Thursday, June 1, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Are Internet Providers 'Aiding and Abetting' Crimes?
  • Not your average Joe: An analysis of the XeGroup’s attack techniques
  • Cyberinsurance Prices Moderate as Premium Hikes Slow
  • CyRC Vulnerability Advisory: CVE-2023-32353, Apple iTunes local privilege escalation on Windows
  • Avoid The Hack: 6 Best Privacy Browser Picks for Linux and macOS
Governance, Risk & Compliance Security Bloggers Network 

Home » Cybersecurity » Governance, Risk & Compliance » Computer System Security Requirements for IRS 1075: What You Need to Know

SBN

Computer System Security Requirements for IRS 1075: What You Need to Know

by David Jamieson on September 19, 2018

The IRS 1075 publication lays out a framework of compliance regulations to ensure federal tax information, or FTI, is treated with adequate security provisioning to protect its confidentiality. This may sound simple enough but IRS 1075 puts forth a complex set of managerial, operational and technical security controls you must continuously follow in order to maintain ongoing compliance.

DevOps ConnectSponsorships Available

Any organization or agency that receives FTI needs to prove that they’re protecting that data properly with IRS 1075 compliance. Federal, state, county and local entities – as well as the contractors they employ – are all within its scope.

IRS 1075 is comprised of the following sections:

  1. Introduction
  2. Federal Tax Information and Reviews
  3. Recordkeeping Requirement: IRC 6103(p)(4)(A)
  4. Secure Storage: IRC 6103(p)(4)(B)
  5. Restricting Access: IRC 6103(p)(4)(C)
  6. Other Safeguards: IRC 6103(p)(4)(D)
  7. Reporting Requirements: IRC 6103(p)(4)(E)
  8. Disposing of FTI: IRC 6103(p)(4)(F)
  9. Computer System Security
  10. Reporting Improper Inspections or Disclosures
  11. Disclosure to Other Persons
  12. Return Information in Statistical Report

The complete document describing IRS 1075 requirements is available here.

All agency information systems used for receiving, processing, storing or transmitting FTI must be hardened in accordance with the requirements in IRS 1075. Agency information systems include the equipment, facilities and people that collect, process, store, display and disseminate information. This includes computers, hardware, software and communications as well as policies and procedures for their use.

The computer security framework was primarily developed using guidelines specified in NIST SP 800-30 Revision 1, Guide for Conducting Risk Assessments, and NIST SP 800- 53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Only applicable NIST SP 800-53 controls are included in IRS 1075 as a baseline. Applicability was determined by selecting controls required to protect the confidentiality of FTI.

Let’s focus on Section 9: Computer System Security.

IRS 1075 requires organizations and (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Jamieson. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/computer-system-security-requirements-for-irs-1075-what-you-need-to-know/

September 19, 2018September 19, 2018 David Jamieson Compliance, Featured Articles, IRS 1075, Regulatory Compliance, Security Configuration Management
  • ← How to detect and remove a virus from your Android phone | Avast
  • SSD Advisory – ASUSTOR NAS Devices Authentication Bypass →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Thu 01

Simplify, Secure, Strengthen: Implementing Zero-Trust Across Your Endpoints

May 17 @ 1:00 pm - July 12 @ 2:00 pm
Mon 05

Securing Open Source

June 5 @ 1:00 pm - 2:00 pm
Thu 08

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes

June 8 @ 1:00 pm - 2:00 pm
Tue 13

Uncovering the Hidden Cybersecurity Threat in Your Organization

June 13 @ 1:00 pm - 2:00 pm
Wed 14

Enrich Security Investigations With ServiceNow Asset Data in Snowflake

June 14 @ 3:00 pm - July 24 @ 4:00 pm
Thu 15

Securing Containers & Kubernetes With AWS And Calico

June 15 @ 3:00 pm - 4:30 pm
Thu 22

Strange Bedfellows: Software, Security and the Law

June 22 @ 11:00 am - 12:00 pm
Thu 22

Sneak Peek: Cloud Security Prioritized With Sonrai

June 22 @ 1:00 pm - 2:00 pm
Thu 22

Unleash the Potential of Your Log and Event Data, Including AI’s Growing Impact

June 22 @ 3:00 pm - 4:00 pm
Jul 24

Identity and Access Management

July 24 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Understanding the Progression of a Ransomware Attack
‘Predator’ — Nasty Android Spyware Revealed
Failure to Pay Ransom: Negligence?
Making a Case for Single-Vendor SASE
Legacy AppSec Tools Getting Lost in the Cloud
Utilizing SEC Cybersecurity Rule and CISA Directive | anecdotes
From Data Chaos to Data Mastery How to Build and Scale Data Lakes with AWS Services
Why Attackers Target the Gaming Industry
Meta’s $1.3 Billion Fine, AI Hoax Hysteria, Montana’s TikTok Ban
The Top Threats to Cloud Infrastructure Security and How to Address Them

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

‘Predator’ — Nasty Android Spyware Revealed
Analytics & Intelligence API Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Predator’ — Nasty Android Spyware Revealed

May 30, 2023 Richi Jennings | 1 day ago 0
Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Industry Spotlight News Security Boulevard (Original) Spotlight 

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

May 23, 2023 Michael Vizard | May 23 0
Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threats & Breaches 

Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight

May 22, 2023 Richi Jennings | May 22 0

Top Stories

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
Analytics & Intelligence API Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

May 26, 2023 Richi Jennings | May 26 0
Federal Appellate Court Approves ‘Pretext’ Border Search
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) 

Federal Appellate Court Approves ‘Pretext’ Border Search

May 26, 2023 Mark Rasch | May 26 0
U.S.-South Korea Forge Strategic Cybersecurity Framework
Cybersecurity Featured Governance, Risk & Compliance News Security Boulevard (Original) Spotlight Threat Intelligence 

U.S.-South Korea Forge Strategic Cybersecurity Framework

May 25, 2023 Christopher Burgess | May 25 0

Security Humor

Randall Munroe’s XKCD ‘Wikipedia Article Titles’

Randall Munroe’s XKCD ‘Wikipedia Article Titles’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.