1 Introduction: Corporate Information Security

1-1 Purpose

The Postal Service™ is committed to creating and maintaining an environment that protects Postal Service information resources from accidental or intentional unauthorized use, modification, disclosure, or destruction. Handbook AS-805, Information Security, establishes an organization-wide standardized framework of information security policies to ensure the detection, prevention, response to, and investigation of cybercrime incidents and misuse of Postal Service information technology assets. Adherence to information security policies will safeguard the integrity, confidentiality, and availability of Postal Service information and protect the interests of its personnel, business partners, and the public.

Adherence to information security policies enables compliance with regulations to which USPS is subject, including Sarbanes-Oxley (SOX) and Payment Card Industry Data Security Standards (PCI-DSS). This policy reflects standards and guidelines suggested by industry organizations such as the Public Company Accounting Oversight Board (PCAOB), American Institute of Certified Public Accountants (AICPA), Committee of Sponsoring Organizations (COSO), and National Institute of Standards and Technology (NIST).

Information security policy will ensure the creation and implementation of an environment that:

  1. Protects information resources critical to the Postal Service.
  2. Protects information as mandated by federal laws, regulations, directives, law enforcement and judicial processes, and industry requirements.
  3. Protects the personal information and privacy of employees and customers.
  4. Reinforces the reputation of the Postal Service as an institution deserving of public trust.
  5. Complies with due diligence standards for the protection of information resources.
  6. Assigns responsibilities to relevant Postal Service officers, executives, managers, employees, contractors, partners, and vendors.
  7. Reviews and revises information security policies and procedures in accordance with evolving security threats.

The following principles guide the development and implementation of Postal Service information security policies and practices:

  1. Information is:
  2. Information security is: