Information Technology (Continued)
12-5.2.2 Application Disaster Recovery Plan
Requirements
ADRPs must meet the following requirements:
a. An ADRP must be developed, tested, and maintained for critical and business-controlled criticality
applications.
b. Completed ADRPs must be reviewed and accepted
by Business Continuance Management before testing can be scheduled.
c. The ADRP completion date and the scheduled ADRP
test date must be documented in the EIR.
12-5.1 Scope
The DRP must be implemented for all critical and business-
controlled criticality information resources.
12-5.2. Application Disaster Recovery Plan
An ADRP addresses the requirements for restoring the application at a facility other than the primary facility.
12-5.2.1 Application Disaster Recovery Plan
Templates
ADRP templates are available on the IT Web site, under
Support and Disaster Recovery Services.
d. The ADRP test must be certified by the development
organization, the executive sponsor, and the BCM
manager.
e. At the completion of the ADRP testing cycle, the
ADRP test completion date must be documented in
the EIR.
f. ADRPs for critical and business-controlled criticality
applications must be tested within 180 days of going
into production.
g. Critical applications must complete a fully operational
recovery test of the ADRP every 18 months.
h. Business-controlled criticality applications must complete either a tabletop walkthrough to test the application or an operational recovery test of the ADRP
every 36 months.
i. ADRPs must be stored in the designated plan
repository.
j. A hard copy of each ADRP must be securely stored
off-site with the facility recovery plan of the facility
where the application is housed.
k. All copies of ADRPs must be protected as restricted
information.
12-6 Relationship of Criticality and Recovery Time
Objective
The criticality of an application is determined during the Application BIA. The RTO, which is the maximum allowable
downtime for an application, is determined for applications
designated as critical or business-controlled criticality. The
RTO must be commensurate with the level of criticality. If
there is a significant mismatch between the RTO and the
criticality designation, the RTO and criticality designation
must be reviewed. As a general rule, the more critical the
application the lower the RTO. A lower RTO often requires
a larger investment in BCM resources, which, in turn, results in higher costs.
The EIR is updated with the criticality and RTO at the
completion of the BIA process. The RTO may be adjusted
later, in consultation with the DR service provider, as the
DR strategy is defined. Also at this time, the data currency
requirements/recovery point objective (RPO) will be determined. The DR service provider uses the EIR to identify
which applications require the development and testing of
an ADRP.
12-7 Mainframe Recovery Testing for Computer
Operations Service Centers
Full recovery testing of mainframe applications for the IT
Computer Operations Service Centers located at San Mateo, California, and Eagan, Minnesota, is required every 36
months. Testing requirements for critical and business-controlled criticality applications are unchanged by this requirement.
12-8 Backup of Information Resources
All information resources must implement backup procedures. The responsible Postal Service manager must define the appropriate backup media and frequency.
However, applications determined by the BIA to be critical
or business-controlled criticality must implement backup
and recovery strategies sufficient to meet the RTO and data
currency requirements.
12-8.1 What to Back Up
All essential components of an information resource required for continued operations must be backed up. Backups will include, but are not limited to, operating systems,
configuration files, general utilities, application software,
data, supporting files and tables, scripts, standard operating procedures, specialized equipment, and related
documentation.
12-8.2 Backup Schedules
All essential components must be backed up on a schedule
that is sufficient to meet the RTO and RPO of the application or information resource as defined by the executive
sponsor that controls the essential component.
12-8.3 Backup Inventory
An inventory of critical and business-controlled criticality
applications backup media and supporting materials must
be maintained. A copy of the inventory must be securely
stored off-site or stored in a fireproof container at the facility
that hosts the application. An inventory of backup media
and materials is recommended for all other information
resources.
12-8.4 Backup Storage Requirements
Backup media must be stored in a secure location (such as
a locked cabinet or room with controlled access).
12-8.5 Off-Site Backup Storage Requirements
Backup media for critical and business-controlled criticality
applications must be stored off-site at a location that is not
subject to the same threats as the original media. Off-site
storage of backup media is recommended for all other information resources.
12-8.6 Backup Verification
Backup media for critical and business-controlled criticality
applications must be verified to ensure that backups are
complete and can be read. From time to time, the application and associated backup hardware and software should
be tested with the backup media to ensure the application
can be successfully restored and used. Verification of
backup media is recommended for all other information resources.
12-8.7 Backup Disposal
All unneeded electronic backup media or hardware containing sensitive and business-controlled sensitivity electronic media must be erased using a method that complies
with the most current Postal Service policy and processes
on the disposal of sensitive and business-controlled sensitivity media.
12-9 BCM Plan Maintenance and Testing
Requirements Summary
Plans/
Applications |
Maintenance
|
Testing
|
IMT Plan |
Reviewed and updated every
6 months |
Yearly exercise
|
FRP |
Reviewed and updated every
6 months |
Yearly exercise
|
WRP |
Reviewed and updated every
6 months |
Yearly exercise
|
ADRP
blank |
Reviewed and
updated every 6 months |
For critical applications,
full operational recovery test within 180 days of going into production
and every 18 months thereafter |
For business-controlled
criticality applications, full operational recovery test within 180 days
of going into production and either a table top walk through exercise or
a full operational recovery test every 36 months thereafter |
IT Mainframe Applications
@ San Mateo and Eagan |
Covered by ADRP
|
Full recovery test every
36 months |
12-10 Operational Workarounds
For essential components of an information resource, operational workaround procedures should be developed
(where possible) for use whenever the RTO cannot be met
for recovery of the application or information resource. If
implemented, these manual workaround procedures will be
sustained until the essential components are fully restored
at the host facility.
12-11 Continuity of Operations Planning
It is the policy of the Postal Service to respond quickly at all
levels in the event of an emergency or threat, including human, natural, technological, and other emergencies or
threats, to continue critical operations. Each Postal Service
organizational element must be prepared to continue to
function and to resume critical operations efficiently and effectively if they are interrupted.
We must plan for meeting the demands of a wide spectrum
of emergency scenarios to ensure the continuance and
uninterrupted delivery of critical services to the public, other
federal agencies, tenants, clients, and employees. Continuity of operations planning must be maintained at a high level of readiness, be capable of being activated both with and
without warning, achieve operational status no later than 12
hours after activation, and maintain sustained operations
for up to 30 days or until termination. COOP plans must be
stored in the Postal Emergency Management System
(PEMS). Contact the Office of Emergency Preparedness
for additional information on COOP plans.
Each facility designated by the VP/CTO as a major information technology site must include COOP plan requirements
in their IMT and FRP to provide the processes and guidance to ensure the safety of personnel and the continuance
of critical operations in the event of an emergency or threat
of an emergency.
13 Incident Management
[Revise text of chapter 13 to read as follows:]
13-1 Policy
Postal Service information resources must be protected
against events that may jeopardize information security by
contaminating, damaging, or destroying information resources. All information security incidents must be reported
in accordance with the policies and procedures provided
below regardless of whether or not damage appears to
have been incurred.
13-2 Roles and Responsibilities
Specific Postal Service roles and responsibilities for incident management are defined in the sections below and
are depicted in Exhibit 13.2.
13-2.1 Inspector General
The inspector general, Office of the Inspector General
(OIG), is responsible for the following:
a. Conducting independent financial audits and evaluations of the operation of the Postal Service to ensure
that its assets and resources are fully protected.
b. Preventing, detecting, and reporting fraud, waste,
and program abuse.
c. Investigating computer intrusions as per the designation of functions between the OIG and the Postal Service Inspection Service.
d. Funding CISO investigative efforts outside of those
normally required.
13-2.2 Manager, Office of the Inspector General,
Computer Crimes Unit
The manager, Office of the Inspector General (OIG), Computer Crimes Unit (CCU) is responsible for the following:
a. Functioning as an ongoing liaison with the Computer
Incident Response Team (CIRT).
b. Serving as a point of contact between the CIRT and
law enforcement agencies.
c. Conducting criminal investigations of attacks upon
Postal Service networks and computers.
13-2.3 Chief Inspector
The chief inspector, Postal Inspection Service, is responsible for the following:
a. Providing physical protection and incident containment assistance during the investigation of information security incidents, as appropriate.
b. Investigating reported violations of security
regulations.
c. Conducting revenue/financial investigations of such
crimes as theft, embezzlement, or fraudulent activity.
d. Investigating information security incidents, as
appropriate.
e. Funding CISO investigative effort outside of that normally required.
13-2.4 Manager, Corporate Information Security
Office
The manager, Corporate Information Security Office
(CISO), is responsible for the following:
a. Ensuring that a process for managing information security incidents is implemented.
b. Escalating information security incidents to executive
management as appropriate.
c. Ensuring that lessons learned from information security incidents are incorporated into ongoing computer
security awareness and training programs.
d. Providing support to the OIG and the Inspection Service as requested.
e. Assessing and ensuring compliance with information
security incident management policies through inspections, reviews, and evaluations.
13-2.5 Managers, Computing Operations and
Advanced Computing Environment
Infrastructure
The managers, computing operations and advanced computing environment (ACE) infrastructure are responsible for
the following:
a. Creating and maintaining a timely patch management process.
b. Deploying patches to resources under their control.
c. Protecting information resources at risk during security incidents, if feasible.
d. Implementing virus containment.
e. Providing guidance and education on virus response.
f. Assisting in restoring information resources following
a virus attack.
g. Reporting suspected information security incidents to
the CIRT in a timely manner.
h. Deploying anti-virus software and updates, as
required.
i. Deploying anti-virus pattern file updates, as required.
j. Disseminating security awareness and warning advisories to local users.
k. Ensuring the completion of a PS Form 1360, Information Security Incident Report, or an acceptable
facsimile.
13-2.6 Program Manager, Secure Infrastructure
Services
The program manager, Secure Infrastructure Services
(SIS), is responsible for the following:
a. Providing security incident detection through perimeter virus scanning and intrusion detection services.
b. Approving, managing, and ensuring appropriate perimeter virus scanning, penetration testing, and network vulnerability scans and testing.
c. Managing the CIRT to assist the Postal Service to
contain, eradicate, document, and recover following
a computer security incident, and return to a normal
operating state.
d. Implementing necessary corrective measures
learned from incidents or from other sources.
e. Providing network intrusion detection services (IDS).
f. Providing network vulnerability testing and analysis
services.
13-2.7 Computer Incident Response Team
The CIRT is responsible for the following:
a. Providing timely and effective response to computer
security incidents as they occur based on an established priority for handling incidents.
b. Working with an affected organization to contain,
eradicate, document, and recover following a computer security incident.
c. Engaging other Postal Service organizations including, but not limited to, the OIG and Inspection
Service.
d. Escalating information security issues up the management chain, as required.
e. Conducting a post-incident analysis, where appropriate, and recommending preventive actions.
f. Maintaining a system for tracking incidents until they
are closed.
g. Maintaining a repository for documenting and analyzing Postal Service-wide security incidents.
h. Interfacing with other governmental agencies and
private sector computer incident response
organizations.
i. Participating in and providing information for Postal
Service security awareness.
j. Providing support to the OIG and the Inspection Service, as requested.
13-2.8 Manager, Telecommunications Services
The manager, Telecommunications Services, is responsible for the following:
a. Conducting perimeter scanning for viruses, malicious
code, and usage of nonstandard network protocols
and immediately reporting suspected information security incidents to the CIRT.
b. Monitoring network traffic for anomalies and immediately reporting anomalies to the CIRT.
c. Protecting information resources at risk during security incidents, if feasible.
d. Providing support to the CIRT for incident containment and response, as requested.
e. Ensuring the completion of a PS Form 1360, Information Security Incident Report, or an acceptable
facsimile.
13-2.9 Executive Sponsors
Executive sponsors are responsible for the following:
a. Reporting suspected information security incidents to
the CIRT in a timely manner.
b. Protecting information resources at risk during security incidents, if feasible.
c. Assisting in the containment of security incidents, as
required.
d. Following contingency plans for disruptive incidents.
e. Assessing damage caused by the incident and taking
corrective and preventive measures.
f. Documenting conversations and actions taken to
handle the incident.
g. Ensuring the completion of a PS Form 1360, Information Security Incident Report, or an acceptable
facsimile.
h. Providing resources to correct the damage and remove the vulnerability identified by the incident.
13-2.10 All Managers
Managers at all levels are responsible for the following:
a. Reporting suspected information security incidents to
the CIRT in a timely manner.
b. Protecting information resources at risk during security incidents, if feasible.
c. Assisting in the containment of security incidents, as
directed by the CIRT.
d. Following contingency plans for disruptive incidents.
e. Assessing damage caused by the incident and taking
appropriate corrective and preventive measures.
f. Documenting conversations and actions taken to
handle the incident.
g. Ensuring the completion of PS Form 1360, Information Security Incident Report, or an acceptable
facsimile.
h. Participating on calls to the CIRT or designating a responsible party to call in.
13-2.11 Security Control Officers
Security control officers (SCOs) are responsible for the
following:
a. Reporting suspected information security incidents to
the CIRT in a timely manner.
b. Providing support to the CIRT for incident containment and response as requested.
c. Ensuring the completion of a PS Form 1360, Information Security Incident Report, or an acceptable
facsimile.
d. Responding to physical security incidents.
e. Reporting physical security incidents to the Inspection Service.
f. Interfacing with CIRT, Inspection Service, ISS, or
OIG, as required.
13-2.12 System Administrators
System administrators, including network, firewall, and database administrators, are responsible for the following:
a. Reviewing audit and operational logs and maintaining records of the reviews.
b. Identifying anomalies and possible internal and external attacks on Postal Service information resources and immediately reporting them to the CIRT.
c. Protecting information resources at risk during information security incidents, if feasible.
d. Assisting in the containment of security incidents, as
required.
e. Taking action, as directed by the CIRT, to eradicate
the incidents and recover from them.
f. Participating in follow-up calls with the CIRT.
g. Fixing issues identified following an incident.
h. Initiating a PS Form 1360, Information Security Incident Report, or an acceptable facsimile.
i. Ensuring that security patches and bug fixes are updated and kept current for resources under their
control.
j. Ensuring that virus protection software and signature
files are updated and kept current for resources under their control.
13-2.13 Managers, Help Desks
The managers, Help Desks, are responsible for the
following:
a. Creating the entry for the problem tracking management system for security incidents reported to the
Help Desks.
b. Providing technical assistance for responding to suspected virus incidents reported to the Help Desks.
c. Escalating unresolved suspected virus events to the
CIRT.
13-2.14 All Personnel
All personnel are responsible for the following:
a. Protecting information resources at risk during security incidents, if feasible.
b. Calling the appropriate Help Desk for technical assistance for response to suspected virus incidents.
c. Reporting suspected information security incidents
immediately to the CIRT, their immediate supervisor
or manager, and system administrator.
d. Taking action, as directed by the CIRT, to protect
against information security incidents, to contain and
eradicate them when they occur, and to recover from
them.
e. Documenting all conversations and actions regarding
the security incident.
f. Completing PS Form 1360, Information Security Incident Report, or an acceptable facsimile.
