Information For...

For you and your family
Individuals abroad and more
EINs and other information

Filing For Individuals

Information For...

For you and your family
Standard mileage and other information

Forms and Instructions

Individual Tax Return
Request for Taxpayer Identification Number (TIN) and Certification
Single and Joint Filers With No Dependents
Employee's Withholding Allowance Certificate

 

Request for Transcript of Tax Returns
Employer's Quarterly Federal Tax Return
Installment Agreement Request
Wage and Tax Statement

Popular For Tax Pros

Amend/Fix Return
Apply for Power of Attorney
Apply for an ITIN
Rules Governing Practice before IRS

Safeguards Program

The Safeguards Program and staff are responsible for ensuring that federal, state and local agencies receiving federal tax information protect it as if the information remained in IRS’s hands.

These agencies and their contractors receiving federal tax information must protect the confidentiality of return information and are periodically reviewed by Safeguards personnel to ensure they meet the safeguarding requirements of IRC 6103(p)(4). These requirements include employee awareness programs, proper disposal, secure storage and computer security among others.

The updated version of Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies (PDF) (Rev. 11/16) contains specific requirements for safeguarding federal tax information. 

Comments and suggestions on the revised Publication 1075 can be forwarded to the safeguards mailbox at: safeguardreports@irs.gov.

Frequently Asked Questions
Answers to commonly asked questions about various Safeguards topics, including Q&As regarding the Safeguard Security Report (SSR). 

Publication 1075 Notification Requirements
Safeguarding requirements may be supplemented or modified between editions of Publication 1075 by guidance issued by Safeguards.

FOIA Request Memorandum
Important information on how federal, state and local agencies should respond to FOIA/Open Records/or similar Information Sharing requests for any IRS safeguard report or related communications in the possession of a federal, state or local agency.

Child Support Resources 
Guidance regarding Tribal child support enforcement agencies (12-2016) is now included. 

ALERTS

See “Safeguards Alert Memorandums” below for trending security concerns.


Publication 1075

Office hours notes: Background investigation requirements 

Reporting Requirements
Publication 1075 requires agencies to use approved report templates and to transmit the reports electronically. These reports must be encrypted and submitted to the safeguardreports@irs.gov mailbox.

Reporting Unauthorized Accesses, Disclosures or Data Breaches
Local, state and federal agencies receiving federal tax information must follow the revised provisions of Section 10 of Publication 1075 (PDF) (Coming soon) upon discovering a possible improper inspection or disclosure of FTI, including breaches and security incidents. Agencies must contact Treasury Inspector General for Tax Administration and IRS Safeguards immediately, but no later than 24-hours after identification of a possible issue involving federal tax information. Agencies are not to wait until after their own internal investigation as been conducted.

Contacting TIGTA is critical to expedite the recovery of compromised data and identify potential criminal acts. IRS Safeguards investigation focuses on identifying processes, procedures or systems within the agency with inadequate security controls which led to the incident.

Internal Inspections Reports
Section 6.4 of Publication 1075, Tax Information Security guidelines for Federal, State and Local Agencies and Entities, requires agencies receiving federal tax information (FTI) establish a review cycle as follows:

  • Local offices receiving FTI: at least every three years
  • Headquarters office facilities housing FTI and the agency computer facility: at least every 18 months
  • All contractors with access to FTI, including a consolidated data center or off-site storage facility: at least every 18 months

In addition, the agency must:

  • Complete a documented schedule (internal inspection implementation report) detailing the timing of all internal inspections in the current year and next two years (three-year cycle) and
  • Develop and monitor a Plan of Action and Milestones (PO&AM), which includes all corrective actions identified and the actions the agency plans to take to resolve the findings

Below are templates to assist agencies in meeting the Internal Inspections requirements. The use of these templates is not a requirement if the agency has developed documents that meet the requirements in Publication 1075, Section 6.4.

Safeguards Technical Assistance by Topic
The IRS has recommendations and discussions on various Safeguards program topics available for agencies to help stay in compliance. These documents may assist with preparation of reports, protecting federal tax information, and knowing the legalities of the Safeguards Program.

Safeguards Videos

2016 Safeguards Security Awareness Videos
New videos are available for local, state and federal governmental agencies, which receive federal tax information (FTI). IRS Safeguards has created videos (captioned in English and Spanish) to help explain key concepts in protecting the confidentiality of FTI. 

Building New Systems, Policies and Procedures 
These videos are designed to assist local, state, and federal agencies in designing and building a new application or policies and procedures containing Federal Tax Information (FTI).

Protecting Federal Tax Information 
Short video on the on the overall protection of Federal Tax Information (FTI).

Safeguards Podcasts

Updates to Publication 1075 – Part 1 
This podcast covers three key changes featured in the November 2016 revision of Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies. Please note that the correct timeframe for implementation of the new background investigation standards is within one year from the November 2016 revision of Publication 1075.  

Updates to Publication 1075 – Part 2
This podcast covers four key changes featured in the November 2016 revision of Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies

Use of Automated Tools
To enhance our ability to identify, monitor and mitigate risk to FTI, The Office of Safeguards uses an automated tool during on-site reviews.

References/Related Topics

Physical Security and Disclosure References/Related Topics
Publication 1075 requirements pertaining to the protection of FTI in a physical environment and the disclosure of FTI to other persons are available in the Safeguard Disclosure Security Evaluation Matrix.

Document

Version

Release Date

Safeguard Disclosure Security Evaluation Matrix (SDSEM) (XLS)

3.0

9/12/2012


Safeguards Alert Memorandums
The following resources address recent security trends regarding the protection of FTI.

