10.2.14 Methods of Providing Protection

Manual Transmittal

August 17, 2016

Purpose

(1) This transmits revised IRM 10.2.14, Methods of Providing Protection.

Material Changes

(1) On October 1, 2014 Physical Security and Emergency Preparedness (PSEP) merged with Real Estate and Facilities Management (REFM) to create Facilities Management and Security Services (FMSS). This IRM was updated to reflect current organizational titles, scope, definitions and terminology.

(2) This IRM was revised to:

  1. remove all references to obsolete Form 1930,Custody Receipt for Government Property.

  2. reflect new Enterprise Physical Access Control Systems (ePACS) guidance.

  3. change the name of "Restricted Areas" to "Limited Areas" .

(3) Added IRM 10.2.14.3.4, "Drop Boxes" .

(4) Removed IRM 10.2.14.7.3, "Inspection and Maintenance Procedures for Locks" , FMSS does not control all locks, therefore we cannot inspect and maintain the procedures.

(5) Added IRM 10.2.14.8, "Separating Employee Clearance (SEC) - Accounting for Keys" .

(6) This IRM was revised to reflect changes to facility access policy to:

  1. prohibit piggy backing through an entry access control point.

  2. place limitations on electronic access control data sharing.

  3. require a weapons prohibited sign at entry points.

  4. require IRS contractors to be screened the same as IRS employees.

  5. provide for programming of IRS Executive PIV cards for entry to all IRS facilities nationwide.

  6. require all magnetometers and baggage scanners to be tested quarterly and documented.

(7) This IRM was revised to reflect changes to detection equipment policy to:

  1. reflect updates to Control Circuit Television (CCTV) policy, emphasizing trimming of foliage and tree canopies, cleaning of CCTV domes and establishing an annual FMSS territory validation of CCTV compliance with this IRM.

  2. address restrictions on observation and dissemination of CCTV recordings.

  3. include updates to CCTV advisory sign requirements, monitor and recording placement.

  4. advise how to properly secure recorders.

  5. revise Intrusion Detection Systems (IDS) & Duress Alarms policy.

  6. revise IDS and frequency and tracking of Alarm System Tests policy.

  7. include requirements for Digital Video Recorders (DVR).

Effect on Other Documents

This IRM supersedes 10.2.14, Methods of Providing Protection, dated September 23, 2009.

Audience

Servicewide

Effective Date

(08-17-2016)

Related Resources

IRM 1.4.6, Managers Security Handbook

IRM 10.2.5, Identification Card

IRM 10.2.15, Minimum Protection Standards (MPS)

IRM 10.8.1, Information Technology (IT) Security, Policy and Guidance

IRM 10.9.1, National Security Information

Steven M. Artise
Acting Director
Facilities Management and Security Services
Agency-Wide Shared Services

Overview

  1. In order to comply with Department of Treasury, Interagency Security Committee (ISC), and IRS protection standards and policies, the IRS has established physical security methods of providing protection. The IRS employs the physical security strategy of layered defense to deter, detect, and mitigate attempts at unauthorized access to IRS controlled space and information. The methods of providing protection form the various layers of defense and can be specifically tailored to suit the requirements of the protected resources under varying circumstances. Additional guidance on the employment of methods of providing protection can be found in IRM 10.2.15, Minimum Protection Standards (MPS).

Implementation of Clean Desk Policy

  1. The Clean Desk Policy requirements apply to data left out in work areas, on credenzas, desk tops, fax/copy machines, conference rooms and in/out baskets.

  2. All tax and privacy data in non-secured areas must be containerized during non-duty hours.

  3. Protected data must be locked in containers in areas where non-IRS personnel have access during non-duty hours and/or when not under the direct control of an authorized IRS employee. This policy has now been expanded to include a general "clean desk" approach based on violations identified during after-hours reviews performed by local Business Unit (BU) managers. For additional guidance see IRM 10.2.14.3, Containers.

  4. The Executive of the BU may request an exemption from the clean desk policy. The request must be justified and not just a matter of convenience. Requests for exemption must be in writing, approved at the Executive level of the BU making the request and accompanied by Form 14617, Clean Desk Waiver Guidance and Checklist. The clean desk waiver request must be forwarded by the BU to FMSS for approval by the FMSS Associate Director, Security Policy. Exemptions citing "voluminous files" may not be granted until a review is conducted by FMSS and Privacy, Governmental Liaison and Disclosure (PGLD). Items identified as requiring Special Security (SP) may not be exempted from the clean desk policy. For additional guidance see IRM 10.2.15, Minimum Protection Standards (MPS).

  5. The IRS has adopted general clean desk and containerization objectives for the protection of taxpayer, privacy act, and other protected data. There are certain areas, such as mass processing operations, where the full implementation of clean desk and/or containerization procedures are not appropriate.

  6. Pipeline activities are conducted at Submission Processing centers and computing centers. Due to the volume of the tax information processed and the disruption to the processing operation, it is not possible to containerize tax information. The IRS recognizes the need to exempt the processing operations at the campuses and computing centers from the clean desk policy. However, a request for waiver must be submitted annually as required. In lieu of containerization, the IRS has established a layered security plan that affords the campuses and the computing centers a higher level of protection to accommodate the processing operation.

  7. There will be no blanket waivers of the clean desk policy approved for an entire campus, computing center or Post of Duty (POD). A waiver request will be required for each activity on an annual basis. Any campus, computing center or other POD that has the Submission Processing activity will have only that activity waived from the clean desk policy. All other activities in campuses or other locations will be required to request a waiver from the clean desk policy.

Containers

  1. The term "container" includes all vertical and lateral file cabinets, safes, supply cabinets, open and closed shelving, desk and credenza drawers, Kansas City (KC) carts (storage cart on wheels) or any other piece of office equipment designed for the storage of files, documents, papers or equipment.

  2. Some of these containers are designed for storage only and do not provide protection (for example, open shelving or KC carts).

  3. For purposes of providing protection, containers can be grouped into four general categories:

    1. locked containers

    2. security containers

    3. safes and vaults

    4. drop boxes

Locked Container

  1. Locked containers are any lockable metal container with riveted or welded seams which is locked.

  2. All key and combination locks must be controlled by the BU with oversight of the area with the same level of protection for the items being protected.

Security Container

  1. A security container is a lockable metal container that has a tested resistance to penetration, is approved for storage of high security items, and properly mounted, as outlined in IRM 10.2.15, Minimum Protection Standards (MPS). Examples of a security container are:

    1. metal lateral key lock files.

    2. non compliant security container modified to meet requirements.

    3. metal lateral file equipped with lock bars on both sides.

    4. metal pull drawer cabinets with center or off-center lock bars secured by combination padlock or key operated padlock.

    5. key lock “mini safes”.

  2. All key and combination locks must be controlled by the BU with oversight of the area with the same level of protection for the items being protected.

Safes and Vaults

  1. Safe type containers which have been accepted for general use by the IRS can be identified by interior labels which reflect one of the following, which are General Services Administration (GSA) approved:

    1. Class I Safe, insulated - 1 hour, 10 minutes forced, 30 minutes surreptitious

    2. Class II Safe, insulated - 1 hour, 5 minutes forced, 20 minutes surreptitious

    3. Class IV Safe, not insulated - 5 minutes forced, 20 minutes surreptitious

    4. Class V Safe, not insulated - 10 minutes forced, 30 minutes surreptitious

  2. Containers will be marked on the outside of the front face of the containers "General Services Administration Approved Security Container."