13-2.15 Business Partners
Business partners are responsible for the following:
a. Protecting information resources at risk during security incidents, if feasible.
b. Reporting suspected information security incidents
promptly to the CIRT, the executive sponsor, and the
information systems security officer (ISSO) assigned
to their project.
c. Taking action, as directed by the CIRT, to protect
against information security incidents; to contain,
eradicate, and document them when they occur; and
to recover from them.
d. Documenting all conversations and actions regarding
the security incident.
e. Completing PS Form 1360, Information Security Incident Report, or an acceptable facsimile.
f. Maintaining information security "best practices" on
all information resources connecting to the Postal
Service infrastructure to include security patches and
anti-virus pattern recognition files.
Exhibit 13.2 Incident Management Responsibilities
Activity
|
Chief
Inspector
|
All
Managers1
|
CISO2
|
Technical
Resources3
|
All
Personnel/Business
Partners
|
SCOs
|
Inspector
General
|
Report incident
|
I
|
X
|
X
|
X/F
|
X
|
X
|
I/A
|
Protect information resource
|
X/I
|
X
|
C
|
X/F
|
X
|
X
|
I/A
|
Contain incident
|
X/I
|
X
|
blank |
X/F
|
X
|
X
|
II/A
|
Process incident report
|
blank |
blank |
X/F
|
blank |
blank |
blank |
A
|
Analyze incident reports
|
blank |
blank |
X/F
|
blank |
blank |
blank |
A
|
1 Executive sponsors and all managers
2 CISO and program manager, SIS
3 Technical Resources: managers, computing operations and ACE infrastructure; manager, Telecommunications Services; and system administrators
|
X
|
=
|
Responsible for accomplishment
|
F
|
=
|
Responsible for funding
|
C
|
=
|
Consulting support as required
|
A
|
=
|
Independent audits, evaluations, and reviews
|
L
|
=
|
Liaison and coordinating support as required
|
Other managers and organizations with responsibilities for incident management include: CIRT; OIG-CCU;
business partners; and managers, Help Desks (see Appendix A, Consolidated Roles and Responsibilities, for details).
13-3 Information Security Incidents
13-3.1 Overview
Information security incidents are events, whether suspected or proven, deliberate or inadvertent, that threaten
the integrity, availability, or confidentiality of information resources. The reporting of incidents enables the responsible
organizations to review the security controls and procedures; establish additional, appropriate corrective measures, if required; and reduce the likelihood of recurrence.
To protect the Postal Service computing environment, the
manager, CISO, may get involved at any point on any level
for information security related incidents impacting the
Postal Service.
13-3.2 Reportable Incidents
Reportable incidents include, but are not limited to, the
following:
a. Physical loss, theft, or unauthorized destruction of
Postal Service information resources; e.g., missing
or damaged hardware, software, or electronic media.
b. Unauthorized disclosure, modification, misuse, or inappropriate disposal of Postal Service information.
c. Internal or external unauthorized access attempts to
access information or the facility where it resides.
d. Unauthorized activity or transmissions using Postal
Service information resources.
e. Internal or external intrusions or interference with
Postal Service networks, such as denial-of-service
attacks, unauthorized activity on restricted systems,
unauthorized modification or deletion of files, or unauthorized attempts to control information resources.
f. Information resources with system software that is
not patched to the current level.
g. Information resources with virus protection software
that is not patched to the current level or is disabled.
h. Information resources with virus pattern recognition
files that are not current.
i. Sudden unavailability of files or data normally
accessible.
j. Unexpected processes, such as e-mail transmissions, that start without user input.
k. Files being modified, though no changes in them
should have occurred.
l. Files appearing, disappearing, or undergoing significant and unexpected changes in size.
m. Systems displaying strange messages or mislabel
files and directories.
n. Systems becoming slow, unstable, or inaccessible
(e.g., will not boot properly).
o. Data altered or destroyed, or access denied outside
of normal business procedures.
p. Detection of unauthorized personnel in controlled information security areas.
q. Security violation, suspicious actions, or suspicion or
occurrence of embezzlement or other fraudulent
activities.
r. Suspected bribery, kickbacks, and conflicts of
interest.
s. Revenue loss involving an information system.
t. Prohibited mass electronic mailings.
u. Potentially dangerous activities or conditions.
v. Illegal activities.
w. Violation of Postal Service information security policies and procedures.
13-4 Incident Prevention
The following actions by Postal Service personnel can help
prevent information security incidents:
a. Display proper badge when in any Postal Service
facility.
b. Be aware of your physical surroundings, including
weaknesses in physical security and the presence of
any unauthorized visitor.
c. Use only approved computer hardware and software
with the latest patches installed.
d. Install and maintain an updated virus protection software and pattern recognition files.
e. Do not download, install, or run a program unless you
know it to be authored by a person or company that
you trust.
f. E-mail users should be wary of unexpected
attachments.
g. E-mail users should be wary of URLs, because they
can link to malicious content. A common social engineering technique known as phishing uses misleading URLs to entice users to visit malicious Web sites.
h. Install a personal firewall.
i. Use a strong password of at least eight characters
composed of upper- and lower-case alphabetic, numeric, and special characters.
j. Encrypt information physically removed from a Postal
Service facility or transmitted over a non-secure network such as the Internet.
k. Back up data stored on local workstation.
l. Follow best practices, including the following:
1. Be wary of unexpected attachments. Know the
source of the attachment before opening it. Remember that many viruses originate from a familiar e-mail address.
2. Be wary of URLs in e-mail or instant messages.
URLs can link to malicious content that, in some
cases, may be executed without your intervention.
3. Be wary of social engineering attempts to solicit
restricted information, such as account numbers
and passwords.
4. Users of technology such as instant messaging
and file-sharing services should be careful of following links or running software sent by other users. These are commonly used methods among
intruders attempting to build networks of distributed denial-of-service agents.
5. Use strong passwords of at least eight characters
composed of upper- and lower-case alphabetic,
numeric, and special characters.
13-5 Preliminary CIRT Activities
The following preliminary activities can improve the CIRT's
ability to respond to information security incidents:
a. Develop an incident response plan. Predetermine
necessary actions and responses to specific classes
of incidents to facilitate the making of decisions under
pressure with minimal information.
b. Implement secure connections to make Intrusion
Detection System (IDS) policy changes and attack
signature updates.
c. Verify automated responses from IDS, etc.
d. Conduct penetration testing at times known only to
personnel with a need to know.
e. Regularly review available information sources such
as advisories and research findings to maintain
currency.
f. Notify management of potentially harmful events.
g. Prioritize the severity of information security
incidents.
h. Document lessons learned to improve CIRT
operations.
13-6 Incident Response
13-6.1 Incident Reporting
Information security incidents must be immediately reported to the CIRT via telephone at 1-866-USPS-CIR(T) or
1-866-877-7247 or via an e-mail to uspscirt@usps.gov. The
CIRT telephone number is a 24 X 7 hotline. Do not dismiss
a suspected incident or discount its seriousness.
In addition to the CIRT, the following personnel may be notified, as appropriate:
a. Help Desk at 1-800-USPS-HELP or 1-800-877-7435.
b. Immediate supervisor or manager.
c. Local system administrator or local technical support.
d. Corporate Information Security Office (CISO) at
1-919-501-9350.
e. Security Control Officer (SCO).
f. Inspection Service.
g. Office of the Inspector General (OIG) at
1-888-877-7644.
A PS Form 1360 must be completed and submitted to the
CIRT. An acceptable facsimile containing the same information required on the form may be submitted.
13-6.2 Information Resource Protection
When an information security-related situation or incident is
suspected or discovered, personnel must take steps, as directed by the CIRT, to protect the information resource(s) at
risk. Appropriate actions are:
a. Do not shut down or power off a system after a computer incident occurs.
b. Do not make any changes to the equipment or network in question without direction from the CIRT.
c. Do not discuss or e-mail anyone about the situation
or incident unless directed to do so by the CIRT.
d. Follow CIRT instructions with regard to options and
strategies for containment and recovery from the
incident.
e. Close and lock doors to protect unattended
equipment.
f. Turn off computer monitor so screen cannot be
viewed.
g. Challenge personnel without badges.
13-6.3 Incident Containment
Supervisors or managers who suspect, discover, or are notified of a security-related event must immediately notify the
CIRT and initiate appropriate response procedures to contain the incident, protect the confidentiality and integrity of
Postal Service information, and ensure business continuity.
Appropriate actions following the identification of a security
incident include, but are not limited to, the following:
a. Notifying CIRT for assistance to contain, eradicate,
and recover from the security incident.
b. Notifying the Inspection Service of a physical security
incident.
c. Documenting in a journal or log all conversations and
actions taken during the incident handling and response process and making this log available to
management personnel on request.
d. Ensuring personnel follow contingency plans for recovering from disruptive incidents.
e. Ensuring the completion of a PS Form 1360.
13-6.4 Processing Incident Reports
The CIRT is responsible for the following:
a. Logging and tracking security incident reports.
b. Ensuring appropriate response and resolution of security incidents.
c. Engaging appropriate organizational resources, such
as the Virus Response Team (VRT), OIG, Inspection
Service, etc.
d. Evaluating and escalating incident reports requiring
further action.
e. Retaining incident reports, supporting evidence, and
journals for 1 year or for a time period determined by
the OIG.
f. Providing Inspection Service and OIG access to all
reported information security incidents.
g. Complying with federal sector security incident reporting requirements.
13-6.5 Incident Investigation
A member of the OIG-CCU team is co-resident with the
CIRT and investigates, along with the Inspection Service,
violations of state and federal laws enacted to protect the
authenticity, privacy, integrity, and availability of electronically stored and transmitted information.
13-6.6 Incident Analysis
The CIRT will analyze security incidents and prepare reports summarizing the causes, frequency, and damage assessments of information security incidents.
CIRT management will analyze the CIRT reports to improve the information security program and keep Postal
Service executive management apprised as to the state of
information security.
13-6.7 Incident Escalation
It may be necessary to escalate an individual incident up
the management chain based on the following criteria:
a. Number of sites and systems under attack.
b. Type of data at risk.
c. Severity of the attack.
d. State of the attack.
e. Source or target of the attack.
f. Impact on the integrity of the infrastructure or cost of
recovery.
g. Attack on a seemingly "secure" information resource.
h. Personnel awareness of the attack.
i. New attack method use.
* * * * *
Appendix A, Consolidated Roles and Responsibilities
[Revise the text of Appendix A to read as follows:]
1 Chief Inspector
The chief inspector is the security officer for the Postal Service and has delegated authority for the information security program to the vice president, Chief Technology Officer.
For a complete description of Postal Inspection Service responsibilities, see the Administrative Support Manual. The
chief inspector is responsible for the following:
a. Establishing policies and procedures for personnel
security, including criteria for clearances and criteria
and the identification of sensitive positions.
b. Determining whether a position is sensitive.
c. Establishing policies and procedures for physical and
environmental security.
d. Issuing security requirements for personnel, physical, and environmental security.
e. Conducting background investigations and granting
personnel clearances.
f. Conducting site security reviews, surveys, and investigations of sites to evaluate all aspects of physical,
environmental, and personnel security.
g. Ensuring the physical security of facilities containing
Postal Service computer and telecommunications
equipment, and monitoring physical access as
deemed necessary.
h. Providing technical guidance on physical and environmental security activities that support information
security, such as controlled areas, access lists,
physical access control systems, and identification
badges; providing protection of workstations, portable devices, and sensitive, critical, and business-controlled media.
i. Directing the use of the Postal Service Security
Force.
j. Providing security consultation and guidance during
system, application, and product development to assure that security concerns are addressed and information and/or evidence that may be needed for an
investigation is retained by the information resource.
k. Assisting the manager, Corporate Information Security Office (CISO), with reviews, as appropriate.
l. Investigating reported violations of security
regulations.
m. Conducting revenue/financial investigations including theft, embezzlement, or fraudulent activity.
n. Providing physical protection and containment assistance and investigating information security incidents
as appropriate.
o. Funding CISO investigative efforts outside of those
normally required.
p. Managing, securing, scanning, monitoring, and supporting the Inspection Service's own network and information technology (IT) infrastructure.
2 Vice President, Chief Technology Officer
The vice president, Chief Technology Officer (VP/CTO) is
responsible for the following:
a. Ensuring the implementation of information security
assurance processes.
b. Identifying and authorizing baseline information resource services for personnel.
c. Ensuring that data is assigned to an organizational
entity for stewardship.
d. Ensuring that financial, personnel, and physical resources are available for completing security tasks.
e. Ensuring the protection and secure implementation
of the Postal Service information technology
infrastructure.
f. Together with the vice presidents of the functional
business areas, accepting, in writing, residual risk of
information resources and approving deployment.
3 Manager, Corporate Information Security
Office
The chief inspector has delegated to the VP/CTO responsibility for the information security program. The VP/CTO, in
turn, has delegated authority for development, implementation, and management of the information security program
to the manager, CISO. The manager, CISO, is responsible
for the following:
a. Setting the overall strategic and operational direction
of the Postal Service information security program
and its implementation strategies.
b. Engaging at any point on any level for issues related
to information security that impact the Postal Service.
c. Recommending members to the Information Security
Executive Council.
d. Developing information security policies, processes,
and procedures.
e. Managing the Information Security Assurance (ISA)
process.
f. Managing and providing guidance to the information
systems security officers (ISSOs).
g. Reviewing ISA evaluation reports and documentation
packages and forwarding both to the accreditors.
h. Maintaining an inventory of all information resources
that have completed the ISA process.
i. Managing the network connectivity review process
(see Handbook AS-805-D, Information Security Network Connectivity Process).
j. Designating chairpersons for the Network Connectivity Review Board (NCRB) and the Information Security Policy Review Board.
k. Ensuring secure and appropriate connectivity to the
Postal Service intranet.
l. Conducting site security reviews, as requested, or
providing support to the Postal Inspection Service
during its site security reviews, as requested.
m. Providing consulting support regarding physical, administrative, and technical security controls and processes that safeguard the availability and integrity of
the Postal Service intranet.
n. Providing consulting support for securing the network
perimeter, infrastructure, integrity controls, asset inventory, identification, authentication, authorization,
intrusion detection, penetration testing, and audit
logs.
o. Designating the chairperson of the Network Connectivity Review Board (NCRB).
p. Providing leadership of the Security Forum for the
Enterprise Architecture (EA) Forum.
q. Developing and implementing a comprehensive information security training and awareness program.
r. Serving as the central point of contact for all information security issues, and providing overall consultation and advice on information security policies,
processes, requirements, controls, services, and issues.
s. Assessing the adequacy of information security processes in a changing information infrastructure and
updating those processes as necessary.
t. Assessing the adequacy of physical, environmental,
and administrative security controls in a changing information technology environment and recommending changes as necessary.
u. Providing guidance and oversight for information security architecture, technologies, procedures, and
controls.
v. Establishing evaluation criteria and recommending
security hardware, software, and audit tools.
w. Providing guidance and oversight on application
security.
x. Approving the establishment of shared accounts.
y. Certifying the adequacy of security controls implemented on sensitive, critical, and business-controlled
information resources developed for, endorsed by, or
operated on behalf of the Postal Service.
z. Implementing a system for information security incident handling and reporting.
aa. Ensuring that a process for managing information security incidents is implemented.
ab. Incorporating lessons learned from information security incidents into ongoing computer security awareness and training programs.
ac. Ensuring compliance to information security policies
through inspections, reviews, and evaluations.
ad. Providing support to the Office of the Inspector General and the Inspection Service during the conduct of
investigative activities concerning information security, the computing infrastructure, and network intrusion, as requested.
ae. Providing support to the chief inspector during the
conduct of facility/site security reviews, as requested.
af. Escalating security issues to executive management
and promulgating security issues and recommended
corrective actions across the Postal Service.
ag. Authorizing monitoring and surveillance activities of
information resources.
ah. Authorizing (in case of threats to our infrastructure,
network, or operations) appropriate actions that may
include viewing and/or disclosing data to protect
Postal Service resources or the nation's communications infrastructure.
ai. Confiscating and removing any information resource
suspected of inappropriate use or violation of Postal
Service information security policies to preserve evidence that might be used in forensic analysis of a security incident.
aj. Reviewing and approving information security policy
for mail processing equipment / mail handling
equipment.
4 Information Security Executive Council
The Information Security Executive Council consists of appropriate Postal Service representatives and serves as a
steering committee advising the CISO on the following:
a. Prioritizing security issues based on business
requirements.
b. Funding information security programs.
c. Promulgating information security throughout the
Postal Service.
5 Vice Presidents, Functional Business Areas
The vice presidents of Postal Service functional business
areas are responsible for the following:
a. Approving and funding the development of information resources.
b. Ensuring resources are available for completing information security tasks.
c. Ensuring the security of all information resources
within their organization.
d. Together with the VP/CTO, accepting, in writing, residual risks associated with information resources
under their control and approving deployment.
e. Ensuring that contractual agreements require all contractors, vendors, and business partners to adhere to
Postal Service information security policies.
6 Vice President, Emergency Preparedness
The vice president, Emergency Preparedness, is responsible for the following:
a. Developing, implementing, and coordinating emergency preparedness plans to protect Postal Service
employees, customers, operations, and the mail during disasters and national emergencies.
b. Functioning as the Postal Service Emergency Response Coordinator.
7 Vice President, Engineering
The vice president, Engineering, is responsible for ensuring
the security of information resources used in support of the
mail processing environment and mail handling environment (MPE/MHE), including technology acquisition, development, and maintenance.
8 Vice President, Network Operations
Management
The vice president, Network Operation Management, is responsible for the security of the mail and information resources utilized in support of MPE/MHE strategies and
logistics.
9 All Officers and Managers
All officers, business and line managers, and supervisors,
regardless of functional area, are responsible for the
following:
a. Implementing information security policies and ensuring compliance with information security policies
by organizations and information resources under
their direction.
b. Ensuring that information security is a part of business decisions.
c. Promptly elevating problems, requirements, and matters requiring establishment or refinement of information security policies to the level necessary for
resolution.
d. Identifying sensitive information positions in their organizations, ensuring that personnel occupying sensitive positions hold the appropriate level of
clearance, and funding background investigations
and clearances.
e. Managing access authorizations and documenting
information security responsibilities for all personnel
under their supervision.
f. Ensuring that personnel under their supervision who
access information resources receive information security training commensurate with their position and
responsibilities, including policies on acceptable use
of information resources.
g. Providing resources, including personnel, financial,
and physical assets, to meet information security
requirements.
h. Promulgating information security awareness to all
personnel under their supervision, ensuring that their
personnel comply with Postal Service information security policies and procedures, and invoking user
sanctions as required.
i. Including employee information security performance
in performance evaluations.
j. Supervising the information security responsibilities
of their contractor personnel in the absence of a contracting officer.
k. Processing departing personnel appropriately and
notifying the appropriate system and database administrators when personnel no longer require access to information resources.
l. Initiating a written request for message and data content monitoring and send to the Chief Privacy Officer
(CPO) for approval.
m. Approving or denying requests, by personnel under
their supervision, for access to information resources
beyond baseline information resource services and
reviewing those access authorizations on a semiannual basis.
n. Ensuring that all hardware and software are obtained
in accordance with official Postal Service processes.
o. Protecting information resources.
p. Ensuring the development, exercise, and maintenance of all business continuity planning (BCP) plans
and assuring those plans are exercised yearly.
q. Planning for the resumption of their normal business
functions when notified that the facility can be safely
occupied.
r. Complying with emergency preparedness policies
and processes.
s. Participating in and ensuring that their personnel participate in BCM awareness and training, testing, and
exercising.
t. Providing the funding, people (e.g., site facility recovery team manager, application testers), and time necessary to develop, exercise, and maintain the BCP
and DRP plans.
u. Ensuring the development, exercise, and maintenance of all ADRPs and assuring those plans are exercised as designated by their criticality.
v. Ensuring information resources under their control are available and appropriate backups are
maintained.
w. Ensuring the development, testing, and maintenance
of operational workarounds for essential components
of an information resource under their control for use
in the event that the RTO cannot be met.
x. Ensuring compliance with Postal Service information
security policy and procedures.
y. Reporting suspected information security incidents to
the CIRT in a timely manner, protecting information
resources at risk during security incidents, containing
the incident, and following contingency plans for disruptive incidents.
z. Assessing damage caused by the incident and taking
appropriate corrective and preventive measures.
aa. Documenting conversations and actions taken to
handle the incident and completing a PS Form 1360,
Information Security Incident Report, or an acceptable facsimile.
ab. Participating on calls to the CIRT or designating a responsible party to call in.
ac. Responding to, and complying with, audit findings in
their areas of responsibility.
10 Executive Sponsors
Executive sponsors, as representatives of the vice president of the functional business area, are the business managers with oversight (funding, development, production,
and maintenance) of the information resource and are responsible for the following:
a. Consulting with the Chief Privacy Officer (CPO) on
determining information sensitivity and Privacy Act
applicability.
b. Conducting a business impact assessment (BIA) to
determine the sensitivity and criticality of each information resource under his or her control and to determine the potential consequences of information
resource unavailability.
c. Providing resources to ensure that security requirements are properly addressed.
d. Ensuring completion of an information resource risk
assessment for all sensitive, critical, and business-
controlled information resources under their purview.
e. Ensuring completion of a site security review, if the
facility hosts a sensitive, critical, or business-controlled information resource.
f. Ensuring that contract personnel under their supervision comply with Postal Service information security
policies and procedures.
g. Ensuring that all information security requirements
are included in contracts and strategic alliances.
h. Ensuring compliance with, and implementation of,
the Postal Service privacy policy, data collection
policy, and customer privacy statement.
i. Appointing, in writing, an information systems security representative (ISSR).
j. Ensuring completion of security-related activities
throughout the application ISA life cycle.
k. Ensuring that information resources within their purview are capable of enforcing appropriate levels of information security services to assure data integrity.
l. Implementing encryption to protect restricted information, as required.
m. Preventing residual data from being exposed to unauthorized users as information resources are released or reallocated.
n. Authorizing access to the information resources under their control and reviewing those access authorizations on a semiannual basis.
o. Ensuring information resource availability through
planning for capacity, scalability, and redundancy.
p. Maintaining an accurate inventory of Postal Service
information resources and coordinating hardware
and software upgrades.
q. Implementing configuration management for information resources.
r. Implementing hardware, software, and application
security.
s. Ensuring software is licensed and that information resources under their control are obtained in accordance with official Postal Service processes.
t. Ensuring appropriate funding for proposed business
partner connectivity, including costs associated with
the continued support for the life of the connection.
u. Initiating and complying with the network connectivity
request requirements and process as documented in
Handbook AS-805-D, Information Security Network
Connectivity Process.
v. Notifying the NCRB when the business partner trading agreement ends or when network connectivity is
no longer required.
w. Identifying essential business functions that support
the mission of the Postal Service and determining the
applications that are required to support these essential business functions.
x. Ensuring the implementation of appropriate backup
and backup verification of applications.
y. Funding application recovery (including but not
limited to hardware/software licenses required,
ADRP development, testing, and maintenance) for
applications.
z. Protecting information resources.
aa. Reporting suspected information security incidents to
the CIRT in a timely manner, protecting information
resources at risk during the security incident, containing the incident, and following contingency plans for
disruptive incidents.
ab. Assessing damage caused by the incident; documenting conversations and actions taken to handle
the incident; completing a PS Form 1360, Information
Security Incident Report, or an acceptable facsimile;
and providing resources to correct the damage and
remove the vulnerability identified by the incident.
11 Portfolio Managers
Portfolio managers are responsible for the following:
a. Functioning as the liaison between executive sponsors and IT providers.
b. Supporting the executive sponsor in the development
of information resources and the ISA process, including the BIA, risk assessment, and BCM.
c. Ensuring that the information resource is entered in
the Enterprise Information Repository (EIR) and updated as required.
d. Providing coordination and support to executive
sponsors for all matters relating to disaster recovery
(DR) processes, e.g., coordinate and support DR
costing models.
e. Functioning as the liaison between executive sponsors and DR service providers in the planning and
execution of DR requirements.
f. Functioning as an accreditor for information resources under his or her purview.
12 Managers of Major Information Technology
Sites
Managers of major information technology sites are responsible for the following:
a. Functioning as the Incident Management Team (IMT)
leader for their facility.
b. Identifying and training key technical personnel to
provide support in BCP and DRP for their facility and
information resources housed in their facility and the
alternate DR facilities.
13 Installation Heads
Installation heads are in charge of Postal Service facilities
or organizations, such as areas, districts, Post Offices, mail
processing facilities, parts depots, vehicle maintenance facilities, computer service centers, or other installations.
Installation heads are responsible for the following:
a. Designating a security control officer (SCO) who will
be responsible for both personnel and physical security at that facility, including the physical protection of
computer systems, equipment, and information located therein.
b. Implementing physical and environmental security
support for information security, such as the protection of workstations, portable devices, and sensitive,
critical, and business-controlled media.
c. Controlling physical access to the facility, including
the establishment and implementation of controlled
areas, access lists, physical access control systems,
and identification badges.
d. Funding building security equipment and security-related building modifications.
e. Maintaining an accurate inventory of Postal Service
information resources at their facilities and implementing appropriate hardware security and configuration management.
f. Maintaining and upgrading all security investigative
equipment, as necessary.
g. Ensuring completion of a site security review, providing assistance to the Inspection Service and ISSO as
required, and accepting site residual risk.
h. Ensuring that the Postal Service security policy,
guidelines, and procedures are followed in all activities related to information resources (including procurement, development, and operation) at their
facility.
i. Ensuring that all employees who use or are associated with the information resources in the facility are
provided information security training commensurate
with their responsibilities.
j. Taking appropriate action in response to employees who violate established security policy or
procedures.
k. Cooperating with the Inspection Service to ensure
the physical protection of the network infrastructure
located at the facility.
l. Providing consulting support for information resource
backup, providing facility recovery procedures to
each of the site's business units, and supporting the
development and maintenance of facility recovery
plans (FRPs).
m. Reporting information security incidents to the CIRT
in a timely manner, containing the incident, and following contingency plans for disruptive incidents.
n. Assessing damage caused by the incident, documenting conversations and actions taken to handle
the incident, and completing a PS 1360, Information
Security Incident Report, or an acceptable facsimile.
14 Chief Privacy Officer
The CPO is responsible for the following:
a. Developing policy relating to defining information
sensitivity and determining information sensitivity
designations.
b. Developing policy on Postal Service privacy issues.
c. Providing guidance to ensure Postal Service compliance with the Privacy Act, Gramm-Leach-Bliley
Act, Children's Online Privacy Protection Act, and
Freedom of Information Act.
d. Developing privacy compliance standards, customer
privacy statement, and customer data collection
standards, including cookies and Web transfer
notifications.
e. Approving requests for message and data content
monitoring.
f. Consulting on and reviewing the BIA during and following completion.
g. Ensuring compliance with the determination of information resource sensitivity policy.
h. Developing appropriate data record retention, disposal, and release guidelines.
15 Inspector General
The inspector general is responsible for the following (for a
description of the Office of Inspector General responsibilities, see Administrative Support Manual, Chapter 2):
a. Conducting independent financial audits and evaluation of the operation of the Postal Service to ensure
that its assets and resources are fully protected.
b. Preventing, detecting, and reporting fraud, waste,
and program abuse.
c. Promoting efficiency in the operation of the Postal
Service.
d. Investigating computer intrusions, as per the designation of functions between the OIG and the Postal
Service Inspection Service.
e. Funding CISO investigative efforts outside of those
normally required.
16 Manager, Office of the Inspector General,
Technical Crimes Unit
The manager, Office of the Inspector General (OIG), Technical Crimes Unit (TCU) is responsible for the following:
a. Functioning as an ongoing liaison with the CIRT.
b. Serving as a point of contact between the CIRT and
law enforcement agencies.
c. Conducting criminal investigations of attacks upon
Postal Service networks and computers.
17 Manager, Business Continuance Management
The manager, BCM, is responsible for the following:
a. Defining, planning, developing, implementing, managing, testing, exercising, and monitoring for compliance of a sustainable BCM Program for the Postal
Service.
b. Ensuring that appropriate business continuity plans
(Incident Management Team, Facility Recovery, and
Workgroup Response) are developed, tested, and
exercised for business functions and information
technology services.
c. Ensuring that appropriate ADRPs are developed and
tested for all critical and business-controlled criticality
information resources that support critical business
functions and services.
d. Developing and implementing lines of communication to the Chief Technology Officer organization,
executive sponsors, and business units, and providing consulting services concerning matters of BCM.
e. Providing BCM awareness and training for Postal
Service personnel.
f. Ensuring compliance with BCM and information security policies.
g. Providing DR services and processes that enhance
the ability of the Postal Service to reduce interruptions to IT services at major IT sites.
