The Postal Service has updated Handbook AS-805, Information Security, which details the organization’s security policies for technology assets and information resources.
The updates include several new topics, including:
• The Executive Cyber Risk Committee, which evaluates and monitors cyber risk management activities and their alignment with the overall corporate risk profile;
• Contractual security agreements required for all suppliers, contractors, vendors and business partners;
• Secure coding requirements for software development;
• Prohibitions against unauthorized content downloads or information resource access outside the Postal Service network, including any attempt to bypass USPS-approved access technologies;
• Secure data requirements for the transmission, viewing, processing and storage of USPS data outside the United States, including the U.S. territories;
• Active directory account disabling, which occurs after 30 days of nonuse;
• Data-hosting requirements that include completion of the USPS certification and accreditation process; and
• Restrictions against using information resources that circumvent authorization restrictions.
The Postal Service encourages employees to comply with all security policies and guidelines.
For additional information, email the Corporate Information Security Office policy team.