  3. Safes with TL-30 must be equipped with a Group 1 or 1 R combination lock; TRTL-30, TRTL-60 or TXTL-60, Underwriters Laboratories (UL) Listings. Safes designations:

    1. TL-30 - resistant to attack by mechanical or electrical tools for 30 minutes

    2. TRTL-30 - resistant to attack by torch and mechanical or electrical tools for 30 minutes

    3. TRTL-60 - resistant to attack by torch and mechanical or electrical tools for 60 minutes

    4. TXTL-60 - resistant to all the above and high explosives

  4. Approved vaults are those which have been constructed to specifications approved jointly by IRS and GSA and utilizes UL approved vault doors.

  5. All key and combination locks must be controlled by the BU with oversight of the area with the same level of protection for the items being protected.

Drop Boxes

  1. Drop boxes, or any container used for the purpose of collecting payment, or information without human interaction is strictly prohibited within IRS facilities. Placement of these types of containers provide opportunity for malicious activity and pose unacceptable safety and security risks.

Limited Area

  1. A Limited Area is an area to which access is limited to authorized personnel only. All who access a Limited Area must have a verified official business need to enter. Limited Area space can be identified by the FMSS Physical Security Section Chief based on critical assets. Per IRM 10.8.1, Information Technology (IT) Security, Policy and Guidance, National Critical Assets are defined as assets essential to the minimum operations of the economy and the government. An asset is considered a National Critical Asset if its failure or inability to function will result in an adverse national impact. All Limited Areas must meet secured area requirements. Designating a facility or space within a facility as a Limited Area is an effective method of controlling the movement of individuals and eliminating unnecessary traffic through Limited Areas.

  2. Limited Areas will have signs prominently posted as "Limited Area" and separated from other areas by physical barriers which will control access. The number of entrances will be kept to a minimum and each entrance must be controlled. Adequate control will be provided by establishing a workstation of a responsible employee at the entrance to ensure that only authorized persons with an official need enter. See IRM 10.2.14.5, for additional guidance and requirements for receptionists (monitors) at the entrance to a Limited Area. Only individuals assigned to the area will be provided Limited Area SmartID containing the "R" indicator. If the Limited Area is a small room or closet that is not always staffed and does not have an established staffed entry point, it may be properly secured. All visitors will need a local point of contact and will have to be logged in, accounted for, and escorted continually while in the Limited Area.

  3. Form 5421,Limited Area Register will be maintained at the main entrance to the Limited Area and all visitors will be directed to the main entrance. Each person entering the Limited Area, not assigned to the area, will sign the register. The Limited Area monitor (staff) will complete the register by adding the individual’s name, assigned work area, person to be contacted, purpose for entry, ID card number, and time and date of entry. The monitor will identify each visitor by comparing the name and signature entered in the register with the name and signature on some type of photo identification card (i.e., government ID, driver's license). Upon verification of identity, the visitor will be issued an appropriate Limited Area non-photo ID card. (If the visitor is an IRS employee not assigned to the area, an exchange of ID cards will be made.) Entry must be approved by the supervisor responsible for the area. Prior to exiting the area the visitor will return the non-photo ID card to the monitor. The monitor will enter the departure time in the register.

  4. Each Limited Area Register will be closed out at the end of each month, reviewed by the Limited Area front line supervisor and forwarded to their manager. The manager will review the register and retain it for at least one year. The managerial review is designed to ensure that only authorized individuals with an official need have access to the Limited Areas.

  5. To facilitate the entry of employees who have a frequent and continuing need to enter a Limited Area, at the discretion of the Limited Area manager, an Authorized Access List may be maintained. Though individuals whose names appear on the Authorized Access List will not be required to sign-in, nor will the monitor be required to make any entry in the Limited Area Register, these individuals are required to sign for a temporary access card to the limited space. If the Authorized Access List is not used, employees must follow the procedures outlined in IRM 10.2.14.5(3) in order to gain access.

  6. The manager of the Limited Area must approve all names added to the Authorized Access List. The Authorized Access List will be prepared monthly and will be dated and signed by the manager. Before signing the Authorized Access List the manager must validate the need of individuals to access the Limited Area. Even when there are no changes to the list, the manager must sign and date the list for validation. Care must be taken to ensure that only individuals with a need are granted access. At the end of each month the manager will review the Authorized Access List and the Limited Area Register and forward to the local FMSS Physical Security office for review and to modify ID media/access as appropriate. The local FMSS Physical Security office must maintain the original Limited Area Register forms. Only copies of the forms are authorized to be disseminated to those with an official need to know.

  7. Keys and/or access cards to Limited Areas must be controlled by the BU with oversight of the area and secured with the same level of protection required for the items being protected in the Limited Area.

Requirements for Receptionists (Monitors) at Entrances to Limited Areas - Authorized Personnel

  1. Entrances Equipped with Card Readers — Each individual who is authorized to enter the area is required to use his/her card and pin number (if required) to unlock the door every time he/she enters the area. During periods of unacceptable backups, due to excess traffic or system breakdown, monitors and/or supervisors must control entrances as set forth below for areas without card readers.

  2. Entrances without Card Readers — Authorized individuals must display their ID card to the monitor each time they enter the area.

  3. Lost or Forgotten Cards — When an individual forgets or loses his/her ID card, he/she is issued a card with the word TEMP in place of the photo, by the monitor/guard in a center and by the issuing ID card unit or monitor in POD. If the individual works in a Limited Area, and he/she is authorized unescorted access, but the ID card he/she was issued is not properly coded to allow unescorted access, he/she must exchange that card for a non-photo properly coded card for the Limited Area before being allowed access to the Limited Area.

  4. Authorized Access List — The monitor will maintain a list of all personnel whose cards are not coded for the area, but who are authorized unescorted access to the area. Only the applicable BOD Manager, or his/her designated representative, can add a name to this list and must be done in writing. Records of visits to the area by individuals whose names are on the Authorized Access List do not need to be recorded on the Limited Area Register and be issued a temporary access card to the area.

Requirements for Assigned Monitors at Entrances to Limited Areas - Visitors

  1. The receptionist, guard, or responsible employee at the reception point will process all visitors (unauthorized individuals) who need to enter a Limited Area to:

    1. verify the visitor’s authority or identity

    2. make the necessary entries in the visitor register

    3. issue the appropriate non-photo ID card

    4. instruct the recipient concerning the proper procedures for wearing, using, and returning the ID card.

    Unauthorized employees having a need to hand-carry documents to Limited Areas will present the material to the door monitor. No processing of these personnel will be required, unless there is a need to enter areas.

  2. Monitors will process all visitors (non-authorized individuals) who need to enter a Limited Area.

    1. Anyone other than an IRS employee whose card has not been coded to allow access to a Limited Area, or whose name is not on the Authorized Access List, must be escorted while in a Limited Area.

  3. Record all visitor activity to the area on the Form 5421,Limited Area Register, as follows:

    1. Make all entries, except for the signature.

    2. Have the visitor sign the register.

    3. Check the visitor's signature against signature on card or other photo ID. If you are in doubt about the signature, call your supervisor.


  4. Issue the visitor an ID card for your area using the criteria for visitors.

  5. If the visitor is to be escorted, issue an ID card properly coded for the area with the words "ESCORT ONLY" in place of the photo and one that properly identifies the visitor as an IRS employee, other-federal employee, or a non-federal person.

Secured Room

  1. For purposes of providing protection, all space can be classified as either secured or not secured. The requirements and standards for secured areas are contained in IRM 10.2.15, Minimum Protection Standards (MPS), and locking system requirements for secured areas are contained in this IRM.

