Background
The U.S. Postal Service has one of the largest computer networks in the world, known as the [redacted] network, supporting its workforce and customers. The agency also has an extensive mail processing network critical to processing facilities nationwide. The Chief Information Officer oversees the Postal Service’s Information Technology organization. Two groups in this office are Network and Compute Technology (Telecom) and the Corporate Information Security Office (CISO). Telecom manages the network infrastructure and CISO protects and defends the network. To procure cybersecurity tools, CISO works closely with Supply Management, which is responsible for procuring goods and services for the Postal Service.
What Did We Do
Our objective was to evaluate Postal Service controls over the procurement and management of cybersecurity tools. We judgmentally selected two tools, [redacted] and [redacted], that the Postal Service acquired to protect its digital assets from attacks. We also reviewed three contracts for the purchase and maintenance of these tools to determine the effectiveness of the Postal Service’s procurement and management guidelines.