From: SM Communications Sent: Tuesday, August 25, 2015 10:00 AM Subject: USPS re:supply Issue 22 August 25, 2015 Issue 22 August 25, 2015 CONTENTS Cybersecurity Courses Now Available to Suppliers with Access to USPS Systems U.S. Postal Service Suppliers, You are receiving this newsletter as you have registered your interest to do business with the U.S. Postal Service (USPS) or your e-mail is on file as a point of contact for a current or past contract. Please share this newsletter with your colleagues within your company as it contains important supplier related information about the Postal Service. The Postal Service has launched the CyberSafe at USPS initiative focused on increasing awareness of cybersecurity threats and procedures USPS employees can follow to help protect systems and data. We are extending that message to our suppliers, and in particular, those suppliers’ employees who have access to USPS systems. We want you and your employees that have USPS ACE (Advanced Computing Environment) Active Directory access to be aware of two web based training courses that are now available to supplier personnel which are recommended to be completed by September 30, 2015 as mentioned in the article below. These two courses are recommended for contractors to increase awareness about information security at USPS and are not mandatory. This issue is simultaneously being sent to USPS Supply Management employees for their information. Thank you! Cybersecurity Courses Now Available to Suppliers with Access to USPS Systems Suppliers Share in Responsibility to Protect USPS Information and Networks The U.S. Postal Service is taking additional steps to increase the awareness of our supplier community regarding USPS information security. Each supplier employee with ACE Active Directory access now has access to two USPS Learning Management System (LMS) courses on information security. We recommend these courses be completed by September 30, 2015. * 10024251: CyberSafe 101: Passwords and Phishing – 15 minutes * 10021144: Our Shared Responsibility – 45 minutes The instructions for supplier personnel with ACE IDs to access these courses are included below, starting on page 4. For questions related to the IT: Security – Our Shared Responsibility course and the IT: Security – CyberSafe 101 course, please contact Gerri Wallace at gerri.wallace@usps.gov or Rose Tutera via e-mail at rose.a.tutera@usps.gov. If you need help with the Learning Management System (LMS), please contact ELMS@usps.gov. Cybercriminals are hard at work 24/7, 365 days a year attempting to steal government, corporate, and personal information and it takes everyone’s support to defend against them. We have increased our security posture and will continue to make improvements. We are relying upon our employees and the employees of our suppliers to play a key role in the protection of our network and information. The Postal Service recently launched CyberSafe at USPS, an initiative to educate employees and the employees of our suppliers on critical cybersecurity topics. One of the first steps is to focus on increasing the information security awareness of our suppliers’ employees who have active access to USPS networks. Please help us spread the word to members of your team who have access to the USPS CyberSafe blue page, a central resource for important USPS cybersecurity information. The site is available at http://blue.usps.gov/cyber/. Additionally, please share with your team the following tips: * If you have a log-in credential (username/password) for any USPS system(s): o Never share this information with anyone or write it down. o Never use the same credential in other systems. * If you are issued a USPS e-mail address: o Never auto-forward e-mails from another account to your USPS e-mail account. o Watch out for phishing e-mails that try to convince you to click on links or attachments, or enter information into a suspicious site. * Information security incidents (including suspected or actual phishing scams) must be immediately reported to the USPS Computer Incident Response Team (CIRT) via telephone at 1-866-USPS-CIR(T) or 1-866-877-7247 or via an e-mail to cybersafe@usps.gov or uspscirt@usps.gov. Do not dismiss a suspected incident or discount its seriousness. * For more information on USPS Information Security policies, please go to http://about.usps.com/handbooks/as805/welcome.htm. * Additional cybersecurity resources focused on increasing the understanding of cyber threats and empowering the American public to be safer and more secure online are available through the U.S Department of Homeland Security (DHS) Stop.Think.Connect. national public awareness campaign. For more information please go to http://www.dhs.gov/stopthinkconnect. We want to thank you for your continued support in helping the Postal Service deliver on its mission while protecting its network and information. RETURN TO TOP The Postal Service receives no tax dollars for operating expenses and relies on the sale of postage, products, and services to fund its operations. ARE YOU REGISTERED TO DO BUSINESS WITH THE U.S. POSTAL SERVICE? More than 14,700 suppliers have registered since our launch of the Supplier Registration site in July 2009. All suppliers interested in doing business with the U.S. Postal Service should register their company in the Postal Service Supplier Registration system. For more information, please go to http://about.usps.com/suppliers/becoming/registration.htm. CONTACT US! We value your questions and feedback to this newsletter. Please feel free to reply to this message with your feedback or mail to: U.S. Postal Service Supply Management Communications 475 L’Enfant Plaza, SW, Room 1100 Washington, DC  20260-6201 If you prefer not to receive future issues of re:supply from the U.S. Postal Service, click SMCommunications@usps.gov and type Unsubscribe in the Subject line. To be added to our re:supply e-mail list, click SMCommunications@usps.gov and type Subscribe in the Subject line. Instructions for Accessing Courses in LMS Once you have been loaded to the IT: Security – Our Shared Responsibility course and the IT: Security – CyberSafe 101 course, you will receive notification via email. The below is a sample image of that communication. Note: the email will contain a direct link for the Learning Portal in the LMS on Blue (https://blue.usps.gov/wps/myportal/LMS). Click on the link in the email to access the courses. You can confirm that you have been given access to the courses via eAccess. Log onto eAccess and click on the “My History” tab. Click the “Education and Awareness” button. The courses will be listed there with a Pending status until you complete them. If you are unable to access the course via the link in the email, you can access the courses via the Learning Portal on Blue. Go to the Blue homepage. Click on “Essential Links.” Click on “Learning Management System” in the Essential Links tab. Log in using your ACE ID and password. This will take you to the Learning Management System (LMS). Scroll down on the page to the Learning Portal icon. Click “Learning Portal.” The Learning Portal will display a list of courses to which you have been given access. The list should include the IT: Security – Our Shared Responsibility course and the IT: Security – CyberSafe 101 course. Click on the hyperlink to display the course title page. Note: The Mandatory Courses tab lists all courses to which you have been given access. The Our Shared Responsibility and CyberSafe 101 courses are recommended for contractors to increase awareness about information security at USPS and are not mandatory. Scroll to the bottom of the description page to find the option to Book the course. Click the yellow “Book this course” button to add the WBT course to your listing. The course will then appear in your Contractor Activities and will be available for you to take. Click “Start now” to take the course. Upon completion of the course, you can click on the Contractor’s Activities link again and see that the page indicates you have successfully passed the course in the Completed courses tab. You will also receive an email from the eAccess administrator notifying you that you have successfully completed the course within 2-3 days after LMS has refreshed course completion data within eAccess. You can also see the status update in eAccess under User Access History – Education and Awareness. For questions related to the IT: Security – Our Shared Responsibility course and the IT: Security – CyberSafe 101 course, please reach out to Gerri Wallace at gerri.wallace@usps.gov or Rose Tutera via email at rose.a.tutera@usps.gov. For more information about the CyberSafe campaign at USPS, visit the CyberSafe website at http://blue.usps.gov/cyber. Remember to report all incidents and suspicious activity when on the USPS network or USPS ACE machine to cybersafe@usps.gov or via phone at 866-USPS-CIRT (866-877-7247).