IRS Logo
Print - Click this link to Print this page

Safeguards Program

The Safeguards Program and staff are responsible for ensuring that federal, state and local agencies receiving federal tax information protect it as if the information remained in IRS’s hands.

These agencies and their contractors receiving federal tax information must protect the confidentiality of return information and are periodically reviewed by Safeguards personnel to ensure they meet the safeguarding requirements of IRC 6103(p)(4). These requirements include employee awareness programs, proper disposal, secure storage and computer security among others.

Updated Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies(PDF)
This document contains specific requirements for safeguarding federal tax information. This revision becomes effective on Oct. 1, 2014, and supercedes the Jan. 1, 2014 revision.

Comments and suggestions on the revised Publication 1075 can be forwarded to the safeguards mailbox at: safeguardreports@irs.gov.

Publication 1075 Notification Requirements
Safeguarding requirements may be supplemented or modified between editions of Publication 1075 by guidance issued by the Office of Safeguards.

FOIA Request Memorandum
Important information on how federal, state and local agencies should respond to FOIA/Open Records/or similar Information Sharing requests for any IRS safeguard report or and related communications in the possession of a federal, state or local agency.
 

ALERTS

See “Safeguards Alert Memorandums” below for trending security concerns.


Publication 1075

Recommendations on How to Become Compliant with the New Requirements
Given the significant changes in technical safeguards requirements found in Sections 4, 5 and 6, the IRS has some recommendations for agencies to become compliant with the new requirements.

Reporting Requirements
Publication 1075 requires agencies to use approved report templates and to transmit the reports electronically. These reports must be encrypted and submitted to the safeguardreports@irs.gov mailbox.

Reporting Unauthorized Accesses, Disclosures or Data Breaches
Local, state and federal agencies receiving federal tax information must follow the revised provisions of Section 10 of Publication 1075 (PDF) upon discovering a possible improper inspection or disclosure of FTI, including breaches and security incidents. Agencies must contact Treasury Inspector General for Tax Administration and the IRS Office of Safeguards immediately, but no later than 24-hours after identification of a possible issue involving federal tax information. Agencies are not to wait until after their own internal investigation as been conducted.

Contacting TIGTA is critical to expedite the recovery of compromised data and identify potential criminal acts. The IRS Office of Safeguards investigation focuses on identifying processes, procedures or systems within the agency with inadequate security controls which led to the incident.

Internal Inspections Reports
Section 6.3 of Publication 1075, Tax Information Security guidelines for Federal, State and Local Agencies and Entities, requires that agencies receiving federal tax information (FTI) establish a review cycle for internal inspections of headquarters offices and all local/field offices that receive FTI. The Internal Inspections Report – Headquarters Office and Internal Inspections Report – Field Office are for these inspections. 

In addition, these agencies must also include an internal inspection of IT operations, using the Internal Inspections Report – IT Operations. Internal inspections of contractors with access to FTI and any off-site storage facilities must also be completed. All scheduled and completed internal inspections should be provided to the IRS Office of Safeguards on the Internal Inspections Implementation Report.

Child Support Disclosure Matrix 

IRS and OCSE have been working together to clarify several FTI disclosure questions. The Disclosure Matrix is meant to provide state Child Support agencies a detailed explanation of what types of disclosures are appropriate in several circumstances.

Safeguards Technical Assistance by Topic
The IRS has recommendations and discussions on various Safeguards Program topics available for agencies to help stay in compliance. These documents may assist with preparation of reports, protecting federal tax information, and knowing the legalities of the Safeguards Program.

IRS Disclosure Awareness Videos
IRS Disclosure Awareness training videos are available for local, state and federal governmental agencies that receive federal tax information (FTI). The IRS Office of Safeguards created videos (with captions in English and Spanish) to help explain several key concepts in protecting the confidentiality of FTI.

References/Related Topics

Physical Security and Disclosure References/Related Topics
Publication 1075 requirements pertaining to the protection of FTI in a physical environment and the disclosure of FTI to other persons are available in the Safeguard Disclosure Security Evaluation Matrix.

Document

Version

Release Date

Safeguard Disclosure Security Evaluation Matrix (SDSEM) (XLS)

3.0

9/12/2012


Safeguards Alert Memorandums
The following resources address recent security trends regarding the protection of FTI.

