Background The U.S. Postal Service is the second largest employer in the United States with over 640,000 employees and $2.15 billion in bi-weekly salaries. To provide employees with convenient access to their payroll, benefits, and personnel data, the Postal Service uses the LiteBlue portal. This web-based portal contains several human resources (HR) applications, including PostalEASE,…
Background The U.S. Postal Service performs a variety of operations, dependent on its vast information technology infrastructure. This infrastructure encompasses 761 systems that the Postal Service strives to maintain and secure from network attacks. In support of the Delivering for America plan, the Postal Service plans to invest in modernizing and enhancing cybersecurity technologies, but it is still…
July 22, 2021 The Postal Service has updated Handbook AS-805, Information Security, which details the organizationâs security policies for technology assets and information resources. The updates include several new topics, including: The Executive Cyber Risk Committee, which evaluates and monitors cyber risk management activities and their alignment with the overall corporate risk profile; Contractual security…
Objective Our objective was to assess the U.S. Postal Serviceâs social media and digital channel security posture. We also assessed whether policies are in place to protect the integrity of the Postal Serviceâs official social media and digital channel presence. The Postal Service uses social media to promote its brand, products, and services and to…
The United States Postal Service maintains one of the worldâs largest information technology networks, which links nearly 1.2 million devices and 66,000 mail processing technology systems. Established in 2014, the Corporate Information Security Office (CISO) safeguards this network â the network that binds the nation together â with enterprise-wide cybersecurity technologies and solutions. This October,…
Objective Our objective was to determine if controls for purchasing and maintaining information technology (IT) equipment, specifically printers, webcams, and [redacted] cameras, are effective in identifying, assessing, and mitigating vulnerabilities and related cybersecurity risks to the U.S. Postal Serviceâs IT infrastructure. The Postal Service purchases IT equipment, such as webcams and printers, through the eBuy…
Objective Our objective was to assess whether Decision Analysis Reports (DAR) I and II cybersecurity investmentsâ stated performance metrics aligned with the Corporate Information Security Office (CISO) strategic and cost objectives. To establish a sound cybersecurity foundation, the Postal Service has made significant investments in information security. In 2015, the Postal Service approved [redacted] million…
Background An insider threat program helps an organization prevent, detect, and respond to the threat of an employee, contractor, or business partner misusing their trusted access to computer systems and data. Threats to the U.S. Postal Service include the theft and disclosure of sensitive, proprietary, or national security information, and the sabotage of its computer…
