Handbook AS-805 Revision: Information Security

Effective August 23, 2012, Handbook AS-805, Informa­tion Security, is revised. The July 2012 edition has been updated to reflect the following:

n Align responsibilities of IT managers with current organization.

n Update responsibilities for contracting officers and contracting officer representatives.

n Add generic architectural standards.

n Update information security training requirements.

n Clarify requirements for protecting nonpublic Postal Service™ information.

n Clarify requirements for removal of nonpublic Postal Service information from Postal Service or business partner premises.

n Update the protection requirements for contracts.

n Clarify the concept of a risk-based information secu­rity framework.

n Address the usage of social media.

n Address source code requirements and the separa­tion of duties of software developers.

n Update requirements for USB flash drives.

n Update the requirements associated with the devel­opment, system integration test, and customer acceptance test environments and the regular testing security systems and processes.

n Address special account management.

n Address single sign-on.

n Remove references to the Access Control Facility 2.

n Update hardening and encryption requirements.

n Update the requirements for disaster recovery and incident reports.

n Implement Office of Inspector General audit findings.

n Implement SOX recommendations.

n Implement payment card industry requirements.

n Describe the implementation of the Data Loss Pre­vention program.

n Update the wireless baseline requirements.

n Add consensus audit guidelines to address the con­tinuing monitoring requirements delineated in National Institute of Standards and Technology Spe­cial Publication 800-53.

n Move the definition of what constitutes a significant change and the criteria for recertification to Hand­book AS-805-A, Information Resource Certification and Accreditation (C&A) Process.

Handbook AS-805 is now available on the Postal Ser­vice PolicyNet website:

n Go to http://blue.usps.gov.

n Under “Essential Links” in the left-hand column, click PolicyNet.

n On the PolicyNet page, click HBKs.

(The direct URL for the Postal Service PolicyNet website is http://blue.usps.gov/cpim.) The direct URL for Handbook AS-805 (July 2012) is http://about.usps.com/handbooks/as805.pdf (PDF version) http://about.usps.com/hand­books/as805/welcome.htm (HTML 508-compliant version).

Note: Offices should update references/links to Handbook AS-805 in local documents.