Among the many roles and responsibilities of USPS® managers and supervisors, controlling user access to systems, through eAccess, is paramount. Approving, denying, suspending, or terminating access, and being proactive in managing user access, plays an important role in information security.
Following the principle of least privileges limits access rights for users to the bare minimum needed to do their work. No access to a system or resource is granted unless it’s absolutely necessary.
Here are a few ways to maintain the principle of least privileges:
n Revoking Access. Managers must ensure that information access is immediately revoked for personnel because of a change in job, transfer, or termination.
n Conducting Manager Periodic Review (MPR). Managers and functional system coordinators must review the access rights for each of their assigned users on a predetermined schedule:
n Employee access must be reviewed twice every year.
n Contractor access must be reviewed quarterly every year.
n Pending Actions. Whenever an MPR is due, eAccess will send an email with a link directing you to the pending task. The message “MPR” will also appear in the “Pending Actions” area of the Manager tab in eAccess.
To strengthen USPS security and ensure adherence to the principle of least privileges, refer to the user access management policies in section 9-3 of Handbook AS-805 (about.usps.com/handbooks/as805/as805c9_003.htm).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 10-21-21