Automated testing The IRS Office of Safeguards utilizes Tenable's industry standard compliance and vulnerability assessment tool, Nessus, to evaluate the security of systems (e.g., Windows, *NIX, Cisco) that store, process, transmit or receive federal tax information. We use Nessus to conduct configuration compliance checks using Center for Internet Security (CIS) benchmarks supplemented with some IRS-specific requirements. This process has been developed to provide agencies with enhanced information regarding the security controls in place to protect FTI. Listing of FTI Systems and IP’s XLSX Nessus - Introduction Memo PDF Preparing for Nessus compliance scanning The following NESSUS audit files may be used according to the process described in the applicable technical assistance memorandum PDF to evaluate IRS Publication 1075 compliance on systems that store, process, transmit and/or receive federal tax information and are subject to IRC 6103 (p)(4) safeguarding requirements. The complete set of Nessus Audit Files ZIP are also available. Security and Privacy Alert Office of Safeguards Date: August 12, 2024 Subject: Safeguard Computer Security Evaluation Matrix (SCSEM) Notification The Safeguard Computer Security Evaluation Matrix (SCSEM) and NESSUS audit files for Windows 10, Windows 11, Windows Server 2016 and Windows Server 2022 are now available. Guidance The IRS Office of Safeguards updated the SCSEM and NESSUS audit files for Windows 10, Windows 11, Windows Server 2016 and Windows Server 2022. The new SCSEM package will go into effect on November 25, 2024. The updated SCSEM will be used to review information technology assets that receive, store, process, transmit, or protect federal tax information. All SCSEMs have been posted to the Safeguards website. Safeguards contact Please contact the Office of Safeguards by email at safeguardreports@irs.gov with any questions about the updated SCSEM package. Audit file Version Upload date Safeguards AIX 7.1 Audit File 1.3 6/11/2023 Safeguards AIX 7.2 Audit File 1.0 6/11/2023 Safeguards Apache 2.4 Audit File 1.2 6/11/2023 Safeguards CentOS 6 Audit File 2.2.0 6/11/2023 Safeguards CentOS 7 Audit File 3.1.1 6/11/2023 Safeguards CentOS 8 Audit File 1.1.0 6/11/2023 Safeguards CheckPoint Firewall Audit File 1.0 6/11/2023 Safeguards Cisco ASA 9x Audit File 1.1 6/11/2023 Safeguards Cisco iOS 15 Audit File 4.0.1 3/22/2023 Safeguards Cisco iOS 16 Audit File 1.0 6/11/2023 Safeguards Cisco iOS 17 Audit File 1.0 9/28/2023 Safeguards Debian Linux 9 Audit File 1.1 6/11/2023 Safeguards Debian Linux 10 Audit File 1.1 6/11/2023 Safeguards Debian Linux 11 Audit File 1.0 9/27/2023 Safeguards Fortigate Firewall Audit File 1.0 9/27/2023 Safeguards IBM DB2 11 1.0 6/11/2023 Safeguards IIS 8.0 Audit File 1.3 3/22/2023 Safeguards IIS 8.5 Audit File 1.3 6/11/2023 Safeguards IIS 10 Audit File 1.3 6/11/2023 Safeguards MacOS 10.15 Audit File 1.4 6/11/2023 Safeguards MacOS 11 Audit File 1.0 6/11/2023 Safeguards MacOS 12 Audit File 1.0 6/11/2023 Safeguards MacOS 13 Audit File 1.0 9/27/2023 Safeguards NGNIX Webserver Audit File 1.0 9/13/2023 Safeguards Oracle 12c RDBMS Audit File 1.3 6/11/2023 Safeguards Oracle 18c RDBMS Audit File 1.0 6/11/2023 Safeguards Oracle 19c RDBMS Audit File 1.0 6/11/2023 Safeguards Oracle Linux 6 Audit File 2.2.0 6/11/2023 Safeguards Oracle Linux 7 Audit File 3.1.1 6/11/2023 Safeguards Oracle Linux 8 Audit File 1.1.0 6/11/2023 Safeguards Oracle Linux 9 Audit File 1.2 9/28/2023 Safeguards Oracle Solaris 10 Audit File 1.1 6/11/2023 Safeguards Oracle Solaris 11 Audit File 1.1 6/11/2023 Safeguards Oracle Solaris 11.1 Audit File 1.1 6/11/2023 Safeguards Oracle Solaris 11.2 Audit File 1.0 6/11/2023 Safeguards Oracle Solaris 11.4 Audit File 1.2 6/11/2023 Safeguards Palo Alto 8 Audit File 1.1 6/11/2023 Safeguards Palo Alto 9 Audit File 1.0 6/11/2023 Safeguards Palo Alto 10 Audit File 1.1 8/30/2023 Safeguards RHEL 6 Audit File 2.2.0 6/11/2023 Safeguards RHEL 7 Audit File 3.1.1 6/11/2023 Safeguards RHEL 8 Audit File 1.1.0 6/11/2023 Safeguards RHEL 9 Audit File 1.2 9/28/2023 Safeguards Rocky Linux 9 Server Audit File 1.0 9/27/2023 Safeguards SQL Server 2012 Audit File 1.1 6/11/2023 Safeguards SQL Server 2014 Audit File 1.1 6/11/2023 Safeguards SQL Server 2016 Audit File 1.4 10/01/2024 Safeguards SQL Server 2017 Audit File 1.3 10/01/2024 Safeguards SQL Server 2019 Audit File 1.3 10/01/2024 Safeguards SQL Server 2022 Audit File 1.1 10/01/2024 Safeguards SUSE 12 Audit File 2.1 6/11/2023 Safeguards SUSE 15 Audit File 1.0 6/11/2023 Safeguards SUSE Linux Enterprise Server11 Audit File 2.1.0 6/11/2023 Safeguards VMware ESXi 6.5 Audit File 1.1 6/11/2023 Safeguards VMware ESXi 6.7 Audit File 1.1 6/11/2023 Safeguards VMware ESXi 7.0 Audit File 1.0 6/11/2023 Safeguards Windows 10 Audit File 6.0 8/8/2024 Safeguards Windows 11 Audit File 3.0 8/8/2024 Safeguards Windows 2012 Audit File 2.1 6/11/2023 Safeguards Windows 2012 R2 Audit File 2.4 6/11/2023 Safeguards Windows Server 2016 Audit File 3.0 8/12/2024 Safeguards Windows 2019 Audit File 1.2 6/11/2023 Safeguards Windows Server 2022 Audit File 2.0 8/8/2024