Effective June 2021, the Postal Service™ revised Hand- book AS-805, Information Security, to include updates in multiple sections to provide a standardized framework of information security policies, which govern the use of tech- nology assets and information resources.
The revisions to Handbook AS-805 are as follows:
n Chapter 1, “Introduction: Corporate Information Security,” was revised to include new policies that govern cloud solutions and service-based contract solutions.
n Chapter 2, “Security Roles and Responsibilities,” was revised to include updated roles and responsibilities in relation to information security.
n Chapter 3, “Information Designation and Control,” was revised to include new language for electronic hardware, as well as media and Payment Card Indus- try requirements.
n Chapter 5, “Acceptable Use,” was revised to include new policies for acceptable use, personal use of Government office equipment, and Internet access and prohibited activities.
n Chapter 6, “Personnel Security,” was revised to include new language for routine separation and adverse termination policies for Postal Service employees, contractors, and suppliers.
n Chapter 8, “Development and Operations Security,” was revised to include new language for configuration hardening standards, patch management, the Certification and Accreditation process, security code reviews, and penetration testing.
n Chapter 9, “Information Security Services,” was revised to include new language for authorization principles and requirements, account management, log on IDs, authentication, and password requirements.
n Chapter 10, “Hardware and Software Security,” was revised to include new language for hardening serv- ers, network access, vendor software support, approved software (formerly whitelisted software), and unapproved software (formerly blacklisted software).
n Chapter 11, “Network Security,” was revised to update implementation of hardening standards and business partner connectivity requirements.
n Chapter 14, “Security Compliance and Monitoring,” was revised to include new policy language for penetration testing.
Revised Handbook AS-805 is now available on the Postal Service PolicyNet website:
n Go to blue.usps.gov.
n In the left-hand column under “Essential Links,” click PolicyNet.
n Go to the right-hand side under “Published Forms and Directives.”
n Click Handbooks.
The direct URL for the Postal Service PolicyNet website is blue.usps.gov/cpim.
— Policy, Quality, and Compliance,
Chief Information Security Officer, 7-15-21
