Contents

• [9.9] 2.1 OVERVIEW

• [9.9] 2.2 CIMIS SECURITY
  • [9.9] 2.2.1 Automated Security Controls
  • [9.9] 2.2.2 CIMIS Access
  • [9.9] 2.2.3 CIMIS Administration

• [9.9] 2.3 CIMIS SETUP
  • [9.9] 2.3.1 Special Agent Profile Information
  • [9.9] 2.3.2 District Office Location Information
  • [9.9] 2.3.3 Investigation Numbers
  • [9.9] 2.3.4 Dual Numbering Investigations
  • Exhibit [9.9] 2-1 Criminal Investigation Office Codes

[9.9] 2.1  (09-16-1998)
OVERVIEW

1. Criminal Investigation Management Information System (CIMIS) processes sensitive information including personnel and investigation data. Disclosure or misuse of this information could be damaging to Criminal Investigation (CI) operations and infringe on the privacy rights of personnel and subjects under investigation. As a result, CIMIS was developed with security including automated security functionality and procedural controls. Part of this chapter deals with the different structures used to ensure CIMIS security.
2. The remainder of the chapter explains what information needs to be in the system before an investigation is numbered or assigned. It also describes the investigation number.

   ---

[9.9] 2.2  (09-16-1998)
CIMIS SECURITY

1. CIMIS Security uses automated controls, limited accessibility, and procedural administration to protect the database information.

[9.9] 2.2.1  (09-16-1998)
Automated Security Controls

1. The automated security on CIMIS is modeled after the National Security Agency's (NSA) C2 standard.
2. User options and access to the data is automatically limited based on a user's organizational unit (region, district, etc.) and the user's functions (Group Manager, special agent, etc.).
3. Consolidate Data Network (CDN) services are used to take advantage of existing communications and security capabilities within Treasury. Where CDN is not available, dial-up access is permitted only through modems which provide hardware Data Encryption Standard (DES) encryption in accordance with FIPS 140-1 level 3 standard or higher. Contact the CI Automated Data Processing Security Officer at Software Systems Section 2, Headquarters, for the DES modems.

[9.9] 2.2.2  (09-16-1998)
CIMIS Access

1. Before employees can be granted access to the live database, Group Managers must be certain that the following three requirements are met.
   1. The employee has valid need to know the information on the system.
   2. The employee has received the CIMIS Handbook 9.9 and reviewed the Law Enforcement Manual (LEM), Part IX.
   3. A Limited Background Investigation (LBI) has been completed or at least is in process. (Note: by requesting access while an LBI is still in process, a Group Manager accepts responsibility for any risk involved.)
2. CIMIS is restricted to CI use only. Exception requests for other Internal Revenue Service (IRS) employees will only be considered when made by memorandum from the employee's sponsoring function to the CI ADP Security Officer at Software Systems Section 2, Headquarters. Such requests should briefly describe the unique circumstances which warrant the employee's access, and also indicate whether an LBI has been completed.
3. Guidelines for administering CIMIS users are located in LEM IX. These guidelines include the mandatory use of a standard User Request Memorandum prior to adding a user or making any subsequent changes to a user's profile (i.e., changes in the user-type permissions or suspend actions).
4. On a semi-annual basis, CI Headquarters will send each Group Manager an all-user revalidation letter. During this process, managers are requested to verify their users' continued need for access at the specified privilege level and make any necessary updates.

[9.9] 2.2.3  (09-16-1998)
CIMIS Administration

1. The local CIMIS Coordinator is responsible for conducting actual day-to-day CIMIS security on the system and for coordinating with users as needed in order to effectively implement security. Each CIMIS user is responsible for adhering to the proper User Security Procedures.
2. Any suspected computer security violations should be reported as soon as possible to local CI management. In addition, such incidents should be reported within 24 hours to the CI ADP Security Officer, at Software Systems Section 2, Headquarters. Refer to LEM IX for reporting security breaches.

   ---

[9.9] 2.3  (09-16-1998)
CIMIS SETUP

1. Certain information such as special agent personnel data and district office location data must be in the database before an operator can assign or initiate investigations. Investigation numbers are assigned automatically.

