Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  

Part 9. Criminal Investigation

Chapter 9. Criminal Investigation Management Information System (CIMIS)

Section 2. Criminal Investigation Management Information System Security and Setup

9.9.2  Criminal Investigation Management Information System Security and Setup

9.9.2.1  (02-28-2003)
Overview

  1. This section describes the Criminal Investigation Management Information System (CIMIS) user security requirements, security breaches and the security requirements for downloaded CIMIS data.

  2. The remainder of the section explains what information needs to be in the system before an investigation is numbered or assigned. It also describes the investigation number.

9.9.2.2  (02-28-2003)
Criminal Investigation Management Information System Security

  1. Criminal Investigation Management Information System processes sensitive information including agent personnel information, subject identifying information, and investigative data.

  2. Disclosure or misuse of this information could be damaging to Criminal Investigation (CI) operations and infringe on the privacy rights of subjects under investigation. In some cases, if combined with other essential critical identifying information found outside the CIMIS system, disclosure could jeopardize the safety of agents, witnesses and informants. For this reason, all CIMIS users are responsible for safeguarding CIMIS information and following these user security procedures.

  3. Minimum requirements exist for a CI employee to become a user on the system. These include: a valid need to know the information on the system, certified by the supervisor; a Limited Background Investigation (LBI) which has been completed or at least is in process; and an employee's receipt and review of User Security Procedures, verified using a signed acknowledgment statement. The User Administration section of this Operations Guide provides step-by-step instructions required for making additions, changes or suspensions to user profile information and privileges.

  4. Each CIMIS user is individually responsible for maintaining security on the system. Casual browsing (non-investigative) of investigative data or other taxpayer information is not only unauthorized but is also illegal. Since access to sensitive CI investigative data is on a strict need to know basis, no person has the right to access information solely by virtue of title or position. This includes querying any investigative records or other records relating to individuals and businesses for personal use or at the request of other individuals who do not have authorization or the need to know.

  5. The CIMIS users must ensure that only authorized personnel are present in areas where CIMIS data is processed. As a CIMIS user, challenge any unfamiliar people in your area. Do not leave an active CIMIS session unattended, always log off and disconnect from CIMIS when not in use. Similarly, do not leave CIMIS data in the form of printouts, reports, diskettes, etc. exposed in unsupervised areas without being locked in an appropriate security container or security cabinet. During non-duty hours these items should be adequately secured, either in locked security containers and cabinets, or in a "secured " area such as a locked room or other setting which meets IRM 1(16)8, Physical Security Standards, physical requirements for High Security items such as CIMIS data.

  6. Information subject to the Privacy Act must be handled under the provisions of this Act. The CIMIS information should not be disclosed to outside parties (including other agencies) without first ensuring that disclosure provisions have been met. The CIMIS information initially obtained from another agency should not be released to a third agency without prior knowledge and consent of the originating agency. Your local Disclosure Officer should be consulted for guidance regarding privacy, disclosure and Third Agency Rules.

  7. All CIMIS users are subject to the following additional procedures:

    1. Keep your CIMIS password private. It is a security violation to share your password. If there is any suspicion that your password has been compromised, change it immediately.

    2. Do not display or discuss sensitive CIMIS information in the presence of persons who have not been authorized access. Ensure that terminal screens and printers are not visible to unauthorized viewers, such as the general public and other IRS employees with no need to know.

    3. Ensure that magnetic media containing CIMIS data is locked in an appropriate security container when not in use. Carefully label any diskettes or tapes containing CIMIS data so they can be easily identified and protected. Protect this media from physical hazards and have backups of the data in case of disasters.

    4. Ensure that printouts and reports containing CIMIS data are marked Official Use Only (OUO) and secured when not in use. When no longer required, destroy these by shredding or placing in special burn bags for destruction.

    5. Do not allow fixed or removable storage media with CIMIS data to be disposed of or leave controlled environments until it has been either degaussed (demagnetized) or had a disk wipe procedure which effectively overwrites and makes the data unretrievable. Damaged media with sensitive data should normally not be sent out for repair, but instead degaussed and destroyed.

    6. Do not include log-on sequences containing login IDs or passwords in any type of stored procedures or file that can be saved and later executed automatically. This includes encoding such information into a communications package connection sequence or encoding into automated function keys for subsequent recall.

9.9.2.2.1  (02-28-2003)
Criminal Investigation Management Information System Downloaded Data

  1. Dial in access to systems housing CIMIS databases is prohibited unless the dial-ups are protected by an approved encryption, identification, and authentication mechanism. The CI Security Officer should be consulted regarding Data Encryption Standard (DES) devices.

  2. The system should be located in an IRS internal area, which is supervised during working hours and "secured" during non-duty hours. Avoid placing the data on a shared file server or shared LAN that is located, administered or otherwise shared by another IRS function. Minimum criteria for CI employee access include an LBI and a valid need to know. Non-CI IRS employees should not be allowed access unless the Chief, CI authorizes a waiver.

  3. Do not provide extracts from the downloaded CIMIS system in either an on-line or off-line mode (e.g. tape or disk transfer) to non-CI systems in the field offices, unless such exchange has been coordinated through the CIMIS administration staff. Depending on the data content of the extract, a Memorandum of Understanding (MOU) may be necessary between CI and the receiving IRS function.

9.9.2.2.2  (02-28-2005)
Security Breaches

  1. Any suspected computer security violations should be reported as soon as possible to local CI management. In addition, such incidents should be reported within 24 hours to the CI Security Officer, Business Systems Development Section, using the "Computer Security Incident Memorandum" form. Anonymous calls will be accepted through the CIMIS Administration Staff. Computer security incidents include attempts by unauthorized personnel to access sensitive data, and deliberate destruction or loss of sensitive data. Criminal Investigation should conduct a preliminary investigation and document incidents. If there are any indications of illegal or improper activities, management should cease the investigation and refer the findings to a Treasury Inspector for General Tax Administration (TIGTA) official. Also, cases involving theft or malicious damage to equipment and software should be reported to TIGTA immediately. Please prepare in memorandum form and include the following information:

    1. report filed by

    2. telephone number

    3. date

    4. CI office

    5. system description:

    • hardware manufacturer/model

    • functional area served by system (i.e., CI)

    • type of data processed/accessed by system (i.e., taxpayer, personnel, grand jury, etc.)

    1. incident description:

    • Briefly describe what happened, when and where it happened.

    • How was the problem contained?

    • What efforts were made to reduce potential losses?

    • Was there any loss of system, data integrity, confidentiality, or availability (if so, what, when, etc.)?

    1. current status:

    • What is the current status of the incident?

    1. future/follow-up actions:

    • Are additional follow-up actions required?

    • What future actions are planned?

  2. Individuals, who knowingly damage or modify sensitive information for malicious purposes, or disclose sensitive information to unauthorized persons, are subject to sanctions and penalties based on laws, regulations, privacy considerations and the degree of harm to CI activities. Penalties and sanctions also apply to the invasion of privacy as a result of browsing for personal motives.

9.9.2.2.3  (02-28-2003)
Criminal Investigation Management Information System Access

  1. Before employees can be granted access to the live database, Supervisory Special Agent (SSAs) must be certain that the following requirements are met:

    1. The employee must be a valid CI Windows NT user.

    2. The employee has valid need to know the information on the system.

    3. An LBI has been completed or at least is in process.

      Note:

      By requesting access while an LBI is still in process, the SSA accepts responsibility for any risk involved.

  2. On an annual basis, CI Headquarters (HQ) will send each SSA an all-user revalidation letter. During this process, SSAs are requested to verify their users' continued need for access at the specified privilege level and make any necessary updates.

9.9.2.2.4  (02-28-2003)
Criminal Investigation Management Information System Administration

  1. The local CIMIS Coordinator is responsible for conducting actual day-to-day CIMIS security on the system and for coordinating with users as needed in order to effectively implement security. Each CIMIS user is responsible for adhering to the proper User Security Procedures.

9.9.2.3  (02-28-2003)
Criminal Investigation Management Information System Set Up

  1. Certain information such as special agent personnel data and field office location data must be in the database before an operator can assign or initiate investigations. Investigation numbers are assigned automatically.

9.9.2.3.1  (02-28-2003)
Special Agent Profile Information

  1. A special agent must be established in the CIMIS database before any data relating to that special agent may be entered. The following information is required to establish a special agent, and any changes to these data fields will require an update to the special agent profile record:

    1. SSN

    2. name

    3. date of birth

    4. pay plan/grade

    5. Law Enforcement Availability Pay (LEAP) rate

    6. 6C date

    7. retirement plan

    8. position code

    9. office code

    10. branch code

    11. post-of-duty (POD) code

    12. group code

    13. telephone number

9.9.2.3.2  (02-28-2003)
Field Office Location Information

  1. The following actions require notifying CI HQ Hotline Staff by E-mail or telephone first and then confirmation by memorandum:

    1. establishment or relocation of groups

    2. establishment or relocation of POD's

    3. closing down groups or POD's

    4. realignment or streamlining of field offices

  2. The purpose of this notification is to enable CI HQ to update the CIMIS database so it contains valid field office location information. Field office numbers are found in Exhibit 9.9.2-1.

