Establishing the IRS CNSI program and NISP in accordance with the authorities and references contained in this IRM.

Demonstrating personal commitment and committing senior management to the successful implementation of the IRS CNSI program and NISP.

Appointing a Senior Agency Official (SAO) to direct and administer the CNSI program under which the information is protected throughout its lifecycle.

Overseeing, as SAO, the IRS CNSI program and NISP.

Approving and issuing IRS security policies and guidance for the conduct of the CNSI program and NISP.

Establishing and maintaining an ongoing CNSI self-assessment program, which includes periodic review and assessment of the IRS CNSI holdings and classification products in accordance with 32 CFR 2001, TD P 15-71, Chapter 3, Section 31 and this IRM 10.9.1.

Establishing that risks associated with the CNSI program are identified, analyzed, responded to, reported on, and monitored to ensure the program’s health and compliance with National and Treasury guidance.

Ensuring the timely and accurate response on the ISOO annual request for completion of the Standard Form (SF) 311, Agency Security Classification Management Program Data.

Delegating the signature authority for courier letters and cards to the Associate Director (AD), Security. This serves as the official delegation.

Serving as the approval authority for the IRS on Sensitive Compartmented Information Facility (SCIF) Justification Memoranda prior to sending to Treasury for final approval.

Coordinating with other Agencies as the IRS liaison on classification challenges and requests for declassification or reclassification.

Administering and directing the IRS CNSI program and NISP on behalf of the SAO.

Appointing Program Managers responsible for execution of the CNSI program and NISP.

Ensuring the coordination and performance of self-assessments for the CNSI program.

Serving as the IRS approval authority for Security Areas, to include Top Secret Spaces, by signing their certification letters (Open Storage of Secret or Top Secret Spaces) or submitting them to Treasury (Treasury Secure Data Network (TSDN) Limited Areas (LA)), as applicable.

Serving as review authority for SCIF Justification Memoranda.

Reviewing and approving, as applicable, administrative and risk-based decision documentation regarding the IRS CNSI program.

Ensuring effective management of CNSI within their organization.

Ensuring that CNSI within their organization is appropriately protected throughout its lifecycle in accordance with this IRM.

Ensuring that non-Senior Executive Service employees with a security clearance are rated on their protection of CNSI annually via Form 15283, Classified National Security Information Critical Element for Employees Whose Duties Require a National Security Clearance.

Ensuring effective management of CNSI within their organization.

Verifying the clearance of and designating, as needed, a primary and alternate Classified Document Custodian(s) (CDC) in writing.

Ensuring the CDC is trained and provided the resources to protect CNSI.

Ensuring the CNSI Program Manager (PM) is made aware of changes to the Classified Document Custodian appointments.

Justifying the need for and, if approved, appointing a Top Secret Control Officer in writing.

Ensuring the CDC conducts self-assessments as prescribed by FMSS Security.

Appointing a Top Secret Control Officer after a Top Secret Space is certified or SCIF is accredited.

Appointing, in the event of a security incident, an appropriately cleared alternate Inquiry Official if the local CDC is materially involved.

Ensuring that subordinate managers and staff participate fully in an inquiry into a security incident, and, as applicable, that appropriate remediations for clearance holders found at fault in a security incident are applied.

Ensuring authorized holders are rated on their protection of CNSI at the end of each rating period.

Coordinating with security contractor(s), Business Units and CNSI PM on physical security requirements, upgrades, or construction related to CNSI.

Ensuring physical security requirements in national, Treasury and IRS guidance are implemented as appropriate.

Managing the IRS CNSI program and NISP on behalf of the SAO.

Authoring and updating CNSI and NISP policy in accordance with Authorities in this IRM.

Completing the annual ISOO SF 311 and sending to the AD, Security.

Serving as the liaison for classification challenges, reclassification requests, declassification confirmation, courier cards/letters, and security incidents between IRS and Department of Treasury and/or other Agencies as required.

Ensuring a system exists to process, track and record formal classification challenges, reclassification requests, declassification requests, courier cards/letters, and security incidents.

Hosting, granting and removing access to the Security Container Tracker based upon input from the field.

Coordinating with those involved in procurements requiring NISP compliance to ensure the appropriate security features appear in contractual documents.

Ensuring all CNSI and NISP related security, education, and awareness training is implemented in accordance with authorities in this IRM.

Serving as a single point of contact at the headquarters level on all security matters related to Security Areas that protect CNSI to include the approvals, certification letters, and provisions of security policy.

Maintaining a Top Secret security clearance, at minimum, and receiving training from Treasury Office of Intelligence and Analysis if the information held is at the Top Secret/Sensitive Compartmented Information (TS/SCI) level.

Ensuring Top Secret information is protected throughout its lifecycle per the requirements in this IRM.

Maintaining current accountability records of Top Secret information received within their office and attendant supply of Top Secret document forms.

Following prohibitions against reproduction of Top Secret information.

Ensuring Business Unit authorized holders know to immediately notify their Top Secret Control Officer whenever they receive any Top Secret material.

Maintaining Treasury Department Form (TD F) 15-05.4, Document Control Register, for all Top Secret information held by the Business Unit.

Conducting an annual physical inventory of Top Secret information within the Business Unit under their purview using TD F 15-05.4, with the designated alternate Top Secret Control Officer (if appointed) or another authorized holder to serve as witness.

Downgrading, declassifying, or destroying Top Secret documents, as appropriate, per this IRM.

Maintaining accountability records, receipts of the transmission, and receipts of destruction of Top Secret information.

Verifying authorized holders that receive Top Secret information have the appropriate security clearance, need-to-know, and storage capability that has been approved by AD, Security prior to the information being released.

Serving as the principal advisor to the appointing official and supervisor in matters pertaining to security of CNSI.

Providing full name(s) of replacements to CNSI PMs prior to departure from the role.

Serving as Cognizant Security Official by providing guidance to authorized holders regarding protection of CNSI and discussing issues/solutions with the CNSI PMs.

Conducting self-assessments as laid out in subsection IRM 10.9.1.15.

Conducting incident inquiries in accordance with subsection IRM 10.9.1.14 and provide timely updates to management and CNSI PM.

