Automated testing
The IRS Office of Safeguards utilizes Tenable's industry standard compliance and vulnerability assessment tool, Nessus, to evaluate the security of systems (e.g., Windows, *NIX, Cisco) that store, process, transmit or receive federal tax information. We use Nessus to conduct configuration compliance checks using Center for Internet Security (CIS) benchmarks supplemented with some IRS-specific requirements. This process has been developed to provide agencies with enhanced information regarding the security controls in place to protect FTI.
Preparing for Nessus compliance scanning
The following NESSUS audit files may be used according to the process described in the applicable technical assistance memorandum PDF to evaluate IRS Publication 1075 compliance on systems that store, process, transmit and/or receive federal tax information and are subject to IRC 6103 (p)(4) safeguarding requirements.
The complete set of Nessus Audit Files ZIP are also available.