10.2.14  Methods of Providing Protection

10.2.14.1  (09-23-2009)
Scope

  1. The Service has adopted the goal of guarding against undetected (surreptitious) entry. It is recognized that compliance with this policy will not be immediately achievable in all offices for tax data requiring normal security levels.

  2. Some items require protection levels which exceed the undetected entry philosophy. Specific minimum security standards, which require some degree of protection against forced entry, are required for such items such as, Special Security (SP)-1.

  3. Based on local conditions, additional security measures to protect against forced entry will be required at some facilities. After analysis of potential threats and after assessing effectiveness of existing security measures in mitigating risks, local management may determine the need for greater security measures, which exceed the standard.

  4. There are a number of ways that security may be provided for an individual, property, or assets. How the required security is provided depends on the facility, the function of the activity, how the activity is organized, positions held by those at the facility, and what equipment is available. Proper planning and organization will greatly enhance the security at minimum costs. Additional information on methods of providing protection can be found in IRM 10.2.15, Minimum Protection Standards (MPS).

10.2.14.2  (10-01-2008)
Clean Desk Policy

  1. The Service has adopted general clean desk and containerization objectives for the protection of taxpayer, privacy act, and other protected data. There are certain areas, such as mass processing operations, where the full implementation of clean desk and/or containerization procedures is not appropriate.

  2. Pipeline activities are conducted at submission processing centers and computing centers. Because of the volume of the tax information processed and the disruption to the processing operation it is not possible to containerize tax information. Therefore, the Service recognizes the need to exempt the processing operations at the campuses and computing centers from the clean desk policy. In lieu of containerization, the Service has established a layered security plan that affords the campuses and the computing centers a higher level of protection to accommodate the processing operation.

  3. Protected data must be locked in containers in areas where non-Service personnel have access during non-duty hours and/or when not under the direct control of an authorized IRS employee, (see section 10.2.14.3). Based on violations identified during after-hours reviews, this procedure has now been expanded to include a general "clean desk" approach.

  4. The Clean Desk requirements applies to data left out in work areas, credenzas, desk tops, fax, copy machines, and in/out baskets.

  5. All tax and privacy data in non-secured areas must be containerized during non-duty hours.

  6. The head of office may request an exemption from the clean desk policy but the request must be justified (e.g. containerizing will be so disruptive as to cause critical delays in processing) and not just a matter of convenience. Requests for exemption must be in writing, explain the process (documenting it from start to finish), provide a reason for the exemption and be approved at the management level of the business unit making the request. The request must be sent to the local physical security office and office of disclosure for concurrence. Exemptions citing "voluminous files" may not be granted until a review is conducted by physical security and records management personnel. Items identified as requiring Special Security (SP) may not be exempted from the clean desk policy.

10.2.14.3  (10-01-2008)
Containers

  1. The term container includes all file cabinets, both vertical and lateral safes, supply cabinets, open and closed shelving, desk and credenza drawers, Kansas City carts or any other piece of office equipment designed for the storage of files, documents, papers or equipment.

  2. Some of these containers are designed for storage only and do not provide protection (for example, open shelving or Kansas City carts).

  3. For purposes of providing protection containers can be grouped into three general categories:

    1. Locked containers;

    2. Security containers; and,

    3. Safes or vaults.

10.2.14.3.1  (10-01-2008)
Locked Container

  1. Locked containers – any lockable metal container with riveted or welded seams which is locked.

  2. Keys to all locks and combinations must be controlled.

10.2.14.3.2  (09-23-2009)
Security Container

  1. Security container - lockable metal container that has a tested resistance to penetration and is approved for storage of high security items (metal lateral key lock files; security modifications; metal lateral file equipped with lock bars on both sides; metal pull drawer cabinets with center or off-center lock bars secured by combination padlock or key operated padlock; or, key lock "mini safes" [approved by Physical Security and Emergency Preparedness (PSEP) Risk Management (RM) Office] properly mounted.

  2. Keys to all locks and combinations must be controlled.

10.2.14.4  (10-01-2008)
Safes/Vaults

  1. Safe type containers which have been accepted for general use by the Service can be identified by interior labels which reflect one of the following, which are GSA approved:

    • Class I Safe, insulated - 1 hour, 10 minutes forced, 30 minutes surreptitious

    • Class II Safe, insulated - 1 hour, 5 minutes forced, 20 minutes surreptitious

    • Class IV Safe, not insulated, 5 minutes forced, 20 minutes surreptitious

    • Class V Safe, not insulated, 10 minutes forced, 30 minutes surreptitious

  2. Containers will be marked on the outside of the front face of the containers "General Services Administration Approved Security Container"

  3. Safes with TL-30 must be equipped with a Group 1 or 1 R combination lock); TRTL-30, TRTL-60 or TXTL-60, Underwriters Laboratories Listings. Safes designations:

    • TL -30 -- resistant to attack by mechanical or electrical tools for 30 minutes

    • TRTL-30 -- resistant to attack by torch and mechanical or electrical tools for 30 minutes

    • TRTL-60 -- resistant to attack by torch and mechanical or electrical tools for 60 minutes

    • TXTL-60 -- resistant to all the above and high explosives

  4. Approved vaults are those which have been constructed to specifications approved jointly by IRS and GSA and which utilize Underwriters Laboratories approved vault doors.

10.2.14.5  (09-23-2009)
Restricted Area

  1. A Restricted Area is an area to which access is limited to authorized personnel only. Restricted area space can be identified by PSEP Territory Managers, based on critical assets. All restricted areas must meet secured area requirements. Designating a facility or space within a facility a restricted areas is an effective method of controlling the movement of individuals and eliminating unnecessary traffic through critical areas, thereby reducing the opportunity for unauthorized entry, unauthorized disclosure, and theft of tax information or other equipment or resources.

  2. Restricted Areas shall have signs prominently posted as a " Restricted Area" and separated from other areas by physical barriers which will control access. The number of entrances will be kept to a minimum and each entrance controlled. Adequate control will be provided by locating the desk of a responsible employee at the entrance to assure that only authorized persons, with an official need, enter (see Exhibit 10.2.14-1). Only individuals assigned to the area will be provided Restricted Area ID cards.

