IRS 4812 and FISMA Focused Audit and Assessments; we are ready when you are!
Publication 4812 is designed to identify security requirements for contractors and any subcontractors supporting the primary contract. This applies to contractors (and their subcontractors) who handle or manage Internal Revenue Service (IRS) information at contractor managed facilities on behalf of the IRS.
Lazarus Alliance Proactive Cyber Security® services minimize performance and operational risks with our industry-leading, innovative, and cost-effective IRS 1075 focused services.
Sensitive But Unclassified (SBU) information includes all taxpayer returns and return information, as defined by Internal Revenue Code (IRC) Section 6103, all Personally Identifiable Information, where there is information that can be associated to a specific individual, and other sensitive information that should be organizationally sensitive, such as Information Technology system configurations, and identification of vulnerabilities.
Who Needs Publication 4812?
The requirements in Publication 4812 and the security controls, based on NIST SP 800-53 are applicable to IRS contractors and contractor personnel who possess or have access to Federal information or information systems, or are responsible for handling or processing Federal information or information systems pursuant to or in the course of performance of a contract, order, or agreement with the IRS.
For IRS 4812 services that reduce costs and leverages the number one ranked IRS 4812 audit software platform, call+1 (888) 896-7580 to get started.
Accomplish this with our industry-leading, innovative, and cost-effective IRS 4812-focused services.
Just the facts ...
State of Security Package Contracts subject to Publication 4812 that are 12 months or more in duration, the contractor shall develop and submit a State of Security (SoS) package each period of performance of the contract (base and exercised option periods), or once every 12 months, whichever period is less.
The SoS package consists of the following components:
- Contractor Statements of Security Assurance (CSSA)
- SoS Questionnaire
- System Security Plan.
It is the responsibility of the IRS contractors to build effective security controls into their business environment, including IT security, personnel security, and physical security, in accordance with the terms of the contracts and as outlined in this publication.
Contractors are responsible for developing policies, procedures, and processes to define the required managerial, operational, and technical security controls that will be used to secure IRS information.
Contractors must maintain ongoing awareness of their information system and related security control processes to ensure compliance with security controls and adequate security of information, and to support organizational risk management decisions.
Lazarus Alliance specializes in the implementation and ongoing support of IRS Publication 4812 programs that align with this IRS publication. We apply a risk-based, top-down approach that drives both efficiency and effectiveness into the programs.
Frequently Asked Questions
What is IRS Publication 4812?
IRS Publication 4812, "Contractor Security & Privacy Controls," outlines security and privacy requirements for contractors and subcontractors handling IRS Sensitive But Unclassified (SBU) data, such as Federal Tax Information (FTI) and Personally Identifiable Information (PII). It aligns with NIST SP 800-53 controls to ensure data protection.
How does IRS 4812 relate to NIST 800-53?
IRS 4812 maps its security controls to NIST SP 800-53, providing a framework for access control, audit logging, encryption, and incident response to ensure compliance with federal cybersecurity standards.
What are the key provisions of IRS 4812?
Key provisions include:
- Implementing NIST 800-53-based controls.
- Maintaining audit logs for SBU data access.
- Using multi-factor authentication (MFA).
- Encrypting data in transit and at rest.
- Reporting incidents within one hour.
- Conducting regular audits and risk assessments.
How often are IRS 4812 audits required?
Audits are required at least annually for contracts lasting 12 months or more, or per the contract’s period of performance. Continuous monitoring is also mandated to maintain compliance.
Who conducts IRS 4812 audits?
Audits can be conducted internally by the contractor or by a third-party assessor, such as a cybersecurity firm like Lazarus Alliance or Continuum GRC. The IRS may also perform on-site assessments with 48 hours’ notice.
What happens if a contractor fails an IRS 4812 audit?
Failure may result in:
- Corrective action plans to address gaps.
- Contract termination.
- Fines or penalties for unauthorized disclosures.
- Loss of access to IRS data.
Detailed Approach to IRS Publication 4812
Lazarus Alliance’s dedicated IT, financial and operational audit professionals have experience working with a wide variety of industries of all sizes. We partner with you to assist your company in complying with the IRS Publication 4812 requirements.
Proactive not Reactive
Achieve success with the industry’s most proactive and innovative third-party assessment organization. Rely on our industry-leading Cybervisors™ who know the technical rigor and scrutiny you can expect during NIST 800-53 based assessments.
Lazarus Alliance services includes IRS 4812, FISMA and NIST controls assessments, technology reviews, Contractor Statements of Security Assurance (CSSA), SoS Questionnaire and System Security Plan development and automation, and vulnerability and penetration testing to provide a few examples.
Cybervisor™ Consultations
A significant differentiator you will immediately appreciate is our Proactive Cyber Security™ IRS 44812 compliance audit methodology, which take a continuous audit approach rather than the end of reporting period Audit Anarchy approach by other firms.
Lazarus Alliance Cybervisors™ assist with IRS 4812 documentation development, including Contractor Statements of Security Assurance (CSSA), SoS Questionnaire, System Security Plan, Policies, Procedures and more.
Start to Finish in Record Time
Our proven IRS 4812 assessment approach and technology dramatically improves the completion process. We average a huge 46% reduction in the traditional assessment time due to the dedicated Continuum GRC SaaS portal you have 24/7 access, allowing everyone to get-in-and-get-out quickly.
Start working smarter, not harder, today ...
The IRS 4812 assessment professionals at Lazarus Alliance are completely committed to you and your Agency’s IRS 4812 compliance success. We stand ready to partner with your organization.
Trust But Verify!
Many assessment organizations out their claim to be qualified to deliver the IRS 4812 Contractor Statements of Security Assurance (CSSA), SoS Questionnaire and System Security Plan. Accreditation and authorizations to operate as an assessment provider is essential when your Agency's survival and reputation is at stake.
Lazarus Alliance is an A2LA ISO/IEC 17020 accredited organization, certification number 3822.01.