9.9.2.3.3  (02-28-2003)
Investigation Numbers

  1. Investigation numbers provide a uniform system for identifying and controlling investigations and to account for time expended on them. The system is designed to generate an investigation number upon input of the information contained in Section I Input Control, Section III Special Agent Assignment, and Section IV Identification, on Form 4930.

  2. Investigation(s) must be on the CIMIS database prior to the submission of Form(s) 5043 reflecting investigation time being charged to the investigation.

  3. Once an investigation number has been assigned by the system, it may not be altered or voided.

  4. An investigation number is comprised of nine digits.

    1. The first two digits represent the CI office code where the investigation was initiated. Refer to Exhibit 9.9.2-1for CI office codes.

    2. The third and fourth digits represent the fiscal year in which the CIMIS system assigned the investigation number.

    3. The fifth digit represents the type of investigation.

    4. The sixth through ninth digits are the sequential numbers assigned by the system. Sequential numbers will begin with 0001 each fiscal year for each field office.

        Type Code
      1 General Investigation (GI) 1
      2 Primary Investigation (PI) 2
      3 Subject Criminal Investigation (SCI) 3
      4 Subject Seizure Investigation (SSI) 4

  5. Examples of investigation numbers using Nashville field office, FY 2001 hypothetical investigations:

    1. General Investigation: Trash Haulers 620110010

    2. Primary Investigation: Greene, Inc. 620120013

    3. Subject Criminal Investigation: Hood, Oscar 620130017

    4. Subject Seizure Investigation: Hood, Oscar 620140018

9.9.2.3.4  (02-28-2005)
Dual Numbering Investigations

  1. In situations where more than one field office has an interest in the same taxpayer, or in some cases the same field office needs to dual number the taxpayer, prior approval to dual number the investigation by CI HQ is required. The system will display a message to the CIMIS operator of a duplicate investigation. The system will not permit the dual investigation to be numbered until approved by the Director, Operations Policy & Support (CI:OPS). The Special Agent in Charge (SAC) must request approval from CI:OPS in writing. The CI HQ (CIMIS Hotline), in coordination with CI:OPS; Director, Field Operations; and the SAC, will assess the need for, and approve if appropriate, the dual investigation. Guidelines for coordinating inter-field office and inter-area investigations are located in IRM 9.5, The Investigative Process.

  2. The same investigation number will not be used to cover subsequent investigations of the same taxpayer where the prior criminal investigation was criminally closed. Instead, a new investigation will be initiated.

  3. If there is an ongoing investigation on a taxpayer, then any additional violation (tax or money laundering) should be investigated in conjunction with that ongoing investigation. If separate field offices number the same individual or entity on different violations, it will trigger the need to request approval for a dual investigation. Multiple investigation numbers will not be assigned in situations where more than one violation is involved or when violations are added after numbering, or in instances where the Department of Justice (DOJ) or United States Attorney makes a request for a follow-up investigation of other violations or of subsequent years.

  4. If there is an ongoing criminal investigation, and criminal or civil seizure action is to be initiated on the same individual or entity, an SSI will be initiated. This SSI must be associated to the PI of the ongoing criminal investigation. Only one SSI is numbered for a specific target. Do not number an SSI for each location or for each asset relating to the specific target.

Exhibit 9.9.2-1  (02-28-2003)
Criminal Investigation Office Codes

LOCATION CODE
   
North Atlantic Area 10
Boston 04
Buffalo 16
New York 13
Newark 22
Philadelphia 23
Pittsburgh 25
   
Mid Atlantic Area 20
Alexandria 54
Baltimore 52
Charlotte 56
Cincinnati 31
Cleveland 34
Detroit 38
Louisville 61
   
Southeast Area 30
Atlanta 58
Nashville 62
New Orleans 72
Miami 65
Tampa 59
   
Central Area 40
Chicago 36
Indianapolis 35
Milwaukee 39
Minneapolis 41
St. Louis 43
   
Midstates Area 50
Dallas 75
Denver 84
Houston 76
Las Vegas 88
Oklahoma City 73
Phoenix 86
San Antonio 74
   
Pacific Area 60
Los Angeles 95
Oakland 94
Portland 93
San Diego 33
Seattle 91
   
Fraud Detection Centers  
Andover 08
Atlanta 07
Austin 18
Brookhaven 19
Cincinnati 17
Fresno 89
Kansas City 09
Memphis 49
Ogden 29
Philadelphia 28
   
Lead Development Centers  
Atlanta (Closed 2003) 12
Austin (Closed 2003) 15
Baltimore (Closed 2003) 53
Cincinnati (Closed 2003) 21
Denver 26
Fresno (Closed 2003) 27
Garden City 32
Indianapolis 42
Kansas City (Closed 2003) 66
Philadelphia 67
Portland (Closed 2003) 78
Tampa 79
   
CI Headquarters 00

More Internal Revenue Manual