2.13.11  Day-to-Day IT Security Procedures for Enterprise Networks

Manual Transmittal

June 05, 2013

Purpose

(1) This transmits revised IRM 2.13.11, Enterprise Networks, Day-to-Day IT Security Procedures for Enterprise Networks.

Material Changes

(1) IRM 2.13.11 is updated to reflect the following editorial changes:

  • “Enterprise Networks” was changed to “User and Network Services” throughout the document.

  • References to Security documents was updated

  • All outdated web links were updated

  • The new FISMA terminology and name changes associated with SA&A was updated

  • Section dates were changed

Effect on Other Documents

IRM 2.13.11, dated August 05, 2009, is superseded.

Audience

This standard is to be used by User and Network Services, IRS contractors, and IRS organizations and personnel that perform or support any telecommunication and networking information technology security activities.

Effective Date

(06-05-2013)

Related Resources

The following references were used to develop this IRM:

  • Treasury Directive Publication 85-01, Treasury Information Technology (IT) Security Program

  • National Institute of Standards and Technology (NIST) Special Publication (SP) guidance

  • NIST SP 800-18, Rev. 1, Guide for Developing Security Plans for Federal Information Technology Systems, February 2006

  • NIST SP 800-30, Rev 1, Guide for Conducting Risk Assessments, September 2011 (Initial Public Draft)

  • NIST SP 800-37, Rev 1, Guide for Applying the Risk Management Framework to Federal Information Systems, February 2010

  • NIST SP 800-53, Rev 3, Recommended Security Controls for Federal Information Systems and Organizations, August 2009

  • NIST SP 800-53A, Rev 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations, June 2010

  • IRM 10.8.1, Information Technology (IT) Security Policy and Standards Guidance

  • IRM 10.8.2, Information Technology Security Roles and Responsibilities, which supports Federal Information Security Management Act (FISMA) requirements

  • The Federal Information Security Management Act (FISMA) of 2012

Terry Milholland
Chief Technology Officer

2.13.11.1  (05-09-2013)
Purpose

  1. This IRM establishes the Information Technology (IT) security duties and day-to-day procedures and processes within Internal Revenue Service's (IRS) User and Network Services (UNS) organization.

  2. This IRM applies to all UNS, IRS contractors, and IRS organizations and personnel that perform or support any telecommunication and networking information technology security activities. These activities include work with IRS sensitive but unclassified (SBU) systems and information as well as national security systems and information.

  3. As part of satisfying Congressionally mandated requirements, UNS has established and implemented a comprehensive UNS IT Security Program that works in concert, supplements, and enhances the security requirements provided in IRM 10.8.2, Information Technology Security Roles and Responsibilities.

  4. All UNS personnel and contractors who perform administrator duties within the UNS IT Security Program shall have a thorough working knowledge of the following IT Security IRMs:

    • IRM 1.16.1, Physical Security Program

    • All of IRM Part 2, Information Technology

    • IRM 10.8.1, Information Technology Security Policy and Standards Guidance

    • IRM 10.8.2, Information Technology Security Roles and Responsibilities

2.13.11.2  (05-09-2013)
Deviations

  1. Deviations from the IRM 10.8.x series shall be processed according to IRM 10.8.1, Information Technology Security Policy and Standards Guidance.

  2. The deviation process and related information on deviations are located on the Cybersecurity web site. Refer to http://mits.web.irs.gov/Cybersecurity/Divisions/Policy_Compliance/default.htm for information on deviations.

  3. Deviations must be signed and approved by the technical point of contact's manager.

  4. Requests are then to be sent to the UNS IT Security Team for processing at *IT UNS SECURITY MAILBOX. . The UNS IT Security Team will distribute the request through the Cybersecurity deviation process, as the team functions as the Authorizing Official (AO) support staff.

    Note:

    If there is a need to deviate from the IRM 10.8.x series, use the same form provided on the Cybersecurity web site, forward the request to the UNS IT Security Team, and follow the Cybersecurity concepts.

