Information For...

For you and your family
Standard mileage and other information

Forms and Instructions

Individual Tax Return
Instructions for Form 1040
Request for Taxpayer Identification Number (TIN) and Certification
Request for Transcript of Tax Return


Employee's Withholding Allowance Certificate
Employer's Quarterly Federal Tax Return
Employers engaged in a trade or business who pay compensation
Installment Agreement Request

Popular For Tax Pros

Amend/Fix Return
Apply for Power of Attorney
Apply for an ITIN
Rules Governing Practice before IRS

Section 9.18.13 - Protecting FTI in (VOIP) Voice over IP Networks

To utilize a VoIP network that provides FTI to a customer, the agency must meet the following mandatory requirements:

  • VoIP traffic that contains FTI should be segmented off from non-VoIP traffic via a virtual Local Area Network (vLAN) or other segmentation method. If complete segmentation is not feasible, the agency must have compensating controls in place and properly applied which restrict access to VoIP traffic which contains FTI.
  • When FTI is in-transit across the network (either Internet or state agency’s network) the VoIP traffic must be encrypted using a NIST-approved method operating in a NIST-approved mode.
  • VoIP network hardware (servers, routers, switches, firewalls) must be physically protected in accordance with the minimum protection standards for physical security outlined in IRS Publication 1075, section 4.0, Secure Storage.
  • Each system within the agency’s network that transmits FTI to an external customer through the VoIP network is hardened in accordance with the requirements of Publication 1075 and is subject to frequent vulnerability testing.
  • VoIP-ready firewalls must be used to filter VoIP traffic on the network.
  • Security testing must be conducted on the VoIP system prior to implementation with FTI and annually thereafter.
  • VoIP phones must be logically protected and agencies must be able to track and audit all FTI-applicable conversations and access.

Additionally, the IRS Office of Safeguards recommends the following security requirements be implemented by agencies:

  • Soft-phone systems, i.e. software on user’s computer to implement VoIP, should not be used with VoIP networks that transmit FTI.
  • Consider employing a variety of specific logical controls such as: authentication at each transition point, or at the device level, such as Media Access Control (MAC).
  • Use static IP addresses for the phones.
  • Employ an intrusion detection system that can identify and filter packets, allowing only traffic from a legitimate DHCP source.

References/Related Topics