Welcome, Today is June 16, 2024

IRS Publication 1075

About the IRS Publication 1075

The IRS, or the Internal Revenue Service, is responsible for servicing taxpayers by helping them meet their tax responsibilities. For citizens to complete their tax responsibilities, a lot of necessary personally identifiable information (PII) is required.

Protection of taxpayer PII is of utmost importance, as failure to do so will result in not only the exposure of sensitive information, but also the broken trust between taxpayers and the IRS. IRS Publication 1075, entitled Tax Information Security Guidelines For Federal, State and Local Agencies, aims to protect the federal tax information of citizens. Publication 1075 serves to define and enforce the safeguarding of federal tax information (FTI) through several necessary protection methods.

Although its primary purpose is to impose stringent security policies to safeguard FTI, the IRS Publication 1075 also plays a pivotal role in ensuring government agencies comply with other federal laws and regulations, such as the Internal Revenue Code (IRC) Section 6103.The Internal Revenue Code (IRC) Section 6103 is a fundamental tax law that plays a very vital role in protecting the privacy of taxpayers and maintaining integrity in the tax system.

Accounting firms and CPAs often need to comply with IRS Publication 1075 if they handle federal tax information (FTI) on behalf of their clients. FTI includes information that the CPA or accountant may obtain or produce in connection with federal tax matters relevant to the IRS.

They are required to safeguard FTI. In addition to its application to CPAs and acocuntants, their contractors and service providers who store or process or access the FTI may also be required to be in compliance.

Accounting firms and CPAs that work with federal tax information (FTI) should be familiar with the requirements of IRS Publication 1075 and ensure that data handling and security practices are in compliance. Failure to comply can result in penalties and sanctions.

What is FTI?

Federal tax information (FTI) is considered to be sensitive but unclassified information. It can be gathered from a variety of government agencies, including the IRS, Social Security Administration (SSA), Bureau of the Fiscal Service (BFS), and more. FTI can include any taxpayer identification information, information contained within tax returns, tax account information, and more.

Taxpayer identification information is greatly akin to PII, otherwise known as personally identifiable information. PII is any information about an individual that can be used to identify them. This includes information regarding a person’s name, Social Security Number, data and place of birth, biometric records, and more.

How Does 1075 Protect FTI?

The IRS Publication 1075 defines many requirements for the protection of FTI in all forms. 1075 describes proper methods for accessing, disclosing, and even destroying FTI in secure manners. Some of the key requirements include physical security measures, delegating proper access controls, the encryption of FTI, proper network security, continuous monitoring, maintenance of systems and endpoints, incident response plans, security awareness training, and more.

Publication 1075 also mentions several industry-recognized cybersecurity standards such as NIST Special Publication 800-53 and FIPS 140-2 . These publications serve as catalogs of security controls that cover a wide range of recommendations that can be applied to almost any industry.

Who Does the IRS Publication 1075 Apply to?

The IRS Publication 1075 largely applies to a much wider range of entities than one may expect. First and foremost, it applies to government agencies at the federal, state, and local levels that receive, process, store, or transmit federal tax information, whether it be in paper or electronic form. Organizations who must abide by IRS Publication 1075 must also be certain that business processes involving external contractors, sub-contractors, or other entities who may potentially have access to FTI, are also applying to proper protections to keep the information secure.

Those agencies who must abide by Publication 1075 must make regular reports to the Office of Safeguards, who stands to verify that applicable agencies have successfully applied the controls and FTI protective measures that have been defined. The Office of Safeguards provides more than just compliance verification. They also provide the required reporting template, recommendations to assist organizations in achieving compliance, preparation questionnaires, and more.

Meeting IRS Publication 1075 with Egis

Egis IT Security serves organizations within the Indianapolis metropolitan area and across the United States to help them stay up to date on requirements that serve to protect sensitive data, including the IRS Publication 1075. Egis is dedicated to helping others understand and implement the necessary security controls for their business. With our extensive expertise and years of experience, Egis can offer tailored solutions to help your organization align with industry standards, allowing you to focus on your business. In order to achieve this goal and help one meet standards set by Publication 1075, we can:

  • Improve upon current IT policies and procedures
  • Participate in meetings with compliance auditors
  • Perform vulnerability assessments
  • Continuously monitor your websites, networks, and servers
  • Recommend, sell, and deploy a variety of products as needed
  • Perform security awareness training
  • Consultations regarding cybersecurity audit preparation and mitigations