Part 10. Security, Privacy, Assurance and Artificial Intelligence

Table of Contents

10.2 Physical Security Program

• 10.2.1 Physical Security
• 10.2.5 Identification Media
• 10.2.6 Pocket Commissions
• 10.2.8 Incident Reporting
• 10.2.9 Occupant Emergency Planning
• 10.2.14 Methods of Providing Protection
• 10.2.18 Physical Access Control (PAC)

10.5 Privacy and Information Protection

• 10.5.1 Privacy Policy
• 10.5.2 Privacy Compliance and Assurance (PCA) Program
• 10.5.4 Incident Management Program
• 10.5.5 IRS Unauthorized Access, Attempted Access or Inspection of Taxpayer Records (UNAX) Program Policy, Guidance, and Requirements
• 10.5.6 Privacy Act
• 10.5.7 Use of Pseudonyms by IRS Employees
• 10.5.8 Sensitive But Unclassified (SBU) Data Policy: Protecting SBU in Non-Production Environments

10.6 Continuity Operations

• 10.6.1 Overview of Continuity Planning
• 10.6.3 Test, Training, and Exercise Requirements
• 10.6.4 Incident Management Program
• 10.6.5 Annual Certification Requirements
• 10.6.6 Pandemic Plan Requirements
• 10.6.7 Emergency Notification System (AtHoc)
• 10.6.8 Automated External Defibrillator (AED) Program

10.8 Information Technology (IT) Security

• 10.8.1 Security Policy
• 10.8.2 IT Security Roles and Responsibilities
• 10.8.5 Domain Name System (DNS) Security Policy
• 10.8.6 Application Security and Development
• 10.8.11 Application Security Policy
• 10.8.12 Container Platform Security Policy
• 10.8.13 Business Impact Analysis (BIA) Security Policy
• 10.8.15 General Platform Operating System Security Policy
• 10.8.21 Database Security Policy
• 10.8.22 Web Server Security Policy
• 10.8.23 Application Server Security Policy
• 10.8.24 Cloud Computing Security Policy
• 10.8.26 Wireless and Mobile Device Security Policy
• 10.8.27 Personal Use of Government Furnished Information Technology Equipment and Resources
• 10.8.33 Mainframe System Security Policy
• 10.8.34 IDRS Security Controls
• 10.8.50 Enterprise Incident, Vulnerability, and Security Patch Management
• 10.8.52 IRS Public Key Infrastructure (PKI) X.509 Certificate Policy
• 10.8.54 Minimum Firewall Administration Requirements
• 10.8.55 Network Security Policy
• 10.8.60 IT Service Continuity Management (ITSCM) Policy and Guidance
• 10.8.62 Information System Contingency Plan (ISCP) and Disaster Recovery (DR) Test, Training, and Exercise (TT&E) Process
• 10.8.63 Central Log Server Security Policy

10.9 National Security Information

• 10.9.1 Classified National Security Information

10.10 Identity Assurance

• 10.10.1 IRS Electronic Signature (e-Signature) Program
• 10.10.2 Authentication Risk Assessments in Non-Digital Channels
• 10.10.3 Centralized Authentication Policy – Centralizing Identity Proofing for Authentication Across All IRS Channels
• 10.10.4 Authorization of Entity Access Policy

10.23 Personnel Security

• 10.23.1 National Security Positions and Access to Classified Information
• 10.23.2 Contractor Investigations
• 10.23.3 Personnel Security Operations