  2. A secured room is a room which has been constructed to resist forced entry. If a secured room is not continually staffed 24 hours a day, seven days a week, the entire room must be enclosed by slab-to-slab walls constructed of approved materials (normal construction material, permanent in nature, such as masonry brick, dry wall, etc. that would prevent undetected entry). If slab-to-slab standards cannot be met, motion detectors will be installed or inspection will occur at least once a week to ensure the integrity of the room has not been compromised. However, if the secured room is continually staffed with authorized personnel, slab-to-slab or motion detection is not required.

  3. All doors entering the secured room must be locked in accordance with IRM 10.2.15, Minimum Protection Standards (MPS). The room must be cleaned in the presence of an IRS employee authorized to enter the room as outlined in IRM 1.4.6, Managers Security Handbook. In addition, any glass in doors or walls will be equipped with glass break sensors and tinted film. Air intake doors, wall vents or louvers will be protected by a UL approved electronic Intrusion Detection System (IDS) which will annunciate at a protection console, approved central station or local police station and given top priority for guard/police response during any alarm situation. Door hinge pins must be non-removable, tamper resistant or installed on the inside of the room. Entry will always be limited to specifically authorized personnel.

  4. Keys and/or access cards to secured rooms/areas must be controlled by the BU with oversight of the area and secured with the same level of protection required for the items being protected in the secured room or area.

Locks - General

  1. The lock is the most accepted and widely used security device for protecting installations and activities, personnel, tax data, classified material and government and personal property. All containers, rooms, buildings and facilities containing vulnerable or sensitive items should be locked when not in actual use.

  2. Regardless of their quality or cost, locks should be considered as delay devices only. Many ingenious locks have been devised, but equally ingenious means have been developed to open them surreptitiously. Some types of locks require considerable time and expert manipulation for covert opening, but all will succumb to force with the proper tools. Therefore, the locking system must be planned and used in conjunction with other security measures if a high degree of security is to be obtained. All door keys to hard walled space (excluding cubical doors) must be acquired through the local FMSS Physical Security office.

  3. All keys to facility access doors must be issued using the Key Custody Receipt (KCR) Form. The KCR must be completed with all signatures and provided to the servicing FMSS Physical Security office within 24 hours of issuing a facility access door key.

Type of Locking Devices

  1. Locks that are available range from the very simple (and easily defeated) variety to highly developed key locks, to combination locks and highly sophisticated electronic coded switches.

  2. The degree of protection afforded by a well-constructed vault, safe, or filing cabinet may be measured in terms of the resistance of the locking mechanism to picking, manipulation or drilling. There are several types of locking devices available, such as:

    1. Key Locks - The time for picking most standard pin-tumbler locks (including those that are specially keyed) range from a few seconds to a few minutes. High security key locks are also vulnerable to surreptitious defeat; however, such defeat is much more difficult. The possibility of the loss and compromise of a key and the possibility of an impression being made should also be considered in determining the security value of a key-type lock. Key locks are the most common mechanical type lock and include locks, lever locks and pin tumbler locks.

    2. Combination Locks - This type of lock is incorporated in padlocks, vaults and doors. Combination locks are typically used for their ease of use and require additional handling and maintenance by the BU. Combination locks should be used sparingly and only within interior areas at those facilities where access into the space is controlled at the space perimeter.

      Example:

      Scramble pads offer the flexibility of multiple codes for multiple functions; individual pin numbers can be used in conjunction with the key pad and the codes cannot be discerned by others.

    3. Mechanical Locks - This type of lock has traditionally been used to secure IRS facilities. However, for future building construction or renovation projects, Enterprise Physical Access Control Systems (ePACS) can also serve a valuable purpose by documenting the entry/exit of personnel and allowing access or denial with minimal delays. ePACS should be used to secure limited and controlled areas where feasible to control entry.

      Example:

      employees’ work areas, Criminal Investigations (CI) perimeter doors, Telecom closets, Receipt and Control functions, power generation, battery and electrical Switchgear, Computer Rooms

      Additionally, ePACS should also be installed on interview room doors where there is face to face contact with taxpayers, to allow IRS employees’ quick exit from threatening taxpayers into secured IRS space. FMSS Physical Security Section Chiefs will determine where ePACS will be installed at such locations based on space configuration, type of existing hardware, type of partition walls, risk mitigation assessment results, etc. FMSS Associate Director, Security Policy is the sole authority for approval of deviations to this policy. In some instances it may be desirable for CI access doors to be on a separate access control system. In such instances, the access control system meet or exceed NIST Standards for the Level of Protection (LOP) required.

Other Access Controls

  1. Combination type door locks, which rely on something the individual knows, have been used in the past for controlling access. Though these types of locks add a layer of security, if the combinations are widely disseminated and not changed frequently, unauthorized access may occur and not be easily detected. With this type of access control, there is no audit trail of who entered or exited, so unauthorized access may be difficult to detect.

  2. Technology has provided other types of locks and keys that require electrical connections and special equipment. There are a number of types of electronic access control systems. The access cards contain encoded information about what the user is able to access and who the user is. These systems are used for controlling access to buildings, rooms and computers and provide another level of security. However, as with other types of locks, if the access cards, keys or combination locks are not properly controlled and accounted for, unauthorized access may occur.

  3. High security interior rooms (e.g. CI’s weapons, evidence/Grand Jury room) require standalone combination locks with electronic audit trail capabilities. A tool for programming these locks will be provided by local FMSS Physical Security staff to the BU using them at each location.

Control and Safeguarding of Keys and Cipher Lock Combinations

  1. Access to a locked area, room or container can only be controlled if the key, access card or combination is controlled. As soon as the combination is obtained by an unauthorized person or otherwise compromised or the key is lost, the security provided by that particular lock is lost. Keys to IRS space will be retained by the local FMSS Physical Security staff where there is a security presence in the event of inadvertent office lock-outs. Spare keys may be retained by a designated off site business function for use in catastrophic situations where local personnel are available to provide access to IRS space. Managers issuing keys must complete a KCR Form for each person that has been assigned a key. The KCR must be completed with all signatures and provided to the servicing FMSS Physical Security office within 24 hours of issuing key.

  2. In accordance with Treasury Directive (TDP 15-71), the combination to each lock will be changed:

    1. when the safe or lock is originally received.

    2. at least every three years.

    3. when a person knowing the combination no longer requires access to it and other controls do not exist to prevent their access to the lock.

    4. whenever the combination is compromised.

  3. An exchange pool for combination locks may be established provided it is controlled by the local FMSS Physical Security staff.

  4. Combinations will be given only to those who have a need to have access to the area, room or container. Combinations will not be written on calendar pads, desk blotters or any other item even though it is carried by one person or hidden away. A record of combinations to security containers will be maintained by using Standard Form (SF) 700, Security Container Information, or a signed letter by the responsible FMSS Physical Security Specialist/Analyst with the date of the combination change, who changed it, as well as identifying the security container by number (if available) or location (Bldg. ID 1234ZZ, north wall of Room 1234, etc.). After all information on Part I of SF-700 (a three part form) is entered, all parts will be separated and Part I is to be attached to the inside of the container. The combination will be recorded on Part II, which will then be placed inside Part III and sealed. The classification on Parts II and III should be “unclassified” unless national security information is kept in the container. For additional guidance see IRM 10.9.1, National Security Information.

