of FTI"
9) Section 2.9.1 ? Added "Archiving FTI"
10) Section 2.9.2 ? Added "Termination Documentation"
11) Section 3.2 ? Updated "Electronic and Non-Electronic Logs" requirements and deleted duplicate log sample
12) Section 4.4 ? Deleted duplicate paragraph for FTI in transit
13) Section 4.6 ? "Offsite Storage Requirements" ? Updated to show agency-type specific requirements
14) Section 4.7.1 ? "Equipment" - Added exception for use of VDI and updated to include personally-owned devices
15) Section 5.1.1 ? Added "Background Investigation Minimum Requirements"
16) Section 5.4.2 ? Added guidance for use of Consolidated Data Centers
17) Section 22.214.171.124 ? Added all contractor and shared sites to be included in Safeguard reviews
Publication 1075 (September 2016)
18) Section 5.4.3 ? Added "Review Availability of Contractor Facilities"
19) Section 6.3 ? Updated "Disclosure Awareness Training"
20) Section 7.2.1 ? Renamed from "SSR Update Submission and Instructions" to "Initial SSR Submission Instructions-New Agency Responsibility"
21) Section 7.2.2 ? Renamed from "SSR Update Submission Dates" to "Instructions for Agencies Requesting New FTI Data Streams" and includes the mandatory requirement for providing evidence of security testing and ATO before the system is operational
22) Section 7.2.3 ? Renamed from "SSR Update Submission Instruction" to "Annual SSR Update Submission Instructions"
23) Section 7.2.2 ? Renumbered "SSR Update Submission Dates" to Section 7.2.4
24) Section 7.4 ? Added table for 45 Day Notification Reporting Requirements
25) Section 7.4.4 ? Removed requirement to notify Safeguards prior to implementing a data warehouse
26) Section 7.4.5 ? "Non-Agency Owned Systems" updated
27) Section 7.4.8 ? Removed requirement to notify Safeguards prior to locating FTI in a virtual environment
28) Section 8.3 ? "Destruction and Disposal" ? Updated section to include new requirements regarding shredding and updated regarding whenever physical media leaves the physical or systemic control of the agency
29) Section 9.2 ? Updated Table 8 for Automated Compliance and Vulnerability Assessment Testing to include profiles used with these tools can be downloaded from the Office of Safeguards' website
30) Section 126.96.36.199(b) ? "Unsuccessful Log On Attempts (AC-7) - Updated automatic lock period to 15 minutes
31) Section 188.8.131.52 ? "Session Termination (AC-12)" ? Updated to show information system must automatically terminate a user session after 30 minutes of inactivity
32) Section 184.108.40.206 ? "Use of External Information Systems (AC-20) ? Updated to reflect personally-owned device requirements.
33) Section 220.127.116.11 ? Added definition of personnel with security roles and responsibilities and added distinction from Section 6.3, Disclosure Awareness and 18.104.22.168, Security Awareness Training (AT-2)
34) Section 22.214.171.124(c) ? "Time Stamps (AU-8)" ? Updated regarding synchronization of
internal information system clocks
Publication 1075 (September 2016)
35) Section 126.96.36.199 ? "Audit Record Retention (AU-11)" ? Added clarification on retention
36) Section 188.8.131.52 ? "Device Identification and Authentication (IA-3)" ? Added clarification
37) Section 184.108.40.206 ? Updated Incident Response Testing to remove the word, "systems" as testing requirements apply to both paper and electronic FTI
38) Section 220.127.116.11 ? Updated to reflect 5 year retention period requirement
39) Section 18.104.22.168(c) ? Added to Rules of Behavior (PL-4), "review and update at a minimum annually"
40) Section 22.214.171.124 ? "Security Engineering Principles" (SA-8) - Added clarification of what security engineering principles include
41) Section 9.4.8 ? "Mobile Devices " - Updated to reflect current restrictions with BYOD
42) Section 9.4.9 ? Updated Multi-Functional Devices to include High-Volume Printers
43) Section 9.4.11(g) ? "Storage Area Networks" - changed audit review to weekly
44) Section 9.4.13 ? "Virtual Desktop Infrastructure" ? updated to include agency and non-agency owned requirements
45) Section 9.4.14 ? "Virtual Environment" Removed requirement to notify Safeguards prior to locating FTI in a virtual environment
46) Section 9.4.17 ? "Web Browser" ? Removed requirement a) Private browsing must be enabled on the Web browser and configured to delete temporary files and cookies upon exiting the session
47) Section 10.0 ? Updated Reporting Improper Inspections or Disclosures including Table 9: TIGTA Field Division Contact Information
48) Section 12.1 ? Updated guidelines for agencies authorized to produce statistical reports in "Return Information in Statistical Reports ? General"
49) Exhibit 7 ? "Safeguarding Contract Language" - added additional requirements in Section I Performance and Section III Inspection
50) Exhibit 10 ? Changed to reflect updated SSR Requirements
51) Exhibit 12 ? Glossary and Terms is no longer labeled, but is still found in the back of the publication
Publication 1075 (September 2016)
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
- standard form 86 questionnaire for national security
- in home supportive services ihss program recipient
- declaration for federal employment omb no 3206 0182
- aid codes master chart aid codes medi cal
- united states passport fees
- enhanced driver s license and id card identification
- leave request form authorization united states navy
- dmv fees virginia department of motor vehicles
- state contact info requirements procedures alabama
- tax information security guidelines for federal state and
- form for fingerprinting in pa
- registration for fingerprinting in pa
- form an llc in texas
- vacation trips in pa during covid
- call in form for absence
- register for fingerprinting online pa
- how to form an llc in florida
- homes for sale in honesdale pa area
- clock in form for work
- cogent fingerprinting in pa
- llc in pa lookup
- how to form an llc in california