Coordinating with Treasury Inspector General for Tax Administration (TIGTA), CSIRC, and CNSI PM on security incidents.

Ensuring that access to CNSI is limited to authorized holders with a need-to-know as defined in subsection IRM 10.9.1.8.1.

Annually verifying the Security Container Tracker for all containers used to store CNSI under their purview.

Clearing security containers prior to being decommissioned in accordance with this subsection IRM 10.9.1.8.4(9).

Maintaining combinations of security containers under their control in accordance with the manufacturer’s operating instructions and this IRM.

Creating and maintaining a list of the CNSI to be taken on travel and, upon return, verifying that all CNSI has been returned by the authorized holders who traveled.

Establishing written administrative procedures for the control of CNSI under their control in line with this IRM. At a minimum, procedures must cover:

i. Information, dissemination, and reproduction control measures that fit the local environment.
ii. Personnel security clearances and need-to-know verification.
iii. End-of-day and after-hours security checks.
iv. Whether security container combination storage will be centralized in one container or decentralized among many.
v. Additional protections for CNSI telephone conversations in spaces certified by Business Units to host them.
vi. Emergency procedures for protecting CNSI in the event of an emergency.

Implementing the administrative procedures laid out by this IRM and the local Classified Document Custodian for the security container(s) under the Custodian’s purview.

Ensuring authorized holders requesting access to the security container be verified by Personnel Security (hco.ps.national.security.programs@irs.gov) to have the clearance of the highest level of information stored in the security container and the requisite need-to-know, as defined in Terms/Definitions/Acronyms.

Listing their information on the SF 700, Security Container Information on all security containers assigned security containers.

Ensuring the container combination is turned over to the local Classified Document Custodian and the next Security Container Custodian prior to their departure from their position.

Ensuring the individuals with access to the container properly use the SF 701, Activity Security Checklist, as required and SF 702, Security Container Check Sheet, by discussing the requirements and reviewing the forms every 90 calendar days for compliance.

Ensuring a list of those with access to a container is maintained for the purposes of combination maintenance.

Maintaining and changing the combination to security containers in accordance with the manufacturers operating instructions and this IRM.

Ensuring authorized holders with access to the security container perform an annual review of material in the container to ensure that the classified material is:

i. appropriately marked,
ii. required for job performance/records, purposes and
iii. destroyed, as applicable, in a National Security Agency/Central Security Service (NSA/CSS) Evaluated Products List (EPL) approved shredder.
 

Ensuring the Classified Document Custodian is aware of security container movements or decommissioning.

Clearing the security container prior to being decommissioned in accordance with subsection IRM 10.9.1.8.4(9).

Serving as the primary Point of Contact (POC) of the Business Unit who is responsible for the Security Area and appointing an alternate POC from Authorized Personnel when unavailable to perform duties listed in b) - q) below.

Being designated as one of the individual(s) listed on the SF 700 the secure side of the Security Area’s entry door.

Serving as liaison on the Security requirements for the Security Area, including but not limited to:

i. Coordinating with CNSI PMs to procure required security items (shredder, security container, etc.).
ii. Physical Security requirements.
iii. Behavioral compliance in protecting CNSI.
iv. Self-assessments in conjunction with the Classified Document Custodian.
 

Responding to a Security Area when called in the event of an alarm, disturbance, or facility emergency. In the event of a safety concern, the monitoring entity must be informed prior to Responsible Party entering.

Ensuring year-round coverage for after-hours response.

Verifying the clearance and need-to-know of all Authorized Personnel prior to granting them access.

Verifying the clearance and need-to-know of visitors, ensuring those who are unauthorized are escorted.

Ensuring the lock and combination for the access door is maintained and changed as prescribed in subsection IRM 10.9.1.8.4(6), Federal Specification FF-L-2740, Locks Combination, and the manufacturer’s operating manual.

Ensuring that utilization of IRS Form 5421 Limited Area Register and on-site storage of the register for one year.

Participating in and accommodating any security assessments or security incident inquiries.

Issuing, or ensuring the issuance of, local written procedures for the Security Area that includes life safety requirements and Occupant Emergency Plans in accordance with TD P 15-71, Chapter 5, Section 1,9.

i. Arranging for a security container in another room in which to store CNSI typically held in a Security Area in the event of emergency in consultation with the local Classified Document Custodian.
 

Reviewing access lists to Security Areas biannually, to include validating clearances, and coordinate with the SSC to remove those who no longer meet the requirements of access or who no longer require access.

Ensuring the removal of Authorized Personnel who no longer require access from the access control system promptly.

Updating the monitoring entity promptly when changes occur to the after-hours response list.

Monitoring and securing any keys for the Security Area doors per subsection IRM 10.9.1.8.4(5).

Preventing unauthorized access to the Security Area by ensuring that a Responsible Party or Authorized Personnel for the space physically controls the entry/exit door should either need to be opened for any length of time (due to an emergency or other).

Serving as the Key Custodian for keys to Security Areas, as specified in this IRM.

Serving as alternate Responsible Party if appointed.

Protecting CNSI and Security Areas by following this IRM.

Escorting unauthorized individuals inside Security Areas.

Responding, if designated by the Responsible Party, in the event of an alarm or disturbance or facility emergency. In the event of a safety concern, the monitoring entity must be informed prior to Authorized Personnel entering the Security Area.

Opening and closing the Security Area to accommodate business hours in a secure manner, as directed by the Responsible Party.

Serving as a neutral party to the security incident (e.g., not involved in the events leading up to or directly causing the security incident).

Holding a security clearance commensurate with the level of CNSI the security incident involves if the Inquiry requires review of classified information.

Familiarizing themselves with this subsection IRM 10.9.1.14, regarding the conduct of the inquiry and meeting the deadlines associated.

Preventing further unauthorized disclosure of CNSI, as prescribed throughout this document.

Ensuring consistent protection of CNSI from unauthorized disclosure by meeting safeguarding requirements prescribed throughout this document.

Contacting the local Classified Document Custodian promptly in an unclassified manner in the event of a security incident, either infraction or violation.

Ensuring that CNSI is not communicated over unsecured voice or data systems, (e.g., IRS network, phone line, cell phones, etc.) in public conveyances or places, or in any other manner that permits interception by unauthorized personnel.