  3. A Restricted Area Register, Form 5421, will be maintained at the main entrance to the restricted area, and all visitors will be directed to the main entrance. Each person entering the restricted area, who is not assigned to the area, will sign the register. The restricted area monitor (staff) will complete the register by adding the individual’s name, assigned work area, person to be contacted, purpose for entry, ID card number, and time and date of entry. The monitor will identify each visitor by comparing the name and signature entered in the register with the name and signature on some type of photo identification card (i.e., government ID, driver's license). Upon verification of identity, the visitor will be issued an appropriate Restricted Area non-photo ID card. (If the visitor is an IRS employee not assigned to the area, an exchange of ID cards will be made.) Entry must be approved by the supervisor responsible for the area. Prior to exiting the area the visitor will return the non-photo ID card to the monitor. The monitor will enter the departure time in the register.

  4. Each Restricted Area Register will be closed out at the end of each month, reviewed by the restricted area first line supervisor and forwarded to their manager. The manager will review the register and retain it for at least one year. The managerial review is designed to ensure that only authorized individuals with an official need have access to the restricted areas.

  5. To facilitate the entry of employees who have a frequent and continuing need to enter a restricted area, at the discretion of the department manager an Authorized Access List may be maintained. Though individuals whose names appear on the Authorized Access List will not be required to sign-in, or will the control clerk be required to make any entry in the Restricted Area Register, these individuals are required to exchange their photo identification card for a non-photo, Restricted Area card. If the Authorized Access List is not used, employees must follow the procedures outlined in paragraph 3 above in order to gain access.

  6. The department manager of the Restricted Area must approve all names added to the Authorized Access List. The Authorized Access List will be prepared monthly and will be dated and signed by the manager. Before signing the access list the manager must validate the need of individuals to access the restricted area. If there is no change in the Authorized Access List, the manager may revalidate by signing and re-dating the list. Care must be taken to ensure that only individuals with a need are granted access. At the end of each month the department manager will review the Authorized Access List and the Restricted Area Register and forward to the physical security office for review and to modify ID media/access as appropriate.

10.2.14.6  (09-23-2009)
Secured Room

  1. For purposes of providing protection, all space can be classified as either secured or not secured. The requirements and standards for secured areas are contained in IRM 10.2.15 and locking system requirements for secured areas are contained in this IRM.

  2. A secured room is a room which has been constructed to resist forced entry. If a secured room is not continual staffed twenty-four hours a day seven days a week the entire room must be enclosed by slab-to-slab walls constructed of approved materials (normal construction material, permanent in nature, such as masonry brick, dry wall, etc. that would prevent undetected entry). If slab-to-slab standards can’t be met, motion detectors and periodic inspection shall occur at least once a week. However, if the secured room is continually staffed with authorized personnel slab-to-slab and motion detection is not required.

  3. All doors entering the Secured Room must be locked in accordance with paragraph 10.2.14.6(1). The room must be cleaned in the presence of an IRS employee authorized to enter the room. In addition, any glass in doors or walls will be equipped with glass break sensors and tinted film. Air intake door or wall vents or louvers will be protected by an Underwriters' Laboratory approved electronic intrusion detection system which will annunciate at a protection console, approved central station or local police station and given top priority for guard/police response during any alarm situation. Door hinge pins must be non-removable, or tamper resistant, or installed on the inside of the room. Entry will always be limited to specifically authorized personnel.

10.2.14.7  (10-01-2008)
Locks - General

  1. The lock is the most accepted and widely used security device for protecting installations and activities, personnel, tax data, classified material and government and personal property. All containers, rooms, buildings and facilities containing vulnerable or sensitive items should be locked when not in actual use.

  2. Regardless of their quality or cost, locks should be considered as delay devices only. Many ingenious locks have been devised, but equally ingenious means have been developed to open them surreptitiously. Some types of locks require considerable time and expert manipulation for covert opening, but all will succumb to force with the proper tools. Therefore, the locking system must be planned and used in conjunction with other security measures if a high degree of security is to be obtained.

10.2.14.7.1  (09-23-2009)
Type of Locking Devices

  1. Locks that are available range from the very simple (and easily defeated) variety to highly developed key locks, to combination locks, and highly sophisticated electronic coded switches.

  2. The degree of protection afforded by a well-constructed vault, safe, or filing cabinet may be measured in terms of the resistance of the locking mechanism to picking, manipulation or drilling. There are several types of locking devices available, such as:

    1. Key locks -- The time for picking most standard pin-tumbler locks (including those that are specially keyed) range from a few seconds to a few minutes. High security key locks are also vulnerable to surreptitious defeat; however, such defeat is much more difficult. The possibility of the loss and compromise of a key and the possibility of an impression being made should also be considered in determining the security value of a key-type lock. Key locks are the most common mechanical type lock and include locks; lever locks, and pin tumbler locks.

    2. Combination Locks -- This type of lock is incorporated in padlocks, vaults, and doors. Combination locks are typically used for their ease of use and, requires additional handling and maintenance by the Business Unit. Combination locks should be used sparingly and within interior areas with controlled access at the perimeter to IRS space. First, there is no key which can be lost or compromised. Second, a combination lock may have many possible combinations, effectively eliminating the possibility of opening the lock by dialing all possible combinations. For example, scramble pads offer the flexibility of multiple codes for multiple functions; individual pin numbers can be used in conjunction with the key pad and the codes cannot be discerned by others. Finally, and most important, newer versions of the combination lock are highly resistant to many forms of undetected attack because no direct access to the lock mechanism itself is required for normal operation.

10.2.14.7.2  (09-23-2009)
Other Access Controls

  1. Combination type door locks, which rely on something the individual knows, have been used in the past for controlling access. Though these types of locks add a layer of security, if the combinations are widely disseminated and not changed frequently, unauthorized access may occur and not be easily detected. With this type of access control there is no audit trail of who entered or exited, so unauthorized access may be difficult to detect.

  2. Technology has provided other types of locks and keys that require electrical connections and special equipment. There are a number of types of electronic access control systems. The key cards contain encoded information about what the user is able to access and who the user is. These systems are used for controlling access to buildings, rooms and computers and provide another level of security. However, as with other types of locks, if the access cards (keys) or combination locks are not properly controlled and accounted for, unauthorized access may occur.

