part10-1
- 10.2.1.1
Purpose - 10.2.1.2
Authorities - 10.2.1.3
Directive - 10.2.1.4
Responsibilities
-
Provide the Internal Revenue Service (IRS) management and employees with standards and processes to protect IRS lives, property,
assets and information. -
The IRS processes and maintains sensitive data: such as:
-
private information of U.S. citizens
-
financial information,
-
law enforcement information,
-
proprietary information, and
-
life and mission-critical information.
-
-
Inadvertent or deliberate disclosure, alteration or destruction of this sensitive data poses such risk and high degree of
harm that the Service must protect its information resources through-
physical security,
-
data security, and
-
sensitive information and document handling procedures
-
-
Security procedures must also allow for access, use, disclosure and disposition of information in strict accordance with applicable
laws, federal regulations, and Treasury Department directives.
-
-
Executive Order 12356, National Security Information
-
The Privacy Act of 1974
-
Tax Reform Act of 1976
-
IRC 6103, 7213, 7217, and 7431
-
Federal Managers Financial Integrity Act of 1982 (FMFIA)
-
Government Accounting Office Standards
-
OMB Circular A–123 (Internal Control System)
-
OMB Circular A–130 (Security of Federal Automated Systems)
-
Treasury Security Manual 71–10
-
Federal Information Security Act of 2002 (FISMA)
-
National Institute of Standards and Technology (NIST) SP 800-65
-
-
Overriding principles of security in the Internal Revenue Service:
-
Every employee is responsible for security; Annual briefings by Physical Security and Emergency Preparedness staff will familiarize
employees with their individual responsibilities. -
Access to sensitive information and restricted areas where sensitive information is maintained should be granted only on a
need-to-know basis, determined by business unit management officials. -
Managers and employees are responsible for providing reasonable security for all information, documents, and property entrusted
to them.
-
-
Established guidelines for minimum security standards allow flexibility to develop higher standards when needed to meet local
situations. These guidelines can be found in the Physical Security Handbook and encompass-
security reviews,
-
crisis management,
-
ID media,
-
document security, and
-
minimum standards for safeguarding personnel, facilities, assets and property.
-
-
The Chief, Agency-Wide Shared Services is authorized to prescribe the Physical Security Program for use within the IRS. The
Director, Physical Security and Emergency Preparedness
, is responsible for oversight of this IRS Program. The
Associate Director, Security and Emergency Programs Division
, is responsible for planning, developing, implementing, evaluating, and controlling this IRS Program. -
The
Business Commissioner, Chief Officer, Submission Processing/Computing Center Director
and
Chief Counsel
are responsible for an effective physical security program and reasonable and adequate security measures.
Service officials and managers
are responsible for the secure operation of the federal tax administration system and for taking actions to ensure adequate
Occupant Emergency Plans, Disaster Recovery Plans, and Business Resumption Plans. These plans are essential to the Continuity
of Operations, the prevention of loss of life, loss of property, and unauthorized disclosure of documents and information. -
PSEP Area Directors
will ensure that
PSEP Territory Managers
are in compliance with Service policy and provide guidance, oversight, and help to client sites with the physical security
program. -
PSEP Territory Managers
plan, develop, implement, manage and evaluate physical security programs for their client sites, ensuring that Service policy
and procedures are followed and that security measures meet established minimum security standards.
