Information Security

Understanding the CyberSecurity Operations Center (CSOC)

Did you know there is a team within the Corporate Information Security Office (CISO) to help protect you against cyber threats? The CyberSecurity Operations Center (CSOC) is a part of CISO and is the USPS® organization responsible for identifying and mitigating such threats. As part of this process to protect USPS systems and information from cybercriminals, the CSOC conducts ongoing threat detection, threat analysis, and incident response to maintain the security of USPS networks and resources.

There are three stages to a cyber attack — the CSOC works at each stage to ensure that the U.S. Postal Service® remains “CyberSafe”:

1. Threat Detection. The CSOC collects cyber incident reports and offers immediate, short-term triage to protect both personal and postal networks. Eighty-four percent of the CSOC’s work is identified via reports from users like you. To report cybersecurity incidents to the CSOC and help combat cyber threats, email

2. Threat Intelligence. The CSOC engages in an in-depth analysis and investigation to determine the root cause of a cyber attack and mitigate future attacks to postal networks. The CSOC uses advanced hunting techniques to identify signs of a cyber attack, otherwise known as Indicators of Compromise (IOC).

3. Incident Response. The CSOC uses forensics to analyze individual cyber incident reports, situation reporting, and after-action reporting to identify larger trends within cybersecurity. This research enables the USPS to develop targeted cybersecurity strategies to align with cybersecurity best practices.

USPS employees are asked to report suspicious incidents or suspected cyber threats directly to the CSOC to help combat cyber threats to the organization. When faced with a suspicious email or suspected phishing attempt, send the message in question as an attachment — not a forwarded email — to the CSOC so that they can review the content. To report a phishing attempt, attach the suspicious email to a new email message and address it to the CSOC at

Alternatively, while viewing the suspicious message, press the “Control,” “Alt,” and “F” keys simultaneously to create a new email with the suspicious message attached (the message will automatically attach to the email using this shortcut). When the new email pops up, type into the “To” line and hit send to report the email to the CSOC.

After reporting the phishing email, delete it from your inbox. For more information on how to properly report suspicious emails to the CSOC, visit the CyberSafe at USPS™ customer-facing website at and/or download “The Right Way to Report Phishing Incidents” cheat sheet on Blue at