10.2.14.7.3  (10-01-2008)
Inspection and Maintenance Procedures for Locks

  1. A periodic inspection by the Security staff should be made on all locks to determine the locking mechanism's effectiveness, detect tampering, and to determine need for replacement. This may be accomplished by inserting a "test key" (any comparable key other than the assigned key) no more than one-quarter inch into keyway. Turn the test key by hand; using the normal amount of force required opening the lock. If the lock opens during inspection, it should be replaced immediately.

  2. Periodic preventive maintenance of locks should be performed to ensure adequate lubrication, employment of rust preventatives on outer surfaces, and clearing of dust and moisture from keyways. Combination locks and electronic locks must also be serviced. By periodic servicing, the life of these type locks can be greatly extended.

10.2.14.7.4  (09-23-2009)
Control and Safeguarding of Keys and Cipher Lock Combinations

  1. Access to a locked area, room or container can only be controlled if the key/keycard or combination is controlled. As soon as the combination is obtained by an unauthorized person or otherwise compromised or the key is lost, the security provided by that particular lock is lost. Keys to the service space will be retained by local security offices where there is a security presence for day-to-day operations in the event of inadvertent office lock-outs. Spare keys may be retained by a designated off site business function for use in catastrophic situations where local personnel are available to provide access to IRS space.

  2. The combination to each lock will be changed:

    1. When the safe or lock is originally received

    2. At least once each calendar year

    3. When an employee who knows the combination retires, terminates employment or transfers to another office job

    4. Whenever the combination is compromised

  3. An exchange pool for combination locks may be established provided it is controlled by the Security function.

  4. Combinations will be given only to those who have a need to have access to the area, room or container. Combinations shall not be written on calendar pads, desk blotters, or any other item even though it is carried on one's person or hidden away. A record of combinations to security containers will be maintained by using Standard Form No. 700 (Security Container Information). After all information on Part I of Form 700 (a three part form) is entered, all parts will be separated and Part I attached to the inside of the container. The combination will be recorded on Part II, which will then be placed inside Part III and sealed. The classification on Parts II and III should be "unclassified" unless national security information is kept in the container (see IRM 10.9.1, National Security Information).

  5. A record of the combination (Parts II & III of Form 700) for safes and vaults must be maintained in a central location in each Office. Local management should designate an on-site representative to perform this function. The local physical security office should be able to access the combinations either by maintaining a list, having an on-site contact or having access to the on-site location should an event occur that requires their intervention. Criminal Investigation will control their own Forms 700.

  6. Combinations, Standard Form 700 for other than safes and vaults, and accountability records (Forms 1930, Custody Receipt for Government Property) for container keys will be maintained by area management.

  7. Standard Form 700 containing combinations must be placed in a container having the same or a higher security classification as the highest classification of the material authorized for storage in the container or area the lock secures.

  8. One key to all Service space properly identified as to the door(s) it will open must be maintained in a central location by the Security office or Criminal Investigation, who will control their own keys.

  9. Minimum requirements for locking systems for Secured areas are as follows:

    1. High security pin tumbler cylinder locks. The pin tumblers must meet the following requirements and must be used to secure doors to secured areas after normal duty hours -- key operated mortised or rim-mounted dead bolt lock; dead bolt throw of 1 inch or longer; double cylinder if the door has a transom or any glass (if the door is equipped with alarms or security glass the door is not required to have the double cylinder lock); cylinders are to have five or more pin tumblers; if bolt is visible when locked, it must contain hardened inserts or be made of steel; and, both the key and the lock must be "off master"

    2. Key padlocks and combination padlocks may be used for secured areas if they meet the requirements of section 10.2.14.3.2 of this IRM.

    3. Only authorized IRS personnel (and preferably only supervisors) can have after-hours access to Secured areas. In those situations where GSA insists on having a key and/or a combination to a secured area, it should be issued to them in a sealed envelope, the flap of which has been signed by the supervisor in charge of the Secured Area or the Territory manager or senior security specialist/analyst. GSA must agree to immediately notify the Chief of the Security function if it is necessary to use the key or combination and the reasons for having done so. Periodically, the envelope should be examined to make certain that the key or combination has not been compromised. If compromise is suspected, the area should be rekeyed or combination changed.

    4. All locks and keys to secured areas should be numbered with an unrelated number.

    5. Keys to secured areas not in the personal custody of an authorized IRS employee and any combinations must be stored in a security container.

    6. The number of keys or knowledge of the combinations to a secured area must be kept to the absolute minimum. Keys and combinations must be given only to those individuals, preferably supervisors, who have a frequent need to access the area after duty hours.

    7. The keys to cashier's or teller's cash box and the combination to the safe or vault in which the cash box is stored, cannot be both in the possession of an employee, a manager, and/or supervisor (including security function). Only the cashier or teller may have both the key to their own cash box and combination to the safe and vault (all keys should be engraved with the words "U.S. Government – DO NOT DUPLICATE" ).

    8. Electronic access control systems with after hours alarming capability can be used to secure doors to secure areas after normal duty hours. These systems should be periodically reviewed to make sure that the system is purged of users who no longer have a need for access (i.e. reassigned/separated employees) and that keys are in the possession of authorized individuals only. In addition, reports of access, generated by the system, should be periodically reviewed to ensure that no unauthorized access has occurred and periodic testing of the alarms should be conducted.

  10. The Territory manager or senior security specialist/analyst must approve requests for duplicate/additional keys for secured area doors and security containers.

  11. Keys will be issued only to persons having a need to have access to an area, room, or container. The number of keys on-hand and issued will be kept to a minimum. A "Master Key" shall only be issued to a limited number of personneldesignated by the office manager and shall not be issued to more than 5% of an office population. Keys issued to individuals will be kept with the individual and not left unattended, in unlocked desk drawers, or other unsecured place, and will not be loaned to other individuals.

  12. A custody Receipt for Government Property (Form 1930 ) will be used to record the issuance of all keys (including keycards for electronic access control systems).

  13. Padlocks must be locked to the staple or hasp, or placed inside the container, when the area or container is open to preclude theft, loss, or substitution of the padlock.

