Revised Handbook AS-805, Information Security

Effective immediately, Handbook AS-805, Information Security, is revised. The July 2011 edition has been updated to do the following:

n Align responsibilities of vice presidents of functional areas and executive sponsors, and align responsibil­ities of vice president of IT Operations and portfolio managers.

n Add responsibilities for functional system coordina­tors.

n Add generic architectural standards.

n Clarify requirements for protecting nonpublic Postal Service™ information.

n Address separation of duties of developers.

n Update the requirements associated with the devel­opment, system integration testing (SIT), and cus­tomer acceptance testing (CAT) environments.

n Address single sign-on.

n Remove references to Access Control Facility (ACF2).

n Implement Office of Inspector General (OIG) audit findings.

n Implement Sarbanes-Oxley Act (SOX) recommenda­tions.

n Describe the implementation of the data loss preven­tion (DLP) program.

n Update wireless requirements.

n Add Consensus Audit Guidelines to address the con­tinuing monitoring requirements delineated in National Institute of Standards and Technology Spe­cial Publication 800-53.

Handbook AS-805 is now available on the Postal Ser­vice PolicyNet website:

n Go to

n Under “Essential Links” in the left-hand column, click PolicyNet.

n On the PolicyNet page, click HBKs.

(The direct URL for the Postal Service PolicyNet website is

The direct URLs for Handbook AS-805 (July 2011) are:

n PDF version:

n HTML 508-compliant version:

Note: Offices should update references/links to Handbook AS-805 in local documents.