  5. A record of the combination (parts II & III of SF-700) for safes and vaults must be maintained in a central location in each office. Local BU management should designate an on-site representative to perform this function. The local FMSS Physical Security staff must be able to access the combinations either by maintaining a list, having an on-site contact or having access to the on-site location should an event occur that requires their intervention. CI will control their own copies of SF-700.

  6. Combinations, SF-700 (for other than safes and vaults) and accountability records for container keys will be maintained by local BU management. A locally devised spreadsheet or receipt may be used for this purpose.

  7. All SF-700 containing combinations must be placed in a container having the same or a higher security classification as the highest classification of the material being stored in the container or area the lock secures.

  8. All master keys (a key that can open all applicable IRS space within a location), properly identified according to the door(s) it will open, must be maintained in a central location by the local FMSS Physical Security staff. CI controls all keys to CI space. Exceptions may exist where the area is required to be “off-master”.

  9. Minimum requirements for locking systems for secured areas are as follows:

    1. Only IRS personnel authorized by the local FMSS Physical Security office with proper background adjudication can have after-hours access to secured areas.

    2. Electronic access control systems with after hours alarming capability can be used to secure doors to secure limited or controlled areas after hours. These systems should be periodically reviewed by the FMSS Physical Security staff to make sure that the system is purged of users who no longer have a need for access (i.e. reassigned/separated employees) and that keys are in the possession of authorized individuals only. In addition, reports of access generated by the system should be periodically reviewed by the BU authority with oversight of the area to ensure that no unauthorized access has occurred and periodic testing of the alarms should be conducted.

    3. High security pin tumbler cylinder locks must be used to secure doors to secured areas after normal duty hours. The pin tumblers must meet the following requirements: key operated mortised or rim-mounted dead bolt lock; dead bolt throw of one inch or longer; double cylinder if the door has a transom or any glass (if the door is equipped with alarms or security glass the door is not required to have the double cylinder lock); cylinders are to have five or more pin tumblers; if bolt is visible when locked, it must contain hardened inserts or be made of steel; and, both the key and the lock must be "off master" .

    4. Key padlocks and combination padlocks may be used for secured areas if they meet the requirements of IRM 10.2.15, Minimum Protection Standards (MPS).

    5. All keys to secured area access door locks should be labeled with an identifier unrelated to the room number and should be engraved with the words U.S. Government – DO NOT DUPLICATE

    6. Keys to secured areas not in the personal custody of an authorized IRS employee and any combinations must be stored in a security container.

    7. The number of keys or knowledge of the combinations to a secured area must be kept to the absolute minimum. Keys and combinations must be given only to those individuals, preferably supervisors, who have a frequent need to access the area after hours.

    8. The keys to a cashier or a teller’s cash box and the combination to the safe or vault in which the cash box is stored, cannot both be in the possession of an employee, a manager, and/or supervisor (including physical security function). Only the cashier or teller may have both the key to their own cash box and combination to the safe and vault.

  10. The local FMSS Physical Security Section Chief or Senior Physical Security Specialist/Analyst must approve requests for duplicate/additional keys for secured area doors and security containers.

  11. Keys will be issued only to persons having a need to have access to an area, room, or container. The number of keys on-hand and issued will be kept to a minimum. A "Master Key" will only be issued to a limited number of personnel designated by the office manager and will not be issued to more than 5% of an office population. Keys issued to individuals will be kept with the individual and not left unattended, in unlocked desk drawers, or other unsecured place, and will not be loaned to other individuals.

  12. Padlocks must be locked to the staple or hasp, or placed inside the container when the area or container is open to preclude theft, loss, or substitution of the padlock.

  13. To maintain the integrity of the security container (lateral and upright), only two keys will be provided for each container (lateral) and padlock (upright with bar lock). If the central core of a security container lock or padlock is replaced with a non-security lock core and has more than two keys, then the container does not qualify as a security container. To ensure that only two keys are available for each container/padlock the local FMSS Physical Security staff will maintain the supply of extra locks and padlock cores.

    1. When a key to a security cabinet or padlock in a secured area is lost or broken, the local FMSS Physical Security staff will provide a new lock or padlock core with two keys to the requestor.

    2. The local FMSS Physical Security staff will order an additional key for the old lock/padlock. Upon receipt of the new key, place the lock or padlock core with keys back in stock, making it available for the next lost or broken key occurrence. The lock or padlock core may not be reused at the original location.

    3. If the lost key is found, it must be destroyed.

    4. FMSS budgets for and funds maintenance and replacement of office access controls, locks and keys.

  14. FMSS Physical Security Section Chiefs will designate in writing an FMSS "Key Control Officer" (KCO).

    1. The KCO will ensure each BU conducts a 100% "Annual Key Audit" at least once each calendar year (January – December).

    2. The annual key audit is designed to reconcile all on-hand and issued metal mechanical keys to ensure accountability.

    3. The key audit may be conducted by sending a request to the BU requesting written confirmation verifying 100% receipt, possession and accountability of all mechanical metal keys.

    4. If the BU audit reveals more than a 5% loss of office keys, that office space will be scheduled to be re-keyed (new core installed) within ten business days.

    5. The report will be maintained by the FMSS KCO conducting the audit for a minimum of three years.

    6. Receipts for keys/proxy cards will be maintained until the items are returned.

    7. A master key control reconciliation log will be maintained by the KCO reflecting the beginning balance of keys on-hand, issued, or lost, etc.

    8. Key control records and documentation maintained should support the performance and completion of the annual key audit.

Separating Employee Clearance (SEC) - Accounting for Keys

  1. It is imperative that IRS Managers use the automated HR Connect, Separating Employee Clearance (SEC) Module to certify recovery and return of all facility access door keys from separating employees to the local FMSS Physical Security office. For additional guidance see IRM 10.2.5.13, ID Card Recovery.

  2. BU Managers and/or Proxy responsibilities are to:

    1. complete PAR actions timely in HR Connect for separating employees.

    2. ensure all facility access door keys are recovered from separating employees.

    3. notify the local FMSS Physical Security staff of any non-recoverable keys and provide written documentation of the circumstances around the failed recovery efforts.

  3. The FMSS Identity, Credential & Access Management (ICAM) office will provide program oversight in accordance with IRM 10.2.5.13, ID Card Recovery.

  4. FMSS Physical Security Staff responsibilities are to:

    1. use the SEC module to identify separating employees.

    2. verify recovery of facility access door keys by management.

    3. ensure keys are returned to the KCO.

    4. file a SAMC and TIGTA report, if the keys cannot be recovered.

Facility Access

  1. All personnel attempting to access IRS facilities must possess and present a valid and current form of identification. IRS personnel must present a valid IRS Identification or other recognized and authorized identification in compliance with Homeland Security Presidential Directive-12 (HSPD-12). Personnel with coded entry access cards or ID media coded to allow access to a locked door must ensure no one else enters, when they do, without swiping their own entry access card, or is not personally escorted by someone with proper identification and entry authority. Piggy-Backing (allowing others to enter behind you, or attempting to enter behind someone else) is not permitted and must be reported to management and security personnel immediately. All personnel entering the facility MUST swipe their own card. If there is a pass-back control system in effect at the door, they must also swipe their access card upon departing, unless there is an emergency evacuation in effect.

  2. Where guards are present, all visitors must be recorded on the Visitor Access Log by the guards. In those locations where there is no guard to perform these duties, the senior manager or designee in the facility/space should appoint an employee to perform these duties and display the appropriate signage indicating where to sign-in. All visitors must be accounted for especially if a building evacuation, shelter-in-place, or other incident occurs. The Visitor Access Log must contain:

    1. the facility visited.

