Communicate securely with the IRS online


This service is available through the IRS's Secure Messaging program. In accordance with Section 208 of the E-Government Act of 2002, Secure Messaging undergoes routine Privacy and Civil Liberties Impact Assessment (PCLIA) reviews to ensure it conforms with applicable legal, regulatory and policy requirements for privacy. Review the PCLIA for eGain Secure MessagingPDF for more information.

Where we host your data

Amazon Web Services GovCloud, certified as FedRAMP high, hosts Secure Messaging and its data. FedRAMP is a U.S. governmentwide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products. Through this, Secure Messaging follows increased government security and compliance requirements. Visit the AWS GovCloud website for more information.

How you know the system is secure

Secure Messaging follows federal security standards from the National Institute of Standards and Technology, the Office of Management and Budget and the Federal Information Processing Standards Publication. Secure Messaging has an annual audit under the Federal Information Security Modernization Act and Security Control Assessments to ensure it meets these cybersecurity practices.

Also, the system undergoes Digital Identity Risk Assessment reviews to assess and mitigate risks associated with electronic transactions in accordance with IRS requirements. See IRM

Data encryption

Secure Messaging handles and stores information in the eGain database using AWS Elastic Block Store (EBS). It encrypts information using federally approved Advanced Encryption Standard-256.

Virus checks

Secure Messaging uses an enterprise solution to perform antispam, antivirus and content-filtering of inbound and outbound communication. A virus scan checks all inbound and outbound attachments. The Secure Messaging system does not accept attachments with embedded executable files such as .EXE, XML or PIF.