Completing the required annual training -Integrated Talent Management Item, “Annual Security and Derivative Classification Brief.”

Following the CNSI policies and procedures of both the IRS and the agency they are working at.

Completing the annual training - Integrated Talent Management “Annual Security and Derivative Classification Brief.”

Ensuring the request of an IRS issued courier device, as needed, to courier CNSI from IRS to other authorized holders in accordance with subsection IRM 10.9.1.10.1.

Following the CNSI policies and procedures of the agency they are detailed to.

Completed the annual training - Integrated Talent Management Item, “Annual Security and Derivative Classification Brief.”

Returning any IRS issued courier device prior to going on detail and obtaining one, as required, from the agency they are detailed to.

Notifying the CI Security Specialist and/or CNSI PMs of their involvement in a security incident, either infraction or violation.

Conceal violations of law, inefficiency, or administrative error.

Prevent embarrassment to a person, organization, or agency.

Restrain competition.

Prevent or delay the release of information that does not require protection in the interest of the national security.

The reclassification action is approved in writing by the Secretary of Treasury based on the determination that reclassification is required to prevent significant, demonstrable damage to national security and the information may be reasonably recovered without bringing undue attention.

The reclassification request is reported promptly through the CNSI PM to the Director, OSP.

Existing classified source document.

Approved classification guide.

Classified communication (e.g., information provided orally via STE or obtained/discussed during a classified meeting).

Cleared USG authorized holder who is a recipient of the CNSI in the course of conducting official business.

Agency security official who is responsible for properly safeguarding classified information.

Contractor or consultant on a contract with classified scope per the NISP.

Information should/should not be classified.

Information should be classified at a lower/higher level (under/over-classification).

Information is improperly classified (including an overly restrictive period or without proper authority).

Information is improperly marked.

Overall/Banner Classification Marking: This is determined by the highest level of classification of any one portion of the document and must be placed at the top and bottom of the page. If there is more than one page, the overall marking must be on the front cover, title page, first page, each interior page, and outside of the back cover/page. The markings at top and bottom of each page must be marked with either the highest level of classification on that page, including "Unclassified" when applicable, or with the overall classification of the document.

Portion Markings: Must be marked at the highest level of information contained at the start of the subject/title, each paragraph, graph, table, picture, etc. Note that if a source document is not portion marked, then it cannot be used in a derivatively classified document.

Classification Authority Block consisting of:

i. "Classified By" identifying the derivative classifier by given name and title or personal identifier and agency of origin. If a personal identifier is needed, contact the CNSI PMs.
ii. "Derived From" identify the source document(s), including agency and office of origin when available. When there are multiple sources, the derived from line will state "multiple sources" and a follow-on page listing the citations is attached if the sources are too numerous to fit in the block.
iii. "Declassify On" line contains the furthest date or event on the classification block(s) of the source document(s).
 

Documents lacking any of the markings above, except for the declassification instruction, cannot be used as sources for derivative classification.

Documents that lack a declassification instruction must have a date calculated 25 years from the creation of the source document or, if that date is missing, then a date calculated 25 years from the date of the creation of the derivative document.

If the document has declassification instructions, like X1-X8, Originating Agency’s Determination Required (OADR), or Manual Review (MR), consult 32 CFR 2001.22(e).

"Unclassified when classified enclosure removed" or

"Upon removal of attachments, this document is (Classification Level)."

The subject line of the email must be portion marked, but not reflective of the classification markings of the email content or attachments and should be kept unclassified.

If attachments exist, the titles of the attachments must be portion marked and should be kept unclassified. The title of the attachment and associated portion mark does not reflect the classification of the attachment.

The overall/banner classification of the email must be marked at the top and bottom (after the derivative classification block) of each individual email.

When forwarding or replying to an email, authorized holders must ensure that, in addition to the markings required for the content of the reply or forward email itself, the markings must reflect the overall classification and declassification instructions for the entire string of emails and attachments. This will include any newly drafted material, material received from previous senders, and any attachments.

Portion marking unclassified emails that reside on an CNSI system is required.

Marking in the electronic environment, to include web pages, URLs, dynamic documents, relational databases, classified wikis, instant messages or chats shall be in accordance with 32 CFR 2001.23.

Classification Authority Block must occur after the signature line but before the bottom banner marking.

Dated when created.

Marked with the highest classification of any information contained therein.

Safeguarded as required for the assigned classification.

Conspicuously marked "Working Paper" on the cover and/or first page of the document or material or comparable location for electronic media/items (e.g., on the CD itself or on the most visible part of an item) in larger typeface than existing text.

Destroyed when no longer needed.

SF 706: Orange for Top Secret

SF 707: Red for Secret

SF 708: Blue for Confidential

Purple for "classified but level determination pending," protection must be at the Top Secret level (SF 709).

Green for "unclassified" (SF 710). In environments in which CNSI and unclassified is stored, the "unclassified" label must be used to positively identify equipment/electronic media authorized for unclassified use only.

A label to identify a higher classification level may be applied on top of a lower classification level, if the classification content changes.

A lower classification label must never be applied to equipment already containing or processing a higher level of CNSI.

Removable electronic media must be physically detached from the processing equipment at the close of business each business day and secured in a security container.

An exception to the requirement to physically remove and store such electronic media items is authorized when the equipment and processing occurs in a TSDN LA or SCIF that has been equipped with minimum security standards prescribed in this IRM or Intelligence Community Directives (ICD), then approved by Treasury.

Removable electronic media will always be safeguarded when not in use or under the supervision of an authorized holder.

Information exempted from automatic declassification remains subject to the mandatory and systematic declassification reviews.

CNSI cannot be automatically declassified because of an unauthorized disclosure of identical or similar information.

Prior to public release, all declassified records must be appropriately marked to reflect the declassified status of the information.

A favorable determination of eligibility for access. An individual is eligible for access to CNSI only after a positive showing of trustworthiness as determined by the proper IRS authority based upon an investigation and favorable adjudication in accordance with national personnel security standards and accompanying Treasury guidance.

A signed SF 312.