18 Manager, Telecommunications Services
The manager, Telecommunications Services, is responsible for the following:
a. Implementing and maintaining operational information security throughout the infrastructure.
b. Managing network addressing and virtual private networks (VPNs).
c. Recommending and deploying network hardware
and software based on the Postal Service security
architecture.
d. Monitoring and tracking all physical connections
between any component of the Postal Service
telecommunications infrastructure and any associated information resource not under Postal Service
control.
e. Ensuring secure and appropriate management of the
Postal Service intranet.
f. Implementing security controls and processes that
will safeguard the availability and integrity of the
Postal Service intranet and will support the confidentiality of sensitive information.
g. Implementing the network perimeter, including firewalls, demilitarized zones (DMZs), and secure
enclaves.
h. Implementing secure methods of remote access and
appropriate remote access controls.
i. Implementing strong authentication, digital certificates, digital signatures, biometrics, smart cards, tokens, and the associated infrastructure for network
management.
j. Implementing appropriate security administration
and managing accounts appropriately.
k. Maintaining the integrity of data and network information resources.
l. Deploying and managing perimeter virus scanning.
m. Maintaining an accurate inventory of Postal Service
network information resources.
n. Creating and maintaining a timely patch management process for network information resources.
o. Deploying patches to information resources under
his or her control.
p. Implementing and managing wireless local area networks (WLANs) connectivity.
q. Conducting capacity planning.
r. Ensuring that recovery plans and sufficient capacity
are in place for the recovery of the telecommunications infrastructure for the IT-supported Postal Service sites.
s. Identifying and training key technical personnel to
provide support in the BCP and DRP for information
resources housed in IT-supported Postal Service
sites.
t. Conducting perimeter scanning for viruses, malicious
code, and usage of nonstandard network protocols
and immediately reporting suspected information security incidents to the CIRT.
u. Monitoring network traffic for anomalies and immediately reporting anomalies to the CIRT.
v. Protecting information resources at risk during security incidents, if feasible.
w. Providing support for CIRT incident containment and
response, as requested.
x. Ensuring the completion of a PS Form 1360, Information Security Incident Report, or an acceptable
facsimile.
19 Managers, Computing Operations and ACE
Infrastructure
The managers, computing operations and ACE infrastructure, are responsible for the following:
a. Implementing and maintaining security throughout
the mainframe and distributed infrastructure.
b. Recommending and deploying mainframe and distributed hardware and software based on the Postal
Service security architecture.
c. Coordinating and implementing standard platform
configurations based on the Postal Service security
architecture.
d. Creating and maintaining a timely patch management process and deploying patches to resources
under their control.
e. Maintaining an accurate inventory of Postal Service
information resources, tracking and reacting to security vulnerability alerts, coordinating hardware and
software upgrades, and maintaining appropriate
records.
f. Implementing information security policies, procedures, and hardening standards.
g. Defining acceptable thresholds for anti-virus software
and recognition patterns.
h. Deploying and maintaining software to scan for malicious code and usage of nonstandard network
protocols.
i. Functioning as an accreditor for internally managed
information resources.
j. Ensuring that mainframe remote access is appropriately managed.
k. Implementing appropriate security administration
and ensuring that accounts are managed
appropriately.
l. Maintaining the integrity of data and information resources and ensuring the appropriate level of information resource availability.
m. Ensuring information resource availability through
planning for capacity, scalability, and redundancy.
n. Ensuring the installation of the authorized internal
warning banner.
o. Ensuring the compliance with Postal Service information security policy and procedures.
p. Protecting information resources at risk during security incidents and implementing virus containment.
q. Providing guidance and education on virus response.
r. Assisting in restoring information resources following
a virus attack.
s. Reporting suspected information security incidents to
the CIRT in a timely manner.
t. Distributing anti-virus software and updates, as
required.
u. Distributing anti-virus pattern file updates, as
required.
v. Disseminating security awareness and warning advisories to local users.
w. Ensuring the completion of a PS Form 1360, Information Security Incident Report, or an acceptable
facsimile.
20 Managers of Development Centers
Managers of development centers shall be responsible for
the following:
a. Providing support services to the executive sponsor
through the appropriate portfolio manager for all matters relating to BCM.
b. Ensuring that ADRPs are developed for applications
developed at their site or applications developed under their governance and that those ADRPs are
tested in accordance with the application's designated criticality.
c. Identifying and training key technical personnel to
provide support in the testing of BCP plans for their
facility and ADRPs for applications developed at their
site, applications developed under their governance,
and applications housed at their site or alternate site
facilities.
d. Identifying and training alternate technical personnel
to support critical and business-controlled criticality
applications in case of disaster.
21 Program Manager, Secure Infrastructure
Services
The program manager, Secure Infrastructure Services
(SIS), is responsible for the following:
a. Defining the hardening standards for Postal Service
information resources.
b. Configuring and managing the implementation of personal firewalls on laptops and desktop workstations.
c. Removing network connectivity from any computing
device that does not meet the defined operating system and anti-virus software and recognition pattern
thresholds.
d. Providing consulting support regarding physical, administrative, and technical security controls and processes that safeguard the availability and integrity of
the Postal Service intranet and support the confidentiality of information.
e. Providing consulting support regarding secure connectivity to the Postal Service intranet.
f. Providing consulting support regarding network services and protocols used by Postal Service information resources.
g. Implementing and maintaining a secure Postal Service computing infrastructure by setting standards
and developing the security processes and
procedures.
h. Implementing and maintaining operational information security throughout the infrastructure.
i. Coordinating and approving standard configurations
for devices.
j. Recommending and deploying network hardware
and software based on the Postal Service security
architecture.
k. Approving network services and protocols.
l. Monitoring and tracking all physical connections between any component of the Postal Service telecommunications infrastructure and any other information
resource not under Postal Service control.
m. Ensuring secure and appropriate management of the
Postal Service Managed Network Services (MNS).
n. Implementing security controls and processes that
will safeguard the availability and integrity of the
MNS.
o. Determining the standards and configuration for secure enclaves.
p. Assessing information resources to determine the
need for placement in a secure enclave.
q. Ensuring that network services and protocols used
by Postal Service information resources provide the
appropriate level of security for the MNS.
r. Implementing secure methods of remote access and
appropriate remote access controls.
s. Implementing secure identification and authentication mechanisms including strong authentication, digital certificates, digital signatures, biometrics, smart
cards, tokens, and the associated infrastructure.
t. Ensuring that only Postal Service-approved encryption products are used.
u. Implementing appropriate security administration
and managing accounts appropriately.
v. Maintaining the integrity of data and information
resources.
w. Providing security incident detection through perimeter virus scanning and intrusion detection services.
x. Approving, managing, and ensuring appropriate perimeter virus scanning, penetration testing, and network vulnerability scans and testing.
y. Ensuring network perimeter security by implementing, approving, and managing firewalls, secure enclaves, proxy servers, intrusion detection services,
and intrusion prevention services.
z. Managing the CIRT to assist the Postal Service to
contain, eradicate, document, recover following a
computer security incident, and return to a normal
operating state.
aa. Implementing necessary corrective measures
learned from incidents or from other sources.
ab. Ensuring compliance with Postal Service computing
infrastructure security standards, processes, and
procedures.
ac. Approving the use of networking monitoring tools, except those used by the OIG.
ad. Providing support to the OIG during the conduct of investigative activities concerning information security,
the computing infrastructures, and network intrusion
as requested.
ae. Monitoring all logs.
af. Providing network intrusion detection services (IDS).
ag. Providing network vulnerability testing and analysis
services.
22 Network Connectivity Review Board
The NCRB is responsible for the following:
a. Managing the Postal Service network connectivity
process through the implementation of the Handbook
AS-805-D, Information Security Network Connectivity Process.
b. Developing system connectivity requirements for
Postal Service connections to external systems, externally facing applications (e.g., FTP servers), and
connections via the Internet to Postal Service development, production, and internal networks.
c. Developing standard connectivity and documentation
criteria to expedite approval of connectivity requests
without additional board action.
d. Requesting additional information, security reviews,
or audits regarding proposed or approved connections, if deemed necessary.
e. Evaluating connectivity and firewall change requests
and approving or rejecting them based upon existing
policy, best practices, and the level of risk associated
with the request.
f. Consulting with executive sponsors on network information security requirements.
g. Assisting the requester in identifying alternative solutions for denied requests that are acceptable to the
requester and the Postal Service.
h. Reviewing new information resource, infrastructure,
and network connections and their effects on overall
Postal Service operations and information security.
i. Approving network services and protocols.
j. Recommending changes to the business partner
(BP) network. In situations where high risk factors exist, issuing mitigating requirements for connectivity.
k. Ordering the disabling of an information resource or
network connection that does not comply with Postal
Service policies, procedures, and standards or which
is found to pose a significantly greater risk than when
originally assessed.
23 Computer Incident Response Team
The CIRT is responsible for the following:
a. Providing timely and effective response to computer
security incidents as they occur.
b. Working with an organization to contain, eradicate,
document, and recover following a computer security
incident.
c. Engaging other Postal Service organizations in-
cluding, but not limited to, the OIG and Inspection
Service.
d. Escalating information security issues to executive
management as required.
e. Conducting a post-incident analysis, where appropriate, and recommending preventive actions.
f. Maintaining a system for tracking incidents until they
are closed.
g. Maintaining a repository for documenting and analyzing Postal Service-wide security incidents.
h. Interfacing with other governmental agencies and private sector computer incident response centers.
i. Participating in and providing information for Postal
Service security awareness.
j. Developing and documenting processes for incident
reporting and management.
k. Providing support to the OIG and the Inspection Service, as requested.
24 Managers, Help Desks
The managers, Help Desks, are responsible for the
following:
a. Creating the entry for the problem tracking management system for security incidents reported to the
Help Desks.
b. Providing technical assistance for responding to suspected virus incidents reported to the Help Desks.
c. Escalating unresolved suspected virus events to the
CIRT.
25 Contracting Officers and Contracting Officer
Representatives
Contracting officers and contracting officer representatives
are responsible for the following:
a. Ensuring that information technology contractors,
vendors, and business partners are contractually obligated to abide by Postal Service information security policies, standards, and procedures.
b. Ensuring that all contracts and business agreements
requiring access to Postal Service information resources identify sensitive positions, specify the clearance levels required for the work, and address
appropriate security requirements.
c. Ensuring that contracts and business agreements allow monitoring and auditing of any information resource project.
d. Ensuring that the security provisions of the contract
and business agreements are met.
e. Confirming the employment status and clearance of
all contractors who request access to information
resources.
f. Ensuring all account references, building access,
and other privileges are removed for contractor personnel when they are transferred or terminated.
26 General Counsel
The general counsel is responsible for the following:
a. Ensuring that information technology contractors,
vendors, and business partners are contractually
obligated to abide by Postal Service information security policies, standards, and procedures.
b. Ensuring that contracts and agreements are in place
that allow monitoring and auditing of any information
resource project.
27 Business Partners
Business partners may request connectivity to Postal Service network facilities for legitimate business needs. Business partners requesting or utilizing connectivity to Postal
Service network facilities are responsible for the following:
a. Initiating a request for connectivity to the Postal Service executive who sponsors the request.
b. Complying with Postal Service network connectivity
request (see Handbook AS-805-D, Information Security Network Connectivity Process) requirements and
process.
c. Abiding by Postal Service information security policies regardless of where the systems are located or
who operates them. This also includes strategic
alliances.
d. Protecting information resources at risk during security incidents, if feasible.
e. Reporting information security incidents promptly to
the CIRT, the executive sponsor, and the information
systems security officer (ISSO) assigned to their
project.
f. Taking action, as directed by the CIRT, to eradicate
the incident and recover from it.
g. Documenting all conversations and actions regarding
the security incident.
h. Allowing site security reviews by the Postal Inspection Service and CISO.
i. Allowing audits by the OIG.
28 Project Managers
Project managers for the information resource development, acquisition, or integration project are responsible for
the following:
a. Managing day-to-day development and implementation efforts for new information resources.
b. Incorporating the appropriate security controls in all
information resources.
c. Updating the EIR on behalf of the portfolio manager.
29 Accreditors
For internally managed information resources, the accreditors are the portfolio manager and the manager, Host Computer Services. For externally managed information
resources, the accreditor is the portfolio manager. Accreditors are responsible for the following:
a. Reviewing the ISA evaluation report and documentation package.
b. Recommending to the VP/CTO and the vice president of the functional business area that the Postal
Service should accept residual risks associated with
the information resource's existing security controls
or require additional security controls.
c. Writing and signing the letter of accreditation for submission to the VP/CTO and vice president of the
functional business area.
30 Security Control Officers
SCOs ensure the general security of the facilities to which
they are appointed, including the safety of on-duty personnel and the security of mail, Postal Service funds, property,
and records entrusted to them (see ASM 271.3). SCOs are
responsible for the following:
a. Establishing and maintaining overall physical and environmental security at the facility, with technical
guidance from the Inspection Service.
b. Establishing controlled areas within the facility, where
required, to protect sensitive, critical, or business-
controlled information resources.
c. Establishing and maintaining access control lists of
people who are authorized access to specific controlled areas within the facility.
d. Ensuring positive identification and control of all personnel and visitors in the facility.
e. Ensuring the protection of servers, workstations, portable devices, and information located at the facility.
f. Consulting on the facility COOP plans.
g. Conducting annual facility security reviews using the
site security survey provided by the Inspection
Service.
h. Reporting suspected information security incidents to
the CIRT and ensuring the completion of a PS Form
1360, Information Security Incident Report, or acceptable facsimile.
i. Providing support to the CIRT for incident containment and response, as requested.
j. Responding to physical security incidents.
k. Reporting physical security incidents to the Inspection Service.
l. Interfacing with CIRT, Inspection Service, CISO, or
OIG-CIU, as required.
31 Information Systems Security Officers
ISSOs are responsible for the following:
a. Chairing the ISA team.
b. Coordinating the completion of the BIA and ensuring
that the sensitivity and criticality designations and
RTO are properly recorded in the EIR.
c. Providing advice and consulting support to executive
sponsors regarding the security requirements and
controls necessary to protect information resources,
based on the resources' sensitivity and criticality
designation.
d. Providing guidance on potential threats and vulnerabilities to information resources, appropriate choice
of countermeasures, and the ISA process.
e. Conducting site security reviews or assisting the Inspection Service in conducting them.
f. Reviewing the ISA documentation package.
g. Preparing the evaluation report.
32 Information Systems Security
Representatives
ISSRs are appointed in writing by the executive sponsors
and are members of the information resource development
or integration teams. The role of the ISSR can be an ad-hoc
responsibility performed in conjunction with assigned duties. ISSRs are responsible for the following:
a. Providing support to the executive sponsor and portfolio manager, as required.
b. Promoting information security awareness on the
project team.
c. Ensuring security controls and processes are
implemented.
d. Notifying the executive sponsor and ISSO of any
additional security risks or concerns that emerge
during development or acquisition of the information
resource.
e. Developing or reviewing security-related documents
required by the ISA process as assigned by the
executive sponsor.
f. Organizing the ISA documentation package and forwarding the package to the ISSO.
