11-7 Business Partner Connectivity Requirements

Business partner/contractor/supplier (business partner) connectivity must be requested and funded by a Postal Service sponsor.

Connections using either existing BP ISP connectivity or frame relay service directly connected to the Postal Enterprise are protected by firewalls and security processes that restrict business partners to the IP address or addresses, server or servers, and ports or protocols they are explicitly authorized to access.

Business partners must be limited in their access to the specific information resources identified in the network connectivity request that is approved by the NCRB. No business partner is ever granted “open access” to Postal Service computing resources.

To protect the integrity of the Postal computing environment, business partners must have written information security policies describing how they will protect their proposed connection to the Postal Service and must include a copy of these security policies with their NCRB request.

Business partners must comply with the requirements and process of the NCRB contained in the Network Connectivity Process [link] including, but not limited to, the following:

  1. Initiating requests with the executive sponsor for access to the Postal Service intranet.
  2. Complying with all Postal Service information security policies.
  3. Allowing site reviews by the Inspection Service or CISO.
  4. Allowing audits by the OIG.
  5. Reporting any security incident immediately to CyberSafe and executive sponsor.
  6. Notifying the executive sponsor when connectivity is no longer required.