Corporate Information Security Office (CISO) in conjunction with Information Technology has implemented the Enterprise Encryption Service — a new method of data encryption.
Enterprise Encryption Service can be used to encrypt external or outbound email that has sensitive information sent by email and/or as an email attachment. The encryption will not work for internal to internal email communications within USPS®. Only email going outside the USPS environment can use this method.
To encrypt messages, follow these instructions:
n After composing and addressing a message, include #sensitive# in the subject line. The hash mark must be directly in front and back of the word “sensitive” to initiate the encryption service.
Example: Information Sharing #sensitive#.
n Send out email as normal.
n The recipient will be notified to login the secure email portal to retrieve and reply to the email.
Failure to follow the encryption instructions will result in the message being unprotected or blocked.
Refer to Handbook AS-805, Information Security, section 3.5.5, Mandatory Requirements and Procedures for Authorized Removal of Postal Service Non-Publicly Available Information from Postal Service or Business Partner Premises, to learn more about how to protect sensitive and sensitive-enhanced information.
For questions, please contact CIRT at (866) 877-7247 or USPSCIRT@usps.gov.
Caption: This is a screen shot of the secure email portal for first time login by an external recipient. The receiver has to create a secure passphrase; the instructions are displayed on the screen shot above. The passphrase must be a minimum of 8 characters, include an uppercase letter, a lowercase letter, a number, and a special character. Please remember your passphrase for future use and do not write it down. If you need to reset your passphrase, there is a self-service link. Be advised there is a 30-day limitation to retrieve email via the portal.
— Corporate Information Security Office,
Chief Information Officer, 6-12-14