    2. name and organization of the person visiting.

    3. signature of the visitor.

    4. form of Identification (federal or state issued photo ID, drivers license, etc.).

    5. date of access.

    6. time of entry and departure.

  3. Inspections of all visitors’ personal effects (employee inspections are based on local procedures) will be conducted at the entrances of facility buildings in accordance with ISC Standards. The purpose of this inspection program is to deter and detect prohibited items.

  4. Personal effects are subject to inspection such as packages of all types; luggage, briefcases, shoulder bags, athletic bags and handbags. Inspection includes opening the item and viewing its contents and/or viewing x-ray images of the item to determine if unauthorized items are present.

  5. Prohibited Items - The items that are prohibited in federal facilities include any item prohibited by any applicable federal, state, local, and tribal law and/or ordinance, as well as firearms, dangerous weapons, explosives, or other destructive devices (including their individual parts or components) designed, redesigned, used, intended for use, or readily converted to cause injury, death, or property damage. This list applies to all facility occupants, contractors, and the visiting public in accordance with the Federal Management Regulation (FMR) - Title 41, Code of Federal Regulations (CFR). A listing can be found in the ISC Standard on Items Prohibited from federal facilities.

  6. Prohibited Weapons - As stated in 41 CFR 102-74.440, federal law prohibits the possession of firearms or other dangerous weapons in federal facilities and federal court facilities by all persons not specifically authorized by 18 United States Code (USC) 930. Applicability and scope pursuant to the authority provided to the ISC in Section 5 of Executive Order (EO) 12977, as amended by EO 13286, the ISC Standard identifies a baseline list of prohibited items that each Facility Security Committee (FSC) or Designated Official (DO), with input from an appropriate legal authority (when applicable) will customize to mitigate facility risk. The items on the facility-specific prohibited items list are prohibited from entry into buildings and facilities in the United States and its territories, occupied by federal employees for nonmilitary activities. This guidance is not intended for items that have been authorized for official use. Additionally, this guidance provides a baseline list of prohibited items, which includes firearms, weapons, explosives, or other destructive devices (including their individual parts or components) that are designed, modified, used, intended for use, or readily converted to cause injury, death, or property damage. The FSC or DO will not allow the removal of an item from the baseline or customized prohibited items list if the item is prohibited by federal, state or tribal law. These baseline prohibited items lists also include a breakdown of controlled items that may otherwise be prohibited from a particular federal facility but may have some legitimate and lawful purpose and/or use in federal facilities, such as sporting equipment or tools of the trade (i.e., a maintenance worker bringing industrial chemicals to perform their duties). These items may require advance written notification and subsequent approval prior to admittance to a facility. For additional guidance on prohibited Items see the ISC guidance on Prohibited Items from federal facilities.

  7. Firearms and Projectile Weapons - The list of prohibited firearms and projectile weapons includes, but is not limited to:

    1. Firearms or similar device that expels a projectile through the action of an explosive (unless meeting the exemptions listed in 18 USC. 930(d))

    2. BB or pellet guns

    3. Compressed air guns

    4. Antique firearms

    5. Flare guns

  8. All Campus and Computing Center vehicle entry points and all facility main pedestrian entry points will prominently display a sign that states: “Prohibited Weapons Not Authorized”. The exception to this is for the lawful performance of official duties by an officer, agent, or employee of the United States, a state, or a political subdivision thereof, who is authorized by law to engage in or supervise the prevention, detection, investigation, or prosecution of any violation of law. Law Enforcement Officers (LEO) whose organization requires them to carry weapons 24 hours per day are considered to be on duty at all times.

  9. Entry Access Screening - Local visitor screening procedures will be developed by each FMSS Physical Security Section Chief outlining the requirements for visitor screening and escort. When local procedures require visitors or employees to be screened prior to being authorized entry, all personnel requiring screening must submit to it or they may be denied access.

  10. In an effort to streamline IRS employees entry access to IRS facilities, FMSS Associate Directors, Operations and the FMSS Physical Security Section Chief will implement the procedures in IRM 10.2.14.8(11) at all IRS facilities, brief all Guards and Internal Revenue Police Officers (IRPO) and include these procedures in post orders:

    1. IRS personnel and IRS contractors with staff like access and possessing a green striped SmartID or Physical Access Card (PAC) ID assigned to or visiting other IRS facilities will be subject to the same entry screening process that personnel assigned to the facility are subject to.

    2. IRS personnel and IRS contractors visiting other IRS facilities will sign-in on the Visitor Access Log for accountability purposes, where entry screening guards are present.

    3. Random searches of hand carried items of personnel entering/departing IRS facilities apply equally to all assigned or visiting personnel.

    4. In facilities where the IRS shares occupancy with other tenants (co-tenant office space) and the guard service is a shared expense or paid by another tenant, IRS employees will follow the facility screening process in effect.

    5. All IRS Executives' HSPD-12 Personal Identity Verification (PIV) SmartID cards will be programmed for entry into all IRS facilities nation-wide, except for Limited Areas. As new facilities come online with ePACS these PIV cards will be programmed providing the same access to these buildings and space as well. The FMSS Physical Security Section Chief will make determinations regarding personnel posted in their territory for ePACS access authorizations.

  11. Modifications - Modifications to local entry access screening may only be granted by the FMSS Physical Security Section Chief, Associate Director Operations, or other authorized personnel within AWSS FMSS management, and must be due to extenuating circumstances. Extenuating circumstances, such as screening physically challenged personnel may require special considerations regarding screening that would normally be accomplished using security equipment, such as a magnetometer. Some physically challenged personnel are immobile and physically unable to pass through a magnetometer. Passage through a walk-through metal detector or use of a hand-held metal detector may result in physical harm to personnel with a pace maker, or result in anxiety or some other physical reaction or hardship for physically challenged personnel.

  12. Personnel with a “pace maker” WILL NOT be screened with any type of metal detector. All persons declaring a medical condition which prohibits them from metal detection screening must submit to alternative methods of screening.

  13. Alternative methods of screening personnel with specific medical conditions must be considered and implemented with FMSS Physical Security Section Chief, Associate Director Operations, or other authorized personnel within AWSS FMSS management approval. Alternative screening methods may include but are not limited to the following:

    1. Removal of outerwear clothing (coat, jacket, sweater) for visual inspection.

    2. Pat-down by someone of the same gender if items not removed can be observed.

    3. All personal items removed from pockets/person for x-ray screening or visual inspection.

    4. All hand-held bags, briefcases, purses, etc., will be placed on the x-ray scanner and screened or subject to visual screening.

    5. Some other optional and reasonable screening methodology, per local procedures.

  14. The FMSS Physical Security Section Chief will ensure that the guards where present, examine the IRS-issued photo identification and perform a facial comparison of the photo to the badge owner for all who enter IRS facilities. FMSS Physical Security Section Chiefs will issue a quarterly control to the guards and FMSS Physical Security staff to ensure the inspection and scrutiny of personal identification is strictly adhered to.

  15. All IRS magnetometers and baggage scanners will be tested in accordance with the ISC and manufacturer recommendations, calibrated as necessary, and documented. Documented test results/calibrations will be retained for three years by the local FMSS Physical Security staff.

Random Inspections

  1. Random Security Inspections (RSI) of personnel entering and/or exiting their facilities will be conducted. The inspections will include all hand-carried items to ensure they do not contain unauthorized weapons/explosives materials, drugs, unauthorized government property or other contraband entering or leaving the facility.

