Publication 1075 Notification Requirements
Safeguarding requirements may be supplemented or modified between editions of Publication 1075 by guidance issued by the Office of Safeguards.
Data Warehouse Notification Form
When an agency implements a data warehouse containing FTI, the agency must provide written notification to the IRS Office of Safeguards, identifying the secure controls, including FTI identification and auditing within the data warehouse.
Live Data Testing Notification Requirements
Live Data Testing Notification Form
The use of live FTI in test environments should generally be avoided and is not approved unless specifically authorized by the IRS Office of Safeguards. Dummy data should be used in place of live FTI wherever possible. This memo provides guidance to federal, state and local agencies that receive, store, process or transmit FTI on the requirements for the approval, acquisition, handling, protection, and disposition of live FTI used in system testing activities. This guidance further expands upon the Live Data Testing requirements provided in IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies, Section 9.4.6 – Live Data Testing.
Protecting FTI in Virtual Environments
Virtualization Notification Form
Recent advances in CPU architectures have made full virtualization faster than it was just a few years ago, and similar advances are expected to continue to be made both by CPU vendors and virtualization software vendors. The current economic state may push agencies to adopt these new technology virtualization solutions and operating models earlier than anticipated. These new solutions and operating models offer operational benefits to agencies, but also come with unique challenges and potential pitfalls. Whether currently in use or planned to be deployed, there are FTI safeguarding measures required by the IRS Office of Safeguards to be in place given the security concerns associated with full virtualization technologies. This memo will provide the policy requirements for ensuing the confidentiality of FTI is maintained by agencies that provide access to customers and/or employees through a virtual machine.
Protecting FTI in a Cloud Computing Environment
Cloud Computing Notification Form
As agencies look to reduce costs and improve operations, cloud computing may offer promise as an alternative to traditional data center models. By utilizing software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) cloud service models, agencies may be able to reduce hardware and personnel costs by eliminating redundant operations and consolidating resources. While cloud computing offers many potential benefits, it is not without risk. Limiting access to authorized individuals becomes a much greater challenge with the increased availability of data in the cloud, and agencies may have greater difficulties isolating federal tax information (FTI) from other information and preventing “commingling” of data.
- Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies and Entities
- Safeguards Program