IRS 1075 guidance and ITAR obligations
By Microsoft on January 20, 2017
Filed under Microsoft in Government
IRS tax security guidelines and International Traffic in Arms (ITAR) regulations have special data storage, confidentiality, data location, and other substantive requirements that rely on specific security features.
Microsoft provides certain cloud services or service features that can support customers with ITAR obligations. Azure Government provides support for customers with data subject to the ITAR through additional contractual commitments to Azure Government customers regarding the location of stored data, and limitations on the ability to access such data to U.S. persons.
Internal Revenue Service Publication 1075 (IRS 1075) provides guidance for US government agencies and their agents that access federal tax information (FTI) to ensure that they use policies, practices, and controls to protect its confidentiality. IRS 1075 prescribes security and privacy controls, and prioritizes the security of datacenter activities, including data location and the proper handling of FTI, and the oversight of datacenter contractors to limit entry.
Microsoft Azure Government and Microsoft Office 365 U.S. Government cloud services provide a contractual commitment that they have the appropriate controls in place, and the security capabilities necessary for Microsoft agency customers to meet the substantive requirements of IRS 1075. Microsoft Government Cloud Services deliver on the criteria necessary for government agencies and their partners to use cloud services, adding assurance that data will remain in US facilities, datacenter personnel have been screened according to strict guidelines, and continuous monitoring ensures effective incident detection and response.