33 System Administrators
System administrators are technical personnel who serve
as computer systems, network, firewall, and database administrators, whether the system management function is
centralized, distributed, subcontracted, or outsourced. System administrators are responsible for the following:
a. Implementing information security policies and procedures for all information resources under their control, and also for monitoring the implementation for
proper functioning of security mechanisms.
b. Implementing appropriate platform security based on
the platform-specific hardening guidelines for the information resources under their control.
c. Complying with standard configuration settings, services, protocols, and change control procedures.
d. Applying approved patches and modifications in accordance with policies and procedures established
by the Postal Service. Ensuring that security patches
and bug fixes are updated and kept current for resources under their control.
e. Implementing appropriate security administration
and ensuring that logon IDs are unique.
f. Setting up and managing accounts for information resources under their control in accordance with policies and procedures established by the Postal
Service.
g. Disabling accounts of personnel whose employment
has been terminated, who have been transferred, or
whose accounts have been inactive for an extended
period of time.
h. Making the final disposition (e.g., deletion) of the accounts and information.
i. Managing sessions and authentication and implementing account time-outs.
j. Preventing residual data from being exposed to unauthorized users as information resources are released or reallocated.
k. Testing information resources to ensure security
mechanisms are functioning properly.
l. Tracking hardware and software vulnerabilities.
m. Maintaining an accurate inventory of Postal Service
information resources under their control.
n. Ensuring that audit and operational logs, as appropriate for the specific platform, are implemented, monitored, protected from unauthorized disclosure or
modification, and are retained for the time period specified by Postal Service security policy.
o. Reviewing audit and operational logs and maintaining records of the reviews.
p. Identifying anomalies and possible internal and
external attacks on Postal Service information
resources.
q. Reporting information security incidents and anomalies to their manager and the CIRT immediately upon
detecting or receiving notice of a security incident.
r. Protecting information resources at risk during security incidents and assisting in the containment of
security incidents as required.
s. Taking action as directed by the CIRT and initiating a
PS Form 1360, Information Security Incident Report,
or an acceptable facsimile.
t. Participating in follow-up calls with the CIRT.
u. Fixing issues identified following an incident.
v. Ensuring that virus protection software and signature
files are updated and kept current for resources under their control.
w. Ensuring the availability of information resources by
implementing backup and recovery procedures.
x. Ensuring the compliance with Postal Service information security policy and procedures.
y. Monitoring the implementation of network security
mechanisms to ensure that they are functioning properly and are in compliance with established security
policies.
z. Assisting with periodic reviews, audits, troubleshooting, and investigations, as requested.
aa. Maintaining a record of all monitoring activities for information resources under their control.
34 Database Administrators
Database administrators (DBAs) are responsible for the
following:
a. Implementing appropriate database security based
on the platform-specific hardening guidelines for the
information resources under their control.
b. Implementing information security policies and procedures for all database platforms and monitoring the
implementation of database security mechanisms to
ensure that they are functioning properly and are in
compliance with established policies.
c. Applying approved patches and modifications, in accordance with policies and procedures established
by the Postal Service.
d. Maintaining an accurate inventory of Postal Service
information resources under their control.
e. Implementing appropriate database security administration and ensuring that logon IDs are unique.
f. Setting up and managing accounts for systems under
their control in accordance with policies and procedures established by the Postal Service.
g. Disabling accounts of personnel that have been terminated, transferred, or have accounts that have
been inactive for an extended period of time.
h. Making the final disposition (e.g., deletion) of the accounts and information.
i. Managing sessions and authentication and implementing account time-outs.
j. Preventing residual data from exposure to unauthorized users as information resources are released or
reallocated.
k. Testing applications to ensure that security mechanisms are functioning properly.
l. Tracking hardware and software vulnerabilities.
m. Ensuring database logs are turned on, logging appropriate information, protected from unauthorized
disclosure or modification, and retained for the time
period specified.
n. Reviewing audit logs and maintaining records of log
reviews.
o. Assisting with periodic reviews, audits, troubleshooting, and investigations, as requested.
p. Ensuring the availability of databases by implementing database backup and recovery procedures.
q. Identifying anomalies and possible attacks on Postal
Service information resources.
r. Reporting information security incidents and anomalies to their manager and the CIRT immediately upon
detecting or receiving notice of a security incident.
s. Taking action as directed by the CIRT and initiating a
PS 1360 as required.
35 All Personnel
All personnel, including employees, consultants, subcontractors, business partners, customers who access non-
publicly available Postal Service information resources
(such as mainframes or the internal Postal Service network), and other authorized users of Postal Service information resources are responsible for the following:
a. Complying with applicable laws, regulations, and
Postal Service information security policies and
procedures.
b. Displaying proper identification while in any facility
that provides access to Postal Service information
resources.
c. Being aware of their physical surroundings, including
weaknesses in physical security and the presence of
any authorized or unauthorized visitor.
d. Protecting information resources, including workstations, portable devices, information, and media.
e. Performing the security functions and duties associated with their job, including the safeguarding of their
logon IDs and passwords.
f. Changing their password immediately, if they suspect
that the password has been compromised.
g. Prohibiting any use of their accounts, logon IDs,
passwords, personal information numbers (PINs),
and tokens by another individual.
h. Taking immediate action to protect the information resources at risk upon discovering a security deficiency
or violation.
i. Using licensed and approved hardware and
software.
j. Protecting intellectual property.
k. Complying with Postal Service remote access information security policies, including those for virtual
private networks (VPNs), modem access, dial-in access, secure telecommuting, and remote management and maintenance.
l. Complying with acceptable use policies.
m. Maintaining an accurate inventory of databases for
which they are responsible.
n. Protecting information resources against viruses and
malicious code.
o. Calling the appropriate Help Desk for technical assistance in response to suspected virus incidents.
p. Promptly reporting to the CIRT and, as appropriate,
to their immediate supervisor, manager, or system
administrator, any suspected security incidents, including security violations or suspicious actions, suspicion or occurrence of any fraudulent activity;
unauthorized disclosure, modification, misuse, or inappropriate disposal of Postal Service information;
and potentially dangerous activities or conditions.
q. Taking action, as directed by the CIRT, to protect
against information security incidents, to contain and
eradicate them when they occur, and to recover from
them.
r. Documenting all conversations and actions regarding
the security incident.
s. Completing PS Form 1360, Information Security Incident Report, or an acceptable facsimile.
* * * * *
[Delete the Glossary and Acronyms portions of the
handbook.]
- Corporate Information Security Office,
Vice President/Chief Technology Officer, 9-30-04
International
Mail
ASM REVISION
Changes to Mail Security Regulations for International Mail
Effective August 9, 2004, the Administrative Support
Manual (ASM) is revised to reflect changes in procedures
for screening and search of international mail. These revisions are designed to harmonize the ASM with changes in
statutory law; the reclassification of international postal services; the introduction of a new, international service; and
the adoption of protocols for screening transit mail.
First, these revisions reflect changes in the nomenclature of international mail products, including the change
from the former "LC" and "AO" distinctions to a new classification system that was replaced in January 2001 by a new
product classification system. This change based the classification of mail mainly on the speed of service rather than
on the contents of the mail.
Second, the changes reflect the introduction of Global
Express Guaranteed (GXGTM) service, which provides
high-speed time-definite service to certain destination
countries.
Third, mail security regulations are amended to reflect
changes by the Trade Act of 2002, which authorized customs authorities to conduct searches of outbound international mail.
Fourth, references to "Customs authorities" have been
changed to refer to "Customs and Border Protection," because that agency was transferred to the Department of
land Security (DHS) and its name was changed.
Finally, the regulations are revised to reflect recent instructions provided to Customs and Border Protection officers. These officers have been authorized to conduct
certain screening activities in connection with transit mail.
Customs and Border Protection officers may now use non-
intrusive means to screen transit mail for materials that
pose a threat to persons and property and may take appropriate actions to render such materials harmless.
This section does not confer any substantive rights upon
any other person or entity.
We will incorporate these revisions into the next printed
version of the ASM and into the online version of the ASM
available on the Postal ServiceTM PolicyNet Web site, which
includes all updates since the last published version of the
manual. The online version of the ASM is available as
follows:
Go to http://blue.usps.gov.
Under "Essential Links" in the left-hand column, click
on References.
Under "References" in the right-hand column, click
on PolicyNet.
Click on Manuals.
(The direct URL for the Postal Service PolicyNet Web
site is http://blue.usps.gov/cpim.)
Administrative Support Manual (ASM)
* * * * *
2 Audits and Investigations
* * * * *
27 Security
* * * * *
274 Mail Security
* * * * *
274.2 Opening, Searching, and Reading Mail
Generally Prohibited
* * * * *
274.23 Definitions
274.231 Mail Sealed Against Inspection
The following terms and definitions apply:
* * * * *
[Revise items b and c to read as follows, and delete item d.]
b. The terms include First-Class Mail, Priority Mail,
Express Mail (domestic and international), Mailgram messages, Global Express Guaranteed Document service, Global Priority Mail service,
International Priority AirmailTM service, international
Letter Post Mail other than International Surface Airlift service and Publishers' Periodicals, and international transit mail. See the definition of Letter Post in
the International Mail Manual.
c. The terms exclude incidental First-Class Mail matter
permitted to be enclosed in or attached to certain
Periodicals, Standard Mail, and Package Services
mailing (see DMM E070).
274.232 Mail Not Sealed Against Inspection
The following terms and definitions apply:
* * * * *
[Revise item b to read as follows, and delete item c.]
b. The terms include Periodicals, Standard Mail, Package Services, incidental First-Class attachments or
enclosures mailed under DMM E070, and (as defined
in the International Mail Manual) Global Express
Guaranteed Non-Document service, international
parcel post mail, International Surface Airlift service,
and Publishers' Periodicals.
* * * * *
274.4 Mail Reasonably Suspected of Being
Dangerous to Persons or Property
274.41 Screening of Mail
[Replace "chief postal inspector" with "Chief Postal Inspector" throughout 274.41.]
* * * * *
274.8 International Transit Mail
274.81 Definitions
* * * * *
274.813 Découvert Letter Post Item
[Revise 274.813 to read as follows:]
The term " découvert letter post item" refers to any international letter post item as defined in the International Mail
Manual that is addressed for delivery by a foreign postal
administration and is passed to the Postal Service by a foreign postal administration in a bag or container, or mail that
must be opened by the Postal Service under applicable
postal treaties or conventions because it also contains
items addressed for delivery by the Postal Service.
274.82 Special Security Rules
[Revise 274.82 to read as follows:]
International transit mail is entitled to freedom of transit. It
must not be opened, seized, or searched. It is not subject to
Agriculture inspection under 274.92, but is subject to
screening by Customs and Border Protection officers under
274.913. In accordance with the Universal Postal Convention, any international transit mail consisting of closed mail,
-découvert letter post items, and airmail correspondence
must not be detained, but must instead be forwarded to
the next foreign postal administration by the quickest routes
that the Postal Service uses for mail sealed against
inspection.
274.9 Mail Security, Law Enforcement, and Other
Government Agencies
[Revise the heading and text of 274.91 to read as follows:]
274.91 Customs and Border Protection
274.911 Inbound Mail
Without a search warrant, but upon reasonable cause to
suspect that the mail contains dutiable or prohibited items,
designated Customs and Border Protection personnel may
open or inspect the contents of mail in the customs inspection of mail (including APO and FPO mail) that originated
outside the Customs Territory of the United States (CTUS)
and is addressed for delivery either inside the CTUS or inside the customs district of the Virgin Islands, on the following terms and conditions:
a. Other Regulations. Such inspections may be conducted only under the International Mail Manual
(IMM) relating to cooperation with Customs and Border Protection on inspection of imports.
b. Privacy of Correspondence. No Customs and Border
Protection personnel may read, allow any other person to read, divulge, or transfer to any other person
any correspondence contained in sealed mail; nor
may Customs personnel divulge, allow any other person to read or listen to, transfer to any other person,
or knowingly listen to any paper or recording that is
correspondence for the blind contained in unsealed
mail; nor may Customs and Border Protection personnel divulge, allow any other person to read, or
transfer to any person correspondence of school children permitted transmission in unsealed mail, unless
such action is authorized by a search warrant issued
under Rule 41 of the Federal Rules of Criminal
Procedure.
c. Search Warrant Required for Domestic and Certain
International Mail. No Customs and Border Protection personnel may, without a search warrant, open,
inspect, read, or seize any mail in postal custody (including APO and FPO mail) that has not originated
outside the CTUS, or that has diplomatic or consular
immunity from Customs inspection (see IMM 711).
d. Controlled Delivery of Drugs in Sealed Mail. When a
postal inspector decides, at the request of a federal,
military, state, or local narcotics agent, to make a
controlled postal delivery of a sealed mail article that
the Customs and Border Protection personnel have
opened under 274.91, and that the Customs and Border Protection has determined through a reliable field
test or reliable laboratory examination to contain il-
legal narcotics or dangerous drugs, the postal
inspector may reopen the article without a search
warrant. The inspector may reopen the article without
a warrant only to prepare the article for such a controlled delivery in such way or ways as lawfully and
reasonably aid in the investigation of the crime of importing such substances through the mail. No correspondence inside such an article may be read or
divulged without a search warrant as described in
274.6.
274.912 Outbound Mail
a. Designated Customs and Border Protection personnel may, as authorized by this section and without a
search warrant, open and inspect the contents of
mail originating inside the Customs Territory of the
United States and addressed for delivery at a place
outside the United States, its territories or possessions ("outbound international mail") for the purpose
of ensuring compliance with the customs laws of the
United States and other laws enforced by Customs
and Border Protection.
b. Designated Customs and Border Protection personnel may search outbound international mail that is not
sealed against inspection under the postal laws and
regulations of the United States, outbound international mail which bears a customs declaration, and
outbound international mail with respect to which the
sender or addressee has consented in writing to
search.
c. Designated Customs and Border Protection personnel may, without a search warrant, search outbound
international mail that weighs more than 16 ounces
and is sealed against inspection if there is reasonable cause to suspect that the mail contains one or
more of the items listed in 19 U.S.C. 1583(c)(1). No
one acting under the authority of this section shall
read or authorize any other person to read any correspondence contained in mail sealed against inspection without a search warrant or the written consent of
the sender or addressee.
d. Outbound international mail that weighs less than 16
ounces and is sealed against inspection may not be
searched by Customs and Border Protection personnel without a search warrant.
274.913 International Transit Mail
a. Designated Customs and Border Protection personnel may, without a search warrant, screen international transit mail to detect materials that pose a
physical threat to persons or property, such as explosives, flammables, and other dangerous materials.
Such screening must be done by non-intrusive
means such as canines trained to detect explosives,
radiation detection equipment, x-rays, explosive
swabs, or other characteristics of the mail that can be
sensed from the examination of the mail, including
seeing or feeling exposed wires or leaking fluids,
hearing ticking sounds, or smelling black powder.
b. Screening of international transit mail may not disrupt
the processing of that mail. Customs and Border
Protection personnel will have a reasonable opportunity to perform screening of specifically identified
mail, but may not prevent the Postal Service from forwarding the mail without delay by the quickest means
it uses for United States mail unless the mail has
been screened and the screening has detected, or
appears to have detected, materials that pose a
physical threat to persons or property including explosives, flammables, or other dangerous materials.
International transit mail that has been screened and
found to be free of materials that pose a physical
threat to persons or property shall be returned to the
Postal Service immediately.
c. Other than in cases of (1) exigent circumstances
where the screening of the mail has disclosed the
presence of materials that pose a physical threat to
persons or property, (2) consent of the sender or addressee, or (3) waiver, no correspondence or other
written or printed matter may be read, nor recorded
matter listened to without a search warrant.
d. In the event that non-intrusive screening detects, or
appears to detect, materials that pose a physical
threat to persons or property, Customs and Border
Protection personnel may open or take other actions
with respect to the specific suspected mail to confirm
the presence of material that poses a physical threat
to persons or property and to eliminate or negate the
danger, including seizure of the dangerous material.
All such actions shall be coordinated with the Postal
Inspection Service.
e. Paragraphs a through d above also apply to international transit mail that is handled by airlines or other
carriers without the direct intervention by the Postal
Service. Customs and Border Protection personnel
shall have a reasonable opportunity to perform
screening of specifically identified mail, but may not
prevent the airlines or other carriers involved from
forwarding the mail without delay unless the mail has
been screened, and the screening has detected,
materials that pose a physical threat to persons or
property. International transit mail that has been
screened and found to be free of materials that pose
a physical threat to persons or property shall be
returned to the carriers immediately, with no involvement by the Postal Service. - Office of Counsel,
Postal Inspection Service, 9-30-04
* * * * *
Philately
STAMP ANNOUNCEMENT 04-34
Moss Hart Stamp
The Postal ServiceTM will issue a 37-cent, Moss Hart
commemorative stamp in one design in a pressure-
sensitive adhesive (PSA) pane of 20 stamps (Item
457000), on October 25, 2004, in New York, New York. The
stamp, designed by Ethel Kessler of Bethesda, Maryland,
goes on sale nationwide October 26, 2004.
This stamp honors award-winning dramatist and director
Moss Hart (1904-1961) on the 100th anniversary of his
birth. A gifted playwright, Hart wrote a series of sparkling
comedies in the 1930s with George S. Kaufman. A brilliant
director, he staged one of the most dazzling musicals of his
era, "My Fair Lady." A witty and charming personality who
embodied the glamour of Broadway, Hart penned what
many consider the best theatrical memoir ever written, Act
One.
The stamp art shows a painting by Tim O'Brien based on
a photograph made by Alfred Eisenstaedt showing Hart in
Times Square.
How to Order the First Day of Issue Postmark
Customers have 30 days to obtain the first day of issue
postmark by mail. They may purchase new stamps at their
local Post OfficeTM, by telephone at 800-STAMP-24, and at
the Postal Store Web site at www.usps.com/shop. They
should affix the stamps to envelopes of their choice, address the envelopes (to themselves or others), and place
them in a larger envelope addressed to:
MOSS HART STAMP
SPECIAL EVENT UNIT
421 8TH AVE RM 2029B
NEW YORK NY 10199-9998
Issue:
|
Moss Hart
|
Item Number:
|
457000
|
Denomination &
Type of Issue:
|
37-cent commemorative
|
Format:
|
Pane of 20 (1 design)
|
Series:
|
N/A
|
Issue Date & City:
|
October 25, 2004,
New York, NY 10199
|
Designer:
|
Ethel Kessler, Bethesda, MD
|
Art Director:
|
Ethel Kessler, Bethesda, MD
|
Typographer:
|
Ethel Kessler, Bethesda, MD
|
Illustrator:
|
Tim O'Brien, Brooklyn, NY
|
Engraver:
|
Keating Gravure
|
Modeler:
|
Avery Dennison, SPD
|
Manufacturing Process:
|
Gravure
|
Printer:
|
Avery Dennison (AVR)
|
Printed at:
|
AVR, Clinton, SC
|
Press Type:
|
Dia Nippon Kiko (DNK)
|
Stamps per Pane:
|
20
|
Print Quantity:
|
45 million stamps
|
Paper Type:
|
Nonphosphored, Type III
|
Adhesive Type:
|
Pressure-sensitive
|
Processed at:
|
AVR, Clinton, SC
|
Colors:
|
PMS 2706 (Light Blue), Yellow,
Magenta, Cyan, Black
|
Stamp Orientation:
|
Horizontal
|
Image Area (w x h):
|
1.420 x 0.850 in./36.068 x
21.59 mm
|
Overall Size (w x h):
|
1.560 x 0.990 in./39.624 x
25.146 mm
|
Full Pane Size (w x h):
|
7.25 x 5.85 in./184.15 x
148.59 mm
|
Plate Size:
|
200 stamps per revolution
|
Plate Numbers:
|
"V" followed by five (5) single
digits
|
Marginal Markings:
|
" 2003 USPS" Price Plate
position diagram Plate numbers
(4 per pane) 4 Barcodes on
back
|
Catalog Item Number(s):
|
457020 Block of 4 - $1.48
457030 Block of 10 - $3.70
457040 Full Pane of 20 - $7.40
457061 First Day Cover - $0.75
457093 Full Pane w/FDC -
$8.15
|
After applying the first day of issue postmark, the Postal
Service will return the envelopes through the mail. There is
no charge for the postmark. All orders must be postmarked
by November 24, 2004.
How to Order First Day Covers
Stamp Fulfillment Services also offers first day covers
for new stamp issues and Postal Service stationery items
postmarked with the official first day of issue cancellation.
Each item has an individual catalog number and is offered
in the quarterly USA Philatelic catalog. Customers may request a free catalog by calling 800-STAMP-24 or writing to:
INFORMATION FULFILLMENT
DEPT 6270
US POSTAL SERVICE
PO BOX 219014
KANSAS CITY MO 64121-9014
Philatelic Products
There are no philatelic products for this stamp issue.
Distribution: Item 457000, 37-cent Moss Hart
Commemorative Stamp
Stamp distribution offices (SDOs) will receive approximately one-third the standard automatic distribution quantity for a PSA sheet stamp. Distributions are rounded up to
the nearest master carton size (40,000 stamps).
Initial Supply to Post Offices
SDOs will make a subsequent automatic distribution to
Post Offices of one-quarter their standard automatic distribution quantity using PS Form 17, Stamp Requisition/Stamp Return. SDOs must not distribute stamps to Post
Offices before October 20, 2004.
Philatelic Requirement
SDOs with authorized philatelic centers will receive an
automatic distribution of these stamps in 10 positions for
subsequent distribution to each philatelic window.
SDOs That Serve This
Many Philatelic Windows...
|
Will Receive This Quantity
of the Moss Hart
Commemorative Stamp,
Item 457000
|
1
|
20,000
|
2
|
20,000
|
3
|
40,000
|
4
|
40,000
|
5
|
60,000
|
6
|
60,000
|
8
|
80,000
|
9
|
100,000
|
12
|
120,000
|
13
|
140,000
|
16
|
160,000
|
19
|
200,000
|
Additional Supply
Post Offices requiring additional Item 457000 must requisition them from their designated SDO using PS Form 17.
SDOs requiring additional stamps must order them from
the appropriate accountable paper depository (APD) using
PS Form 17.
For fulfilling supplemental orders from SDOs, the New
York APD will receive 2,200,000 additional stamps; the
Memphis and Chicago APDs will each receive 2,000,000
additional stamps; the San Francisco APD will receive
1,600,000 additional stamps; and the Denver APD will receive 600,000 additional stamps.
Sales Policy
All Post Offices must acquire and maintain a supply of
each new commemorative stamp as long as customer demand exists, until inventory is depleted, or until the stamp is
officially withdrawn from sale. If supplies run low, Post
Offices must reorder additional quantities using their normal ordering procedures.
- Stamp Services,
Government Relations, 9-30-04
Pictorial Cancellations Announcement
As a community service, the Postal ServiceTM offers
pictorial cancellations to commemorate local events
celebrated in communities throughout the nation. A list of
events for which pictorial cancellations are authorized
appears below. If available, the sponsor of the pictorial
cancellation appears in italics under the date.
Also provided, as space permits, are illustrations of those
cancellations that were reproducible and available at
press time.
People attending these local events may obtain the
cancellation in person at the temporary Post OfficeTM
station established there. Those who cannot attend the
event, but who wish to obtain the cancellation, may submit
a mail order request. Pictorial cancellations are available
only for the dates indicated, and requests must be
postmarked no later than 30 days following the requested
pictorial cancellation date.
All requests must include a stamped envelope or
postcard bearing at least the minimum First-Class Mail
postage. Items submitted for cancellation may not include
postage issued after the date of the requested
cancellation. Such items will be returned unserviced.
Customers wishing to obtain a cancellation should affix
stamps to any envelope or postcard of their choice,
address the envelope or postcard to themselves or others,insert a card of postcard thickness in envelopes for
sturdiness, and tuck in the flap. Place the envelope or
postcard in a larger envelope and address it to:
PICTORIAL CANCELLATIONS, followed by the NAME OF
THE STATION,ADDRESS, CITY, STATE, ZIP+4 CODE, exactly as listed
below (using all capitals and no punctuation, except thehyphen in the ZIP+4 code).
Customers can also send stamped envelopes and
postcards without addresses for cancellation, as long as
they supply a larger envelope with adequate postage and
their return address. After applying the pictorial
cancellation, the Postal Service returns the items (with or
without addresses) under addressed protective cover.
The following cancellation has been extended for 30 days.
September 11-12, 2004
Ghost Bear Lodge
GHOST BEAR LODGE POW WOW STATION
POSTMASTER
101 MAIN ST
TOPSHAM ME 04086-9998
The following cancellations have been extended for 60 days.
August 19, 2004
THE ART OF DISNEY FRIENDSHIP
STAMPS STATION
POSTMASTER
PO BOX 9998
FRESNO CA 93710-9998
September 11, 2004
Mindoro Lions Club
SPANFERKEL STATION
POSTMASTER
PO BOX 9998
MINDORO WI 54644-9998
October 2-3, 2004
Old Week Committee
BRIDGE BUST STATION
POSTMASTER
PO BOX 9998
COLUMBIA PA 17512-9998
Old Week Committee
BRIDGE BUST STATION
POSTMASTER
PO BOX 9998
WRIGHTSVILLE PA 17368-9998
August 23, 2004
AMERICAN INDIAN STATION
POSTMASTER
PO BOX 9998
LA JOLLA CA 92037 |
August 25 2004
Postal Service
DECOMMISSIONING STATION
POSTMASTER
2600 ELTHAM AVE STE 109
NORFOLK VA 23513-2504 |
August 28, 2004
36TH ANNUAL CORN FESTIVAL
POSTMASTER
PO BOX 9998
AUMSVILLE OR 97325-9998 |
September 5, 2004
5TH ANNUAL TURN OF THE CENTURY DAY STATION
POSTMASTER
PO BOX 9998
ROXBURY NY 12474-9998 |
September 11, 2004
PHELPSTIVAL STATION
POSTMASTER
900 E FAYETTE ST
BALTIMORE MD 21233-9715 |
September 10, 2004
R Post Office
JOHN WAYNE STATION
POSTMASTER
500 S MAIN ST
R TX 76068-9998 |
September 10-11, 2004
Postal Service
MATHEWS MARKET DAYS STATION
POSTMASTER
PO BOX 9998
MATHEWS VA 23109-9998 |
September 10-12, 2004
Norwalk, CT, Stamp Club
OYSTER FESTIVAL STATION
POSTMASTER
16 WASHINGTON ST
NORWALK CT 06856-9998 |
September 10-19, 2004
York Fair Association
YORK FAIR STATION
POSTMASTER
200 S GEORGE ST
YORK PA 17403-9998 |
September 11, 2004
Town of Springwater
ARMY ENCAMPMENT STATION
POSTMASTER
PO BOX 9998
CONESUS NY 14435-9998 |
September 11, 2004
Town of Griveland
AMBUSCADE STATION
POSTMASTER
PO BOX 9998
GROVELAND NY 14462-9998 |
September 11, 2004
Town of Springwater
BOYD PARKER MEMORIAL STATION
POSTMASTER
130 MAIN ST
LEICESTER NY 14481-9998 |
September 11, 2004
Postal Service
HARTWOOD DAYS STATION
POSTMASTER
PO BOX 9998
HARTWOOD VA 22471-9998 |
September 11, 2004
Lincoln County Fairs and Festivals, Inc.
LINCOLN COUNTY FALL FESTIVAL STATION
POSTMASTER
PO BOX 9998
HAMLIN WV 25523-9998 |
September 11, 2004
Postal Service
PATRIOTS DAY STATION
POSTMASTER
407 CORNELIA PLZ DR
CORNELIA GA 30531-9998 |
September 12, 2004
Maywood Bataan Day Organization
62ND ANNUAL BATAAN DAY STATION
POSTMASTER
415 S FIFTH AVE
MAYWOOD IL 60153-9998 |
September 17, 2004
BRIDGES (Building Renewed Interest in Downtown Greensburg)
COW DAYS STATION
POSTMASTER
PO BOX 9998
GREENSBURG KY 42743-9998 |
September 17, 2004
Hootin an Hollarin Festival Committee
HOOTIN AN HOLLARIN STATION
POSTMASTER
203 ELM ST
GAINESVILLE MO 65655-9998 |
September 17, 2004
JOHN WAYNE STATION
POSTMASTER
PO BOX 9998
SCURRY TX 75158-9998 |
September 17-19, 2004
Postal Service
FIELD DAY STATION
POSTMASTER
PO BOX 9998
ROCKVILLE VA 23146-9998 |
September 17-18, 2004
Murray County Antique Tractors Association
MCATIA STATION
POSTMASTER
PO BOX 9998
SULPHUR OK 73086-9998 |
September 17-19, 2004
Houston Philatelic Society
GREATER HOUSTON STAMP SHOW STATION
WINDOW UNIT STATION MANAGER
401 FRANKLIN ST
HOUSTON TX 77201-9998 |
September 18, 2004
Hummelstown Arts Festival
23RD ANNUAL STATION HUMMELSTOWN ARTS FESTIVAL STATION
POSTMASTER
PO BOX 9998
HUMMELSTOWN PA 17036-9998 |
September 18, 2004
Town of Caledonia
SESQUICENTENNIAL STATION
POSTMASTER
PO BOX 9998
READFIELD WI 54969-9998 |
September 18, 2004
National Convention Pony Express Committee
NATIONAL CONVENTION PONY EXPRESS STATION
POSTMASTER
PO BOX 9998
MARYSVILLE KS 66508-9998 |
September 18, 2004
Postal Service
20TH ANNUAL WILD WEST FESTIVAL STATION
POSTMASTER
225 BONNIE BELL LN
SPRINGTOWN TX 76082-9998 |
September 18, 2004
Les Gailey
CRUISER SALT LAKE CITY STATION
POSTMASTER
230 WEST 200 S
SALT LAKE CITY UT 84101-9998 |
September 19, 2004
Grantville Historical Society
10TH ANNIVERSARY STATION
POSTMASTER
PO BOX 9998
GRANTVILLE PA 17028-9998 |
September 19, 2004
St. Aldysius Historical Society
GREENBUSH STATION
POSTMASTER
115 N SUMMIT
GIRARD KS 66743-9998 |
September 21, 2004
DATE MEETS ZIP STATION
POSTMASTER
PO BOX 9998
SAN DIEGO CA 92104-9998 |
September 24, 2004
La Crosse Festivals Committee
OKTOBERFEST STATION
POSTMASTER
PO BOX 9998
LA CROSSE WI 54601-9998 |
September 24, 2004
DECOMMISSIONING STATION
POSTMASTER
PO BOX 9998
SAN DIEGO CA 92199-9998 |
September 24-25, 2004
Stanberry's Heritage Day Committee
STANBERRYS HERITAGE DAY CELEBRATION STATION
POSTMASTER
220 N PARK ST
STANBERRY MO 64489-9998 |
September 25, 2004
Postal Service
ANDOVER BOROUGH CENTENNIAL STATION
POSTMASTER
5 LENAPE RD
ANDOVER NJ 07821-9998 |
September 25, 2004
Lions Cub of Chili
LIONS CLUB OF CHILI STATION
POSTMASTER
PO BOX 9998
NORTH CHILI NY 14514-9998 |
September 25, 2004
Komen Wichita Race for the Cure
BREAST CANCER AWARENESS STATION
POSTMASTER
7117 W HARRY ST
WICHITA KS 67276-9998 |
September 25, 2004
Kern Valley Audubon
KERN VALLEY VULTURE STATION
POSTMASTER
PO BOX 9998
WELDON CA 93283-9998 |
September 25-26, 2004
FALLASBURG FALL FESTIVAL STATION
POSTMASTER
PO BOX 9998
LOWELL MI 49331-9998 |
September 25-October
2, 2004
Bloomsburg Fair Association
BLOOMSBURG FAIR STATION
POSTMASTER
PO BOX 9998
BLOOMSBURG PA 17815-9998 |
September 26, 2004
Batsto Citizen's Committee
ANTIQUE SHOW STATION
POSTMASTER
114 S 3RD ST
HAMMONTON NJ 08037-9998 |
September 26, 2004
Postal Service
FIRST UNITED METHODIST CHURCH OF KNOX CITY CENTENNIAL
STATION
POSTMASTER
107 AVE A
KNOX CITY TX 79529-9998 |
September 27, 2004
Union River Stamp Club
WELCOME QM2 FOLIAGE FESTIVAL STATION
POSTMASTER
55 COTTAGE ST
BAR HARBOR ME 04609-9998 |
September 29, 2004
United Hispanic Action of Norwalk
NORWALK HISPANIC HEROES STATION
POSTMASTER
16 WASHINGTON ST
NORWALK CT 06856-9998 |
September 29, 2004
SICKLE CELL STATION
POSTMASTER
PO BOX 9998
GREENSBORO NC 27401-9998 |
September 30, 2004
The Lehigh Valley Sickle Cell Support Group, Inc.
SICKLE CELL AWARENESS STATION
POSTMASTER
442 W HAMILTON ST
ALLENTOWN PA 18101-9998 |
September 30, 2004
DECOMMISSIONING STATION
POSTMASTER
911 JACKSON AVE
PASCAGOULA MS 39567-9998 |
September 30, 2004
Postal Service
SICKLE CELL DISEASE AWARENESS STATION
POSTMASTER
129 W GRAY ST
NORMAN OK 73069-9998 |
September 30, 2004
EXHIBITION STATION
POSTMASTER
202 E TRAVIS ST
MARSHALL TX 75670-9998 |
October 1, 2004
Postal Service
BARMET FALL FOLIAGE STATION
POSTMASTER
PO BOX 9998
BARNET VT 05821-9998 |
October 1, 2004
Beauty You Can Do
DIAMOND ANNIVERSARY STATION
POSTMASTER
PO BOX 9998
BEAUTY KY 41203-9998 |
October 1, 2004
Pella Historical Society
COUNTY SCHOOL STATION
POSTMASTER
801 FRANKLIN ST
PELLA IA 50219-9998 |
October 1, 2004
APS Chapter
CELEBRATE STAMP COLLECTING MONTH STATION
POSTMASTER
511 E WALNUT ST
COLUMBIA MO 65201-9998 |
October 1, 2004
Norman Stamp Club
NORMAN STAMP CLUB STATION
POSTMASTER
129 W GRAY ST
NORMAN OK 73069-9998 |
October 1, 2004
Fiesta del Rancho Organization
FIESTA DEL RANCHO STATION
POSTMASTER
PO BOX 9998
CONCEPTION TX 78349-9998 |
October 1-2, 2004
Franklin Area Chamber of Commerce
APPLEFEST STATION
POSTMASTER
1202 ELK ST
FRANKLIN PA 16323-9998 |
October 1-2, 2004
Kentucky Apple Festival
42ND ANNUAL KENTUCKY APPLE FESTIVAL OF JOHNSON COUNTY
STATION
POSTMASTER
PO BOX 9998
PAINTSVILLE KY 41240-9998 |
October 1-3, 2004
Postal Service
OKTOBERFEST STATION
POSTMASTER
5610 BEAVER PIKE
BEAVER OH 45613-9998 |
October 1-15, 2004
Griffith Centennial Celebration Committee
CENTENNIAL STATION
POSTMASTER
900 N BROAD ST
GRIFFITH IN 46319-9998 |
October 2, 2004
Postal Service
FALL FOLIAGE STATION
POSTMASTER
PO BOX 9998
GROTON VT 05046-9998 |
October 2, 2004
OUR LADY OF MERCY PARISH HISTORIC STATION
POSTMASTER
PO BOX 9998
PORT CHESTER NY 10573-9998 |
October 2, 2004
Austerlitz Historical Society
AUTUMN IN AUSTERLITZ STATION
POSTMASTER
6 E HILL RD
AUSTERLITZ NY 12017-9998 |
October 2, 2004
Hiram Union Chapter No. 53 Royal Arch Masons
CANAL LOCK CELEBRATION STATION
POSTMASTER
50 W MAIN ST
CANAJOHARIE NY 13317-9998 |
October 2, 2004
LEWIS AND CLARK BICENTENNIAL STATION
PHILATELIC CLERK MAIN OFFICE WINDOWS
1335 JEFFERSON RD
ROCHESTER NY 14692-9998 |
October 2, 2004
Postal Service/Walt Disney Company
THE ART OF DISNEY FRIENDSHIP STATION
POSTMASTER
401 OGLETOWN RD
NEWARK DE 19711-9998 |
October 2, 2004
Mendota Fall Hawk Festival
MENDOTA FALL HAWK FESTIVAL STATION
POSTMASTER
PO BOX 9998
MENDOTA VA 24270-9998 |
October 2, 2004
Hocking College
PAUL BUNYAN SHOW STATION
POSTMASTER
PO BOX 9998
NELSONVILLE OH 45764-9998 |
October 2, 2004
Philatelic Club of Will County
WILLCOPEX STATION
POSTMASTER
2000 MCDONOUGH ST
JOLIET IL 60436-9998 |
October 2, 2004
AUTUMN OF PARADE STATION
POSTMASTER
500 WASHINGTON ST
OREGON IL 61061-9998 |
October 2, 2004
Melville Qulin Historical Society
MELVILLE QULIN CENTENNIAL STATION
POSTMASTER
334 D ST
QULIN MO 63961-9998 |
October 2, 2004
Living History Festival Committee
LIVING HISTORY STATION
POSTMASTER
305 E MECHANIC ST
HARRISONVILLE MO 64701-9998 |
October 2, 2004
The Joplin Stamp Club
CELEBRATE STAMP COLLECTING MONTH STATION
POSTMASTER
226 W 3RD ST
CARTHAGE MO 64836-9998 |
October 2, 2004
Glasco Fun Day Committee
FUN DAY STATION
POSTMASTER
PO BOX 9998
GLASCO KS 67445-9998 |
October 2, 2004
Postal Service
TEXAS RICE FESTIVAL STATION
POSTMASTER
PO BOX 9998
WINNIE TX 77665-9998 |
October 2-3, 2004
Clifton Stamp Society, Inc.
STAMP SHOW STATION
POSTMASTER
1114 MAIN AVE
CLIFTON NJ 07015-9998 |
October 2-3, 2004
Norpex Committee
NORPEX STATION
POSTMASTER
PO BOX 9998
NORTH PLATTE NE 69101-9998 |
October 2, November
8, 18, and 27, 2004
City of Umatilla
CENTENNIAL STATION
POSTMASTER
315 N CENTRAL AVE
UMATILLA FL 32784-9998 |
October 3, 2004
Postal Service
FALL FOLIAGE STATION
POSTMASTER
PO BOX 9998
ST JOHNSBURY VT 05819-9998 |
October 3, 2004
Riverside Municipal Museum
RIVERSIDE MUNICIPAL MUSEUM STATION
POSTMASTER
4150 CHICAGO AVE
RIVERSIDE CA 92507-9998 |
October 4, 2004
PUTNAM ENGINE AND HOSE CO NUMBER 2 VOLUNTEER FIRE DEPARTMENT
HISTORIC STATION
POSTMASTER
PO BOX 9998
PORT CHESTER NY 10573-9998 |
October 4, 2004
Mexico Fire Department
MEXICO FIRE DEPT STATION
POSTMASTER
PO BOX 9998
MEXICO IN 46958-9998 |
October 4, 2004
Squaw Valley Ladies Golf Association
SQUAW VALLEY LADIES GOLF ASSOCIATION STATION
POSTMASTER
FM RD 200
RAINBOW TX 76077-9998 |
October 6, 2004
CFC Naval Support Activity
40TH ANNIVERSARY STATION
POSTMASTER
702 E SIMPSON ST
MECHANICSBURG PA 17055-9998 |
October 6-9, 2004
Norsk Hostfest
NORSK HOSTFEST STATION
POSTMASTER
117 5TH AVE SW
MINOT ND 58701-9998 |
October 8, 2004
Fort Ligonier Days Committee
45TH FORT LIGONIER DAYS STATION
POSTMASTER
PO BOX 9998
LIGONIER PA 15658-9998 |
October 8-10, 2004
FARM FESTIVAL STATION
POSTMASTER
PO BOX 9998
RIO GRANDE OH 45674-9998 |
October 9, 2004
Lowell Historical Park
AMERICAN TEXTILE HISTORY MUSEUM STATION
POSTMASTER
PO BOX 9998
LOWELL MA 01853-9998 |
October 9, 2004
Lowell Historical Park
LOWELL NATIONAL HISTORICAL PARK STATION
POSTMASTER
PO BOX 9998
LOWELL MA 01853-9998 |
October 9, 2004
QWL/EI, South Jersey District
APPLE SCRAPPLE FESTIVAL STATION
POSTMASTER
300 WALNUT ST
BRIDGEVILLE DE 19933-9998 |
October 9, 2004
RACE FOR THE CURE STATION
MANAGER MOWS
900 E FAYETTE ST
BALTIMORE MD 21233-9715 |
October 9, 2004
Typewater Stamp Club
TOWN CHARTER 200TH ANNIVERSARY STATION
POSTMASTER
303 S TALBOT ST
ST MICHAELS MD 21663-9998 |
October 9, 2004
Postal Service/Mobile Stamp Club
STAMP SHOW STATION
POSTMASTER
250 ST JOSEPH ST
MOBILE AL 36601-9998 |
October 9, 2004
Appalachia Day coming
APPALACHIA DAY STATION
POSTMASTER
PO BOX 9998
PIPPA PASSES KY 41844-9998 |
October 9, 2004
Enon Community Historical Society
25TH APPLE BUTTER FESTIVAL STATION
POSTMASTER
PO BOX 9998
ENON OH 45323-9998 |
October 9, 2004
John Wayne Birthplace
JOHN WAYNE BIRTHPLACE STATION
POSTMASTER
PO BOX 9998
WINTERSET IA 50273-9998 |
October 9, 2004
MONROE EXIBITION STATION
POSTMASTER
PO BOX 9998
MONROE WI 53566-9998 |
October 9, 2004
Valley Falls Chamber of Commerce
SESQUICENTENNIAL STATION
POSTMASTER
405 SYCAMORE ST
VALLEY FALLS KS 66088-9998 |
October 9, 2004
Hedley Post Office
COTTON FESTIVAL STATION
POSTMASTER
200 MAIN ST
HEDLEY TX 79237-9998 |
October 9, 2004
Jeff Davis County
POST STATION
POSTMASTER
PO BOX 790
FORT DAVIS TX 79734-9998 |
October 9-10, 2004
The CNY and Coin Club
ONEIDA NATION STATION
POSTMASTER
133 FARRIER AVE
ONEIDA NY 13421-9998 |
October 9-10, 2004
Wypex
WYPEX 2004 STATION
POSTMASTER
4000 CONVERSE AVE
CHEYENNE WY 82009-9998 |
October 9-11, 2004
Arts Council for Wyoming County
ANNUAL LETCHWORTH ARTS AND CRAFTS SHOW STATION
POSTMASTER
PO BOX 9998
CASTILE NY 14427-9998 |
October 10, 2004
Lowell Historical Park
FAULKNER MILLS STATION
POSTMASTER
PO BOX 9998
NORTH BILLERICA MA 01862-9998 |
October 10, 2004
Community Heritage Club
IA STATE HAND CORNHUSKING STATION
POSTMASTER
PO BOX 9998
KIMBALLTON IA 51543-9998 |
October 13, 2004
Postal Service
LEWIS AND CLARK DAYS STATION
POSTMASTER
PO BOX 9998
POLLOCK SD 57648-9998 |
October 14, 2004
CELEBRATE STAMP COLLECTING MONTH STATION
PHILATELIC CLERK MAIN OFFICE WINDOWS
1335 JEFFERSON RD
ROCHESTER NY 14692-9998 |
October 14, 2004
Postal Service
CLOUDSCAPES STATION
POSTMASTER
7117 W HARRY ST
WICHITA KS 67276-9998 |
- Stamp Services,
Government Relations, 9-30-04
Stamp Stock Items Withdrawn From Regular Sale and From Sale at Philatelic Centers
Effective close-of-business October 30, 2004, all Post
OfficesTM, stations, branches, postal stores, vending outlets, and authorized philatelic centers must (1) withdraw the
stamp stock items and products listed below and their related vending and store-prepared stamp items from sale
and (2) prepare them for destruction. Submit items to destruction sites according to local established procedures,
under the guidelines in Handbook F-1, Post Office Accounting Procedures, subchapter 45, Destroying Stamp Stock.
Do not permit sales of the stamp stock items, products,
and their related vending and store-prepared stamp items
listed below at retail counters and outlets after October 30,
2004, unless otherwise instructed. Items listed are also
withdrawn from sale at Stamp Fulfillment Services.
Item
Number
|
Description
|
Stamp Issues: First Day Covers
|
454562
|
$6.20 Arctic Tundra Full Pane First Day Cover
|
454564
|
$6.20 Arctic Tundra Cancelled Full Pane
|
454661
|
75-cent Roy Acuff First Day Cover
|
454863
|
$3 Early Football Heroes First Day Cover
|
455161
|
75-cent Korean War Veterans Memorial First
Day Cover
|
455261
|
75-cent District of Columbia First Day Cover
|
671963
|
$3 Mary Cassatt First Day Cover
|
672563
|
$3 Antique Toys First Day Cover
|
Stamp Issues:
|
454300
|
37-cent Louisiana Purchase Stamp
|
454315
|
$7.40 Louisiana Purchase Pane
|
454393
|
$8.15 Louisiana Purchase First Day Cover Set
|
- Stamp Services,
Government Relations, 9-30-04
Special Cancellation Die Hubs
Postmasters and plant managers who have any of the
special cancellation die hubs listed below may use them for
the periods designated. At the end of the period, these die
hubs must be withdrawn and stored. Postmasters and
plant managers who do not have these special die hubs
may not request them from the sponsors.
|
Cancellation
|
Period of Use
|
Only You Can Prevent Forest Fires
|
April 1-Oct. 31
|
Conquer Cystic Fibrosis
|
Sept. 1-Sept. 30
|
Peace Corps Anniversary, Making a Difference
|
Sept. 1-Oct. 31
|
Employ People With Disabilities
|
Sept. 1-Nov. 30
|
Give to the United Way
|
Sept. 15-Nov. 15
|
Learn About Lupus, October Is Lupus Awareness Month
|
Oct. 1-Oct. 31
|
Radon Action Week, Protect Your Family, Test Your
|
Oct. 1-Oct. 31
|
Support Infection Control Week
|
Oct. 1-Nov. 30
|
Help Retarded Children
|
Nov. 1-Nov. 30
|
Military Families Recognition Day
|
Nov. 1-Nov. 30
|
National Adoption Month
|
Nov. 1-Nov. 30
|
National Philanthropy Day, Love of Humankind
|
Nov. 1-Nov. 30
|
Use Christmas Seals, Support Your Lung Association
|
Nov. 8-Dec. 31
|
Support American Education Week
|
Nov. 10-Nov. 30
|
Autistic Children, Hope Through Research and Education
|
Dec. 1-Dec. 31
|
- Mailing Standards, Pricing and Classification, 9-30-04
|
Post Offices
Post Office Changes
|
Old/
New
|
Finance
No.
|
ZIP
Code
|
State
|
P.O. Name
|
County/
Parish
|
Station/Branch/Unit
|
Unit Type
|
Effective
Date
|
Comments
|
Old
|
24-5419
|
01354
|
MA
|
Northfield
|
Franklin
|
Mount Herman
|
Community
Post Office
|
blank |
This announcement
changes the
administrative office for
this ZIP CodeTM from
Northfield MA to Turner
Falls MA. Continue to
use Gill MA 01354 as
last line for addresses.
|
New
|
24-8228
|
01354
|
MA
|
Turner Falls
|
Franklin
|
Main Office
|
Post Office
|
10/01/2004
|
Old
|
24-8228
|
01376
|
MA
|
Turner Falls
|
Franklin
|
Main Office
|
Post Office
|
blank |
Realign ZIP Code
boundaries. Use Gill
MA 01354 as last line of
address for the
deliveries previously in
ZIP Code 01376.
|
New
|
24-8228
|
01354
|
MA
|
Turner Falls
|
Franklin
|
Main Office
|
Post Office
|
10/01/2004
|
Old
|
26-3900
|
55036
|
MN
|
Grasston
|
Pine
|
Main Office
|
Post Office
|
blank |
This announcement
expands the use of ZIP
Code 55036 to include
delivery.
|
New
|
26-3900
|
55036
|
MN
|
Grasston
|
Pine
|
Main Office
|
Post Office
|
12/31/2004
|
Old
|
26-6760
|
55054
|
MN
|
New Market
|
Scott
|
Main Office
|
Post Office
|
blank |
This announcement
expands the use of ZIP
Code 55054 to include
delivery.
|
New
|
26-6760
|
55054
|
MN
|
New Market
|
Scott
|
Main Office
|
Post Office
|
12/31/2004
|
Old
|
26-2750
|
55931
|
MN
|
Eitzen
|
Houston
|
Main Office
|
Post Office
|
blank |
This announcement
expands the use of ZIP
Code 55931 to include
delivery.
|
New
|
26-2750
|
55931
|
MN
|
Eitzen
|
Houston
|
Main Office
|
Post Office
|
12/31/2004
|
Old
|
26-0770
|
56658
|
MN
|
Bemidji
|
Koochiching
|
Main Office
|
Post Office
|
blank |
This announcement
expands the use of ZIP
Code 56658 to include
delivery.
|
New
|
26-0770
|
56658
|
MN
|
Bemidji
|
Koochiching
|
Main Office
|
Post Office
|
12/31/2004
|
Old
|
30-6585
|
68309
|
NE
|
Odell
|
Gage
|
Main Office
|
Post Office
|
blank |
This announcement
expands the use of ZIP
Code 68309 to include
delivery.
|
New
|
30-6585
|
68309
|
NE
|
Odell
|
Gage
|
Main Office
|
Post Office
|
09/17/2004
|
Old
|
30-1440
|
68380
|
NE
|
Burchard
|
Pawnee
|
Main Office
|
Post Office
|
blank |
This announcement
expands the use of ZIP
Code 68380 to include
delivery.
|
New
|
30-1440
|
68380
|
NE
|
Burchard
|
Pawnee
|
Main Office
|
Post Office
|
09/17/2004
|
Old
|
30-6600
|
68861
|
NE
|
Odessa
|
Buffalo
|
Main Office
|
Post Office
|
blank |
This announcement
expands the use of ZIP
Code 68861 to include
delivery.
|
New
|
30-6600
|
68861
|
NE
|
Odessa
|
Buffalo
|
Main Office
|
Post Office
|
09/17/2004
|
Old
|
30-9465
|
68068
|
NE
|
Washington
|
Washington
|
Main Office
|
Post Office
|
blank |
This announcement
expands the use of ZIP
Code 68068 to include
delivery.
|
New
|
30-9465
|
68068
|
NE
|
Washington
|
Washington
|
Main Office
|
Post Office
|
09/17/2004
|
Old
|
35-6520
|
13670
|
NY
|
Oswegatchie
|
Saint Lawrence
|
Main Office
|
Post Office
|
12/15/1993
|
Post OfficeTM
discontinued. Retain
ZIP Code. Establish a
Community Post Office.
Continue to use
Oswegatchie NY 13670
as last line of address.
|
New
|
35-8165
|
13670
|
NY
|
Star Lake
|
Saint Lawrence
|
Oswegatchie
|
Community
Post Office
|
01/03/2004
|
- Address Management, Intelligent Mail and Address Quality, 9-30-04
|
MOVER'S GUIDE NEWS
Spanish-Language Edition of Mover's Guide (Publication 75-S, La Mudanza) -
October-December Version Now Available
The October-December edition of Publication 75-S,
La Mudanza (the Spanish edition of Publication 75, Mover's
Guide) is now available. Please display La Mudanza next
to the English edition of Mover's Guide.
You may order a 3-month supply of the October-
December 2004 edition of La Mudanza from the Material
Distribution Center (MDC) by using touch-tone order entry
(TTOE): Call 800-332-0317, option 2.
Note: You must be registered to use TTOE. To register,
call 800-332-0317, option 1, extension 2925, and follow the
prompts to leave a message. (Wait 48 hours after registering before placing your first order.)
Discard/recycle all copies of expired stock once you receive the October 2004 edition. Please order only enough
copies to last from October through December. This version is valid for only 3 months. At the end of December,
order new La Mudanzas for January 2005.
Use the following information to order Publication 75-S
from the MDC:
PSIN: PUB 75-S
PSN: 7610-03-000-4096
Unit of Measure: EA
Minimum Order Quantity: 125
Bulk Pack Quantity: 125
Quick Pick Number: N/A
Price: No cost
- Address Management,
Intelligent Mail and Address Quality, 9-30-04
REMINDER
Maintenance Stockrooms - Annual Inventory Review
An annual review of all Maintenance stockrooms is required by Handbook MS-63, Maintenance Operations Support ("Reporting of Excess/Surplus Items"). Spare parts
and supplies inventories in Maintenance stockrooms are
Postal ServiceTM assets and are the responsibility of line
management, including maintenance managers, plant
managers, district managers, and area vice presidents.
Handbook MS-63, Part 751, "Yearly Review," states:
"Offices must review each item in the stockroom at least once a year to determine whether
the item can be declared excess/surplus."
Use excess material before processing additional replenishment activities, or process the excess material in accordance with Handbook AS-701, Material Management,
Chapter 6, "Asset Recovery: Redistribution, Recycling,
and Disposal."
If you have not yet completed your 2004 review, complete it as soon as possible.
- Maintenance Policies and Programs,
Engineering, 9-30-04
Retail
PASSPORT APPLICATION REVISIONS
Search Fee Will Increase, and Issuance of a Passport to a Minor Will Require
Notarization
All Retail personnel must note the following important
changes from the Department of State regarding issuances
of passports:
Effective October 1, 2004, the file search fee (to
verify an applicant's U.S. citizenship) will increase
from $45 to $60. This fee is noted on Form DS-11,
Application for a U.S. Passport or Registration.
Effective November 1, 2004, the Department of State
will require that Form DS-3053, Statement of Consent: Issuance of a Passport to a Minor Under Age
14, or other paper with the same information that an
applicant submits, must be notarized. The purpose of
this change is to prevent forgery and ensure that the
person signing the Statement has been properly
identified. This change will further reduce the possibility of a U.S. passport being used in any effort to interfere with the custodial rights of non-applying
parents (i.e., the parent or guardian who is not present at the time the applying parent or guardian submits the child's application).
Note: These changes become effective before the
Department of State will distribute copies of revised Forms
DS-11 and DS-3053, which it expects to do as soon as possible after January 1, 2005. In the meantime, to get up-to-
date forms starting on the effective dates, customers may
go online to the U.S. Department of State web site at
www.travel.state.gov; click on Passports, and under "Applications and Forms," click on the desired forms. Passport
acceptance personnel should have this information available for verification (with customers) until the Department
of State reprints the official forms. However, Passport acceptance personnel must not post this information in Retail
lobbies but must post it only on employee bulletin boards.
- In-Store Programs,
Service and Market Development, 9-30-04
Supply Management
GOODYEAR 5-DAY TIRE SALE FOR EMPLOYEES
Buy Tires at Goodyear Associate Prices - But for Only 5 Days!
If you are planning to purchase tires soon, here's an opportunity to save money. Twice a year, Goodyear Tire and
Rubber Company offers its associates discounts on tires
sold by its company-owned stores, including Just Tires.
These prices are offered for only 5 days and are not extended to the general public.
Goodyear is now extending these special discounts by
offering Postal ServiceTM employees and retirees up to 25
percent off the purchase of Goodyear brand auto and light
truck tires October 14-18, 2004. Goodyear is also offering
special pricing for tire balancing and installation. You can
take advantage of these discounts at Goodyear's company-owned stores only (Goodyear Auto Service Centers or
Just Tires). There are more than 700 locations in 40 states.
To locate a participating store near you, call 888-439-7786.
If you don't have a Goodyear Auto Service Center or
Just Tires near you, you can call 877-847-3728, option 1,
and have the tires shipped directly to your and
installed at a place convenient for you. This isn't a 24-hour
telephone line, so you may have to leave your telephone
number and a message advising of your interest to purchase tires through the sale. Please use reference code
USPS-2. The prices are too good to pass up, and all you
need to receive the discount is a Postal Service photo ID or
other proof of employment.
You can check out sale information on the Goodyear
Employee Deal on the Postal Service intranet at
http://blue.usps.gov; under "Employee Deals," click on
View More Deals; then click on Goodyear Employee VIP
Program.
- SCM Strategies,
Supply Management, 9-30-04
REMINDER
Approval Authority and Off-Catalog Requisitions
This is a reminder that all Postal ServiceTM employees
who create off-catalog requisitions through eBuy must follow normal purchasing procedures, depending on the purchase value of the items. You must purchase locally if you
are within that office's authority; otherwise, if you are not
within that office's authority, forward the requisition to the
correct category management center (CMC) or purchasing
service center (PSC) for purchasing action.
If you receive an e-mail message stating that your requisition has been approved, but your office does not have the
authority to make the purchase, then you must route the
requisition to the appropriate CMC or PSC.
If you need to review the complete instructions outlining the off-catalog requisition process, go to
http://blue.usps.gov/purchase/ereq_page.htm. You
should read all of the documents to fully understand the off-
catalog requisition routing process.
If you need more information on unauthorized purchases, please refer to Management Instruction
AS-710-1999-2, Unauthorized Contractual Commitments:
Go to http://blue.usps.gov.
Under "Essential Links" in the left-hand column, click
on References.
Under "References" in the right-hand column, click
on PolicyNet.
Click on MIs.
The direct URL for the MI is http://blue.usps.gov/cpim/ftp/manage/a710992.pdf.
- SCM Strategies,
Supply Management, 9-30-04
eFleet Offers More Advantages for You
On September 9, per user requests, Delivery Operations, Information Technology, and Supply Management
teamed to make improvements to eFleet. The new enhancements will make eFleet a more effective system for
vehicle maintenance, fuel reconciliation, and management
for Post OfficesTM.
To access eFleet:
Go to http://blue.usps.gov.
Click on My Work.
Under "General Tools," click on eFleet.
Click on eFleet Account-Link.
The new eFleet enhancements are:
The Product Summary screen now displays a Mobile
Refueling subtotal under the Total Fuel line when
there are mobile refueling transactions. It appears
only if you have mobile refueling transactions. If you
do not have mobile refueling transactions, you will
see no change to the Product Summary screen.
You can now download data on many of the screens
to Microsoft Excel. The screens that offer this capability (such as the Invoice Report) have an Excel
Download button in the screen header. Just click on
the button to download your data, which will then be
displayed in an Excel spreadsheet. Click File/Save
As to save the data and specify where you want it to
be saved. Also, you must save it as a Microsoft Excel
Workbook (*.xls). Then just click on your browser's
Back button to return to the eFleet system.
You can now view and display a report of reconciliation statistics for individual finance numbers.
For each station, you can create a report that shows:
Total number of transactions.
Total number of unreconciled transactions.
Percentage of unreconciled transactions.
Total dollar amount of all transactions.
Total dollar amount of unreconciled transactions.
You can download the report to Microsoft Excel as
follows:
Go to the eFleet page.
Enter a finance number under the Finance View section (you must enter a finance number, not a budget
authorization (BA) code, district, station, or location).
Click on Search.
Click on the finance number that you wish to report
("Finance Number" has no alpha-numeric suffixes).
Click on the Reconciliation Summary that appears in
the Reports box at the top right of the screen.
Select a fiscal year (FY) and a beginning and ending
month or accounting period (AP), and click View.
If you have questions about these enhancements or any
other functionality with the eFleet system, contact Transportation Asset Management Purchasing Specialist Kimya
Moore at 202-268-8525.
- SCM Strategies,
Supply Management, 9-30-04
|