  14. To maintain the integrity of the security container (lateral and upright), only two keys will be provided for each container (lateral) and padlock (upright with bar lock). If the central core of a security container lock or padlock is replaced with a non-security lock core and has more than two keys, then the container does not qualify as a security container. To ensure that only two keys are available for each container/padlock the servicing PSEP security staff will maintain a limited supply of extra locks and padlock cores.

    1. When a key to a security cabinet or padlock on a secured area is lost or broken, the local Security office will provide a new lock or padlock core with two keys to the requesting office.

    2. The Security office will order an additional key for the old lock/padlock. Upon receipt of the new key, place the lock or padlock core with keys back in stock, making it available for the next lost or broken key occurrence. The lock or padlock core may not be reused at the original location.

    3. If the lost key is found, it should be destroyed.

    4. PSEP budgets for and funds maintenance and replacement of office access controls, locks and keys.

  15. PSEP Territory Managers will designate in writing a " Key Control Officer" (KCO).

    1. The KCO will ensure each Business Unit (BU) conducts a 100% "Annual Key Audit" at least once each calendar year (January – December).

    2. The annual key audit is designed to reconcile all on-hand and issued metal mechanical keys to ensure accountability.

    3. The key audit may be conducted by sending a request to the Business Unit (BU) office manager requesting written confirmation verifying 100% receipt, possession, and accountability of all mechanical metal keys.

    4. A Proxy Card audit will also be conducted of at least 10% of all issued Proxy Cards to ensure accountability.

    5. Each calendar year, the KCO will also conduct a 5% hands-on physical inspection of at least two randomly selected BUs assigned metal mechanical keys to ensure accountability, validate the BU audit report, and provide a report recording the audit results. The audit report will contain the following:

      • Office and date of the report

      • Personnel conducting the reconciliation

      • Beginning balance of each key

      • Audit balance, with explanations for discrepancies of lost/unaccounted for keys and corrective actions taken

      • Issues/concerns/corrective actions

      • Signatures of the PSEP Auditor and the PSEP Territory Manager

    6. If either the BU audit or PSEP random audit/reconciliation reveals more than a 5% loss of office keys that office space will be scheduled to be re-keyed (new core installed) within ten business days.

    7. The report will be maintained by the PSEP office conducting the audit for a minimum of three years.

    8. Receipts for keys/proxy cards will be maintained until the items are returned.

    9. A Master Key Control Reconciliation Log/File will be maintained by the KCO reflecting the beginning balance of keys on-hand, issued, or lost, etc.

    10. Key control records and documentation maintained should support the performance and completion of the annual key audit.

10.2.14.8  (09-23-2009)
Facility Access

  1. All personnel attempting to access IRS facilities must possess and present a valid and current form of identification. IRS personnel must present a valid IRS Identification or other recognized and authorized identification in compliance with HSPD-12. All visitors must be recorded on the Visitor Access Log. The log must contain:

    • The facility visited

    • Name and organization of the person visiting

    • Signature of the visitor

    • Form of Identification (Do not just list Photo ID, be specific, i.e. CA photo drivers license)

    • Date of access

    • Time of entry and departure; and name and organization of person visited

  2. Inspections of all visitors’ personal effects (employees inspections are based on local procedures) shall be conducted at the perimeter entrances of facilities. The purpose of this inspection program is to deter and detect prohibited items.

  3. Inspection of Personal Effects. Personal effects subject to inspection are packages of all types; such as, luggage, briefcases, shoulder bags, athletic bags, and handbags. Inspection includes opening the item and viewing its contents and/or viewing x-ray images of the item to determine if unauthorized items are present.

  4. Prohibited Items. Unless specifically permitted by the IRS PSEP Management, or otherwise permitted or required by law, in addition to materials restricted by Treasury Department ethics and standards of conduct, the following items are prohibited within IRS facilities:

    1. Illegal drugs, paraphernalia, and contraband

    2. Weapons of any type, with the exception of weapons issued to law enforcement and guard force personnel in the performance of official duties. Prohibited weapons include, but are not limited to, firearms, knives or other devices with blades in excess of 2 1/2 inches, swords, explosives, incendiary devices, nightsticks, brass-knuckles, throwing stars, etc. This prohibition also includes ceremonial and/or replica weapons

    3. Tear gas, chemical agents, and other hazardous substances, personal protection devices, mace, etc.

  5. Entry Access Screening. Local visitor screening procedures will be developed by each PSEP territory outlining the requirements for visitor screening and escort. When local procedures require visitors or employees to be screened prior to being authorized entry, all personnel requiring screening must submit to it or they may be denied access.

  6. In an effort to streamline IRS employees entry access to IRS facilities, PSEP Area Directors and Territory Managers shall implement the below procedures at all IRS facilities, brief all Guards and Internal Revenue Police Officers (IRPO) and include them in post orders:

    1. IRS personnel visiting other IRS facilities will be subject to the same entry screening process that personnel assigned to the facility are subject to.

    2. IRS personnel visiting other IRS facilities will sign-in on the Visitor Log for accountability purposes, where entry screening guards are present.

    3. Random searches of hand carried items of personnel entering/departing IRS facilities apply equally to all assigned or visiting personnel.

    4. In facilities where the IRS shares occupancy with other tenants (co-tenant office space) and the guards is a shared expense or paid by another tenant, IRS employees will follow the facility screening process in effect.

  7. Exceptions to entry access screening may only be granted by the PSEP Territory Manager, Area Director, or other competent authority within AWSS PSEP management, and must be due to extenuating circumstances. Extenuating circumstances, such as screening handicapped personnel may require special considerations regarding screening that would normally be accomplished using security equipment, such as a magnetometer. Some handicapped personnel are immobile and physically unable to pass through a magnetometer. Passage through a Walk-Through Metal Detector or use of a Hand-Held Metal Detector may result in physical harm to personnel with a Pace Maker, or result in anxiety or some other physical reaction or hardship for physically handicapped personnel.