2.13.11.3  (05-09-2013)
User and Network Services Organization

  1. UNS’ responsibilities include managing the telecommunications budget for the IRS; engineering and designing the telecommunications infrastructure; and providing standards, procedures, guidelines, and operational support for telecommunications services.

  2. IRM 1.1.12.8 contains organizational information about the Associate Chief Information Officer for User and Network Services organization. Further information about UNS and other services provided can be found on the UNS web site at http://uns.web.irs.gov.

2.13.11.4  (05-09-2013)
User and Network Services IT Security Duties

  1. UNS management and staff are assigned roles defined in IRM 10.8.2, Information Technology Security Roles and Responsibilities in addition to performing their UNS duties.

  2. For information regarding the UNS specific roles and responsibilities, refer to IRM 1.1.12.8, Associate Chief Information Officer for User and Network Services.

2.13.11.4.1  (05-09-2013)
UNS Security Team

  1. The UNS Security Team will support UNS Authorizing Official (AO) in performing their security roles and responsibilities as defined in IRM 10.8.2, Information Technology Security Roles and Responsibilities.

  2. The UNS Security Team will provide support to the Information Technology Services (IT) Program Management Office (PMO) in performing the security roles and responsibilities as defined in Information Technology Security Roles and Responsibilities. IRM 10.8.2, Information Technology Security Roles and Responsibilities.

  3. The UNS Security Team will provide support to UNS and non-UNS management and technical personnel maintaining UNS-owned IT systems in performing their security roles and responsibilities as defined in IRM 10.8.2 , Information Technology Security Roles and Responsibilities.

  4. The UNS Security Team will consist of UNS employees and IRS contractors serving as the Federal Information Security Management Act (FISMA) Liaisons, AO Designated Representative (AODR), and IT POCs. Other UNS employees and contractors can be assigned to the UNS Security Team on an as needed basis.

  5. The UNS Security Team shall:

    • Provide Authorizing Official (AO) day-to-day support in order to meet FISMA requirements

    • Act as liaisons among UNS, the IT PMO, and Cybersecurity in order to meet FISMA requirements

    • Coordinate with other IT organizations to ensure a consistent security posture

    • Provide guidance to UNS personnel on security related topics

    • Provide support to UNS personnel in order to meet FISMA requirements

    • Coordinate support for Government Accountability Office (GAO) and Treasury Inspector General for Tax Administration (TIGTA) when conducting security audits and for providing status updates on findings and material weaknesses

  6. The IT Security duties of the UNS Security team include but are not limited to:

    • Coordinating Security Assessment and Authorization (SA&A) activities

    • Coordinating Enterprise Continuous Monitoring (eCM) activities

    • Tracking the mitigation of the weaknesses in the Plan of Action and Milestones (POA&M ) through status updates, changes to milestones, and additional comments

    • Increasing the understanding of FISMA and other security policy requirements within UNS

    • Enhancing FISMA coordination within UNS and between UNS and other organizations

2.13.11.4.2  (05-09-2013)
Associate Chief Information Officer for User and Network Services

  1. (1) Within IT, the Associate Chief Information Officer (ACIO) for User and Network Services (UNS) is the executive leader responsible for the IT major service-delivery functions. The ACIO for UNS reports directly to the IRS Chief Information Officer (CIO). The IT organizational structure can be viewed on the IT web site at http://it.web.irs.gov/MITSOrgs/default.htm.

  2. The ACIO for User and Network Services shall:

    • Assume the role of AO

    • Assume the role of Information System Owner and Information Owner

    • Ensure the program manager(s) define the system security requirements for acquisitions

    • Manage the UNS major service-delivery function

    • Support the CIO

2.13.11.4.3  (05-09-2013)
Management

  1. UNS possesses systems and therefore shall designate one or more program managers for each system.

  2. See IRM 10.8.2, Information Technology Security Roles and Responsibilities for program manager security responsibilities.

2.13.11.4.4  (05-09-2013)
Operational Staff

  1. Persons assigned the role of Database Administrator assume the security responsibilities defined in IRM 10.8.2, Information Technology Security Roles and Responsibilities

  2. Persons assigned the role of System Administrator assume the security responsibilities defined in IRM 10.8.2, Information Technology Security Roles and Responsibilities.

  3. Persons assigned the role of Network Administrator assume the security responsibilities defined in IRM 10.8.2, Information Technology Security Roles and Responsibilities.

2.13.11.4.4.1  (05-09-2013)
Web Administrator

  1. UNS does perform Web Administration duties and follows security procedures as designated by Enterprise Operations. UNS managed web sites are used exclusively for network administration and cannot be accessed by the general IRS user.

2.13.11.4.4.2  (05-09-2013)
Network Engineer

  1. The UNS Network Engineer designs the network architecture and provides technical direction and engineering design as well as the development of configurations and capacity management standards for the IRS.

    Note:

    Within User and Network Services "Network Engineer" is synonymous with the "engineer " or "developer" as defined in IRM 10.8.2, Information Technology Security Roles and Responsibilities.

    Note:

    User and Network Services has been designated as the primary telecommunications and networking service provider for the IRS.

  2. Persons assigned the role of Network Engineer assume the security responsibilities defined in IRM 10.8.2, Information Technology Security Roles and Responsibilities for a developer.

  3. The IT Security duties of the Network Engineer include:

    • Developing, implementing, and monitoring standards and controls to ensure data accuracy, security, and legal and regulatory compliance throughout the system life cycle

    • Coding and documenting scripts and stored procedures

      Note:

      UNS codes and documents scripts for network devises and their supporting systems. UNS does not code or document scripts for non-telecommunications systems or support systems at the IRS.

    • Preparing and implementing data verification and testing methods

    • Holding review and approval authority for ensuring that developed products incorporate security and meet user requirements

    • Ensuring that for each information system or application, security is planned for, documented, and integrated into the system development life cycle from the information system or application’s initiation phase to its disposal phase

    • Identifying IT assets and determining the value of those IT assets to implement necessary safeguards.

2.13.11.4.4.3  (05-09-2013)
UNS GAO/TIGTA Liaison

  1. The UNS Government Accountability Office (GAO)/Treasury Inspector General for Tax Administration (TIGTA) Liaison is not a security role/responsibility specifically, but relates to FISMA activities.

  2. The UNS GAO/TIGTA) Liaison in UNS is responsible for:

    • Providing AO support to GAO and TIGTA audits

    • Acting as the primary Point of Contact within UNS for GAO and TIGTA auditors

    • Coordinating with UNS management and technical personnel in support of GAO and TIGTA audits

    • Coordinating and consolidating all UNS responses to GAO and TIGTA identified in material weaknesses, re-mediations, and corrective actions

    • Providing support to UNS personnel in GAO and TIGTA audit processes and procedures

  3. The IT Security duties of the UNS GAO/TIGTA Liaison include:

    • Analyzing the information system or application to ensure compliance with the applicable regulations

    • Providing assistance to fully document and update the information system or application in the Risk Assessment Report

    • Reviewing the accreditation documentation for all IRS information systems or applications to confirm that the residual risk is within acceptable limits, as specified by NIST SP 800-37, Rev 1, Guide for Applying the Risk Management Framework to Federal Information Systems, February 2010

2.13.11.5  (05-09-2013)
User and Network Services IT Security Procedures and Processes

  1. The remainder of this IRM describes how UNS personnel, IRS contractors, and other IRS organizations and personnel that perform or support any telecommunication and networking information technology security activities perform and support their IT Security functions and duties at the IRS. The function is first described, then the process and procedure of the duties are listed, and then a high-level description of each duty is provided.

