Information Technology
HANDBOOK AS-805-D REVISION
Information Security Network Connectivity Process
Handbook AS-805-D, Information Security Network
Connectivity Process, is revised as follows to correct several process and administrative items.
Handbook AS-805-D, Information Security
Network Connectivity Process
* * * * *
Transmittal Letter
* * * * *
C. Distribution
[Revise the link as follows:]
***http://blue.usps.gov/cpim/hbkid.htm
D. Comments and Questions
[Revise the second sentence of this section to read as
follows:]
***Comments may also be sent by e-mail to:
information_security@usps.gov.***
* * * * *
2 Roles and Responsibilities
2-1 General
[Revise the last sentence to read as follows:]
***The connectivity request form is available from the
NCRB Web page at http://cto.usps.gov; select Support,
then Corporate Information Security, then under "Corporate
Information Security," Network Connectivity Review Board
(NCRB).
* * * * *
2-6 Network Connectivity Review Board
The NCRB is responsible for the following:
* * * * *
[Revise item c to read as follows:]
c. Determining the criteria for standard connectivity that
will allow for requests to be pre-approved.
* * * * *
2-8 Business Partners
Business partners (including alliances) are responsible for
the following:
a. Before connectivity approval:
* * * * *
[Revise item 8 to read as follows:]
8. Providing information to the executive sponsor as
requested on the connectivity request form (available from the NCRB Web site at
http://cto.usps.gov; select Support, then Corporate
Information Security, then under "Corporate Information Security," Network Connectivity Review
Board (NCRB).
* * * * *
[Revise the note at the end of 2-8 to read as follows:]
Note: The connectivity request form is available from the
NCRB Web site at http://cto.usps.gov; select Support, then
Corporate Information Security, then under "Corporate Information Security," Network Connectivity Review Board
(NCRB).
* * * * *
[Add a new 2-10 as follows:]
2-10 Information Systems Security Officers
Information Systems Security Officers (ISSOs) are responsible for the following:
a. Coordinating the completion of the BIA to determine
sensitivity and criticality of the information resource.
b. Providing advice and consulting support to executive
sponsors regarding the security requirements and
controls necessary to protect the information resource, based on the resource's sensitivity and criticality designation.
c. Providing guidance on potential threats and vulnerabilities to the information resource, appropriate
choice of countermeasures, and the ISA process.
d. Conducting site security reviews with the Inspection
Service.
3 Network Connectivity Process
3-1 Determination of Need for Connectivity
Request
* * * * *
3-1.2 Documentation Requirements for the
Connectivity Request Package
[Revise the last sentence of the paragraph to read as
follows:]
***The connectivity request form is available from the
NCRB Web site at http://cto.usps.gov; select Support, then
Corporate Information Security, then under "Corporate Information Security," Network Connectivity Review Board
(NCRB).
[Revise the Site Security Review row in the table to read as
follows:]
|
Support Documentation Required with Request
|
Type of Connectivity Request
|
|
BP Requests for
Leased Line
Connectivity
|
BP Requests for
VPN Connectivity
|
All Other Requests
for Connectivity
|
|
***
|
|
Site Security Review
|
X
|
X
|
X
|
|
***
|
* * * * *
4 Connectivity Request Documentation
Requirements
* * * * *
4-7 Site Security Review
[Revise 4-7 to read as follows:]
All business partner sites connecting to a Postal Service information infrastructure require a site security review performed by the manager CISO and the Chief Inspector, or
their designees. A site security review must be conducted if
a facility is hosting sensitive, critical, business-controlled
sensitivity, or business-controlled criticality information resources and the facility has not undergone a site security
review in the last 3 years.
[Revise the title and text of 4-8 to read as follows:]
4-8 NCRB Request Form
A Network Connectivity Review Board (NCRB) Request
form must be completed for all NCRB requests. This form is
used to request all new or changed connectivity including
Corporate VPN, Wireless, Enclave, Business Partners,
DNS, IP, DMZ, Switchports, and Load Balancing. The connectivity request form is available from the NCRB Web site
at http://cto.usps.gov; select Support, then Corporate Information Security, then under "Corporate Information Security," Network Connectivity Review Board (NCRB).
* * * * *
We will incorporate these revisions into the next online
update of Handbook AS-805-D available on the PolicyNet
Web site:
• Go to http://blue.usps.gov.
• Under "Essential Links" in the left-hand column, click
on References.
• Under "References" in the right-hand column, under
"Policies," click on PolicyNet.
• Then click on HBKs.
(The direct URL for the Postal Service™ PolicyNet Web
site is http://blue.usps.gov/cpim.)
— Corporate Information Security,
Information Technology, 7-6-06
| 
