2.17.1 Infrastructure Currency Policy for Software

Manual Transmittal

October 09, 2018

Purpose

(1) This transmits new IRM 2.17.1, Infrastructure Currency, Infrastructure Currency Policy for Software

Material Changes

(1) No changes; establishing IRM 2.17.1

Effect on Other Documents

Interim Guidance IT-02-0118-0001 is incorporated into this IRM

Audience

Information Technology

Effective Date

(10-09-2018)


S. Gina Garza
Chief Information Officer

Program Scope and Objectives

  1. This IRM section provides the Infrastructure Currency policy for Commercial Off-The-Shelf Software.

Infrastructure Currency Policy for Commercial Off-The-Shelf Software

  1. The IRS IT Commercial Off-The-Shelf (COTS) software infrastructure shall only use Software Product Versions, which are approved in the Enterprise Standards Profile (ESP).

  2. Terminology referenced in this IRM:

    • Compliance: A software product version’s adherence to the standards and guidance provided in the Enterprise Standards Profile (ESP)

      Note:

      Please refer to IRM 2.15.1 for ESP related information.

    • Currency: A measurement of a software product’s lifecycle in relation to the vendor’s latest major version. The latest major version is N, the immediately preceding major version is N-1.

  3. The COTS products on the IRS IT Infrastructure shall be considered in compliance if they are using the most current “Major Version Approved” in the ESP or the immediately preceding major version that is approved in the ESP.

  4. No later than 6 months after a product version has been identified as non-compliant, product owners shall either provide a plan to bring the version into compliance via upgrade, replacement, or removal from the IRS environment, or request to remain on the current version via Risk Acceptance Form and Tool (RAFT). The Infrastructure Executive Steering Committee (IESC) shall approve the disposition of all non-compliant versions.

    Note:

    This policy is not applicable in the test labs.

  5. Figure 2.17.1-1 provides several sample scenarios and the resulting compliance status.

    Figure 2.17.1-1

    If... And... Then...
    The version is approved for use in the ESP The latest major version in the ESP or the immediately preceding major version The version is compliant
    The version is approved for use in the ESP Is not either the latest major version in the ESP or the immediately preceding major version The version is not compliant, reference the non-compliance section of IRM
    The version is not approved for use or reflected in the ESP   The version is not compliant, reference the non-compliance section of IRM