2.13.11.5.1  (05-09-2013)
Security Inventory Function

  1. The Security Inventory Function within UNS is the process of managing and controlling the supply, storage, and accessibility of systems’ items and resources in order to ensure an adequate supply is available at the IRS without excessive oversupply. UNS builds and maintains a detailed, itemized list and regularly generates IRS systems inventory reports for management.

  2. FISMA compliant inventory is maintained in the Information Security Contingency Plan (ISCP) documentation. The ISCP contains documents for all UNS-owned General Support Services (GSS) and applications.

2.13.11.5.2  (05-09-2013)
Security Assessment & Authorization (SA&A) Function

  1. Cybersecurity is the SA&A authority at the IRS. UNS follows and supports the Cybersecurity SA&A process. The Cybersecurity SA&A process and related information are located on the Cybersecurity web site. Refer to http://it.web.irs.gov/cybersecurity/Divisions/SRM/SAA/default.htm for information on the SA&A process.

2.13.11.5.3  (05-09-2013)
Enterprise Continuous Monitoring Function (eCM)

  1. For Enterprise Continuous Monitoring (eCM), UNS follows and support the IT-wide direction which supports the Cybersecurity eCM process.

2.13.11.5.4  (05-09-2013)
Account Administration Function

  1. The Account Administration Function within UNS is the process of setting up and managing individual or group access to IRS information systems or application resources on an IRS network to ensure proper security access capabilities. Account administration includes granting IRS users the ability to access (read, write, execute, or traverse) files and directories on an information system or application and is consistent with IRS practices across the enterprise.

  2. UNS follows the Account Administration functions stipulated in IRM 10.8.2, Information Technology Security Roles and Responsibilities.

2.13.11.5.4.1  (05-09-2013)
Assign and Manage End User Roles and System Privileges

  1. As part of the Account Administration Function, UNS must assign and manage IRS end user roles and system privileges on information systems or applications to ensure proper security access capabilities. The procedures and processes that UNS uses to assign and manage IRS end user roles and system privileges and how UNS personnel perform these duties are identified as follows:

    • Determine or verify user needs for system access using the OL5081 system

    • Determine if user needs training for each system listed and provide assistance, as required

    • Ensure users’ access to an information system or application is restricted to the minimum (least privilege) necessary to perform their job

    • Coordinate with users and/or their manager to resolve any conflicts with level of access requests

2.13.11.5.4.2  (05-09-2013)
Update and Delete User Accounts

  1. As part of the Account Administration Function, UNS must update and delete IRS user accounts on information systems or applications to ensure proper security access capabilities. The procedures and processes that UNS uses to update and delete IRS user accounts and how UNS personnel perform these duties are identified as follows:

    • Determine or verify need for system access update or deletion using the OL5081 system

    • Update or delete users according to system rules based on IRM 10.8.1, Information Technology Security Policy and Standards Guidance (such as, 90 days inactive – disable, 120 day inactive, etc.)

      Note:

      In case of changes to user accounts due to inactivity, violations, or other suspicious activity, contact the user or manager for verification.

2.13.11.5.4.3  (05-09-2013)
Restrict User Access

  1. As part of the Account Administration Function, UNS must ensure that user access to an IRS information system or application is restricted to the minimum (least privilege) necessary to perform the user’s job. The procedures and processes that UNS uses to ensure user access is restricted and how UNS personnel perform these duties are identified as follows:

    • Determine or verify need for system access restriction using the OL5081 system

    • Review user’s access to appropriate information systems and determine if privilege levels are adequate

    • Add, remove or change user’s system access, as required

      Note:

      In case of changes to user accounts due to inactivity, violations, or other suspicious activity, contact the user or manager for verification.

