Handbook AS-805 Revision: Information Security Updates

Effective November 2019, the Postal Service™ revised Handbook AS-805, Information Security, in multiple sections to provide a comprehensive framework for protecting the confidentiality, integrity, and availability of Postal Service data. The bi-annual updates provide Corporate Information Security Office (CISO) employees, contractors, and business partners with a high-level policy overview for current operational procedures and processes to fulfill CISO obligations.

The revisions to Handbook AS-805 are as follows:

n Chapter 1, “Introduction: Corporate Information Security” was revised to update information resources at the Corporate Information Security level.

n Chapter 2, “Security Roles and Responsibilities” was revised to add and update responsibilities for managers of CISO, Network Connectivity Review Board (NCRB), and CyberSafe roles.

n Chapter 3, “Information Designation and Control” was revised to incorporate current cyber threat information, categorization designations, media labelling protections, and business impact assessments, including cloud computing impact assessments and privacy.

n Chapter 4, “Security Risk Management” was revised to ensure all information resource risk management documents are appropriately labelled and reviewed by the CISO office.

n Chapter 5, “Acceptable Use” was revised to incorporate limited employee use of Postal Service computing mobile devices and prohibited use of personal mobile computing devices, including smart phones, tablets, and smart watches.

n Chapter 8, “Development and Operations Security” was revised to redefine impact assessment and to update NCRB link.

n Chapter 9, “Information Security Services” was revised to incorporate different types of internal and external end user accounts for information resource access, account management, digital certificate requirements, suspending and terminating log-on IDs, password requirements, and storage.

n Chapter 10, “Hardware and Software Security” was revised to add hard inventory and software and applications inventory security requirements.

n Chapter 11, “Network Security” was revised to add network infrastructure safeguards to include external website facing, vulnerability scan reporting, network traffic monitoring, third-party business partner, and intrusion detection and protection security requirements.

n Chapter 12, “Service Continuity Plan” was revised to update the service continuity plan requirements and business continuity plan requirements.

n Chapter 14, “Security Compliance and Monitoring” was revised to incorporate PCI compliance requirements and identified risks in the Risk Mitigation Plan for submission to the CISO office.

Revised Handbook AS-805 is available on the Postal Service PolicyNet website:

n Go to blue.usps.gov.

n In the left-hand column, click Essential Links, and then click PolicyNet.

n Go to the right-hand side under “Published Forms and Directives.”

n Click Handbooks.

The direct URL for the Postal Service PolicyNet website is blue.usps.gov/cpim.