A need-to-know the CNSI, defined as a determination in accordance with directives issued pursuant to EO 13526 that a prospective recipient requires access to specific CNSI to perform or assist in a lawful and authorized USG function.

Participate in mandatory Integrated Talent Management Item, "Annual Security and Derivative Classification Brief," instituted by the CNSI PM on the proper safeguarding of CNSI and on the criminal, civil, and administrative sanctions that may be imposed if the CNSI is not protected from unauthorized access.

Federal service or contracting, licensee, or certificate holder

Grantee status

As a matter of right or privilege, or because of any title, rank, position, or affiliation

Solely having a clearance

IRS or contractor employees via hco.ps.national.security.programs@irs.gov.

Visitors reference requirements in IRM 10.23.1.18, National Security Positions and Access to Classified Information.

That CNSI is protected over the course of its lifecycle, regardless of what action is being taken with it.

That it is not communicated over unclassified voice, email, or any other system (e.g., TSDN for up to Secret or Treasury Foreign Intelligence Network (TFIN) for up to TS/SCI), nor in public conveyances or places (to include hallways or unsecured conference rooms, even in a government facility), or in any other manner that potentially permits interception by unauthorized personnel.

Failure to protect CNSI is recognized as a security incident. Any potential or actual security incidents must be reported to the local Classified Document Custodian immediately after ensuring that CNSI is protected.

For documents, the requirement is a Class 5 or 6 container with a lock meeting FF-L-2740 standard.

GSA approved security container meeting Federal Standard (FED STD) AA-C-2786 to store Information Processing Systems (IPS).

GSA-approved field security containers are intended for storage of CNSI in situations where normal storage is not possible such as on ships, in vehicles, or in military field operations; they may not be used in an IRS facility.

Contact the CNSI PMs via *FMSS Classified Information Security Team for information and instructions on the purchase of a new container.

Have the information section (e.g., room number, building, container number, month/year) filled out appropriately.

Be completed each time the security container or Security Area is accessed and/or checked every business day, regardless of whether it was opened.

The SF 702 must be kept for 90 calendar days.

Great Grand Master key systems are not authorized for Security Area.

Keys may not be duplicated.

The Security Section Chief must issue keys to the Responsible Party for the Security Area as Key Custodian, this will be documented via Form 1930-D, Key Custody Receipt (KCR). The Key Custodian may only issue keys to other Security Area Responsible Parties or Authorized Personnel when life-safety or emergent reasons arise. Keys may not be taken out of the building.

Keys will have a unique identifier either attached to the key or engraved on the key head. Unique serial numbers for keys may be used as the identifier. The key must also be engraved with the words "U.S. Government - DO NOT DUPLICATE."

Lost or stolen keys:

i. Contact the Classified Document Custodian, Security Area Responsible Party, and CNSI PM at *FMSS Classified Information Security Team of a possible security incident in an unclassified manner promptly after the discovery of the potential loss.
ii. Contact all Authorized Personnel with access to the key to ascertain if it is in their possession; follow up with the Classified Document Custodian, Security Area Responsible Party, and CNSI PM.
iii. Perform immediate inventory of all CNSI documents.
iv. GSA approved technicians must be contacted promptly to replace core.
v. If applicable, after the core is replaced all the remaining original keys must be destroyed so they cannot be confused with replacements.
 

Key Inventory Log. A locally developed log to record the inventory of Security Area keys. The Key Custodian will conduct a physical inventory at least quarterly. Key Inventory Logs must be retained for six months for Interagency Security Committee (ISC) Facility Security Level (FSL) I-III; ISC FSL V facilities for three years. The Key Inventory Log will document the following:

i. Date and Time of inventory.
ii. Full name and signature of Key Custodian conducting the inventory.
 

Key Control Register. A locally developed register to record the issuance of Security Area keys to Authorized Personnel. The Key Control Register will be inspected at least quarterly to ensure compliance with this IRM. Key Control Registers must be retained for six months for Interagency Security Council (ISC) FSL I-III; ISC FSL V facilities for three years. The Key Control Register will document the following:

i. Unique key identifier.
ii. Date and time key issued.
iii. Issued by Full name and signature of Key Custodian issuing the key out.
iv. Issued to Full name and signature of other Responsible Party or Authorized Personnel signing the key out.
v. Date and time key was signed out and in.
vi. Received by Full name and signature of Key Custodian receiving the key.

Contractors must not be used to change combinations, unless they are GSA certified technicians, or it is in the scope of work of the contract and the contract meets NISP requirements. Contact the CNSI PM with the contract documents. If no contract was established, and the service is bought via credit card, it is the Business Units responsibility to ensure the technician is GSA certified and has the appropriate clearance prior to the combination being changed.

Combinations must be changed when:

i. The container is first placed into service with the end-user.
ii. An authorized holder knowing the combination no longer requires access to it unless existing controls prevent unauthorized access to the security equipment (e.g., container is in a SCIF or other Security Area with prescribed access control restrictions preventing the authorized holder access).
iii. A combination has been subjected to possible compromise, actual compromise, or unauthorized disclosure.
iv. The equipment is taken out-of-service.
v. At least every 3 years, unless conditions dictate sooner, such as the need to store a particular type of CNSI or material. The minimum time frame is to ensure combinations have an official termination point and to avoid an infrequently opened security container’s combination being lost.

Part 1, the tear-away, carbon-copy portion that lists the name and contact information of individuals with access to the security container must be placed on the inside of the drawer with the lock on it in a conspicuous place or on the secure side of the Security Area entry door.

Part 2A, the tear-away, perforated portion for the combination, must be placed in the envelope portion, Part 2, of the SF 700. This is the portion of the form that must be stored in another security container.

The lock for the container may need to be removed for demilitarization if the container is inoperable or potentially going to be excessed, so the CNSI PMs must be contacted with the make/model of the lock prior to proceeding with the steps below.

The Classified Document Custodian or Security Custodian Customer will ensure that all the CNSI in the container has been destroyed or moved to another GSA approved container.

The Classified Document Custodian or Security Container Custodian will open all drawers to the container one at a time and, using a flashlight, inspect:

i. That it is empty of all documentation,
ii. That a light is shined in the spaces surrounding the pulled-out drawer to ensure that there is no material in the crevices,
iii. If material appears to be present, that the drawer is removed, and the material is retrieved.
 

