Greek philosopher Heraclitus once said, “There is nothing permanent except change.” With the many recent leadership changes and employee reassignments, user access must change as well.
Among the many roles and responsibilities of USPS® managers and supervisors, controlling user access to systems by approving, denying, suspending, or terminating access rights through eAccess — and being proactive in managing future user access — is important.
The principle of least privileges limits access rights for users to the bare minimum needed to do their work. Access to a system or resource is not granted unless it’s necessary.
When approving or reviewing user privileges, think about who needs the access, what they are accessing, and why access is needed for their specific role. Here are a few more things to consider before taking action:
n Revoking access. Managers must ensure that access to information is immediately revoked for personnel because of a change in job, transfer, or termination.
n Manager periodic review (MPR). Managers and functional system coordinators are required to review the access rights for each of their assigned users on a predetermined schedule:
n Employee access must be reviewed semi-
annually.
n Contractor access must be reviewed quarterly.
n Pending actions. eAccess will send an email with a link directing you to the pending task whenever an MPR is due. MPRs will also appear in the pending actions area of the manager tab in eAccess.
For more information and to ensure USPS security using the principle of least privileges, review the user access management policies in section 9-3 of Handbook AS-805, Information Security, at about.usps.com/handbooks/as805/as805c9_003.htm.
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 8-26-21