11-11.4 Process for Requesting Nonstandard Wireless Solutions

The following process must be followed for business solutions including the use of wireless technology that do not meet the standards previously defined:

  1. Obtain NCRB approval to proceed. Before pursuing a nonstandard wireless technology solution, approval to proceed from the NCRB must be obtained. The NCRB requires a business case for the alternate solution. The NCRB dictates the non-negotiable standards that the alternate solution must be compliant with.
  2. Develop an architecture design. Develop an engineering architectural design in conjunction with TS. TS should validate compliance and functionality of the design to ensure that it will not adversely affect the current Postal Service solutions. TS will submit the solution design to IT Mobile Computing for review to ensure compatibility with the overall managed mobile computing technical architecture and strategy.
  3. Obtain NCRB approval of the architectural design.
    1. Obtain approval of the application, the engineering architecture, and all wireless devices from the NCRB.
      1. For implementations involving MPE/MHE, contact the responsible design engineering organization that will send an e-mail to NCRB@email.usps.gov or submit a request through the NCRB Web site. The design engineering organization may also present the MPE/MHE project to the NCRB.
      2. For other implementations, contact the Business Relationship Management portfolio manager who will send an e-mail to NCRB@email.usps.gov or submit a request through the NCRB Web page on the IT Web. The Business Relationship Management portfolio manager will also act as a presenter to the NCRB on the requestor’s behalf.
    2. At a minimum, the NCRB will evaluate against the following criteria prior to approval for implementation of wireless technology:
      1. Proper naming with regards to SSID.
      2. SSID broadcast turned off.
      3. Encryption of data between a device and an access point, or an ancillary downstream device. The majority of wireless APs have some inherent encryption capabilities.
      4. Trust between wireless devices. When setting up APs, there should be appropriate authentication — particularly a mutual authentication mechanism between a wireless device and an access point (802.1x) and user-based authentication when applicable (i.e., two-factor).
      5. Appropriate logging/intrusion detection on the wireless segment, either on the access point or related device.
      6. The requirement for whether a firewall is needed between the wireless AP and WAN.
      7. Centralized, secure administration using unique user name and passwords that are compliant with Postal Service policy. Ideally, all wireless user accounts should be located in a common repository.
      8. Firewall and virus protection implementation on devices.
      9. Request through eAccess if Postal Service Internal CA machine certificates are required.
      10. Devices are remotely manageable by TS.
  4. Obtain a wireless site survey. A wireless site survey must be performed to obtain maximum benefit of the wireless devices and to maintain appropriate security. TS arranges for the site survey via the Postal Service intranet contract. Normal turn-around time is 62 days; expedited is 30 days. The survey results will place the APs, offer channel sections, and specify other physical and programming parameters.
  5. Acquire, program, and install device. After NCRB approval and review of the site survey report, the wireless infrastructure devices may be purchased by the customer through TS, who will then configure the devices. When the devices are programmed, they are sent to the site ready to be installed by the Postal Service intranet vendor.