Handbook AS-805 Revision: Information Security

Effective July 11, 2013, Handbook AS-805, Information Security, is revised. The May 2013 edition has been updated to reflect the following:

n Several requirements were added for processing Payment Card Industry (PCI) information including the protection of PCI information in transit and at rest.

n A requirement was added to prohibit processing sensitive and sensitive-enhanced information in a cloud.

n Compensating controls to be implemented in lieu of Production Data Usage Letters were defined.

n The Certification and Accreditation (C&A) Process was updated to reflect the automation of the C&A application.

n The process for emergency access to production information was updated.

n The requirements for shared accounts were clarified.

n A section on the cryptographic hash function was added.

n A requirement was added to issue teleworkers an ACE laptop where Postal Service™ non-public information is processed via teleworking.

n Requirements for the hardening firewalls and determining when a secure enclave is required were updated.

n Wireless architecture requirements and the process for requesting wireless solutions were updated.

n The requirements for vulnerability scans were clarified.

Handbook AS-805 is now available on the Postal Service PolicyNet website:

n Go to http://blue.usps.gov.

n Under “Essential Links” in the left-hand column, click PolicyNet.

n On the PolicyNet page, click HBKs.

n The direct URL for the Postal Service PolicyNet website is http://blue.usps.gov/cpim.

n The direct URL for Handbook AS-805 (May 2013) is: http://about.usps.com/handbooks/as805.pdf (PDF version) or http://about.usps.com/handbooks/as805/welcome.htm (HTML 508-compliant version).

Note: Offices should update references and links to Handbook AS-805 in local documents.