5-3.2 Encryption

Encrypting e-mail or messages must comply with the following:

  1. Encryption software and methods must be approved by the Enterprise Architecture Committee.
  2. Encryption solutions must either support key recovery or keys must be registered with authorized personnel.
  3. Recovery keys or other similar files for all encrypted e-mail must be placed in a directory or file system that can be accessed by management prior to encrypting e-mail.
  4. Recovery keys or other devices needed to decrypt e-mail must be provided when requested by authorized Postal Service management, the Postal Inspection Service or the Office of Inspector General.
  5. Keys may not be escrowed in customer product offerings unless specifically requested in writing by the customer and approved by the executive sponsor.