FISMA Compliance and IRS 1075 Encryption
CeraNet offers safe and secure hosting compliant with IRS 1075 guidelines. According to the IRS, it is your responsibility to “build effective security controls into…IT infrastructure to ensure that FTI is protected at all points where it is received, processed, stored or transmitted.” We will help you understand these complex regulations and work with you to design a custom solution. With our hosting and consulting services and your securely-designed application, you can rest assured that Federal Tax Information (FTI) is protected and data is safeguarded.
IRS 1075 Compliant
Hosting services to meet or exceed IRS 1075 Regulations – we work with your securely-designed application to protect Federal Tax Information.
Physical & Environmental Protection
Unauthorized access is prevented using multiple physical barriers and check points for entry.
Systematic risk assessments and vulnerability scans are performed to prevent unauthorized access, use or disruption of information systems.
Systematic audits ensure that data center security standards continue to meet industry standards.
Custom system design, consulting and implementation available using secure cloud servers, dedicated servers, colocated equipment or CeraNet’s Hybrid PLUS solution.
Optimized computing performance – no sharing of bandwidth, memory or hard drives and servers aren’t congested with demands from other clients.
Backup & Disaster Recovery
Encrypted data backup and disaster recovery services designed specifically for IRS 1075 and FISMA Regulations – production systems and data backups are protected.
All data center associates have been screened for and authorized access to sensitive FTI.
The Added-Value of CeraNet’s Services
- Reliability & Dependability: 100% uptime guarantee and redundancy built-in at every turn to protect.
- Phenomenal Support: 24/7/365 live technical support by phone, email or web.
- US-Based Data Centers: Data centers are located in Columbus, Ohio, far away from earthquakes and hurricanes.
IRS 1075 Checklist
Our hosting services meet or exceed all IRS 1075 and FISMA regulations. New to compliance? IRS 1075 and FISMA define standards that your organization, personnel, applications and systems must meet to protect information. We can help you understand how our hosting options support your securely-designed applications and organizational processes to meet system security requirements:
- Access Control: Limit access to Federal Tax Information (FTI) to specific approved individuals, ensure remote access to systems is secured and manage accounts so that unapproved individuals cannot gain unauthorized system access.
- Awareness & Training: Develop and provide security awareness training to all individuals accessing information systems and document all training activities.
- Audits & Accountability: Develop and implement an audit and accountability policy to proactively detect and prevent unauthorized access to FTI, following specific federal guidelines.
- Security Assessment & Authorization: Develop and implement a security assessment and authorization policy, identify an agency official to approve system access and authorize connections to other information systems – regularly assess and continuously monitor security controls.
- Configuration Management: Configure IT products that receive, process, store, and transmit FTI using Office of Safeguards–approved compliance requirements, documenting the baseline configuration, change control procedures and system inventory.
- Contingency Planning: Develop and implement contingency planning controls to ensure that FTI and user information is protected, stored, backed up and available in the event of a disaster.
- Identification & Authentication: Uniquely identify and authenticate each user and device, using multi-factor authentication for all remote network access and cryptographic modules.
- Incident Response: Monitor, handle and report all incidents affecting physical and information system security — provide response testing and training for all users.
- Maintenance: Develop and implement a system maintenance policy to ensure that information systems stay in good working order.
- Media Protection: Physically control and securely store information system media, restricting use of media that receives, processes, stores, or transmits FTI using physical and automated controls.
- Physical & Environmental Protection: Prevent unauthorized access to information systems using multiple physical barriers and check points for entry.
- Planning: Develop and implement a System Security Plan (SSP) and Safeguard Security Report (SSR) establishing information systems, controls, operational environment and rules of behavior.
- Personnel Security: Identify and screen personnel with access to secure systems, including third party personnel and prohibit access once personnel has been transferred to other roles or terminated.
- Risk Assessment: Assess risks and scan for vulnerabilities, issues resulting from unauthorized access, use, disclosure, disruption, modification or destruction of the information system.
- System and Services Acquisition: Acquire, document and configure systems and services to meet security regulations, ensuring that all components are actively supported by service and systems providers.
- System and Communications Protection: Protect the confidentiality and integrity of transmitted information, implementing a secure managed interface for each component, such as CeraNet’s hardware firewalls with intelligent threat defense and advanced malware detection, based on next generation encryption standards.
- System and Information Integrity: Ensure that the information system and the data in the system is protected against malware, spam, and errors system flaws, with continuous monitoring.
- Program Management: Appoint a senior information security officer to develop, implement and maintain an information security program.
This is not an exhaustive checklist of all requirements, rather an introduction to federal regulations. To learn more and review IRS 1075 guidelines in their entirety, visit IRS.gov.