Where to Import IRS SCSEM Data in GRC/IRM Module

Abdul Khan4 · an hour ago

This requirement is to be proactive in getting ready for the IRS Assessment.

Here is the URL Address for the SCSEMs that are produced by the IRS. I have also attached an example from the page. Computer security compliance references and related topics — SCSEM (Updates) | Internal Revenue Serv...

As to the page of where the date should be shown is what I am trying to figure out. It will need to be associated with the Engagements. Just what type of engagement is the question. I am thinking More towards the Compliance Audit. Where should i import the data (Tables in Servicenow).

Test ID

NIST ID

NIST Control Name

Test Method

Test Objective

Test Procedures

Expected Results

Actual Results

Status

Notes/Evidence

Criticality

Issue Code

Issue Code Mapping (Select one to enter in column L)

GEN-01

SA-22

Unsupported System Components

Interview
Examine

Checks to ensure the operating system version in use is a supported version by the vendor.

Determine if the operating system version is a supported release. Refer to the vendors support website to verify that support for it has not expired.

Note: Each organization responsible for the management of the agency's operating systems software shall ensure that unsupported software is removed or upgraded to a supported version prior to a vendor dropping support.

The operating system is a supported release.

Critical

HSA7
HSA8
HSA9

HSA7: The external facing system is no longer supported by the vendor
HSA8: The internally hosted operating system's major release is no longer supported by the vendor
HSA9: The internally hosted operating system's minor release is no longer supported by the vendor