邢唷��>� ��€��欹�'` ��0�"bjbjLULU 50.?.?�%�� . �8Nb��:�"��.�*�,�,�,�,�,�,�$)�h應�P�� P�� m�d��@� �� *��*��蕭�� ^��~皫€sl捥OHN�p�绚H�緱��^�^�� P�P��$�� 4 "& � � � � � � e�Safeguards Technical Assistance Memorandum Protecting Federal Tax Information (FTI) in Databases through Labeling Introduction Databases are the central point for reviews conducted by the Office of Safeguards. Databases are used by the agencies to store Federal Tax Information (FTI) which is then retrieved using queries for use in applications, making the FTI accessible to end users and on the back end component by Databases Administrators (DBAs). It is recommended that FTI be kept separate from other information to the maximum extent possible to avoid inadvertent disclosures. However in situations where physical separation is impractical, IRS Publication 1075, Tax Information Security Guidelines for Federal, State and Local Agencies, requires records to be clearly labeled to indicate that FTI is included in the record. The Office of Safeguards has observed a wide range of database data element labeling practices while reviewing labeling and auditing procedures. Per Exhibit 9 of Publication 1075, 揥ithin the application, auditing must be enabled to the extent necessary to capture access, modification, deletion and movement of FTI by each unique user. This auditing requirement also applies to data tables or databases embedded in or residing outside of the application.� Agencies are responsible for implementing audit logging of FTI, which includes: identifying the data to be audited; creating audit logs as the data is accessed; and performing analytics and monitoring on those audit logs. The first step to effectively audit FTI access requires that data is properly labeled upon receipt. If the data is not properly labeled, the auditing function cannot be configured to be compliant. Organized, consistently applied labeling can help the agency better enforce access control to the data elements, easily identify what needs to be audited and logged, and be able to identify those network components which are required to be in compliance with Publication 1075. Mandatory Requirements for Data Labeling In order to utilize a database to store FTI, the agency must meet the following mandatory requirements and apply them to each database which contains FTI: Agencies must identify the FTI data they have and consistently apply labels to that data, in such a way that the data is easily identified even when commingled . A data labeling legend or other explanation document must be maintained by the agency, which identifies the labeling methodology applied and allows a reviewer to quickly identify which data elements are FTI in an individual table or database. #1 Proper FTI Labeling Agencies must determine their labeling approach and consistently apply this to all FTI data before it migrates into the agency抯 IT environment. In order to properly label data, agencies must first determine how the data is to be identified. Typically, this includes identifying the data at the entry point into the agency抯 environment. Although it is not a requirement to include source information in the labeling convention, this is strongly recommended in order to better track FTI throughout the IT environment. Data labeling can be accomplished in a variety of ways depending on the vendor. For example, one product allows for the configuration of data security based on sensitivity levels, composed of a combination of levels, compartments, and groups. With the level being the sensitivity, the compartment indicating the type of data, and the group which further separates the data and can indicate the origin. Another product allows for label-based access control (LABC), which enforces access at the row and column levels. Publication 1075 does not prohibit FTI data from being commingled with non-FTI data, given the proper controls are in place. However when data is commingled, it must be identified at the most minor level. For example, if data is commingled at the table level, i.e. a database which contains FTI and non-FTI data tables, the tables must be labeled in such a way so that it is readily apparent that those tables contain FTI. Additionally, if data is commingled within a table that includes FTI and non-FTI data, the FTI data must be explicitly labeled and identified as such. Labeling must be applied consistently. For example, if audit logs are migrated to a logging server accessible by an audit analysis application, the data elements must retain their labelling throughout the data movement process from the point that the data is received to wherever it moves within the network. The labels must never be removed from the data. Proper labeling allows an agency to easily identify the security requirements for the data and allow for data of different sensitivity to be stored together. This reduces administrative overhead from a database maintenance perspective, not having to maintain a database for each data sensitivity level. If FTI is not properly identified and labeled in the agency抯 environment, it is likely that data will not be audited correctly. In databases with tables that only contain FTI (are not co-mingled), the FTI can be identified at the table level. In situations where FTI is comingled with non-FTI at the data element level, the FTI must be labeled at that level so that each FTI data element can be clearly identified as such. #2 Documenting Labeling Methodology The agency must document their labeling methodology and maintain a listing of how each element is labeled throughout each database which contains FTI. The agency can choose their own documentation approach, however a matrix is often most useful for documenting data labeling. Using a matrix allows the agency to not only map how data is labeled throughout the environment, but can also be used to map group permissions to the data elements. This will serve the dual purpose of documenting the methodology and ensuring that least privilege is applied. References Additional information can be found in the following documents: IRS Publication 1075, Tax Information Security guidelines for Federal, State and Local Agencies and Entities, ( HYPERLINK "http://www.irs.gov/pub/irs-pdf/p1075.pdf" http://www.irs.gov/pub/irs-pdf/p1075.pdf) Oracle Label Security Best Practices, An Oracle White Paper, June 2008, ( HYPERLINK "http://www.oracle.com/technetwork/database/focus-areas/security/twp-security-db-label-best-practice-134426.pdf" http://www.oracle.com/technetwork/database/focus-areas/security/twp-security-db-label-best-practice-134426.pdf ) IBM Informix 11.70, Label-based access control, ( HYPERLINK "http://publib.boulder.ibm.com/infocenter/idshelp/v117/index.jsp?topic=/com.ibm.sec.doc/ids_lb_002.htm" http://publib.boulder.ibm.com/infocenter/idshelp/v117/index.jsp?topic=/com.ibm.sec.doc/ids_lb_002.htm ) PAGE PAGE 1 +st�� B��&>eEIJK:��#e��箦厥亓妨厥皑傲�欂姙貀豩妝瀥厥亓豔!jOJQJU^JaJmH sH !B*OJQJ^JaJmH ph�sH !B*OJQJ^JaJmH phsH CJOJQJ^JaJmH sH B*ph�5丱JQJ^JaJ>*OJQJ^JOJQJ^J6丱JQJ^JaJOJQJ^JaJ5丱JQJ^JaJmH sH OJQJ^JaJmH sH 5丱JQJ\乛JmH sH 5丱JQJ^JmH sH "+st�BC ��12%&=>DEJK�� &F%7$8$H$$a$�"�"��#de9 r!�"�"�"�"�"�"�"�"�"�"�"�"��匋��&`#$ &F7$8$H$� 4 5 8 9 � � � !n!o!�!�!""}"~"�"�"�"�"�"�"�"�"�"�"�"�"�"�"�"�"�"�"�"�"�"�"筲逾笈筲筲逾筲筲逾罄��苟苟⿸�0JOJQJ^JmHnHu0JOJQJ^Jj0JOJQJU^J0J j0JU jU6丱JQJ^JaJmH sH 0JOJQJ^JaJmH sH !jOJQJU^JaJmH sH OJQJ^JaJmH sH (�"�"�"�"�"�"�� &F匋��&`#$301恏P靶/ 班=!盃"盃#悹$悹%�靶靶愋�$��0H@�HNormal,nCJOJQJ_HmH sH tH ^@2^!� Heading 3@&[$\$5丆JOJQJ\乤JmH sH DA@��DDefault Paragraph FontRi��RTable Normal�4� l4�a�(k��(No List.��.AppendixF*W@�*Strong5乗丳B@P" Body Text[$\$OJQJaJmH sH j��#j Table Grid7:V�0��6U@�16 Hyperlink>*B*ph�4 @B4Footer ��!.)@�Q.Page Number4@b4Header ��!8﨩�q8 Char CharOJQJ_HLZ@�L Plain TextCJOJQJmHnHsHtHB'��BComment ReferenceCJaJ8�8Comment TextCJ@j��@Comment Subject5乗丠��HBalloon TextCJOJQJ^JaJb﨩��bDefault7$8$H$-B*CJOJQJ^J_HaJmH phsH tH d﨩�dmsolistparagraph 勑^勑 OJPJQJaJmH nHsH tHf0@��f0List Bullet &F �h��^�`�B*OJQJ^Jph�@﨩@ List Paragraph 勑^勑<�﨩�<�� Char Char25CJ\aJ6﨩�!6 Char Char1CJaJFV@�1FFollowedHyperlink>*B*ph€€�0�� 爖� ��爖� ��爖�> ��+st�BC ��1 2 % & = > DEJK��#de9r��$崿�$崿�$崿�$崿 �$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿 �$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�$崿�崿�$茹+st�BC ��1 2 % & = > DEJK��#de9r��0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�% 0€€€�0€€€�% 0€€€� 0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€€�0€€�0€€�0€€�0€€�0€€�0€€� 0€€� 0€€� 0€€☉0�☉0�☉0�☉0�☉0�☉0€☉0�☉0€☉0�☉0€☉0€�0€€�0€€☉0�☉0� $$$'��"��"�"�"�4��n�}�X�€X�€X�€ '!�!�晙�8�@��€€€�饞��0�( � �養 �S�� ?�� OLE_LINK2 OLE_LINK1�++�9 A � � 4 < ��#��JQT].0\sQXp~$ 0 g y � � �Sf + � � |�V��'j,8iw$3:F��::::::::::::::::::::::::::��5灏?欸詨��s� � �)��詐JU�#N|墷v��蠱�剒坃��D#�@囀��oqD 6D��&k�庩偫��}F�T屫��G�6D��躄�狼��k�L��\%�1餾��纝�蝼�6��tJ�|峏1��P@�"n讙€��.�$殶芄��6F'2��)漉勵��qN�;`��M�> ��(J@綱Y��烰鐯T嫲A��l濧然NL��歂逜姀F��[餋辚�=�� @\D\(��/霦2��!9GL矰��跮紿F蓪V��踧絁疁謋��]y闘�#Y��\關<摌��!5荢蜺忡��渙濼剦�$��K豒警.�� @\D]1皀oqD �IhG�tJ��[餋D#�6F'�/霦渙濼\%P@�"躄�j{Qq]y闘.�$齲筡l濧!5荢纝��Ok�(J@=q~;蠱�e[ir3玜�!9G�0V}黇4Z@qN�; �0娧4⑻ e�- `WX肴鑚J�'糲HKJ)蕚獊p 烏w 戳�<鳦鉄� 騔ZH��浣Zp~懩L^夸2蔕d) 权@蟾-酄>蠤产巣飞搁∈>H �dd�RAQ�$q`軧 ��RvQ�鵻�8繭�� N'��5m6y�'�;�:�*�@D3�Kv��0F4�(� 橪�!!x�"�藾v€Gt�"3Gz#R �#歴� W$�\$zX豄 a7%R �#li%搄TFP� N''i餸(0\'繭��?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn��pqrstuv��xyz{|}~��Root Entry�� F€0憇l捥�€1Table��醌WordDocument��50SummaryInformation(��oDocumentSummaryInformation8��wCompObj��q�� FMicrosoft Office Word Document MSWordDocWord.Document.8�9瞦