[9.9] 2.3.1  (09-16-1998)
Special Agent Profile Information

1. A special agent must be established in the CIMIS database before any data relating to that special agent may be entered. The following information is required to establish a special agent, and any changes to these data fields will require an update to the Special Agent Profile record:
   1. SSN
   2. Name
   3. Date of Birth
   4. Pay Plan/Grade
   5. Law Enforcement Availability Pay (LEAP) rate
   6. 6C Date
   7. Retirement Plan
   8. Position Code
   9. Office Code
   10. Branch Code
   11. Post of Duty Code
   12. Group Code
   13. Telephone number

[9.9] 2.3.2  (09-16-1998)
District Office Location Information

1. The following actions require notifying Headquarters Hotline Staff by telephone first and then confirmation by memorandum:
   1. Establishment or relocation of groups
   2. Establishment or relocation of POD's
   3. Establishing or realignment of branches
   4. Closing down groups or POD's
   5. Realignment or streamlining district offices
2. The purpose of this notification is to enable Headquarters (CIMIS hotline) to update the CIMIS database so it contains valid district location information. District office numbers are found in Exhibit 2-1.

[9.9] 2.3.3  (09-16-1998)
Investigation Numbers

1. Investigation numbers provide a uniform system for identifying and controlling investigations and to account for time expended on them. The system is designed to generate an investigation number upon input of the information contained in Section I Input Control, Section III Special Agent Assignment, and Section IV Identification, on Form 4930.
2. Investigation(s) must be on the CIMIS database prior to the submission of Form(s) 5043 reflecting investigation time being charged to the
   investigation.
3. Once an investigation number has been assigned by the system, it may not be altered or voided.
4. An investigation number is comprised of nine digits.
   1. The first two digits represent the CI office code where the investigation was initiated. Refer to Exhibit 2-1 for CI office codes.
   2. The third and fourth digits represent the fiscal year in which the CIMIS system assigned the investigation number.
   3. The fifth digit represents the type of investigation.

The sixth through ninth digits are the sequential numbers assigned by the system. Sequential numbers will begin with 0001 each fiscal year for each district.

Examples of investigation numbers using Kentucky-Tennessee District, FY 1993 hypothetical investigations:

1. General Investigation: Trash Haulers    629310010
2. Primary Investigation: Greene, Inc.    629320013
3. Subject Criminal Investigation: Hood, Oscar    629330017
4. Subject Seizure Investigation: Hood, Oscar    629340018

[9.9] 2.3.4  (09-16-1998)
Dual Numbering Investigations

1. In situations where more than one district has an interest in the same taxpayer, prior approval to dual number the investigation by Headquarters is required. The system will display a message to the CIMIS operator of a duplicate investigation. The system will not permit the dual investigation to be numbered until approved by the Director of National Operations. The Chief must request approval from the Director of National Operations in writing. Headquarters (CIMIS hotline), in coordination with the Director of National Operations, DI area and district offices, will assess the need for, and approve if appropriate, the dual investigation. Guidelines for coordinating inter-district and inter-region investigations are located in Handbook 9.5.
2. The same investigation number will not be used to cover subsequent investigations of the same taxpayer where the prior criminal investigation was criminally closed. Instead, a new investigation will be initiated.
3. If there is an ongoing investigation on a taxpayer, then any additional violation (tax or money laundering) should be investigated in conjunction with that ongoing investigation. If separate districts number the same individual or entity on different violations, it will trigger the need to request approval for a dual investigation. Multiple investigation numbers will not be assigned in situations where more than one violation is involved or when violations are added after numbering, or in instances where the Department of Justice makes a request for a follow-up investigation of other violations or of subsequent years after a Subject Criminal Investigation has been received by that office.
4. If there is an ongoing criminal investigation and criminal or civil seizure action is to be initiated on the same individual or entity, a Subject Seizure Investigation will be initiated. This Subject Seizure Investigation must be associated to the Primary Investigation of the ongoing criminal investigation. Only one Subject Seizure Investigation is numbered for a specific target. Do not number a Subject Seizure Investigation for each location or for each asset relating to the specific target.