Protecting that tax data requires more than just HIPAA compliance. Separate breach reporting and data encryption rules apply, for example, and the IRS has some fairly specific rules for physical safeguards, including a prohibition on drop ceilings and prescriptions for cubicle wall heights where FTI is handled.
via Insurance exchanges’ IRS Publication 1075 data compliance new to many.
The Internal Revenue Service still has IT security holes that could put taxpayer data at risk, according to a report from the Government Accountability Office.The IRS identified the security of taxpayer data as its top management priority for fiscal 2013, and the GAO credits the agency for steps taken in response to security issues identified in earlier audits of its computer systems. But the report notes that some problems with the agencys financial and tax-processing systems remain and identifies new ones.
via IRS Leaves Taxpayer Data Insecure, GAO Finds – Government – Security.
Next month the National Institute of Standards and Technology NIST plans to put out for public review its draft for a new government encryption standard that, when finalized, is going to compel federal agencies with older websites to replace them
via New NIST encryption guidelines may force fed agencies to replace old websites.
Only seven out of 24 agencies are more than 90 percent compliant with the Federal Information Security Management requirements, and more than half saw their compliance score decline compared to last fiscal year’s numbers, according to an Office of Management and Budget review.
via FISMA compliance eludes agencies — Federal Computer Week.
Amazon Web Services LLC AWS, an Amazon.com company NASDAQ: AMZN, today announced it has received Federal Information Security Management Act FISMA Moderate Authorization and Accreditation from the U.S. General Services Administration.
The new AWS GovCloud Region offers the same high level of security as other AWS Regions and supports existing AWS security controls and certifications such as FISMA, SAS-70 Type II, ISO 27001, FIPS 140-2 compliant end points, and PCI DSS Level 1
via Q&A: Teresa Carlson of Amazon Web Services Discusses GovCloud | WHIR Web Hosting Industry News.
The organization that creates standards for the federal government’s use of technology is testing iPhones and iPads to devise the best ways of securing them for government use.
The National Institute of Standards and Technology (NIST) has issued the final version of its Guide to Industrial Control Systems (ICS) Security (SP 800-82),* intended to help pipeline operators, power producers, manufacturers, air traffic control centers and other managers of critical infrastructures to secure their systems while addressing their unique performance, reliability, and safety requirements
via Final Version of Industrial Control Systems Security Guide Published, National Inst.
The National Institute for Standards and Technology (NIST) has published an 84-page draft of its cloud computing guidelines, NIST Cloud Computing Synopsis and Recommendations, or SP 800-146, and is seeking comment from federal agencies and the public on its recommendations.
via NIST Releases Federal Cloud Guidelines — InformationWeek.
The White House proposal, which is a comprehensive cybersecurity plan, includes a provision directing the Department of Homeland Security (DHS) “to exercise primary responsibility within the executive branch for information security
via Infosecurity (USA) – White House cybersecurity proposal shifts FISMA responsibility to DHS.