Wed. Feb 21st, 2024

USPS OIG – Security Assessment of a U.S. Postal Service Product Solutions Application

December 12, 2023

READ FULL ARTICLE AT » Office of Inspector General OIG

Background

The U.S. Postal Service continuously strives to improve its [redacted] to become more efficient and responsive to the dynamic market needs of its customers. To [redacted] application is used by over [redacted] is a business-critical application that generated over [redacted] total revenue in fiscal year 2022.

What We Did

Our objective was to evaluate whether the Postal Service had security controls in place to protect the application from cyberattacks, prevent unauthorized access to restricted data, and determine compliance with secure coding practices. We conducted a security assessment of the application including penetration tests to evaluate the application and internal security posture. We also performed a source code review to verify if appropriate security controls were present.

What We Found

Based on our testing, we found the Postal Service implemented network perimeter security controls that limit direct access to the application and help deter known web-based attacks. However, during our security assessment, we identified issues with [redacted]. These issues could lead to attackers gaining unauthorized access to the system to steal, modify, or delete sensitive data if perimeter controls are bypassed. These issues occurred because management did not [redacted]. Also, the Postal Service prioritizes the identification and remediation of vulnerabilities ranked critical and high over medium, low, and informational. However, [redacted], increases the risk of unauthorized access to the application. In addition, [redacted].

Recommendations

We recommended management develop guidance for performing [redacted] application; and [redacted].

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Share via
0
Would love your thoughts, please comment.x
Send this to a friend