Information For...

For you and your family
Individuals abroad and more
EINs and other information

Filing For Individuals

Information For...

For you and your family
Standard mileage and other information

Forms and Instructions

Individual Tax Return
Request for Taxpayer Identification Number (TIN) and Certification
Single and Joint Filers With No Dependents
Employee's Withholding Allowance Certificate

 

Request for Transcript of Tax Returns
Employer's Quarterly Federal Tax Return
Installment Agreement Request
Wage and Tax Statement

Popular For Tax Pros

Amend/Fix Return
Apply for Power of Attorney
Apply for an ITIN
Rules Governing Practice before IRS

Use of Collaborative Tools

Request for Technical Assistance

Do the security standards in collaborative software tools such as Citrix products GoToMeeting and GoToAssist offer sufficient protection in transmitting Federal Tax Information (FTI) across encrypted tunnels?

Agencies and businesses increasingly rely on digital forms of communication for computer-based real-time collaboration. These software applications provide virtual space, which enables participants to communicate via voice, video, chat, whiteboard, and can share user desktops, applications and documents.

However, some of the features of these applications are of concern with respect to network and data security. Some general risks that are associated with this type of technology include:

  • Malware – Viruses, spyware, Trojans and worms transferred through instant message sessions and peer-to-peer data exchanges.

  • Loss of Data Confidentiality – Data transferred via a collaborative software tool is subject to unauthorized disclosure at several points during the communication session. The traffic generally passes through third-party networks and servers out of the control of the data owner.

  • Network Attacks – These collaborative software tools open additional network ports creating a larger attack surface and more entry points for untrusted users to launch denial of service, spamming and man-in-the-middle attacks. Also these tools use excessive amounts of network bandwidth creating the potential for unintended denial of service.

The IRS Internal Revenue Manual (IRM) 10.8.1, Security, Privacy and Assurance Policy implements the following policy with regard to the use of collaborative software tools:

  • Collaborative software tools “shall not be used to transmit sensitive but unclassified (SBU) data.”
  • “The communication of audio and video content, directory services, application sharing, and remote desktop sharing shall be prohibited.”

Therefore, these collaborative software tools do not provide the required level of assurance to protect sensitive but unclassified FTI, and State agencies are prohibited from using them to display or transmit FTI regardless of whether it is a third-party hosted collaboration service, or an agency hosted service.

In lieu of using a collaborative software tool such as GoToMeeting or GoToAssist to transmit FTI, agencies should use agency-controlled Virtual Private Networks (VPNs) that provide FIPS 140-2 or later compliant cryptography to prevent a loss of data confidentiality and/or integrity.

References/Related Topics: