Handbook AS-805 Revision: Information Security Updates

Effective June 2021, the Postal Service™ revised Hand- book AS-805, Information Security, to include updates in multiple sections to provide a standardized framework of information security policies, which govern the use of tech- nology assets and information resources.

The revisions to Handbook AS-805 are as follows:

n Chapter 1, “Introduction: Corporate Information Security,” was revised to include new policies that govern cloud solutions and service-based contract solutions.

n Chapter 2, “Security Roles and Responsibilities,” was revised to include updated roles and responsibilities in relation to information security.

n Chapter 3, “Information Designation and Control,” was revised to include new language for electronic hardware, as well as media and Payment Card Indus- try requirements.

n Chapter 5, “Acceptable Use,” was revised to include new policies for acceptable use, personal use of Government office equipment, and Internet access and prohibited activities.

n Chapter 6, “Personnel Security,” was revised to include new language for routine separation and adverse termination policies for Postal Service employees, contractors, and suppliers.

n Chapter 8, “Development and Operations Security,” was revised to include new language for configuration hardening standards, patch management, the Certification and Accreditation process, security code reviews, and penetration testing.

n Chapter 9, “Information Security Services,” was revised to include new language for authorization principles and requirements, account management, log on IDs, authentication, and password requirements.

n Chapter 10, “Hardware and Software Security,” was revised to include new language for hardening serv- ers, network access, vendor software support, approved software (formerly whitelisted software), and unapproved software (formerly blacklisted software).

n Chapter 11, “Network Security,” was revised to update implementation of hardening standards and business partner connectivity requirements.

n Chapter 14, “Security Compliance and Monitoring,” was revised to include new policy language for penetration testing.

Revised Handbook AS-805 is now available on the Postal Service PolicyNet website:

n Go to blue.usps.gov.

n In the left-hand column under “Essential Links,” click PolicyNet.

n Go to the right-hand side under “Published Forms and Directives.”

n Click Handbooks.

The direct URL for the Postal Service PolicyNet website is blue.usps.gov/cpim.