Transcription of Contents
1 February 2018iContents1 Introduction: corporate Information security ..11-1 Purpose .. 11-2 Scope .. 21-3 Policy .. 21-4 Supporting Documentation .. 31-5 Policy Owner .. 31-6 Infrastructure Components/Systems .. Technology Solutions .. Contract Solution.. Solution .. Solution .. Technology Solution security and Privacy Assessments.. Contract Solution security and Privacy Assessment .. Solution security and Privacy Assessment .. Solution security and Privacy Assessment .. 51-7 Information Resources.
2 61-8 Organizations and Personnel .. 81-9 Importance of Compliance .. Public Trust .. Business Operations .. Postal Service Investment.. by Federal Regulations .. 91-10 Policy Exception and Review.. an Exception to the Policies .. Review .. 102 security Roles and Responsibilities ..112-1 Policy .. 112-2 Consolidated Roles and Responsibilities .. Information Officer and Executive Vice President .. Postal Inspector .. President, Information Technology .. , Computer Operations .. Information security Officer.
3 security Executive Council .. Presidents, Functional Business Areas.. 15 Information SecurityiiHandbook President, Engineering .. President, Network Operations.. and Managers .. Sponsors .. System Coordinators .. Relationship Management Portfolio Managers (formerly Portfolio Managers) .. of Information Technology Solution Centers .. Heads .. Privacy Officer .. General .. , Business Continuance Management .. , Telecommunications Services .. Responsible for Computing Operations .. , corporate Information security Office Information Systems security .
4 , Help Desks .. Officers and Contracting Officer Representatives .. Counsel .. Partners .. Control Officers .. Systems security Representatives .. Systems security Officers .. and Network Administrators .. Administrators .. Personnel .. 353 Information Designation and Control ..373-1 Policy .. 373-2 Information Designation and Categorization .. Categories and Levels .. and Criticality Category Independence .. of Classified, Sensitive, and Critical Information .. Information .. Information.
5 Information .. Information .. (High) Information.. (Moderate) Information.. Information .. 403-3 Determination of the Categorization of Information Resources.. Impact Assessment.. 41 ContentsFebruary .. Functionality .. National Infrastructure .. Information Resource Classification and Categories of Information Processed .. Information Resource Classification and Categories ofInformation Processed .. 423-4 security Requirement Categories .. 433-5 Protection of Postal Service Information and Media .. of Information, Media, and Devices.
6 Media and Hardcopy Output .. Processing.. Access to Information .. and Storage of Information .. of Information .. Requirements and Procedures for Authorized Removal of Postal Service Non-Publicly Available Information from Postal Service or Business Partner Premises .. of Non-Publicly Available Information .. of Removal from Postal Service or Business Partner Premises .. Requirements and Procedures for Authorized Removal of Electronic and Hard-copy Information.. of Information .. Information on Factory-Fresh or Degaussed Media.
7 Prior to Maintenance .. Biohazard Contaminated Information Resources .. and Sensitive Information .. Eradication on Contaminated Information Resources .. of Contaminated Information Resources .. and Destruction of Information and Media .. Hardware and Media.. Residue .. Information .. of Postal Service Information During International Travel .. security Requirements While Traveling Outside of the United States .. of Temporary Computer Equipment and Communication Devices.. of Protection Requirements in Contracts.
8 All Business Partners and Suppliers .. Payment-Card Business Partners and Suppliers.. PCI Requirements .. PII Requirements .. of Financial information .. 54 Information SecurityivHandbook AS-8053-6 Protection of Non-Postal Service Information .. Information.. security Classified Information.. 544 security Risk Management ..554-1 Policy .. 554-2 Types of Risk Management .. 554-3 Information Resource Risk Management.. 554-4 Independent Risk Management .. 574-5 Site Risk Management .. 574-6 Risk-Based Information security Framework.
9 585 Acceptable Use ..595-1 Policy .. 595-2 Personal Use of Government Office Equipment Including Information Technology .. 595-3 Electronic Mail and Messaging .. Use .. 625-4 Internet: Access and Prohibited Activities .. 625-5 Prohibited Uses of Information Resources .. 635-6 Protection of Sensitive Data and Privacy-Related Data .. 645-7 Use of Social Media .. 656 Personnel security ..676-1 Policy .. 676-2 Employee Accountability .. of Duties and Responsibilities .. Descriptions.. Appraisals .. of Continued Employment.
10 686-3 Sensitive Positions .. 686-4 Background Investigations and Clearances .. Requirements .. Privileges .. IDs .. Resources Processing Sensitive-Enhanced or Sensitive Information .. Areas .. Nationals .. 696-5 Information security Awareness and Training .. security Awareness.. and Monitoring Individual Information security Training .. Requirements .. 70 ContentsFebruary 2018v6-6 Departing Personnel .. Separation .. Termination .. , Network, or Database Administrator Departure .. 727 Physical and Environmental security .