  8. Personnel with a "Pace Maker" WILL NOT be screened with any type of Metal Detector. Personnel with a Pace Maker or other handicapped persons with a medical condition shall present a valid letter or medical identification card signed by a licensed practicing physician, stating they have a Pace Maker or other medical condition, before being exempt from Metal Detection screening. The doctor’s letter or Medical ID card must be verifiable through the doctor. Medic Alert Bracelets are not an approved or acceptable form of proof of an existing medical condition as they can be purchased over-the-counter. Also, medical cards can be printed-off the internet; therefore, they must be signed by a licensed practicing physician.

  9. Alternative methods of screening personnel with specific medical conditions must be considered and implemented with PSEP supervisor/manager approval. Alternative screening methods may include but are not limited to the following:

    • Removal of outerwear clothing (coat, jacket, sweater) visual inspection

    • Pat-down by someone of the same gender (if items not removed can be observed

    • All personal items removed from pockets/person for x-ray screening or visual inspection

    • All hand-held bags, briefcases, purses, etc., will be placed on the x-ray scanner and screened or subject to visual screening

    • Some other optional and reasonable screening methodology, per local procedures

  10. Territory Managers shall develop local procedures to ensure the expeditious entry access processing and screening of all personnel, to include handicapped visitors/employees. These procedures must take into consideration potential physical limitations, such as the inability to walk unassisted, obese, and the inability to pass-through a magnetometer, confined to a wheelchair, or those with Heart Monitors or Pace Makers.

  11. Territory Managers (TMs) will ensure that the guards examine the IRS-issued photo identification and perform a facial comparison of the photo to the badge owner for all who enter IRS facilities. TMs will issue a quarterly reminder to the guards and security staff insuring the inspection and scrutiny of personal identification is strictly adhered to (SHALL be tracked by PSEP Headquarters).

10.2.14.8.1  (10-01-2008)
Random Inspections

  1. Territory Managers will develop and implement local procedures for guards to conduct Random Antiterrorism Measures (RAMs) of personnel entering and/or exiting their facilities. These RAMs will include inspection of bags, packages, boxes, or other hand-carried items to ensure they do not contain National Classified Information (Confidential/Secret/Top Secret), Sensitive But Unclassified (SBU) information (formally called Official Use Only, Limited Official Use Only, Market Sensitive, Eyes Only, Privileged, or Proprietary), or taxpayer data, unauthorized weapons/explosives materials, drugs, unauthorized government property, or other contraband. If personnel are in possession of government property, guards must ensure they have a valid property pass (Form 1930) before allowing them to proceed.

  2. RAMS should be conducted at various entry points for varying lengths of time and increase in volume and severity as the DHS threat level increases. RAMS help mitigate or prevent a potential threat or escalation of an existing situation.

  3. RAM inspections should also include a strict random pattern that is coordinated through the PSEP TM. For example -- either 100% checks, every 5th person, or 10th person is inspected, a pre-determined timeframe is set and followed, etc. The random pattern must be strictly enforced for the duration of a particular RAM at a particular time and place to avoid the appearance or perception of selective screening or targeting personnel, which is prohibited.

10.2.14.9  (10-01-2008)
Detection Equipment

  1. There are a variety of different types of automatic detection equipment. These include, but are not limited to, door and window contacts, motion detectors, sound detectors, vibration sensors, etc., designed to set off an alarm at a given location when the sensor is disturbed.

  2. All alarms must annunciate at a protection console, a central station or a local police or fire station, where a timely response is available.

  3. Care must be taken in selecting the right equipment to meet the needs of a particular area.

10.2.14.9.1  (09-23-2009)
Intrusion Detection Systems & Duress Alarms

  1. The IRS is charged with the responsibility of protecting the tax administration system, facilities, property, personnel, sensitive information, and unauthorized disclosure. As such, we have an inherent responsibility to provide reasonable protection to ensure their safety. In addition to guards, another method of providing protection is through the use of electronic security equipment. It is of critical importance that all security equipment installed is in optimal operating condition and receives recurring periodic preventive maintenance. Security intrusion and duress alarm systems are a source of notification of potential dangerous situations to employees and unauthorized entry. Therefore, the use of audible and non-audible security alarms should be utilized where appropriate.

  2. Intrusion Detection Systems (IDS) are designed to detect attempted breaches of perimeters, facilities, and internal restricted or secure areas. To reduce the possibility of false alarms, potential effects of sound levels, vibrations, radio transmissions and other electrical interference should be considered in the decision process before purchase. IDS can also be used in conjunction with other measures to furnish forced entry protection for a locked facility or area. Alarm systems are only useable as a countermeasure if they are in good working order. Alarms shall be periodically tested to ensure they are in good working order and to ensure a timely response. "At IRS campuses a record of all instances involving the activation of any alarm, regardless of the circumstances that may have caused the activation, must be documented in a Daily Activity Report/Event Log or other log book and maintained for two years." The alarm documentation will be maintained by the Central Security Control Console (CSCC) or PSEP territory staff as determined by the Territory Manager.

  3. An Intrusion Detection System (IDS) can be used in lieu of other physical security measures such as:

    • Slab-to-slab construction for secured areas

    • Security containers which cannot be used because of operational requirements, appearance, layouts, cost or other reasons.

    Exceptions to this policy will be routed from the PSEP TM through their AD, to the PSEP Risk Management (RM) staff program manager. The exception request must include:

    • PSEP TM and AD approval

    • Adequate justification supporting the exception

    • Compensatory measures that will be taken

    • A Staff Summary Coordination Sheet reflecting the TM and AD coordinated and approval of the exception request and the dates.

    RM will review the exception request and approve or deny the request with comments. If approved, RM will log the exception and include an expiration get-well or extension review date.

  4. IDS must meet the following minimum requirements:

    • Meet the requirements of UL Standards

    • All alarms shall be remote to and annunciated at an on-site protection console, FPS central station, local police department or a UL approved central station, and priority given for an armed guard/police response during any alarm situation.

  5. The IDS must be so designed that guards staffing the on-site protection console or central station cannot turn the system off during non-duty hours and without the knowledge of the Security staff. One method of preventing this is to require on-site annunciation of all alarms and system malfunctions recorded by way of a printer. The printer must be located in the secured areas, or in some other secured location as specified by the Security staff.

