Wed. Jun 19th, 2024

USPS OIG – Management of the Postal Regulatory Commission’s Smartphones

June 27, 2023
2023 06 27 at 4.44 PM

READ FULL ARTICLE AT » Office of Inspector General OIG

Background

The Postal Regulatory Commission (Commission) is an independent agency that exercises regulatory oversight of the U.S. Postal Service. With five commissioners, supported by a staff of approximately 70 individuals, the Commission uses smartphones to facilitate greater working efficiencies and operations, making them a core element of the Commission’s IT program.

Smartphones help facilitate communications, share on-the-go information, and run various software applications based on individual need. Often, these devices provide access to much of the same data and systems that would be available from an office desktop. Due to their mobile nature, this can present significant cybersecurity issues if the smartphones are not fully protected.

What We Did

Our objective was to assess the management of the inventory, security, and utilization of the Commission’s smartphones. We used a combination of data analytics, interviews, and control tests to determine if appropriate controls were in place and functioning as intended.

What We Found

Overall, we identified opportunities for improvement in the Commission’s management of inventory, security, and utilization of smartphones. Specifically, the Commission did not have (1) a standardized process for reviewing and maintaining its inventory; (2) key components to effectively manage the security of its smartphones; and (3) a written policy or procedure to review smartphone utilization billing. These issues occurred because the Commission did not follow a standardized process for inventory and utilization reviews, and it prioritized other IT projects over the security of its smartphones.

Recommendations

We made nine recommendations, including performing routine inventory and utilization reviews in compliance with industry best practices, developing a mobile device security policy, and providing end user smartphone security training.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Share this
0
Would love your thoughts, please comment.x