  2. The inspections must include a strict random pattern. The random pattern must be strictly enforced for the duration of a particular RSI period at a particular time and place to avoid the appearance or perception of selective screening or targeting personnel, which is prohibited.

Entry Access Control

  1. All electronic entry access controls will be locked and secured when a guard is not present to prevent tampering and unauthorized entry.

  2. "Electronic access control data, to include video recordings, will not be used to verify individual employee attendance, but may be used to determine the most efficient way for IRS to manage office space, in accord with the Privacy Act system of records Treasury/IRS 34.013 "Identification Media Files System for Employees and others Issued IRS Identification." This data will only be provided if requested by law enforcement, Criminal Investigations (CI), or Treasury Inspector General For Tax Administration (TIGTA) as part of an ongoing investigation or an approved Freedom of Information Act (FOIA) request. All requests must be in writing through the FMSS Physical Security Chief, the FMSS TM, or if approved by the FMSS Associate Director Operations, or FMSS Associate Director Security Policy.

Detection Equipment

  1. There are a variety of different types of automatic detection equipment. These include, but are not limited to, door and window contacts, motion detectors, sound detectors, vibration sensors, etc., designed to set off an alarm at a given location when the sensor is disturbed.

  2. All alarms must annunciate at a protection console, a central station or a local police or fire station, where a timely response is available. This requirement does not apply to alarm exit panic hardware on fire exit doors.

  3. Only assigned IRS FMSS Physical Security personnel or approved contractor will have administrative rights and access to security systems.

  4. All duress buttons/inputs must be fixed (a tool is required for removal) to a permanent surface, such as furniture or wall, not visible to the public. Hard wire devices is the preferred method; however, wireless devices are acceptable if extenuating circumstances exist, (e.g. cost prohibitive, lessor will not allow, etc.). Any new installations of wireless devices after the publication date of this IRM must first be approved by the FMSS Physical Security Section Chief.

  5. The IRS work/repair request system (e.g. OS GetServices) will be used to track all IDS work/repair requests until resolved. The FMSS Physical Security Specialist responsible for the building will ensure creation and submission of a service work ticket for each malfunction/repair request.

  6. IRS is responsible for testing, maintaining and accountability for only those IDS devices and systems owned by the IRS and located within IRS owned or leased space. IDS systems and devices of multi-tenant buildings that are shared, but not owned by the IRS are not the responsibility of the IRS and are not subject to the requirements of this policy.

Intrusion Detection Systems & Duress Alarms

  1. The IRS is charged with the responsibility of protecting the tax administration system, facilities, property, personnel, sensitive information, and preventing unauthorized disclosure. As such, we have an inherent responsibility to provide reasonable protection to ensure their safety. In addition to guards, another method of providing protection is through the use of electronic security equipment. It is of critical importance that all security equipment installed is in optimal operating condition and receives annual preventative maintenance. Security intrusion and duress alarm systems are a source of notification of potential dangerous situations to employees and unauthorized entry. Therefore, the use of audible and non-audible security alarms should be utilized where appropriate.

  2. Intrusion Detection Systems are designed to detect attempted breaches of perimeters, facilities, and internal restricted or secure areas. To reduce the possibility of false alarms, potential effects of sound levels, vibrations, radio transmissions and other electrical interference should be considered in the decision process before purchase. IDS can also be used in conjunction with other measures to furnish forced entry protection for a locked facility or area. Alarms will be tested annually to ensure they are in good working order and to ensure a timely response. "At IRS campuses and computing centers where IRS has it's own alarm monitoring console with full time operators, a record of all instances involving the activation of any alarm, regardless of the circumstances that may have caused the activation, must be documented in a Daily Activity Report/Event Log and maintained for three years." The alarm documentation will be maintained by the Central Security Control Console (CSCC) or the local FMSS Physical Security staff.

  3. An IDS can be used in lieu of other physical security measures such as:

    1. Slab-to-slab construction for secured areas

    2. Security containers which cannot be used because of operational requirements, appearance, layouts, cost or other reasons

  4. Exceptions to this policy will be routed from the local FMSS TM to FMSS Security Policy. The exception request must include:

    1. first and second level management approval.

    2. adequate justification supporting the exception.

    3. compensatory measures that will be taken.

  5. FMSS Security Policy will review the exception request and approve or deny the request with comments. If approved, FMSS Security Policy, Policy & Assessment (P&A) will log the exception and include an expiration or extension review date.

  6. IDS must meet the following minimum requirements:

    1. Meet the UL Standards requirements

    2. All alarms must annunciate at an on-site protection console, FPS central station, local police department or a UL approved central monitoring station

    3. Priority must be given for an armed guard/police response during any alarm situation

  7. The IDS must be designed so that guards staffing the on-site protection console or central station cannot turn the system off during non-duty hours and without the knowledge of the FMSS Physical Security Specialist (and Contracting Officer Representative (COR) if the alarm console is monitored by IRS contractors). One method of preventing this is to require on-site annunciation of all alarms and system malfunctions recorded by way of a printer. The printer must be located in the secured areas, or in some other secured location as specified by the FMSS Physical Security Specialist. A second acceptable method is to restrict the access privileges to alarm monitors in a manner where they cannot turn off or disable alarm functions. When using the second acceptable method, only FMSS Physical Security Specialists with administrative rights are authorized to disable alarm inputs or systems.

  8. Testing response to activations of alarm inputs will only be done at facilities where IRS holds security delegation and guard force contracts. If the guard is responding from on-site, the maximum elapsed time from annunciation to after alarm enunciation is 5 minutes in order to be considered a successful guard response. If the guard is responding from off-site they should begin to respond immediately but are allowed a maximum of 15 minutes for a successful response. Any response time longer than this, no response, or no alarm annunciation, is a failure and must be documented as such with comments indicating the specific reason and the corrective action taken on Form 14376, Unannounced Alarm Test Report (UATR) http://core.publish.no.irs.gov/forms/internal/pdf/f14376--2012-04-00.pdf.

  9. Periodic testing of all alarms and guard response to alarms must be conducted to ensure they are properly operating, annunciating, and that an appropriate and timely guard response occurs. Therefore, all Campuses, Computing Centers (CC), 1111 Constitution Ave and the New Carrollton Federal Building (NCFB) are required to conduct alarm testing annually, and guard response quarterly. Results of the guard response test will be documented on the UATR and retained for a period of three years at the local FMSS Physical Security office.

  10. The FMSS TM will ensure that:

    1. an inventory of all duress alarms for IRS facilities under the jurisdiction of each FMSS Territory is documented for each location and is available to individuals conducting duress alarm tests before each test is conducted. This inventory should detail the location of each alarm. The list will be maintained by the local FMSS Physical Security staff. The list will be validated and signed by the local FMSS Physical Security Specialist and updated as needed, but at least annually. The records of the duress listing with signature validation will be kept on file for three years by the local FMSS Physical Security staff.

    2. corrective actions are taken for all malfunctioning alarms. The local FMSS Physical Security Specialist will ensure a repair vendor is acquired if necessary and will track the status of the repair until completion by requiring that a repair ticket is generated in the IRS work order request system (e.g. OS GetServices). The local FMSS Physical Security Specialist will require the repair vendor to test the device after repair and provide an itemized invoice for services provided. The invoice will be a record of the repair and testing and will be kept on file by the local FMSS Physical Security staff for a period of three years.