  6. The maximum elapsed time from annunciation to successful guard response after alarm enunciation is 5 minutes, if the guard is responding from on-site. If the guard is responding from off-site the guard is allowed a maximum of 15 minutes for a successful response, but should begin to respond immediately. Any response time longer than this, no response, or no alarm annunciation, is a failure and must be documented as such with comments indicating the specific reason and the corrective action taken.

  7. Periodic testing of all alarms and guard response to alarms must be conducted to ensure they are properly operating, annunciating, and that an appropriate and timely guard response occurs. Therefore, all Campuses, Computing Centers (CCs), Main IRS, and the New Carrollton Federal Building (NCFB) are required to conduct Alarm Testing at the frequency schedule in Exhibit 10.2.14-2, Alarm Test Matrix Summary.

  8. Other Non-Campus PODs with alarms will also test the guard response, if they have guards present on-site tasked to respond to local alarms. These tests will be conducted at the frequency schedule per the Alarm Testing per Exhibit 10.2.14-2, Alarm Test Matrix Summary.

  9. Campuses, CCs, Main IRS, and the New Carrollton Federal Building will conduct Quarterly Scheduled Alarm Tests of all alarms within these facilities.

  10. PSEP Territory staff will ensure all field office [which includes Taxpayer Assistance Centers (TAC)] duress alarms are tested at the interval set forth in Alarm Testing per Exhibit 10.2.14-2, Alarm Test Matrix Summary.

  11. PSEP Territory Offices will ensure that:

    • An inventory of all duress alarms for IRS facilities falling under the jurisdiction of each PSEP Territory Office is documented for each location and is readily available to individuals conducting duress alarm tests before each test is conducted. This inventory should detail the location of each alarm as accurately as possible.

    • An inventory validation of all duress alarms is conducted quarterly. Additionally, the list will be dated and signed by the respective facility PSEP representative. These records shall be maintained at the PSEP Territory Office for a minimum of one year.

    • The PSEP representative will conduct a quarterly validation of the central monitoring station’s Emergency Signal History Report for each IRS facility under the PSEP Territory Office jurisdiction where alarms are present. The prospective PSEP representative will ensure that appropriate corrective actions have been planned for all deficiencies or incidents requiring actions reported by the central monitoring station. The report will be dated and signed by the respective facility PSEP representative and retained for a minimum of one year.

10.2.14.9.2  (09-23-2009)
Intrusion Detection System (IDS) and Duress Alarm System Tests

  1. As a minimum, all other alarms at non-campus POD facilities and TACs will be tested at the frequency schedule per Alarm Testing per Exhibit 10.2.14-2, Alarm Test Matrix Summary and the results will be documented and maintained locally.

  2. The Unannounced Alarm Response Exercises, Duress Alarms, and other Scheduled Alarm Tests will be conducted utilizing the below policy guidance and the frequency schedule contained in Exhibit 10.2.14-2, Alarm Test Matrix Summary.

    • When conducting quarterly duress alarm tests the IRS officials conducting the test (1) document the test results for each duress alarm listed in the inventory including date, findings, and planned corrective action and (2) track the findings until they are properly resolved.

  3. Guard Response to Unannounced Alarms will be exercised (tested) at the frequency schedule per Alarm Testing per Exhibit 10.2.14-2, Alarm Test Matrix Summary, as a minimum, at Campuses and Computing Centers, Main IRS, and the NCFB. These exercises will be per the facility operating procedures.

    • Accomplished randomly by the local IRS security staff tripping (activating) a randomly selected alarm (with emphasis on facility perimeter alarms, to include Receipt and Control), and without prior notification to the guards or contractor with the results documented).

    • Immediate corrective action(s) will be taken to correct any deficiencies in guard response or inoperable alarms.

    • The guard console blotter/event log is to be annotated to record and document the guard force response to each alarm activation test, and if no response occurs, document what corrective action was taken.

    • If a non-campus POD (also includes Main IRS and the NCFB) has a guard(s) present and tasked to respond to alarms as part of their duties, their response to unannounced alarms should be tested at the frequency schedule per Alarm Testing per Exhibit 10.2.14-2, Alarm Test Matrix Summary and recorded in the same manner as for Campuses, CCs, Main IRS, and the NCFB.

    • We encourage planned and coordinated response exercises at all campuses and CCs. Alarm tests that require a Mega Center (MC) alarm notification to others will not be conducted if they result in an armed response, as the potential for a dangerous scenario exists with external responders (local police & FPS) to test exercises.

  4. Safety is of the utmost importance; therefore, response exercises must be planned and coordinated accordingly to ensure there is no safety violation/incident associated with the alarm exercises. The alarm evaluator must continually monitor the guards radio channel to ensure an immediate dispatch, after alarm activation, and ensure guards are dispatched to and respond to the correct alarm location and record the time of alarm activation and the guards arrival.

  5. Random Unannounced Alarm Exercise Reports and Scheduled Alarm Test Reports will be rolled-up into monthly report. The PSEP Territory Manager (TM) and Area Director (AD) will ensure that a monthly cumulative report is accomplished reflecting the alarm information for their Territories and submitted to the PSEP RM as scheduled in Exhibit 10.2.14-2 (Alarm Test Matrix Summary). The AD will provide the Area roll-up report to the PSEP RM Point-of-Contact (POC) per Exhibit 10.2.14-2. The PSEP TMs and ADs will review the reports, take necessary corrective actions, and file the reports for future reference for at least two years.

  6. Unannounced Alarm Test Reports (guard response report) will include the data in Exhibit 10.2.14-3 and be retained by the territory for at least two-years

  7. All Campus and Computing Center Alarm Points (i.e., door and hatch balance magnetic switch (BMS) alarms, glass break, motion alarms, vibration alarms, duress alarms, etc.) and Taxpayer Assistance Centers (TAC) Duress Alarms will be tested at the frequency schedule per Alarm Testing per Exhibit 10.2.14-2, Alarm Test Matrix Summary, with at least 30-days between each test. The test results will be documented in the monthly Alarm Test Report. PSEP RM provides the TAC duress alarm tests to the Wage & Investment N.O. Point of Contact (POC). Although it is not required, it is recommended that all duress alarms are tested more frequently than quarterly as employee’s immediate safety may be impacted.

