2-2.20 Managers Responsible for Computing Operations

The managers responsible for computing operations are responsible for the following:

  1. Implementing information security policies, procedures, and standards and ensuring compliance.
  2. Coordinating and implementing standard platform configurations based on the Postal Service security architecture.
  3. Creating and maintaining a timely patch management process and deploying patches to resources under their control. Critical security patches for PCI-related information resources must be installed within 30 days of release.
  4. Maintaining an accurate inventory of Postal Service information resources, tracking and reacting to security vulnerability alerts, coordinating hardware and software upgrades, and maintaining appropriate records.
  5. Deploying and maintaining anti-virus software and recognition patterns to scan for malicious code and usage of nonstandard network protocols.
  6. Supporting the C&A process for internally managed information resources.
  7. Ensuring that remote access is appropriately managed.
  8. Implementing appropriate security administration and ensuring that accounts are managed appropriately.
  9. Maintaining the integrity of data and information resources and ensuring the appropriate level of information resource availability.
  10. Ensuring the installation of the authorized internal warning banner (see Exhibit 14-3.3).
  11. Disseminating security awareness and warning advisories to local users.
  12. Reporting suspected information security incidents to CyberSafe immediately, protecting information resources at risk during security incidents, implementing containment, and assisting in restoring information resources following an attack.
  13. Resolving identified vulnerabilities.