Effective July 11, 2013, Handbook AS-805, Information Security, is revised. The May 2013 edition has been updated to reflect the following:
n Several requirements were added for processing Payment Card Industry (PCI) information including the protection of PCI information in transit and at rest.
n A requirement was added to prohibit processing sensitive and sensitive-enhanced information in a cloud.
n Compensating controls to be implemented in lieu of Production Data Usage Letters were defined.
n The Certification and Accreditation (C&A) Process was updated to reflect the automation of the C&A application.
n The process for emergency access to production information was updated.
n The requirements for shared accounts were clarified.
n A section on the cryptographic hash function was added.
n A requirement was added to issue teleworkers an ACE laptop where Postal Service™ non-public information is processed via teleworking.
n Requirements for the hardening firewalls and determining when a secure enclave is required were updated.
n Wireless architecture requirements and the process for requesting wireless solutions were updated.
n The requirements for vulnerability scans were clarified.
Handbook AS-805 is now available on the Postal Service PolicyNet website:
n Go to http://blue.usps.gov.
n Under “Essential Links” in the left-hand column, click PolicyNet.
n On the PolicyNet page, click HBKs.
n The direct URL for the Postal Service PolicyNet website is http://blue.usps.gov/cpim.
n The direct URL for Handbook AS-805 (May 2013) is: http://about.usps.com/handbooks/as805.pdf (PDF version) or http://about.usps.com/handbooks/as805/welcome.htm (HTML 508-compliant version).
Note: Offices should update references and links to Handbook AS-805 in local documents.
— Corporate Information Security Office, Chief Information Officer, 7-11-13
