Skip Top Navigation
Who We Are
Leadership
Financials
Government Relations
Judicial Officer
Legal
Our History
Postal Facts
What We're Doing
Transforming Our Business
Current Initiatives
Securing The Mail
Sustainability
Corporate Social Responsibility
Government Services
Postal Customer Council
Service Performance Results
Newsroom
National News
Local News
Testimony & Speeches
Broadcast Downloads
Events Calendar
Photo Gallery
Service Alerts
Careers
Career Opportunities
Working at USPS
Search & Apply
Application Process
Doing Business with Us
Suppliers
Licensing
Rights & Permissions
Auctions
IT Policies, Process & Standards
Public Key Infrastructure
Search
- - Contents
2-12
Accreditor
The manager, CISO, functions as the accreditor and is responsible for the following:
Reviewing the risk mitigation plan and supporting C&A documentation package together with business requirements and relevant Postal Service issues.
Escalating security concerns or preparing and signing an accreditation letter that makes one of the following recommendations: accepting the information resource with its existing information security controls, requiring additional security controls with a timeline to implement, or deferring deployment until information security requirements can be met.
Forwarding a full or conditional accreditation letter to the VP IT and the VP functional business area.
Acknowledging unmitigated risks in a risk acceptance letter.
If the requirements of the conditional accreditation letter are not met in the indicated time frame, the accreditor will issue a Failure To Comply Letter to the VP IT and the VP functional business area.
For offsite hosted solutions, acknowledging in a letter of assessment that the information resource appears to conform to Postal Service information security requirements associated with requests to host or remove sensitive-enhanced/sensitive/non-publicly available data from Postal Service premises.