Read cybersecurity requirements, policies and guidance before you bid on an IRS contract.

  1. FIPS 140-3, Cryptographic Module Validation Program (CMVP): Security Requirements for Cryptographic Modules (Mar. 22, 2019)
  2. FIPS 199, Standards for Security Categorization of Federal Information and Information Systems (Feb. 1, 2004)
  3. SP 800-40r4, Guide to Enterprise Patch Management Planning – Preventive Maintenance for Technology (April 2022)
  4. SP 800-53r5, Security and Privacy Controls for Information Systems and Organizations (July 1, 2023)
  5. SP 800-53Ar5, Assessing Security and Privacy Controls in Information Systems and Organizations (Jan. 25, 2022)
  6. SP 800-57, Recommendation for Key Management: Part 1 – General (May 4, 2020)
  7. SP 800-63-3, Digital Identity Guidelines (March 2, 2020)
  8. SP 800-63A, Digital Identity Guidelines: Enrollment and Identity Proofing (March 2, 2020)
  9. SP 800-63B, Incorporating Syncable Authenticators into NIST SP 800-63B: Digital Identity Guidelines — Authentication and Lifecycle Management (April 22, 2024)
  10. SP 800-63C, Digital Identity Guidelines: Federation and Assertions (March 2, 2020)
  11. SP 800-70r4, National Checklist Program for IT Products: Guidelines for Checklist Users and Developers
  12. SP 800-161r1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (May 2022)
  13. SP 800-207, Zero Trust Architecture (Aug. 2020)
  14. SP 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments (Sept. 2023)
  15. SP 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities (Feb. 2022)