Promoting cybersecurity is one of the primary roles and responsibilities of USPS® managers and supervisors. They control user access to systems by approving, denying, suspending, or terminating user access. Managers and supervisors must be proactive while managing user access through eAccess to protect USPS networks.
It’s best to follow the principle of least privilege, which limits access rights for users to the bare minimum needed to do their work. Access to a system or resource should not be granted unless absolutely necessary.
To strengthen USPS security by ensuring the principle of least privilege is applied, please remember these user access management procedures:
n Perform periodic manager review. Requires managers and functional system coordinators to review the access rights for each of their assigned users on a predetermined schedule:
n Employee access must be reviewed semi-annually or when job roles change.
n Contractor access must be reviewed on a quarterly basis.
n If you don’t recognize the system or the reason for access, please discuss with the employee or other subject matter experts as part of your review
n Address pending actions. eAccess will send an email with a link to click whenever the periodic review is due. This will also appear in the “Pending Actions” area of the Manager tab in eAccess.
n Revoke access. Managers must ensure that information access is immediately revoked for personnel, when no longer required, because of a change in job, transfer, retirement, or termination.
n Review employees on detail. When employees are on detail in a temporary position, their eAccess manager must be changed and access revoked for any system they do not need for their temporary position.
When approving or reviewing user privileges in eAccess, ask yourself who needs access and why access is required for their specific role. Remember — periodic reviews help protect USPS networks.
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 3-25-21