2.13.11.5.4.4  (05-09-2013)
Assign Security Parameters to New Users

  1. As part of the Account Administration Function, UNS must assign security parameters, such as initial identifications and passwords, security profiles, and other security characteristics to new users before they can access IRS information systems or applications. The procedures and processes that UNS uses to assign security parameters and perform these duties are identified as follows:

    • Determine or verify need for system access using the OL5081 system

    • Review user’s access to appropriate systems and determine if privilege levels are adequate

    • Ensure that users’ access to an information system or application is restricted to the minimum (least privilege) necessary to perform their job

    • Create security profiles for new users as required and perform follow-up by contacting the user and/or manager

    • Logon to the appropriate information system and establish appropriate user access

    • Provide user with logon and password information

2.13.11.5.4.5  (05-09-2013)
Change Security Profiles for Existing Users

  1. As part of the Account Administration Function, UNS must change security profiles for existing users on IRS information systems or applications on an as needed basis. The procedures and processes that UNS uses to assign security parameters and perform these duties are identified as follows:

    • Determine or verify need for system access update using the OL5081 system

    • Review user’s access to appropriate systems and determine if privilege levels are adequate

    • Ensure that users’ access to an information system or application is restricted to the minimum (least privilege) necessary to perform their job

    • Change security profiles for existing users, as required

      Note:

      In case of changes to user accounts due to inactivity, violations, or other suspicious activity, contact the user or manager for verification.

2.13.11.5.5  (05-09-2013)
Database Administrator Function

  1. The Database Administrator (DBA) Function within UNS is to administer and maintain a database on an IRS information system for proper use by authorized IRS personnel and contractors. The DBA is responsible for the design and management of the IRS database, the day-to-day system operations, and for the evaluation, selection, and implementation of any software that meets the requirements of the IRS’ enterprise architecture.

2.13.11.5.5.1  (05-09-2013)
Monitor and Maintain Database Security Software

  1. As part of the DBA Function, UNS must monitor and maintain database security software, in cooperation with data security administration tasks as prescribed in IRM 10.8.2, Information Technology Security Roles and Responsibilities. The procedures and processes that UNS uses to monitor and maintain database security and how UNS personnel perform these duties are identified as follows:

    • Review database audit to verify database system security controls are adequate

    • Use Database Management Systems (DBMS) and/or utilities whenever possible to verify database integrity

    • Coordinate with system administrators to review platform system hardware or software security status, as required

    • Coordinate with vendor to obtain database software upgrades

    • Install new software or utilities, as required

    • Comply with established configuration management procedures for technical review and identify and document actions

    • Update all system documentation as required

2.13.11.5.6  (05-09-2013)
Monitor and Manage Database Tasks

  1. As part of the DBA Function, UNS must monitor and manage database tasks that include backups, access to logs and journals, and the restoring and/or recovering of data on IRS information systems, as required. UNS must follow DBA IT Security procedures as prescribed in IRM 10.8.2 , Information Technology Security Roles and Responsibilities . The procedures and processes that UNS uses to monitor and manage database tasks and how UNS personnel perform these duties are identified as follows:

    • Monitor and manage database events and background processes

    • Monitor and manage database performance of processors, memory, cache, threads, and processes

    • Monitor and manage key information, such as libraries, data, logs, and thread activity

    • Monitor and edit database registry

2.13.11.5.7  (05-09-2013)
Install, Maintain, and Upgrade Database Software

  1. As part of the DBA Function, UNS must install, maintain, and upgrade database software on IRS information systems, as required. UNS must follow DBA IT Security procedures as prescribed in IRM 10.8.2, Information Technology Security Roles and Responsibilities. The procedures and processes that UNS uses to install, maintain, and upgrade database software and how UNS personnel perform these duties are identified as follows:

    • Coordinate with system administrator of platform system to verify platform system status, as required

    • Coordinate with vendor to obtain database software upgrades

    • Install new software or utilities, as required

    • Maintain database to ensure optimal system performance

    • Comply with established configuration management procedures for technical review and identify and document actions

    • Update all system documentation, as required

    • Retrieve database vendor updates and transmit to affected systems and organizations


More Internal Revenue Manual