  8. Alarm Notifications.

    1. PSEP territory staff must ensure the Mega Center (MC) or Campus Central Security Control Center (CSCC) not only receives the duress alarm annunciation during tests, but also lists the correct POC and their current phone number on their Contact List to ensure a prompt notification of any alarm. An armed "First Responder" (guard/police) must be listed as the first responder, as the shortest possible response time is critical with priority notification. The alarm notification priority protocols are : 1) First Priority, on-site guards are notified 2) Second Priority, Federal Protective Service are notified; and 3) Third Priority, local police who will be notified last. This is critical, especially if the local police are notified and it’s a nuisance (false) alarm, as many city and county police agencies issue citations and assess fines for false alarms.

    2. The PSEP territory representative will conduct a monthly validation of the "Emergency/Alarm Contact List" for each IRS facility under PSEP Territory Office jurisdiction where alarms are present, ensuring contact information is current and accurate. The phone number(s) listed must be in the correct descending priority, the Territory security staff should only be notified after an armed "First Responder" is notified. The report will be dated and signed by the respective facility PSEP representative and be retained for a minimum of one year.

    3. Ensure you do not conduct a "Blind Test" (Unannounced to the MC) of alarms annunciating at the MC as the MC Alarm Monitors will keep going down the notification list until they can contact someone, which may be the local police. If the local police are contacted and respond they may not know it is a test and may respond with weapons drawn, or be subjected to a potential dangerous situation or accident while responding in an emergency mode. Therefore, be sure your test only confirms two things with the MC:

    • The alarm enunciated at the MC

    • The MC has the correct person(s) and phone number(s) listed on the contact list in the event of the need for an actual notification ( end your test at this point – do not include a police response).

  9. Duress buttons are often inadvertently hit by chairs, employee’s knees/hands, or other equipment that may dislodge the actuator/button, and which may render the alarm inoperable. This may result in a potential non-contact or non-annunciation during emergency and attempted alarm activation. It is imperative that the PSEP territory has written alarm procedures and ensures that each owner/user of the duress buttons is:

    1. Knowledgeable of the location of the duress alarm button(s)

    2. Trained how to activate and reset the duress alarm button(s)

    3. Knowledgeable of where the duress alarm enunciates

    4. Knowledgeable of who will be responding to the duress alarm (i.e., CI, guards, FPS, local police, etc.)

    5. Knowledgeable of the need to dial 911 for emergency assistance if the duress alarm is inoperable or under repair

  10. The TM will ensure all Alarm Tests are conducted and properly recorded in accordance with PSEP RM procedures and at the frequency schedule per Alarm Testing per Exhibit 10.2.14-2, Alarm Test Matrix Summary. The TM will ensure alarm data is compiled and reflect that information in the Alarm Report to their Area Director (AD). The AD will ensure their TM reports are rolled-up into an Area Report and provide the data to the N.O. RM POC per the schedule in exhibit 10.2.14-2. Scheduled Alarm Test Reports will contain the following information:

    • Date of test

    • Building or facility ID

    • Facility Address (address - city, state, zip code)

    • Alarm - Number of Alarm Points in Building (type and #)

    • Test results (# = No. tested, P= # Passed, F= # Failed)

    • Success rate %

    • Date Mega Center & Security Console Contact List Updated (required quarterly)

    • Failures reported for maintenance? Yes / No

    • Who was malfunction reported to (name)

    • Name of alarm tester

  11. The same Alarm Test Report used for the Campuses will be used for the TAC duress alarms and all other POD alarms. Quarterly TAC duress alarm tests will be reported to Wage & Investment (W&I) by PSEP RM.

  12. Due to the large volume of other alarms in the IRS inventory, all other alarms (alarms not located on a Campus, CC, or TAC duress alarms) will be tested by the TM security staff at least once annually and documented, although we highly encourage (not mandatory) more frequent testing of all alarms. Sound activated alarms and alarms emitting an audible alarm should be silenced before testing or tested during hours of least staffing or when personnel are not working in the immediate area. The PSEP TM with security responsibility for Campus, CCs, TACs, and other non-campus PODs in their territory will develop local alarm procedures for their assigned facilities. PSEP staff will conduct the test. The only actions Non-PSEP personnel (BU staff) are required to perform are to activate and reset an alarm upon request of PSEP to test the alarm. The alarm procedures developed by the PSEP territory shall as a minimum, identify:

    1. Who tests TAC duress and other TAC and Non-TAC alarms

    2. When alarms are tested

    3. How alarms are tested

    4. How the alarm test is documented and reported

    5. How to report malfunctioning alarms and to who (provide phone contact information)

    6. Who on the PSEP staff is responsible for the documented alarm test reports and monitoring the timely repair of malfunctioning alarms

    7. Where alarm test reports are maintained and for how long

    8. Who on their staff prepares the alarm test report for the territory, and maintains and files the reports

    9. Who forwards alarm test reports to the PSEP AD and PSEP RM and when

    10. Alarm Testing and Reporting, the validation responsibility will fall on the Territory Managers (TMs) and the Area Director (AD) to resolve any differences/discrepancies in numbers reported ie., "total numbers, number passed and/or number failed," and corrective actions.

  13. If during a test, or other times, it is determined that an alarm is malfunctioning, the guards, console operators, guard shift supervisor, and Contracting Officer’s Technical Representative (COTR) or their designee, will be immediately notified. Malfunctioning alarms must be recorded and repaired in a timely manner and tracked by the PSEP territory office until the alarms are repaired and functioning properly.

  14. Compensatory measures will be taken to ensure proper security is maintained while an alarm is inoperable. Compensatory measures may include, but are not limited to the following options or a combination of options, such as:

    1. Deploying guards to inoperable alarm point(s) to ensure proper security is maintained

    2. Random patrols

    3. Aggressive recurring security checks, etc.

    4. Locking a door(s)

    5. CCTV coverage

  15. Should the entire alarm system fail and become inoperable, or if numerous multiple alarms simultaneously annunciate, priority dispatch and response must first be directed to critical alarm points (i.e., weapon vaults/rooms, duress alarms, vaults and safes containing funds or other instruments of monetary value, perimeter entry points, etc.), which is locally determined, until the system is reset and functioning properly. Scheduled alarm test reports will be maintained by the PSEP territory staff.