Document

Version

Release Date

Alert Memo - Windows XP End of Life

N/A

04/09/2014

Alert Memo – Multi-factor Authentication Implementation N/A 6/17/2013
Alert Memo – Protecting FTI On Mainframes with Open Port 23

N/A

6/17/2013


Computer Security Compliance References/Related Topics
The following Computer Security Evaluation Matrix (SCSEM) downloads are available for use in preparing an IT environment that will receive, process, or store FTI.

Document

Version

Release Date

Application – Generic Application SCSEM (XLS) 1.4.1 8/8/2014
Application - Oracle Public Sector Revenue Management (PSRM) (formerly Enterprise Taxation and Policy Management (ETPM)) 1.1 4/11/2014
Application – GenTax SCSEM (XLS) 1.4 4/11/2014
Application – Internet Explorer SCSEM (XLS) 1.3 4/11/2014
Application - RSI Revenue Premier SCSEM(XLS) 1.1 4/11/2014
Application - Teradata SCSEM(XLS) 1.1 4/11/2014
 
Database – DB2 SCSEM (XLS) 1.4 6/25/2014
Database – DB2 zOS SCSEM (XLS) 1.1 6/25/2014
Database – Oracle 11g SCSEM (XLS) 1.4 11/06/2014
Database – SQL Server 2005 SCSEM (XLS)

1.3

4/11/2014

Database – SQL Server 2008 SCSEM (XLS) 1.1 8/8/2014
Database – SQL Server 2012 SCSEM (XLS) 1.1 8/8/2014
Database – Generic Database SCSEM (XLS) 1.0 4/11/2014
 
Mainframe – ACF2 SCSEM (XLS)

1.5

6/25/2014

Mainframe – IBMi SCSEM (XLS)

1.5

6/25/2014

Mainframe – RACF SCSEM (XLS)

1.5

6/25/2014

Mainframe – Top Secret SCSEM (XLS)

1.5

6/25/2014

Mainframe – UNISYS SCSEM (XLS)

2.6

6/25/2014

 
Management, Operational and Technical (MOT) (XLS)

2.3.1

6/25/2014

MOT Appendix – Data Warehouse SCSEM (XLS)

1.4

4/11/2014

MOT Appendix – Multi-functional Device SCSEM (MFD) (XLS)

2.3

4/11/2014

 
Network – Cisco IOS SCSEM (XLS)

1.4.1

6/25/2014

Network – Firewall SCSEM (XLS)

1.4

6/25/2014

Network – Network Assessment SCSEM (XLS)

1.3

4/11/2014

Network – Storage Area Network SCSEM (SAN) (XLS)

1.3

4/11/2014

Network – Virtual Private Network (VPN) SCSEM (XLS)

1.3

4/11/2014

Network – Voice Over Internet Protocol (VoIP) SCSEM (XLS)

1.4

6/25/2014

Network – Wireless Local Area Network (LAN) SCSEM (XLS)

1.2

4/11/2014

 
Other – Cloud Computing SCSEM (XLS)

1.3

11/06/2014

Other – Generic Operating System SCSEM (XLS)

1.5

6/25/2014

Other – Mobile Devices SCSEM (XLS)

1.4

4/11/2014

Other – OpenVMS SCSEM (XLS)

1.3

4/11/2014

Other – Web Server SCSEM (XLS)

1.4

4/11/2014

 
Red Hat Enterprise Linux 6 SCSEM (XLS)

1.0

11/18/2014

UNIX and Linux – Solaris, HP-UX, CSEM (XLS) 1.6 9/8/2014
 
Virtualization – VMWare ESXi 5.x SCSEM (XLS)

1.4

9/9/2014

 
Microsoft Windows 7 SCSEM (XLS)

1.5

11/18/2014

Microsoft Windows Server 2003 SCSEM (XLS)

1.4.2

11/18/2014

Microsoft Windows Server 2008R2 SCSEM (XLS) 1.0 11/18/2014
Microsoft Windows Server 2008SP2 SCSEM (XLS) 1.0 11/18/2014
Microsoft Windows Server 2012 SCSEM (XLS) 1.0 11/18/2014
Microsoft Windows Vista SCSEM (XLS)

1.3

4/11/2014

 

Page Last Reviewed or Updated: 08-Dec-2014