In order to protect potentially sensitive agency information, the IRS Office of Safeguards requests agencies to adhere to the following protocols when transmitting electronic documentation:
- Compress files in .zip or .zipx formats
- Encrypt the compressed file using Advanced Encryption Standard (AES)
- Use a strong 256-bit encryption key string
- Ensure a strong password or pass phrase is generated to encrypt the file
- Communicate the password or pass phrase with the Safeguards Office through a SEPARATE email or via a telephone call to your IRS contact person. Do NOT provide the password or pass phrase in the same email containing the encrypted attachment.
Refer to your specific file compression software user guide for instructions on how to compress and encrypt files. Known products compatible with IRS include, but are not limited, to WinZip and SecureZip.
Please remember, while the attachment is encrypted, the content of the email message will not be encrypted so it is important that any sensitive information be contained in the attachment (encrypted document).
- IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies