DRC Logoresources. responsiveness. reliability. DRC Industries Photo
""

 

 		  

home > back

IRS Information Assurance

Challenges

IRS needed IT support in a number of areas, including Information Assurance, on a number of key programs.

Solutions

DRC provided a broad range of IA support to each program. For example, the Electronic Tax Credit Card Payment System (ETCPS) is a large system providing the capability for U.S. taxpayers to use their credit cards to pay their taxes using the Internet or telephone from anywhere in the world. In support of this project, DRC provided support in the following areas:

  • Security Documentation Evaluation – DRC reviewed and evaluated security documentation including: Trusted Facility Manual (TFM), Security Features Users Guide (SFUG), Configuration Management Plan, System/Computer Security Plan, Risk Assessment Plan, Security and Privacy Test Plan, and Disaster Recovery/Contingency Plan.

  • Security Documentation Support – In cases where no documentation existed, DRC provided the IRS with templates and guidance.

  • Security Risk/Vulnerability Assessment – DRC performed security risk assessments and vulnerability assessments (Internet penetration and intrusion detection testing using automated tools) for the entire system and network (WAN/LAN) including hardware components, software components, operating procedures, and data storage and transmission. We reviewed the system relative to its conformance with Best Security Practices (BSP) for Sensitive But Unclassified (SBU) Information Systems using National Institute of Standards and Technology (NIST) Generally Accepted Principles and Practices for Securing Information Technology Systems 800-14 and the IRS Baseline Security Requirements (BLSR) to perform the assessment.

  • Computer Security Awareness and Training – DRC reviews each facility to ensure the existence of suitable training for security awareness and reviews.

  • Computer Security Incident Response – DRC also reviews all security documentation to ensure that the controls described in IRS security infrastructure requirements are in place and functional, and that they are compliant with the IRS security incident response requirements.

  • Computer Security Planning – DRC reviews all security planning documents and security requirements for commercial vendors to ensure that the planned controls have been implemented and are functioning properly, and are compliant with IRS infrastructure requirements and with IRS security requirements.

Benefits/Achievements

The high quality of IA support provided by DRC is essential to the integrity of this important means of collecting tax payments.

Interested in more information?

  

 

 

 

Privacy Policy | Terms & Conditions | © 2010 Dynamics Research Corporation. All rights reserved | webmaster@drc.com