Nessus audit files — 2023

Automated testing

The IRS Office of Safeguards utilizes Tenable's industry standard compliance and vulnerability assessment tool, Nessus, to evaluate the security of systems (e.g., Windows, *NIX, Cisco) that store, process, transmit or receive federal tax information. We use Nessus to conduct configuration compliance checks using Center for Internet Security (CIS) benchmarks supplemented with some IRS-specific requirements. This process has been developed to provide agencies with enhanced information regarding the security controls in place to protect FTI.

• Listing of FTI Systems and IP’s XLSX
• Nessus - Introduction Memo PDF

Preparing for Nessus compliance scanning

The following NESSUS audit files may be used according to the process described in the applicable technical assistance memorandum PDF to evaluate IRS Publication 1075 compliance on systems that store, process, transmit and/or receive federal tax information and are subject to IRC 6103 (p)(4) safeguarding requirements.

The complete set of Nessus Audit Files ZIP are also available.

Security and Privacy Alert

Office of Safeguards

Date: August 12, 2024

Subject: Safeguard Computer Security Evaluation Matrix (SCSEM)

Notification

The Safeguard Computer Security Evaluation Matrix (SCSEM) and NESSUS audit files for Windows 10, Windows 11, Windows Server 2016 and Windows Server 2022 are now available.

Guidance

The IRS Office of Safeguards updated the SCSEM and NESSUS audit files for Windows 10, Windows 11, Windows Server 2016 and Windows Server 2022. The new SCSEM package will go into effect on November 25, 2024. The updated SCSEM will be used to review information technology assets that receive, store, process, transmit, or protect federal tax information.

All SCSEMs have been posted to the Safeguards website. 

Safeguards contact

Please contact the Office of Safeguards by email at safeguardreports@irs.gov with any questions about the updated SCSEM package.