Intrusion Detection System and Duress Alarm System Tests

  1. All IRS alarm input/points in every IRS facility are required to be tested annually by an alarm service vendor as part of the annual preventative maintenance requirement. An itemized invoice of the service call showing the pass and/or fail of each alarm input will be maintained by the local FMSS Physical Security Section Chief for a period of three years. The local FMSS Physical Security Section Chief will ensure corrective action as required.

  2. The Unannounced Alarm Response Exercises, when practical, attempt to coordinate with the appropriate office manager prior to conducting a duress test, to ensure the testing process does not interfere with the daily work schedule. The local FMSS Physical Security office must:

    1. have the results documented and kept on file for a period of three years.

    2. report results/findings of the exercises to the FMSS Security Policy, P&A Office.

    3. document planned corrective actions if needed.

    4. track the findings until they are properly resolved using the IRS work repair request system.

    5. post the exercise date on SIMS.

    6. notify the National COR of any guard failures. The National COR will be responsible for corrective actions/remedies under any IRS guard contracts.

  3. Guard response to unannounced alarms will be exercised (tested) every fiscal quarter at a minimum, in campuses, CC, 1111 Constitution Ave, and the NCFB.

    1. This must be accomplished by the local FMSS Physical Security staff tripping (activating) a randomly selected alarm with emphasis on facility perimeter alarms, duress alarms and without prior notification to the guards or contractor with the results documented and posted to SIMS.

    2. Immediate corrective action(s) will be taken to correct any deficiencies in response or inoperable alarms. An UATR will be completed and must include test results and corrective actions.

    3. At facilities where IRS personnel or contractors monitor alarm consoles, the guard console blotter/event log is to be annotated to record and document the guard force response to each alarm activation test, and if no response occurs, document what corrective action was taken.

    4. Guard response testing will be conducted only at facilities where IRS holds the security delegation and armed guard contract. IRS will not test guard response under the Federal Protective Service (FPS) contracts and control. FPS is responsible for the management and corrective actions of their own guard services and contracts.

    5. Guard response testing should be a planned and coordinated exercise at all campuses and CC. Alarm tests that require a Mega Center (MC) alarm notification to external responders (law enforcement/FPS) will not be conducted. An armed response to a test could result in a potentially dangerous scenario.

  4. Safety is of the utmost importance; therefore, response exercises must be planned and coordinated accordingly to ensure there is no safety violation/incident associated with the alarm exercises.

  5. The UATR, annual preventative maintenance and testing documentation will be kept on file by the local FMSS Physical Security Section Chief for a period of 3 years in addition to posting the action dates and results to SIMS.

  6. Alarm Notifications:

    1. The local FMSS Physical Security staff must ensure that the Department of Homeland Security (DHS) Megacenter (MC) or CSCC has a current Emergency/Alarm Contact List with the appropriate POC and their phone number to ensure a prompt notification of any alarm. An armed "First Responder" must be included in the POC listing to be dispatched as appropriate. The POC contact information will be in descending priority, beginning with armed "First Responders" , followed by appropriate personnel.

    2. The local FMSS Physical Security Section Chief is responsible to ensure there is at a minimum, an annual validation of the Emergency/Alarm Contact List for each IRS facility within that FMSS Territory’s responsibility (where alarms are present). The report will be dated and signed by the respective facility FMSS Physical Security Section Chief or designee and be retained for a minimum of three years.

    3. Blind tests are never conducted where an alarm annunciates at an FPS MC. Tests must only confirm two things with the MC: the alarm enunciated at the MC and the MC has the current Emergency/Alarm Contact List in the event of an actual notification. End your test at this point – do not include a police response.

  7. Duress buttons are often inadvertently hit by chairs, employee’s knees/hands, or other equipment that may dislodge the actuator/button and which may render the alarm inoperable. This may result in a potential non-contact or non-annunciation during emergency and attempted alarm activation. It is imperative that the local FMSS Physical Security Section Chief provides written operation instructions to the BU manager occupying the space where the duress button is located. BU managers are responsible to ensure that each employee assigned to work in the space where duress alarms are located receives a copy of the written instructions provided by the local FMSS Physical Security Section Chief. The written instructions must include:

    1. the location of the duress alarm button(s).

    2. how to activate and reset the duress alarm button(s).

    3. where the duress alarm enunciates.

    4. who will be responding to the duress alarm (i.e., CI, guards, FPS, local law enforcement, etc.).

    5. when there is a need to dial 911 for emergency assistance if the duress alarm is inoperable or under repair.

  8. The local FMSS Physical Security Section Chief will ensure that all alarm preventative maintenance and testing dates are posted to SIMS. All service call invoices, written testing/tracking documentation will be filed in the local office of the FMSS Security Section who has jurisdiction for the facility for a period of three years.

  9. UATR used for campuses will be used at all facilities where IRS holds security delegation and the guard service contract. FMSS Security Policy, P&A will be notified immediately, in writing, of any guard response failures.

  10. If during a test, or other times, it is determined that an alarm is malfunctioning the local FMSS Physical Security Section Chief along with the Site COR and National COR (if operating under an IRS Guard/Maintenance contract) will be immediately notified as appropriate. Malfunctioning alarms must be recorded and repaired in a timely manner and tracked by the local FMSS Physical Security Specialist until the alarms are repaired and functioning properly. The repair tracking and invoice documentation (work order, invoice etc.) must be kept on file at the local FMSS Physical Security office.

  11. Compensatory measures will be taken to ensure proper security is maintained while an alarm is inoperable. Compensatory measures may include, but are not limited to the following options or a combination of options:

    1. Deploying guards to inoperable alarm point(s) to ensure proper security is maintained

    2. Conducting random patrols

    3. Conducting aggressive recurring security checks, etc.

    4. Locking doors

    5. Maintaining continuous CCTV coverage

  12. Should the entire alarm system fail and become inoperable, or if numerous multiple alarms simultaneously annunciate, priority dispatch and response must first be directed to critical alarm points (i.e., weapon vaults/rooms, duress alarms, vaults and safes containing funds or other instruments of monetary value, perimeter entry points, etc.), which is determined by the local FMSS Physical Security Section Chief until the system is reset and functioning properly. Scheduled service call invoices, work repair request tickets and alarm reports must be kept for three years by the local FMSS Physical Security Section Chief.

Closed Circuit Television (CCTV)

  1. Closed Circuit Television (CCTV) is very useful in physical security operations. A key to the effectiveness of CCTV is recurring maintenance of the system and supportive artificial lighting. To facilitate an effective field of view, CCTV surveillance capabilities should be checked on a routine basis to assess equipment effectiveness and to identify obstructions. Coordination with facility or maintenance personnel is required to request the trimming of foliage so CCTV fields of view are not obstructed. Tree canopies must be trimmed higher so the perimeter can be properly observed by guards and CCTV cameras. CCTV camera domes must also be cleaned on a periodic and recurring basis to ensure clear visibility where controlled by IRS. CCTV along with other risk mitigating elements (security layering, guard force, patrols, security lighting, etc.) should be utilized to observe and protect the fence line and the facility perimeter. External CCTV cameras should be positioned a minimum of 18 feet above grade, if feasible, to prevent tampering.

  2. CCTV is frequently used as an integral part of an IDS. This may be accomplished by:

    1. using sensors to establish a secured area and installing a CCTV system, which includes a time lapse digital video recorder to complement the sensors.

    2. placing cameras at critical locations to provide direct visual monitoring from a vantage point such as an on-site protection console.

    3. using CCTV on gates, doors, and other security areas not manned continuously. The system normally consists of a television camera, camera control box, recorder, monitor, two-way communication system, and electrical circuitry.

  3. Use of CCTV on entry points may include the use of a two-way communication system between the monitor panel and the gate/door and an electrically operated gate/door. With this device the person viewing the monitor(s) can be alerted on the speaker system when an individual requires access, allows communication with the individual and allows them to visually assess the situation on the monitor. This assessment helps to determine authority to enter and their security status. Once authority for access is verified, access is granted by pressing the electric gate/door lock/unlock button.

  4. CCTV controls should be enclosed and properly secured to preclude attempted adjustment by unauthorized personnel.

  5. Interior CCTV systems are also an essential part of the overall layered security approach. However, personal work space (office/cubicle) of federal employees will not be viewed or recorded by CCTV systems. All CCTV systems will normally include:

    1. a CCTV camera and dark dome (for new systems it is required, for older systems as funding permits) so personnel observing the camera cannot determine the orientation of the camera at a given time.

    2. an appropriate type of lens.

    3. monitors as necessary.

    4. digital recorder(s).

    5. multiplexer(s) as necessary.

    6. a CCTV control box.

    7. an Uninterrupted Power Supply (UPS) to provide electricity immediately (real time) if there is a power outage.

  6. Taxpayer Assistance Center (TAC) CCTV systems are a required countermeasure. CCTV can record and discourage criminal or threatening behavior and aid in investigating incidents.

  7. An advisory sign will be posted immediately adjacent to the interior customer entrance of a facility so personnel entering are aware the area is monitored by CCTV and recorded.

  8. TAC CCTV monitors may be located at fixed guard posts. If there is no guard posted, the monitor(s) will be placed in the non-public area of the TAC where they can be properly observed.

  9. CCTV recorders will be placed in a locked closet so only FMSS staff or other authorized individuals have access to the recorder. A monitor will also have to be located with the recorder so specific time frames can be reviewed, as needed.

  10. CCTV and CCTV recordings will not be used to verify employee attendance. Image recordings will only be provided if requested through the local FMSS Physical Security Section Chief and approved by the FMSS Associate Director Operations or FMSS Security Policy, provided it has been requested by law enforcement, CI, or TIGTA as part of an on-going investigation. This data must only be provided if requested by law enforcement, Criminal Investigations (CI), or Treasury Inspector General For Tax Administration (TIGTA) as part of an ongoing investigation or an approved Freedom of Information Act (FOIA) request.

Digital Video Recorders (DVR)

  1. Compatible security systems and software, as well as system integration and interoperability is paramount in today’s security environment. To ensure this, FMSS is modernizing its Digital Video Recording (DVR) systems and in some facilities integrating system capabilities and developing a national system maintenance contract. Therefore, similar systems, makes, and models of security equipment are desirable for the "future state" security posture of the IRS.

  2. To facilitate this, DVR systems and related security equipment and software must be compatible to be integrated. All IRS facilities with CCTV systems will upgrade to DVR and ensure CCTV systems are compatible with the current and "future state" systems software and products. Real time CCTV viewing is the desired state at campuses and CC, as well as other facilities with a full or part-time armed guard presence. Passive monitoring of recorded CCTV images will continue at other facilities.

  3. The system software should support the use of IT software management tools currently in use or planned for future implementation. Software will support access to live and recorded video using an internet web browser and active directory authentication for a minimum of 64 simultaneous users. The DVR system will provide the ability to control up to a minimum of 16 IP CCTV cameras both fixed and pan-zoomtilt (PTZ).

  4. The system must provide the operator the ability to configure multiple scenarios for video monitoring and playback of recorded video. The software will support notification messages to computers directly attached, remote and/or mobile.

  5. The DVR system must work with all cameras currently installed at specified locations. Alarm events that are linked to cameras on DVR will trigger an alarm recording (pre-alarm with increased frame recording rate and PTZ preset control).

  6. Video clip can be exported for authorized viewing and evidentiary purposes, or saved locally for electronic distribution. At any time, a specific camera can be selected by an operator based on "Start Time" and "End Time" to retrieve recorded video.

  7. The DVR system recorder must be capable of recording and storing a minimum 30 days of video input from each attached CCTV camera. Video Motion Detection (VMD) capable CCTV cameras will be activated in designated sensitive areas, either continuously or at designated times each day, where applicable. However, there should not be any pedestrian traffic in the viewed/monitor area or around them when activated.

  8. The DVR system must, at a minimum, combine multiplexing, alarm detection, event detection, video, audio and text recording and should use record mode settings of linear or circular/continuous. The DVR system should save video, audio and text to a standard recordable CD or DVD.

  9. The DVR system should easily integrate with third party software applications using an Application Programmers Interface (API). The manufacturer of the unit will offer a Software Developers Kit (SDK) to select third party manufacturers.

  10. The DVR system’s API will be backwards compatible with previous versions of the software equal to or greater than v3.2. The DVR system will provide the operator the ability to isolate video containing motion and find video where perimeters were crossed, lights were turned on or off, alarms were triggered and numerous additional scenarios.

  11. The DVR system should permit audits of the activity log to monitor changes to the settings and configurations and must include, but not be limited to, the following information:

    1. User Name – login name of the user

    2. Date/Time – date and time the action was performed

    3. Access Lock – whether the action was local to the unit or done through remote software

    4. Category – the action’s category

    5. Activity – the action performed within the category

    6. Data – description of the action

  12. The DVR system should be able to manage storage of video, audio and text by exporting to Network Attached Storage (NAS), Storage Area Network (SAN) and Direct Attached Storage (DAS) devices using optional software.

  13. The remote management software should allow an operator to select units, cameras, and time-frames for automatic retrieval of video clips to an operator’s computer. This allows for downloads to be scheduled during times that network traffic restrictions are not an issue. The DVR system will incorporate playback and multi-screen playback functions.

Alarm Maintenance and Testing Certification Report

Alarm Maintenance and Testing Certification Report
Section A - Completed by IRS Official
Building Number: Building Name:
Building Address:
Armed Responder POC # e.g. FPS, Guard Service, local Police:
IRS POC Name & # for alarm activations:
Landlord POC for Alarms and Emergency issues:
IRS Physical Security Specialist assigned:
Delegated Y/N: IRS Guards Y/N: FPS Guards Y/N:
Alarm Monitoring by IRS Y/N: Alarms Monitored by FPS MegaCenter Y/N:
List location of each Duress input by floor and room number.
Preventative Maintenance Performed by a licensed Vendor Y/N and date if Yes
Section B - Completed by Licensed Vendor
Name of Licensed Vendor Company Performing the PM, Testing to include the date of Certification: (all devices and inputs must be 100% fully functional and alarm activation and notification process 100% accurate and functional. Alarm testing must be coordinated with the alarm monitoring center. Include POC Name and number validations with monitoring center.)
Alarm inputs including duress tested by vendor and working properly? Y/N
Corrective action required on any input? Y/N
List inputs that did not function properly and action taken to mitigate vulnerability. (as outlined in the Compensatory Measures section of IRM 10.2.14)
List each malfunctioning device /input and state repair status as: Repair Completed and date, Repair scheduled for mm/dd/yyyy.
I certify that I have performed Preventative Maintenance and operational functionality testing of all alarm inputs including Duress / Panic device inputs and all inputs are fully operational. I further certify that I coordinated all testing with the Alarm monitoring Center listed on this form and that all POCs on this form match the POCs listing held by the Monitoring center.
Signature of Licensed Vendor and Date:
Signature of Security Specialist and Date: