HANDBOOK AS-805-C REVISION
Information Security for General Users
Handbook AS-805-C, Information Security for General Users, is revised as follows to present information on how to use ePassword Reset and to remove the requirement for labeling computer screen displays as "RESTRICTED INFORMATION."
We will incorporate these revisions into the next online update of Handbook AS-805-C available on the PolicyNet Web site:
• Go to http://blue.usps.gov.
• Under "Essential Links" in the left-hand column, click on References.
• Under "References" in the right-hand column, under "Policies," click on PolicyNet.
• Then click on HBKs.
(The direct URL for the Postal ServiceTM PolicyNet Web site is http://blue.usps.gov/cpim.)
Handbook AS-805-C, Information Security for General Users
* * * * *
2. Logon IDs, Passwords, and PINs
* * * * *
[Add new section to end of chapter 2 to read as follows:]
Resetting Passwords
• Use the Change Password function button on the Window Security Web page (available by depressing the Ctrl key and then simultaneously depressing the Alt and Delete keys) to change your password if you suspect it was compromised.
• Use ePassword Reset (available from the Blue page and from the following URLs) to change your password if you forgot it.
- Application Password (https://epasswordreset)
- Mainframe Password (https://hcssupport.usps. gov/reset)
* * * * *
4. Protection of Sensitive and Critical Information
* * * * *
Sensitive Information
What to do . . .
* * * * *
[Revise fifth bullet to read as follows:]
• Label hardcopy output (e.g., printouts, architecture drawings, and engineering layouts) and media (e.g., disks, diskettes, and tapes) as "RESTRICTED INFORMATION."
* * * * *
- Corporate Information Security,
Information Technology, 5-26-05 |
HANDBOOK AS-805 REVISION
Information Security
Handbook AS-805, Information Security, is revised as follows to remove the requirement for labeling computer screen displays as "RESTRICTED INFORMATION" and to remove the requirement of displaying an additional warning banner page for applications that are Single Sign-On (SSO) or Single Log-On (SLO) compliant.
We will incorporate these revisions into the next online update of Handbook AS-805 available on the PolicyNet Web site:
• Go to http://blue.usps.gov.
• Under "Essential Links" in the left-hand column, click on References.
• Under "References" in the right-hand column, under "Policies," click on PolicyNet.
• Then click on HBKs.
(The direct URL for the Postal ServiceTM PolicyNet Web site is http://blue.usps.gov/cpim.)
Handbook AS-805, Information Security
* * * * *
3 Information Designation and Control
* * * * *
3-5 Handling Information and Media
* * * * *
3-5.1 Labeling of Information and Media
3-5.1.1 Sensitive Information
[Revise text to read as follows:]
Sensitive information included in electronic media (e.g., disks, diskettes, tapes) and hardcopy output (e.g., printouts, architecture drawings, and engineering layouts) must be legibly and durably labeled as "RESTRICTED INFORMATION."
Note: If you use the "Print Screen" function to print sensitive information displayed on your computer screen, label the hardcopy as "RESTRICTED INFORMATION."
3-5.1.2 Business-Controlled Sensitivity Information
[Revise text to read as follows:]
Business-controlled sensitivity information included in electronic media and hardcopy output must be legibly and durably labeled as "RESTRICTED INFORMATION."
Note: If you use the "Print Screen" function to print business-controlled sensitivity information displayed on your computer screen, label the hardcopy as "RESTRICTED INFORMATION."
* * * * *
14 Compliance and Monitoring
* * * * *
14-5 Monitoring
* * * * *
14-5.5 Warning Banner
[Revise text to read as follows:]
The Postal Service-authorized warning banner must be displayed to users prior to granting session access to Postal Service information resources. The legal authority and obligations as indicated in the warning banner will apply throughout the entire session users have on the Postal Service information resources.
Applications that are Single Sign-On (SSO) or Single Log- On (SLO) compliant are not required to display an additional warning banner page as long as the executive sponsor can guarantee the user will see a warning banner at login for the session. Applications that are not SSO or SLO compliant must display a warning banner page.
Internal warning banners are not intended for display on Postal Service Internet Web sites where the Postal Service Internet Privacy Policy applies. At a minimum, the warning banner must accomplish the following:
a. Identify the computer system as a Postal Service computer system protected by the United States Criminal Code.
b. Provide notification of monitoring.
c. Be followed by a pause requiring manual intervention to continue.
d. Identify the information resource as a Postal Service information resource and alert users that they have no expectation of privacy.
e. Warn users that activities may be monitored and that unauthorized access is prosecutable pursuant to the United States Criminal Code (Title 18 U.S.C. § 1030).
Note: Deviations from the authorized standard warning banner are not allowed unless approved in writing by the manager, CISO.
* * * * *
- Corporate Information Security,
Information Technology, 5-26-05 |