Tax Information Security Guidelines For Federal, State and ...
Publication 1075
Tax Information Security Guidelines For Federal, State and Local Agencies
Safeguards for Protecting Federal Tax Returns and Return Information
IRS Mission Statement
Provide America's taxpayers top-quality service by helping them understand and meet their tax responsibilities and enforce the law with integrity and fairness to all.
Office of Safeguards Mission Statement
The Mission of the Office of Safeguards is to promote taxpayer confidence in the integrity of the tax system by ensuring the confidentiality of IRS information provided to federal, state, and local agencies. Safeguards verifies compliance with IRC 6103(p)(4) safeguard requirements through the identification and mitigation of any risk of loss, breach, or misuse of Federal Tax Information held by external government agencies.
Changes for September 2016 Revision
This publication revises and supersedes Publication 1075 (October 2014) and is effective September 30, 2016. Feedback for Publication 1075 is highly encouraged. Please send any comments to SafeguardReports@. Following are the highlighted changes:
1) Editorial changes have been made throughout this document to update website references and links, as well as to renumber sections and to clarify guidance
2) Table of Contents updated. Please find "tables" listed under respective sections rather than at the end of the Table of Contents
3) Section 1.3 ? "Access Safeguards Resources Online" changed to "Access Safeguard Resources"
4) Section 1.3.1 ? Added "Website Resources"
5) Section 1.3.2 ? Added "Mailbox"
6) Section 1.4.1 ? "Federal Tax Information (FTI)" ? Added reference to include the Centers for Medicare and Medicaid and IRC 6103(p)(2)(B) Agreements
7) Section 2.7 ? Created Section 2.7.1 "On-Site Review Process" and 2.7.2 "Computer Security Review" to elaborate on the Safeguard Review Process
8) Section 2.9 ? Added "Voluntary Termination of Receipt of FTI"
9) Section 2.9.1 ? Added "Archiving FTI"
10) Section 2.9.2 ? Added "Termination Documentation"
11) Section 3.2 ? Updated "Electronic and Non-Electronic Logs" requirements and deleted duplicate log sample
12) Section 4.4 ? Deleted duplicate paragraph for FTI in transit
13) Section 4.6 ? "Offsite Storage Requirements" ? Updated to show agency-type specific requirements
14) Section 4.7.1 ? "Equipment" - Added exception for use of VDI and updated to include personally-owned devices
15) Section 5.1.1 ? Added "Background Investigation Minimum Requirements"
16) Section 5.4.2 ? Added guidance for use of Consolidated Data Centers
17) Section 5.4.2.1 ? Added all contractor and shared sites to be included in Safeguard reviews
Publication 1075 (September 2016)
i
18) Section 5.4.3 ? Added "Review Availability of Contractor Facilities"
19) Section 6.3 ? Updated "Disclosure Awareness Training"
20) Section 7.2.1 ? Renamed from "SSR Update Submission and Instructions" to "Initial SSR Submission Instructions-New Agency Responsibility"
21) Section 7.2.2 ? Renamed from "SSR Update Submission Dates" to "Instructions for Agencies Requesting New FTI Data Streams" and includes the mandatory requirement for providing evidence of security testing and ATO before the system is operational
22) Section 7.2.3 ? Renamed from "SSR Update Submission Instruction" to "Annual SSR Update Submission Instructions"
23) Section 7.2.2 ? Renumbered "SSR Update Submission Dates" to Section 7.2.4
24) Section 7.4 ? Added table for 45 Day Notification Reporting Requirements
25) Section 7.4.4 ? Removed requirement to notify Safeguards prior to implementing a data warehouse
26) Section 7.4.5 ? "Non-Agency Owned Systems" updated
27) Section 7.4.8 ? Removed requirement to notify Safeguards prior to locating FTI in a virtual environment
28) Section 8.3 ? "Destruction and Disposal" ? Updated section to include new requirements regarding shredding and updated regarding whenever physical media leaves the physical or systemic control of the agency
29) Section 9.2 ? Updated Table 8 for Automated Compliance and Vulnerability Assessment Testing to include profiles used with these tools can be downloaded from the Office of Safeguards' website
30) Section 9.3.1.7(b) ? "Unsuccessful Log On Attempts (AC-7) - Updated automatic lock period to 15 minutes
31) Section 9.3.1.10 ? "Session Termination (AC-12)" ? Updated to show information system must automatically terminate a user session after 30 minutes of inactivity
32) Section 9.3.1.15 ? "Use of External Information Systems (AC-20) ? Updated to reflect personally-owned device requirements.
33) Section 9.3.2.3 ? Added definition of personnel with security roles and responsibilities and added distinction from Section 6.3, Disclosure Awareness and 9.3.2.2, Security Awareness Training (AT-2)
34) Section 9.3.3.8(c) ? "Time Stamps (AU-8)" ? Updated regarding synchronization of
internal information system clocks
Publication 1075 (September 2016)
i
35) Section 9.3.3.10 ? "Audit Record Retention (AU-11)" ? Added clarification on retention
36) Section 9.3.7.3 ? "Device Identification and Authentication (IA-3)" ? Added clarification
37) Section 9.3.8.3 ? Updated Incident Response Testing to remove the word, "systems" as testing requirements apply to both paper and electronic FTI
38) Section 9.3.11.7 ? Updated to reflect 5 year retention period requirement
39) Section 9.3.12.3(c) ? Added to Rules of Behavior (PL-4), "review and update at a minimum annually"
40) Section 9.3.15.6 ? "Security Engineering Principles" (SA-8) - Added clarification of what security engineering principles include
41) Section 9.4.8 ? "Mobile Devices " - Updated to reflect current restrictions with BYOD
42) Section 9.4.9 ? Updated Multi-Functional Devices to include High-Volume Printers
43) Section 9.4.11(g) ? "Storage Area Networks" - changed audit review to weekly
44) Section 9.4.13 ? "Virtual Desktop Infrastructure" ? updated to include agency and non-agency owned requirements
45) Section 9.4.14 ? "Virtual Environment" Removed requirement to notify Safeguards prior to locating FTI in a virtual environment
46) Section 9.4.17 ? "Web Browser" ? Removed requirement a) Private browsing must be enabled on the Web browser and configured to delete temporary files and cookies upon exiting the session
47) Section 10.0 ? Updated Reporting Improper Inspections or Disclosures including Table 9: TIGTA Field Division Contact Information
48) Section 12.1 ? Updated guidelines for agencies authorized to produce statistical reports in "Return Information in Statistical Reports ? General"
49) Exhibit 7 ? "Safeguarding Contract Language" - added additional requirements in Section I Performance and Section III Inspection
50) Exhibit 10 ? Changed to reflect updated SSR Requirements
51) Exhibit 12 ? Glossary and Terms is no longer labeled, but is still found in the back of the publication
Publication 1075 (September 2016)
i
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- tax information security guidelines for federal state and
- national potato and onion report
- maintenance schedule honda
- claim for compensation u s department of labor
- form w 9 rev october 2018
- your benefits will automatically stop at age 18
- medicare benefit policy manual centers for medicare and
- government pension offset social security administration
- performance appraisal plan examples usda
- medicare s wheelchair scooter benefit
Related searches
- federal guidelines for salaried employees
- vanguard state tax information 2018
- combined state and federal tax calculator
- federal taxes and social security income
- state and federal tax calculator
- state and federal income tax calculator
- federal sentencing guidelines for drugs
- federal income guidelines for housing
- federal guidelines for workers compensation
- information security roles and responsibilities
- federal income tax social security worksheet
- information security education and awareness