USPS updates security policies

July 22, 2021 The Postal Service has updated Handbook AS-805, Information Security, which details the organization’s security policies for technology assets and information resources. The updates include several new topics, including: The Executive Cyber Risk Committee, which evaluates and monitors cyber risk management activities and their alignment with the overall corporate risk profile; Contractual security…

 Continue reading

USPS OIG Report: Integrity of the Social Media Presence

Objective Our objective was to assess the U.S. Postal Service’s social media and digital channel security posture. We also assessed whether policies are in place to protect the integrity of the Postal Service’s official social media and digital channel presence. The Postal Service uses social media to promote its brand, products, and services and to…

 Continue reading

Postal Bulletin: Protecting USPS Networks

When plugging a smart mobile device (e.g., phone, tablet, or wearable technology) into a computer’s USB port, the two devices can exchange information or malware.1 At the United States Postal Service®, this could put sensitive information into the wrong hands and potentially affect our business and reputation. To prevent a security breach, follow these important…

 Continue reading

Postal Bulletin highlights Cybersecurity Awareness Month 2020

The United States Postal Service maintains one of the world’s largest information technology networks, which links nearly 1.2 million devices and 66,000 mail processing technology systems. Established in 2014, the Corporate Information Security Office (CISO) safeguards this network — the network that binds the nation together — with enterprise-wide cybersecurity technologies and solutions. This October,…

 Continue reading

USPS OIG Report: Controls Over Purchasing and Maintaining IT Equipment

Objective Our objective was to determine if controls for purchasing and maintaining information technology (IT) equipment, specifically printers, webcams, and [redacted] cameras, are effective in identifying, assessing, and mitigating vulnerabilities and related cybersecurity risks to the U.S. Postal Service’s IT infrastructure. The Postal Service purchases IT equipment, such as webcams and printers, through the eBuy…

 Continue reading

Postal Bulletin highlights protecting USPS Networks from personal devices

When plugging a smart mobile device (e.g., phone, tablet, or wearable technology) into a computer’s USB port, the two devices can exchange information or malware. At the U.S. Postal Service®, this could put sensitive information into the wrong hands and potentially affect our business and reputation. To prevent a security breach, follow these important charging…

 Continue reading

USPS OIG: Cybersecurity Decision Analysis Reports Review

Objective Our objective was to assess whether Decision Analysis Reports (DAR) I and II cybersecurity investments’ stated performance metrics aligned with the Corporate Information Security Office (CISO) strategic and cost objectives. To establish a sound cybersecurity foundation, the Postal Service has made significant investments in information security. In 2015, the Postal Service approved [redacted] million…

 Continue reading

USPS OIG Report: Insider Threat Program

Background An insider threat program helps an organization prevent, detect, and respond to the threat of an employee, contractor, or business partner misusing their trusted access to computer systems and data. Threats to the U.S. Postal Service include the theft and disclosure of sensitive, proprietary, or national security information, and the sabotage of its computer…

 Continue reading