The Internal Revenue Service (IRS) needed IT support in a number of areas, including information assurance (IA), on a number of key programs.
Engility provided a broad range of IA support to each program. For example, the Electronic Federal Tax Payment System (EFTPS®) is a large system providing the capability for U.S. taxpayers to use their credit cards to pay their taxes using the Internet or telephone from anywhere in the world. In support of this project, Engility provided support in the following areas:
- Security Documentation Evaluation. Engility reviewed and evaluated security documentation, including the Trusted Facility Manual (TFM), Security Features User’s Guide (SFUG), Configuration Management Plan, System/Computer Security Plan, Risk Assessment Plan, Security and Privacy Test Plan, and Disaster Recovery/Contingency Plan.
- Security Documentation Support. In cases where no documentation existed, Engility provided the IRS with templates and guidance.
- Security Risk/Vulnerability Assessment. Engility performed security risk assessments and vulnerability assessments (Internet penetration and intrusion detection testing using automated tools) for the entire system and network (WAN/LAN) including hardware components, software components, operating procedures, and data storage and transmission. We reviewed the system relative to its conformance with best security practices for Sensitive But Unclassified (SBU) information systems using National Institute of Standards and Technology (NIST) Generally Accepted Principles and Practices for Securing Information Technology Systems 800-14 and the IRS Baseline Security Requirements (BLSR) to perform the assessment.
- Computer Security Awareness and Training. Engility reviewed each facility to ensure the existence of suitable training for security awareness and reviews.
- Computer Security Incident Response. Engility also reviewed all security documentation to ensure the controls described in IRS security infrastructure requirements were in place and functional and that they were compliant with the IRS security incident response requirements.
- Computer Security Planning. Engility reviewed all security planning documents and security requirements for commercial vendors to ensure the planned controls had been implemented and functioning properly and were compliant with IRS infrastructure requirements and with IRS security requirements.
The high quality of IA support provided by Engility is essential to the integrity of this important means of collecting tax payments.