  16. All alarm reports transmitted electronically must be sent via Secure Messaging. Any mailed documents should be sent via traceable mail with receipt requested upon delivery. This is necessary due to the sensitive nature of the information as it pertains to specific facilities and their security countermeasures and security posture.

10.2.14.9.3  (09-23-2009)
Closed Circuit Television (CCTV)

  1. Closed Circuit Television (CCTV) is very useful in physical security operations. A key to effectiveness of CCTV is maintenance of the system and supportive artificial lighting. To facilitate an effective field of view, CCTV surveillance capabilities should be checked on a routine basis to assess equipment effectiveness and to identify obstructions. Coordination with facility or maintenance personnel is required to request the flora trimming. CCTV along with other risk mitigating elements (security layering, guard force, patrols, etc.) shall be utilized to protect the fenceline and the facility perimeter

  2. CCTV is frequently used as an integral part of an intrusion detection system. This may be accomplished by:

    1. Using sensors to establish a secured area and installing a CCTV system, which includes a time lapse digital video recorder to complement the sensors.

    2. Placing cameras at critical locations to provide direct visual monitoring from a vantage point such as an on-site protection console.

    3. Using CCTV on gates, doors, and other security areas not manned continuously. The system normally consists of a television camera, camera control box, recorder, monitor, two-way communication system, and electrical circuitry

  3. Use of CCTV on entry points may include the use of a two-way communication system between the monitor panel and the gate/door and an electrically operated gate/door. With this device the person viewing the monitor(s) can be alerted on the speaker system when an individual requires access, and allows communication with the individual, and visually assess the situation on the monitor. This assessment helps to determine authority to enter and their security status. Once authority for access is verified, access is granted by pressing the electric gate/door lock button.

  4. Controls should be enclosed and properly secured to preclude attempted adjustment by unauthorized personnel.

Exhibit 10.2.14-1  (10-01-2008)
Instruction for Receptionists (Monitors) at Entrances to Restricted Areas

I. Entry by Authorized Personnel

  1. Entrances Equipped with Card Readers — Each individual who is authorized to enter the area is required to use his/her card and pin number (if required) to unlock the door every time he/she enters the area. During periods of unacceptable backups, due to excess traffic or system breakdown, monitors and/or supervisors must control entrances as set forth below for areas without card readers.

  2. Entrances without Card Readers — Authorized individuals must display their ID card to the monitor each time they enter the area.

  3. Lost or Forgotten Cards — When an individual forgets or loses his/her ID card, he/she is issued a card with the word TEMP in place of the photo, by the monitor/guard in a center and by the issuing ID card unit or monitor in post of duty. If the individual works in a restricted area, and he/she is authorized unescorted access, but the ID card he/she was issued is not properly coded to allow unescorted access, he/she must exchange that card for a non-photo properly coded card for the restricted area before being allowed access to the restricted area.

  4. Authorized Access List — The monitor will maintain a list of all personnel whose cards are not coded for the area, but who are authorized unescorted access to the area. Only the applicable branch chief, or his/her designated representative, can add a name to this list and it should be done in writing. Records of visits to the area by individuals whose names are on the Authorized Access List, do not need to be recorded on the Restricted Area Register, however, the monitor must retain their ID card and issue them one properly coded for the area.

II. Visitors to Restricted Areas

  1. Unauthorized employees having a need to hand-carry documents to restricted areas will present the material to the door monitor. No processing of these personnel will be required, unless there is a need to enter areas.

  2. Door monitors will process all visitors (non-authorized individuals) as follows:

    1. Ask the individual for his/her ID card. If it is a non-photo card, ask for some photo identification with a signature. When you have the card and, if required, other photo ID physically in hand, physically check the card and photo ID and determine if it’s an authentic IRS identification card (does it look like the one you are wearing, is the lettering exactly the same, is it laminated the same, etc.)? Is the picture on the card or other photo ID that of the individual standing in front of you?

    2. If the answer to either question is no, call your supervisor, the Security office, or guard. Is his/her name on the Authorized Access List of individuals authorized unescorted access? If not, does the individual(s) have a NEED TO ENTER the restricted area? Verify this by checking with your supervisor or other designated individual(s). If there is no NEED TO ENTER, and you are certain it is not a penetration attempt, deny them entry, otherwise contact your supervisor, chief of the Security function, or guard.

    3. Anyone other than an IRS employee whose card has not been coded to allow access to a restricted area, or whose name is not on the Authorized Access List, must be escorted while in a restricted area. Therefore, do not allow him/her to enter unless arrangements have been made for a full-time escort by someone authorized to be in the area. Use of the visitors register and exchange of ID cards may not be waived.

    4. Record all visitor activity to the area on the Restricted Area Register, Form 5421, as follows:

      1. Make all entries, except for the signature.

      2. Have the visitor sign the register.

      3. Check the visitor's signature against signature on card or other photo ID. If you are in doubt about the signature, call your supervisor.

    5. Issue the visitor a card for your area using the following criteria and retain his/her card:

      1. Visitor is to be allowed unescorted access: Issue a card properly coded for the area with the VISITOR in place of the photo, and one that properly identifies the visitor as an IRS employee (white pouch, 6054, with seal), other Federal employee (white pouch, 6055, without seal), or a non-Federal person (red pouch, 6056).

      2. Visitor is to be escorted: Issue a card properly coded for the area with the words ESCORT ONLY in place of the photo and one that properly identifies the visitor as an IRS employee, other-Federal employee, or a non-Federal person.

      3. When the door is open (e.g., to allow a visitor to enter) or if there is no door on the entrance, the receptionist must be constantly alert to prevent an unauthorized person from entering the area.

Exhibit 10.2.14-2  (09-23-2009)
Alarm Test Matrix Summary

This image is too large to be displayed in the current screen. Please click the link to view the image.
This image is too large to be displayed in the current screen. Please click the link to view the image.

Exhibit 10.2.14-3  (10-01-2008)
Unannounced Alarm Test Report

This image is too large to be displayed in the current screen. Please click the link to view the image.

More Internal Revenue Manual