Thursday, February 25, 2021
  • Akamai’s New ESG Office: A Catalyst for Environmental and Social Progress
  • Setting Up an Effective Vulnerability Management Policy
  • Student Cyber Safety Monitoring & Data Privacy
  • Why Your Local Workstation Can’t Mimic the Cloud
  • Why you should consider adopting one week sprints

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Governance, Risk & Compliance Security Bloggers Network 

Home » Cybersecurity » Governance, Risk & Compliance » Computer System Security Requirements for IRS 1075: What You Need to Know

Computer System Security Requirements for IRS 1075: What You Need to Know

by David Jamieson on September 19, 2018

The IRS 1075 publication lays out a framework of compliance regulations to ensure federal tax information, or FTI, is treated with adequate security provisioning to protect its confidentiality. This may sound simple enough but IRS 1075 puts forth a complex set of managerial, operational and technical security controls you must continuously follow in order to maintain ongoing compliance.

Any organization or agency that receives FTI needs to prove that they’re protecting that data properly with IRS 1075 compliance. Federal, state, county and local entities – as well as the contractors they employ – are all within its scope.

IRS 1075 is comprised of the following sections:

  1. Introduction
  2. Federal Tax Information and Reviews
  3. Recordkeeping Requirement: IRC 6103(p)(4)(A)
  4. Secure Storage: IRC 6103(p)(4)(B)
  5. Restricting Access: IRC 6103(p)(4)(C)
  6. Other Safeguards: IRC 6103(p)(4)(D)
  7. Reporting Requirements: IRC 6103(p)(4)(E)
  8. Disposing of FTI: IRC 6103(p)(4)(F)
  9. Computer System Security
  10. Reporting Improper Inspections or Disclosures
  11. Disclosure to Other Persons
  12. Return Information in Statistical Report

The complete document describing IRS 1075 requirements is available here.

All agency information systems used for receiving, processing, storing or transmitting FTI must be hardened in accordance with the requirements in IRS 1075. Agency information systems include the equipment, facilities and people that collect, process, store, display and disseminate information. This includes computers, hardware, software and communications as well as policies and procedures for their use.

The computer security framework was primarily developed using guidelines specified in NIST SP 800-30 Revision 1, Guide for Conducting Risk Assessments, and NIST SP 800- 53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations. Only applicable NIST SP 800-53 controls are included in IRS 1075 as a baseline. Applicability was determined by selecting controls required to protect the confidentiality of FTI.

Let’s focus on Section 9: Computer System Security.

IRS 1075 requires organizations and (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Jamieson. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/computer-system-security-requirements-for-irs-1075-what-you-need-to-know/

September 19, 2018September 19, 2018 David Jamieson Compliance, Featured Articles, IRS 1075, Regulatory Compliance, Security Configuration Management
  • ← How to detect and remove a virus from your Android phone | Avast
  • SSD Advisory – ASUSTOR NAS Devices Authentication Bypass →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Think Macs Don’t Get Malware? Think Again.
How to Secure Your Cloud Investment
Mitigating Third-Party Supply Chain Breaches
What’s Scarier Than the SolarWinds Breach?
Making the Right Cloud Security Investments
6 Security Methods to Protect You and Your Customers
Ransomware Attacks Remain Persistent and Pervasive
Robot Detained a Google AI Ethicist, Terminated Her
Industrial Cybersecurity and the Florida Water Supply Attack with Dale Peterson
From Zero to Zero Trust: Five Tips to Simplify Your Journey

Upcoming Webinars

Thu 25

Quantifiable Application Security: Mining the Value of DevSecOps

February 25 @ 11:00 am - 12:00 pm
Thu 25

3 Supply Chain Attacks from 2020 Not Named SolarWinds

February 25 @ 1:00 pm - 2:00 pm
Mar 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mar 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mar 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Mar 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mar 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

XDR: Next-Level Prevention and Detection
Analytics & Intelligence Cybersecurity Endpoint Incident Response Industry Spotlight Security Boulevard (Original) 

XDR: Next-Level Prevention and Detection

February 25, 2021 Eyal Gruner | 6 hours ago 0
Breach Clarity Data Breach Report: Week of Feb. 22
Cloud Security Cybersecurity Data Security Endpoint Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Breach Clarity Data Breach Report: Week of Feb. 22

February 24, 2021 Kyle Marchini | Yesterday 0
What’s Scarier Than the SolarWinds Breach?
Cloud Security Cybersecurity Data Security Industry Spotlight Network Security Security Awareness Security Boulevard (Original) Threats & Breaches 

What’s Scarier Than the SolarWinds Breach?

February 23, 2021 Yuval Elddad | 2 days ago 0

Top Stories

Think Macs Don’t Get Malware? Think Again.
Analytics & Intelligence Cloud Security Cybersecurity Endpoint Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Think Macs Don’t Get Malware? Think Again.

February 22, 2021 Richi Jennings | 2 days ago 0
SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs

February 19, 2021 Richi Jennings | Feb 19 0
Oracle is Said to Help China Find Dissidents and Jail Minorities
Analytics & Intelligence Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response News Security Boulevard (Original) Social Engineering Spotlight 

Oracle is Said to Help China Find Dissidents and Jail Minorities

February 18, 2021 Richi Jennings | Feb 18 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Mars Landing Video’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.