The Classified Document Custodian or Security Container Custodian will ensure the combination for the container is changed to the standard default of 50-25-50. Contact *FMSS Classified Information Security Team if there are issues with setting the combination.

If the container is inoperable, remove the GSA label by using a razor blade or flathead screwdriver.

The ERC ticket must state the following in the Purpose Box: "Please remove the security container as it (no longer meets the requirements to secure CNSI material/no longer needed by the office). The security container is (operable/not operable). The security container is open. (The lock is not operable and has been removed and returned to FMSS for demilitarization with the Department of Defense Lock Program or re-use within IRS. The combination is affixed to the lock and the lock has been set to default.) The container has been verified as clear of CNSI by (Insert name of POC, contact phone #, email). Thank you."

Once the container has been picked up for dispositioning, the Classified Document Custodian must update the Security Container Tracker.

The IRS Property Officer will determine what to do with the security container based on its condition and the needs of the USG.

Lockmasters Security Institute
1014 South Main Street
Nicholasville, KY 40356
Phone: 866-574-8724 (USA Toll Free)
Phone: 859-887-9633
 

MBA USA, Inc.
200 Orchard Drive
Nicholasville, KY 40356
Phone: 888-622-5495 (USA Toll Free)
Phone: 859-887-0496

Prior to using the switch, the individual must be taught appropriate protocols by the IRS or DO IT department. The switch must be labeled on both the unclassified and CNSI side with the appropriate stickers: SF 710 for unclassified and SF 706, 707, or 708 for CNSI at the respective level.

Collect, create, communicate, compute, disseminate, process, or store CNSI.

Prevent unauthorized access, ensure information integrity.

Use common information technology standards, protocols, and interfaces that maximize the availability of, and access to, the information to authorized holders who meet the standards set by EO 13526 for access to CNSI.

Open Storage of CNSI up to the Secret level is used only in circumstances where there is:

i. Up to Secret level equipment that is required to be stored,
ii. Insufficient space in GSA approved security containers,
iii. Not a need to process via secure system.
 

TSDN LAs can process up to Secret CNSI and can be compared to Treasury’s Secure Work Areas. Treasury does not permit TSDN LAs to openly store CNSI documentation.

Top Secret Spaces can store Top Secret paper and host Top Secret conversations, they cannot host TFIN.

SCIFs are utilized when storing and processing TS/SCI information, such as TFIN.

Only a Responsible Party or Authorized Personnel, who will be termed "Opener" , can know the combination required to open the Security Area; as such, discretion must be used as to the number of individuals given the responsibility.

All persons must have a current and ongoing need-to-work in the Security Area at minimum of one time per month prior to seeking access. IRM 10.2.18.10.4 must be followed to document access requests. This request must contain the individual’s given name, verification that individual has appropriate clearance level, verification the individual has a need-to-know and requires consistent access to the Security area, and whether the individual is a Responsible Party or Authorized Personnel.

i. Personnel Security must be given a minimum of seven business days to verify the individual’s clearance.
ii. The Responsible Party must ensure that all Authorized Personnel are trained on the appropriate procedures for opening, closing, workday maintenance, alarm response, etc. prior to being given their own IDS code and the combination to the FF-L-2740 compliant lock.
 

At the beginning of business hours, the opener will enter the combination into the FF-L-2740 compliant lock, read their SmartID on the access control device (ACD), and enter their PIN.

i. All electronic devices (smartwatch, cellular phone, tablet, computer, Bluetooth, or wireless headphones, etc.) must all be placed in the cell phone locker prior to entry. The introduction of prohibited items into the Security Area is a security incident.
 

Should an Authorized Personnel need to have a wireless/Bluetooth device for health reasons, such as a pacemaker, notification to the Responsible Party and the CNSI PM must be made.

The SF 702, kept on the outside of the entry door, must be filled out.

The magnetic sign on the door must be flipped to ‘open,’ if the signage is available.

Once inside the Security Area, the opener must disarm the IDS and push the life safety switch on the back of the FF-L-2740 lock to prevent lock in.

Visitors must be sponsored into the Security Area by that area’s Responsible Party or Authorized Personnel, henceforth termed "sponsoring individual" .

The sponsoring individual must coordinate with the visitor and IRS Personnel Security to ensure that the visitor’s clearance and need-to-know are verified prior to the visit taking place. Personnel Security must be given a minimum of seven business days to verify the individual’s clearance.

i. Visits must be planned to allow for vetting to occur prior to the individual gaining access.
ii. Cleaning and maintenance personnel must have been deemed suitable in accordance with 5 CFR 731 and given an ID via normal facility processes prior to entry into the Security Area. Cleaning and maintenance personnel must always be escorted.
 

The Security Area must be sanitized, and the occupants be made aware prior to the visit, to preclude unauthorized access to CNSI.

Visitors must sign in and out of the Security Area on IRS Form 5421. A one-year history of the Form 5421 must be maintained on-site.

Visitors must adhere to IRS and Treasury orders to ensure the safeguarding of classified information.

One Responsible Party or Authorized Personnel must always remain in the Security Area during the business day, otherwise the space will need to be closed, as discussed in the “Closing” subsection below.

i. The SF 701 does not need to be filled out until the last Authorized Personnel leaves for the day. The Security Area does, however, need to be checked by the Responsible Party or Authorized Personnel to ensure no CNSI is left unsecured.

Any Responsible Party or Authorized Personnel can close the Security Area and is known in this subsection as the closer. The following must be initiated any time the space is left unoccupied, whether it be for a workday meeting or at the close of the business day.

i. The closer must walk the Security Area to ensure that they are the last person in the space, all CNSI has been secured, the security containers are closed appropriately, and all TSDNs, as applicable, have been logged off.
ii. The SF 702 must be filled out in the checked by column verifying that it was appropriately closed, regardless of whether the security container was opened on a given day.
iii. The SF 701 must be filled out verifying that the Security Area was checked.
iv. The closer must then arm the IDS system. Once the system begins the countdown, the closer knows it is time to leave the Security Area.
v. Pull the life safety switch on the back of the FF-L-2740.
vi. Upon leaving, the closer must verify the door is shut and spin the combination lock one full rotation in each direction, at minimum, and verify that the bolt is engaged by attempting to open the door.
vii. Complete the SF 702 with the time exited and the magnetic sign must show ‘closed,’ if signage is available.
viii. If no Responsible Party or Authorized Personnel enter the Security Area on a given duty day, it must be checked to verify that the FF-L-2740 lock is engaged on the door and noted on the SF 702 for the door under the checked by column.
 

If access to the Security Area is required after business hours, on weekends, or holidays, normal business day open and close procedures will be followed.

The names of the Responsible Party(ies) or Authorized Personnel designated to perform response duties, along with their business and personal contact information, must be provided to the monitoring entity to ensure response to alarm or disturbances. These individuals are known as responders. Coordination in advance of holidays or other periods where multiple responders may be unavailable must occur.

i. Only a Responsible Party or a designated Authorized Personnel can respond to alarms or disturbances.
 

During Business Hours:

i. Once notified of the alarm or disturbance, the responder has up to 15 minutes for Top Secret Spaces and 30 minutes for Open Storage of Secret or TSDN LAs to arrive.
ii. After arriving at the Security Area, the responder, if not in fear for their safety, must enter and perform a thorough check to ensure that there has been no potential compromise or loss of CNSI in any of its forms.
iii. If the responder has safety concerns, the monitoring entity must be notified immediately.
iv. The responder must disable the IDS upon entry into the Security Area.
v. Once the Security Area is clear, the monitoring entity must be notified so that they can clear the alarm.
 

After Hours:

i. The monitoring entity must take appropriate action on all alarms and notify the responders for the Security Area; responders have up to 15 minutes for Top Secret Spaces and 30 minutes for Open Storage of Secret or TSDN LAs to arrive.
ii. After arriving, the responder, if not in fear of their safety, must enter and perform a thorough check to ensure that there has been no potential compromise or loss of the CNSI in any of its forms.
iii. If the responder has safety concerns, the monitoring entity must be notified immediately to facilitate an armed response.
iv. The responder must disable the IDS upon entry into the Security Area.
v. Once the Security Area is clear, the monitoring entity must be notified so that they can clear the alarm.
 

Facilities Emergencies:

i. The monitoring entity must be notified in the event of an emergency (i.e., water leak, heating, and cooling issue, etc.) that is affecting the Security Area and requires entry to address, but the space is unoccupied.
ii. The monitoring entity will notify the responders to open the Security Area.
iii. Responders must respond within 15 minutes for Top Secret Spaces and 30 minutes for Open Storage of Secret or TSDN LAs to arrive.

Background: 32 CFR 2001.43 and .53 detail the requirements needing to be met prior to a Security Area being allowed to openly store CNSI equipment up to the Secret level. This type is not certified for classified conversations.

Requesting an Open Storage Area:

i. Business Units requiring Open Storage must consider the amount of equipment being stored, length of time it will be stored, whether it can be disposed of, if there will be a recurring need to store CNSI equipment and whether there are multiple GSA approved containers in which to store the equipment.
ii. If a Security Area is still required based on the considerations above, the AD, Security must approve prior to upgrade or construction starting.
 

Certification:

i. The initial survey of the room will be conducted by the CNSI PMs against 32 CFR 2001 requirements.
ii. The CNSI PMs will coordinate with the local SSC and requesting Business Unit to ensure gaps between the status of the room and CFR requirements are addressed. Additionally:

1. No wireless devices of any kind are permitted into the Security Area unless authorized by Treasury.
2. Each Responsible Party and Authorized Personnel must have their own, unique code to the IDS.

iii. After-hours response must be coordinated with the SSC, monitoring entity and Business Unit.
iv. Once the Security Area has been built, the CNSI PMs will perform a certification inspection. If the space meets requirements, the AD, Security will issue a certification letter.
v. The Responsible Party of the Security Area must ensure that security protocols discussed above in subsection IRM 10.9.1.8.5(1) are established and maintained for the space, to include immediate provision of a response roster to the monitoring entity.

1. A copy of the Security Area’s certification letter, Form 5421, and the SF 701 must be placed by the primary entry door on the secure side of the door.
2. The SF 702 must be kept on the non-secure side of the Open Storage primary entry door and on other security containers, as applicable.
3. Security Area Entry Door Warning Sign and current access roster on the non-secure side of all entry doors, found on the CNSI Website.
4. Training of Authorized Personnel on appropriate access, closure, and alarm response procedures.

Business Units requiring a TSDN LA must review the Certification Process, subsection found directly below, prior to selecting a room for conversion into a Security Area. Additional considerations:

i. Traffic flow by the room, whether the facility is leased, or what other entities (governmental or not) would be neighbors.
ii. Consultations with local SSC and FMSS staff on most advisable room to convert given physical security requirements.
 

The following information must be sent to the CNSI PM:

i. Justification stating the need.
ii. The location (building address and office number).
iii. Assurance that the Business Unit can provide adequate 24/7 coverage to respond to alarms, disturbances, or events in the Security Area. Those chosen for coverage must:

1. Possess a valid Secret clearance.
2. Be an IRS authorized holder.
3. Understand requirements of secure operation.
 

After the information has been provided, the CNSI PM will work with the AD, Security, to ensure that all requirements are met. AD, Security must provide a response within 30 calendar days of the receipt of all information for the process to begin.

Business Units must discuss with and have the agreement of Treasury OCIO regarding the installation of TSDN in the prospective Security Area prior to coordinating with CNSI PM and SSC to start the process of construction/upgrade.

Treasury OCIO procures all portions of the TSDN system once the Business Unit’s requirements are finalized.

Approval to build the TSDN LA is submitted to the AD, Security by the requesting Business Unit. See “Requesting a TSDN LA and Milestones” subsection above.

The initial survey of the room will be conducted by the CNSI PMs ensuring that the OSP physical security requirements for TSDN LAs are met.

The CNSI PMs will coordinate with the local SSC and requesting Business Unit to ensure gaps between the current status of the room and OSP requirements are addressed:

i. The Security Area must be equipped with NSA/CSS EPL shredder, GSA approved class 5 or 6 security container with FF-L-2740 lock, door signage that appropriately warns against unauthorized entry.
ii. All trash and recycling bins removed.
iii. A Technical Surveillance Countermeasures Survey may be required if unclassified equipment is to remain in place once the room becomes certified or if new unclassified equipment is added after certification. This survey typically occurs after certification but prior to installation of TSDN.
iv. No wireless devices of any kind are permitted inside.
v. Each Responsible Party and Authorized Personnel must have their own, unique code to the IDS.
vi. If windows are present, then the screens for the TSDN system must face away from the windows or be equipped with a privacy screen.
vii. Treasury OCIO will advise on proximity between TSDN and unclassified systems, lines, and equipment as required per national guidelines. The proximity must always be maintained.
viii. TSDN systems must stay in the Security Area that was certified to hold them. The systems cannot be moved by IRS or others from where they are initially placed by Treasury OCIO without prior permission from DO OCIO.
 

After-hours response must be coordinated with the SSC, monitoring entity and Business Unit.

Once built, the CNSI PMs will perform a certification inspection.

If it meets requirements, the CNSI PMs will forward the inspection documentation to OSP for their assessment and, if the risk is acceptable, provision of the certification letter to the IRS.

After certification, the Business Unit must coordinate with Treasury OCIO for the installation of TSDN.

If the Security Area is certified for classified discussions by OSP, STE can be procured by the Business Unit from the IRS COMSEC POC.

The Responsible Party of the Security Area must ensure that security protocols discussed above in IRM 10.9.1.8.6(2) are established and maintained for the space, to include immediate provision of a response roster to the monitoring entity.

i. A copy of the certification letter, IRS Form 5421, and the SF 701 must be placed by the primary entry door on the secure side of the TSDN LA.
ii. The SF 702 must be kept on the non-secure side of the primary entry door to the TSDN LA and on other security containers as required.
iii. Security Area Entry Door Warning Sign and current access roster on the non-secure side of all entry doors, found on the CNSI Website.
iv. The SF 707 and 710 stickers must be placed on equipment as applicable.

Business Units requiring a Top Secret Space must review the Certification Process, subsection found directly below, prior to selecting a room for conversion into a Security Area. Additional considerations:

i. Traffic flow by the room, whether the facility is leased, or what other entities (governmental or not) would be neighbors.
ii. Consultations with local SSC and FMSS staff on most advisable room to convert given physical security requirements.
 

The following information must be sent to the CNSI PM:

i. Justification stating the need for the Security Area and the storage of Top Secret.
ii. The location (building address and office number).
iii. The given name of a Top Secret Control Officer who will be responsible during upgrade/construction and upon certification, in line with subsection IRM 10.9.1.8.6(7) of this IRM.
 

Assurance that the Business Unit can provide adequate 24/7 coverage to respond to alarms, disturbances, or events in the Security Area. Those chosen for coverage must:

i. Possess a valid Top Secret clearance.
ii. Be an IRS authorized holder.
iii. Understand security requirements of secure operations.
 

After the information has been provided, the CNSI PM will work with the AD, Security to ensure that all requirements are met. AD, Security must provide a response within 30 calendar days of the receipt of all information for the process to begin.

Approval to build the Top Secret Space is submitted to the AD, Security by the requesting Business Unit. See “Requesting a Top Secret Space and Milestones” subsection above.

The initial survey of the room will be conducted by the CNSI PMs ensuring that the 32 CFR 2001 physical security requirements for Top Secret Spaces are met.

The CNSI PMs will coordinate with the local SSC and requesting Business Unit to ensure gaps between the current status of the room and 32 CFR 2001 requirements are addressed.

i. The Security Area must be equipped with NSA/CSS EPL shredder, GSA approved class 5 or 6 security container with FF-L-2740 lock, door signage that appropriately warns against unauthorized entry.
ii. All trash and recycling bins removed.
iii. No wireless devices of any kind are permitted.
iv. Each Responsible Party and Authorized Personnel must have their own, unique code to the IDS.
v. If windows are present, then they must be equipped with blinds, full coverage shades or similar to preclude visual observation.
 

After-hours response must be coordinated with the SSC, monitoring entity and Business Unit.

Once built, the CNSI PMs will perform a certification inspection. If the space meets requirements, the AD, Security will issue a certification letter.

If certified for classified discussions by AD, Security, STE can be procured by the Business Unit from the IRS COMSEC POC.

The Responsible Party of the Security Area must ensure that security protocols discussed above in IRM 10.9.1.8.6(2) are established and maintained for the space, to include immediate provision of a response roster to the monitoring entity.

i. A copy of the certification letter, IRS Form 5421, and the SF 701 must be placed by the primary entry door on the secure side of the Top Secret Space.
ii. The SF 702 must be kept on the non-secure side of the primary entry door to the Top Secret Space and on other security containers as required.
iii. Security Area Entry Door Warning Sign and current access roster on the non-secure side of all entry doors, found on the CNSI Website.
iv. The SF 707 and 710 stickers must be placed on equipment as applicable.

Prior to any designs or construction being created, the approval to build a SCIF must be obtained from the Assistant Secretary (A/S) of Treasury’s Office of Intelligence and Analysis (OIA).

The requesting Business Unit must complete the request form provided by the CNSI PMs and include the following information, at minimum, on a Justification Memorandum on IRS letterhead:

i. Definition of need and why other SCIFs in the surrounding area cannot be used in lieu of new construction,
ii. Funding source for construction, protection, and maintenance,
iii. Stated willingness to cover additional expenses for the guard contract to adequately protect the SCIF (e.g., 24/7 response within 15 minutes maximum),
iv. Acknowledge necessity to appoint a trained primary and alternate Site Security Manager (SSM) during the construction phase, the CNSI PMs can provide the acceptable training. The SSM can serve as the SSO.
v. Acknowledge necessity to have a dedicated, trained (trainings may require travel, contact CNSI PMs for list of acceptable courses) authorized holder within the Business Unit to serve as SSO once the SCIF has been accredited. Roles and responsibilities of SSO will be outlined by Treasury and in accordance with the ICDs upon accreditation.
vi. Appointment of Top Secret Control Officer, who could also serve as the SSO upon the SCIF’s accreditation.
vii. SCIF Facility Type: Secure Work Area, Temporary Secure Working Area, Continuous Operation, Temporary SCIF, Open Storage, or Closed Storage,
viii. Whether the building, if leased, has been reviewed per Interagency Security Committee requirements,
ix. If the facility is multi-tenant, list the tenant company names,
x. Number of TFIN drops required.
 

The Justification Memorandum must be signed by the requesting Business Unit’s senior executive and sent to the AD, Security.

The Justification Memorandum is sent to the Chief, FMSS via the CNSI PMs through the AD, Security.

Chief, FMSS reviews and provides decision on SCIF packet. If approved the Chief, FMSS will forward the packet to the A/S of OIA via the Deputy Assistant Secretary for Intelligence and Analysis. If not approved, or if more information is needed, the packet goes back the CNSI PMs and over to the Business Unit.

Chief, FMSS briefs IRS Senior Leadership as required.

OIA will consider the request and provide an approval or disapproval to Chief, FMSS. The Chief, FMSS will return the packet back to the CNSI PMs.

CNSI PMs provide requesting Business Unit the final decision.

If approved, Treasury will provide information regarding the design, planning, and construction process in terms of whom the Cognizant Security Authority, Accrediting Official (AO), and SSO will be for the design, construction, and accreditation. The AO will be the primary POC for all security requirements to the CNSI PMs and Business Unit.

If the SCIF is disapproved, there is no appeal process- the requesting Business Unit must find an alternate SCIF in the area to use.

The portions in parenthesis of the Top Secret Control Officer appointment language, below, must be replaced with the appropriate information before being sent to the appointee:

i. In accordance with IRM 10.9.1, Classified National Security Information, (given name of person) is appointed to the position of Top Secret Control Officer for (name of Business Unit) at the (facility, campus, etc.). (Name) has been verified to have an active, in-scope (Top Secret clearance for Top Secret Space or TS/SCI clearance for a SCIF). (Name) is aware that it is (his/her) duty to understand and perform all the requirements noted in IRM 10.9.1 for the position of Top Secret Control Officer.
 

If a Top Secret Control Officer can no longer perform their duties, a replacement must be appointed promptly. It is requested that a replacement be appointed in advance, if possible.

Responsibilities, these are in addition to the Responsibilities noted in subsection IRM 10.9.1.1.3(8).

i. Review "TSCO Duties and Responsibilities" material on the CNSI Website and discuss with CNSI PMs, as applicable, to understand duties; if the position is Top Secret Control Officer of a SCIF, Treasury OIA training’s must also be received.
ii. The Top Secret Control Officer must ensure that Top Secret is properly stored, shared, transmitted (to include use of required forms, double-wrapping, systems used, etc.) and that such information under their personal custody is destroyed under two-person control and the destruction is documented.
iii. The Top Secret Control Officer must initially receive an open all Top Secret information in their organization, to include that delivered to the agency by outside courier and/or brought back to the agency by an authorized holder. All incoming Top Secret must be brought to (and logged in by) the Top Secret Control Officer by the next business day.
iv. Maintaining the TD F 15-05.4, Document Control Register, for all Top Secret information held by the Business Unit. In maintaining the TD F 15-05.4, the Top Secret Control Officer must assign a Top Secret Control Number to all incoming and newly created documents in a calendar-year sequence (e.g., for CY2020: 20-001 and 20-002, where "20" is the calendar year when the document is initially recorded and the "01" , "002" are the first and second documents, with numbers continuing sequentially). The control number must be noted on the front page of the document in a conspicuous place. Accountability records must be kept unclassified and can be stored in the security container housing the information so long as the Top Secret Control Officer maintains a backup.
v. The results of the self-assessment will be provided in an unclassified, written report maintained by the Top Secret Control Officer for review during self-assessments. If there are documents that are unaccounted for, it is treated as a security violation, and the report includes a plan of action with identifiable milestones and dates for resolving whatever circumstances caused the material to be lost or missing.
vi. Affix a TD F 15-05.10, Top Secret Document Record, as well as the TD F 15- 05.8, to all copies of Top Secret information leaving the immediate office/IRS prior to delivery to other offices for record/response.

1. TD F 15-05.10 must be printed on green card stock and attached to all Top Secret documents. TD F 15-05.10 is in addition to TD F 15-05.4.
2. The TD F 15-05.10 must be maintained for two years from the last, at which point it can be destroyed.
3. In process TD F 15-05.8, Receipt of Classified Information, must be used to start tracer actions after 30 days if they have not been returned. Completed TD F 15-05.8 must be maintained for three years if no outstanding tracer actions exist.

vii. Maintaining accountability records, receipts of the transmission and destruction of Top Secret information for three years from the last date noted.

Have a final, favorable security clearance at the level they need to courier,

Proof of courier training completed within the last 30 days and

Not be currently detailed to another agency to request a courier card or letter from IRS.

If the authorized holder has a frequent and recurring need, (e.g., a minimum of 12 times per year) then a courier card will be applied for. Anything less frequent in terms of times per year, a courier letter will be applied for.

Treasury has delegated the issuance of courier cards for CI employees to CI. The CI Security Specialist must receive and process TD F 15-05.12 for CI employees.

For all other IRS employees, except CI, TD F 15-05.12 must be sent to the CNSI PM.

The AD, Security must sign all courier cards and letters.

CI Security Specialist or CNSI PM must use TD F 15-05.7, Courier Card Badge, to create the courier card.

Upon receipt of the courier card, the authorized holder/courier must sign the TD F 15-05.12 and return it to the CI Security Specialist or CNSI PM.

CI Security Specialist and CNSI PM must maintain records of the TD F 15-05.12 until the card has expired.

CI Security Specialist and CNSI PM must use Attachment 2 in the TD P 15-71, entitled "Sample Courier Letter Format," to create the courier letter.

Burn-bags awaiting destruction must be protected while in the end-user’s custody. Burn-bags will only be collected, and contents immediately destroyed, by authorized holders.

When not in active use, burn-bags containing CNSI are protected commensurate with the level of CNSI within.

Use of burn-bags should be limited as CNSI requiring destruction should be shredded as soon as possible instead of stored awaiting for bulk destruction.