Document

Version

Release Date

Alert Memo-Integrated Eligibility Systems

2.0

9/10/2015

Alert Memo – Protecting FTI On Mainframes with Open Port 23 N/A 6/17/2013
Alert Memo – Multi-factor Authentication Implementation N/A 6/17/2013
Alert Memo – Windows Server 2003 End of Life N/A 1/21/2015
Alert Memo - Windows XP End of Life

N/A

4/9/2014


Computer Security Compliance References/Related Topics
The following Computer Security Evaluation Matrix (SCSEM) downloads are available for use in preparing an IT environment that will receive, process, or store FTI.

Document

Version

Release Date

Application – Generic Application SCSEM (XLS) 2.1 1/31/2017
Application - Oracle Public Sector Revenue Management (PSRM) (formerly Enterprise Taxation and Policy Management (ETPM)) 2.2 1/31/2017
Application – GenTax SCSEM (XLS) 2.1 1/31/2017
Application - RSI Revenue Premier SCSEM(XLS) 2.1 1/31/2017
Application - Teradata SCSEM(XLS) 2.1 1/31/2017
 
Database – DB2 SCSEM (XLS) 1.1 1/31/2017
Database – DB2 zOS SCSEM (XLS) 2.1 1/31/2017
Database – Oracle 11g SCSEM (XLS) 2.1 1/31/2017
Database – Oracle 12c SCSEM (XLS) 2 1/31/2017
Database – SQL Server 08 and 12 SCSEM (XLS) 2.1 1/31/2017
Database – Generic Database SCSEM (XLS) 2.1 1/31/2017
Database – Data Warehouse SCSEM (XLS) 2.1 1/31/2017
 
Mainframe – ACF2 SCSEM (XLS)

2.1

1/31/2017

Mainframe – IBMi SCSEM (XLS)

2.1

1/31/2017

Mainframe – RACF SCSEM (XLS)

2.1

1/31/2017

Mainframe – Top Secret SCSEM (XLS)

2.1

1/31/2017

Mainframe – UNISYS SCSEM (XLS)

3.1

1/31/2017

 
Management, Operational and Technical (MOT) (XLS)

3.1

1/31/2017

 
Network – Firewall SCSEM (XLS) 2.1 1/31/2017
Network – Network Assessment SCSEM (XLS) 2.1 1/31/2017
Network – Storage Area Network SCSEM (SAN) (XLS)

2.1

1/31/2017

Network – Switch/Router SCSEM (XLS) 2.1 1/31/2017
Network – Virtual Private Network (VPN) SCSEM (XLS)

2.1

1/31/2017

Network – Voice Over Internet Protocol (VoIP) SCSEM (XLS)

2.1

1/31/2017

Network – Wireless Local Area Network (LAN) SCSEM (XLS)

2.1

1/31/2017

 
Other – Cloud Computing SCSEM (XLS)

2.2

1/31/2017

Other – Generic Operating System SCSEM (XLS)

2.1

1/31/2017

Other – Mobile Devices SCSEM (XLS)

2.1

1/31/2017

Other – OpenVMS SCSEM (XLS)

2.1

1/31/2017

Other – Printer SCSEM (Multi-Function Device and High Volume Printer) (XLS) 2.1 1/31/2017
Other – Web Server SCSEM (XLS)

2.1

1/31/2017

 
Generic *NIX Systems SCSEM (XLS) 1.7 3/25/2016
AIX 6 and AIX 7 SCSEM (XLS) 1.3 1/31/2017
Oracle Solaris 10, 11, and 11.1 SCSEM (XLS) 1.3 1/31/2017
Red Hat Enterprise Linux 5 and 6 SCSEM (XLS) 2.1 1/31/2017
SUSE and Linux 11 (XLS) 1.3 1/31/2017
Oracle Linux 5 and 6 SCSEM (XLS) 1.3 1/31/2017
CentOS Linux SCSEM (XLS) 1.1 1/31/2017
HPUX 11i SCSEM (XLS) 1.1 1/31/2017
 
Virtualization – VMWare ESXi 5.0 SCSEM (XLS) 2.1 1/31/2017
Virtualization – VMWare ESXi 5.5 SCSEM (XLS) 2.1 1/31/2017
 
Microsoft Windows 7 SCSEM (XLS) 2 3/25/2016
Microsoft Windows 8 SCSEM (XLS) 2 1/31/2017
Microsoft Windows Server 2008 SCSEM (XLS) 2 1/31/2017
Microsoft Windows Server 2008 R2 SCSEM (XLS) 2 1/31/2017
Microsoft Windows Server 2012 SCSEM (XLS) 2 1/31/2017
Microsoft Windows Server 2012 R2 SCSEM (XLS) 2 1/31/2017
Microsoft Windows Vista SCSEM (XLS) 1.4 1/31/2017
Microsoft Windows 10 SCSEM (XLS) 2 1/31/2017
 
Macintosh OSX 10.8 SCSEM (XLS) 2.1 1/31/2017

 

Automated Testing
The IRS Office of Safeguards utilizes Tenable’s industry standard compliance and vulnerability assessment tool, Nessus, to evaluate the security of systems (e.g., Windows, *NIX, Cisco) that store, process, transmit or receive Federal Tax Information. We use Nessus to conduct configuration compliance checks using Center for Internet Security (CIS) benchmarks supplemented with some IRS-specific requirements. This process has been developed to provide agencies with enhanced information regarding the security controls in place to protect FTI.