Effective immediately, Handbook AS-805, Information Security, is revised. The July 2011 edition has been updated to do the following:
n Align responsibilities of vice presidents of functional areas and executive sponsors, and align responsibilities of vice president of IT Operations and portfolio managers.
n Add responsibilities for functional system coordinators.
n Add generic architectural standards.
n Clarify requirements for protecting nonpublic Postal Service™ information.
n Address separation of duties of developers.
n Update the requirements associated with the development, system integration testing (SIT), and customer acceptance testing (CAT) environments.
n Address single sign-on.
n Remove references to Access Control Facility (ACF2).
n Implement Office of Inspector General (OIG) audit findings.
n Implement Sarbanes-Oxley Act (SOX) recommendations.
n Describe the implementation of the data loss prevention (DLP) program.
n Update wireless requirements.
n Add Consensus Audit Guidelines to address the continuing monitoring requirements delineated in National Institute of Standards and Technology Special Publication 800-53.
Handbook AS-805 is now available on the Postal Service PolicyNet website:
n Go to http://blue.usps.gov.
n Under “Essential Links” in the left-hand column, click PolicyNet.
n On the PolicyNet page, click HBKs.
(The direct URL for the Postal Service PolicyNet website is http://blue.usps.gov/cpim.)
The direct URLs for Handbook AS-805 (July 2011) are:
n PDF version: http://about.usps.com/handbooks/as805.pdf
n HTML 508-compliant version: http://about.usps.com/handbooks/as805/welcome.htm
Note: Offices should update references/links to Handbook AS-805 in local documents.
— Corporate Information Security,
Chief Information Officer, 8-25-11
