Part One of a Series: An Introduction to IRS Publication 1075

What is IRS Publication 1075?

IRS Publication 1075, commonly referred to as, “Pub 1075,” lays out the guiding principles for the protection and confidentiality of Federal Tax Information (FTI). Pub 1075 contains the managerial, operational and technical security controls that must be implemented if FTI is present within a company’s information systems.

The framework for Pub 1075 was developed using guidelines from NIST SP 800-30 (Revision 1, Guide for Conducting Risk Assessments) and NIST SP 800-53 (Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations) with the objective of preventing unauthorized access and unauthorized disclosure of FTI. Pub 1075 was last updated September 2016, and is modified based on the emergence of new requirements that pertain to the confidentiality of FTI. If an organization handling FTI is contacted by the IRS, they must reliably demonstrate the ability to safeguard all confidential information.

What constitutes Federal Tax Information (FTI)?

FTI broadly includes, without limitation, federal tax returns and return information, returns or return information received directly from the IRS or obtained through an authorized secondary source, such as Social Security Administration (SSA), Federal Office of Child Support Enforcement (OCSE), Bureau of the Fiscal Service (BFS), Centers for Medicare and Medicaid Services (CMS), or another entity acting on behalf of the IRS. The IRS categorizes FTI as “sensitive but unclassified” information that may contain Personally Identifiable Information (PII). Sensitive PII includes any combination of the following: the name of a person from a filed return, a taxpayer mailing address, taxpayer identification number, telephone number, social security number, etc.

Who is subject to Pub 1075 requirements?

Organizations who have information systems that receive, process, store or transmit FTI are subject to Pub 1075. Agencies or agents that legally receive FTI directly from either the IRS or from secondary sources are also liable, as well as debt collectors and other agencies that procure contractor services.

Key Elements

Pub 1075’s section titled, “Computer System Security,” categorizes the NIST SP 800-53 control requirements in 18 comprehensive categories. Pub 1075 highlights the importance of enterprise security policies, the authorized use of FTI and secure data transfer. Other essential elements listed in Pub 1075 include data segregation, encryption, log monitoring, configuration monitoring, training and screening requirements and a detailed system security plan. Each of the key elements listed throughout the requirements are crucial for the protection of FTI in the IT environment.

See Schneider Downs’ continuing series for more detail on IRS Publication 1075 and control requirements.

References:  

https://www.irs.gov/pub/irs-pdf/p1075.pdf
https://www.irs.gov/pub/irs-pdf/p4761.pdf

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2019 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Final Regulations on Charitable Contributions When a State or Local Tax Credit is Received
New Standard Mileage Rates for 2019
To Have and to Hold…and to File Jointly
Part One of a Series: An Introduction to IRS Publication 1075
What Happens if Your Tax Return is Lost in the Mail?
Good News Regarding Excess Business Losses For Your Pass-Through Construction Business

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062