Skip Top Navigation
Who We Are
Leadership
Financials
Judicial Officer
Legal
Our History
Postal Facts
What We're Doing
Transforming Our Business
Current Initiatives
Securing The Mail
REDRESS
Sustainability
Corporate Social Responsibility
Newsroom
National News
Local News
Electronic News Kits
Testimony & Speeches
Broadcast Downloads
Audio Downloads
Events Calendar
Photo Gallery
Service Alerts
Careers
Job Search & Application
Employment Requirements
Compensation & Benefits
Career Development
Workplace Culture
Sales & Marketing Jobs
USPS Employees
Doing Business with Us
Suppliers
Licensing
Rights & Permissions
Auctions
IT Policies, Process & Standards
Public Key Infrastructure
Search
Handbook AS-805 - Information Security - Contents
Handbook AS-805 - Information Security
July 2012
1 Introduction: Corporate Information Security
1-1 Purpose
1-2 Scope
1-3 Policy
1-4 Supporting Documentation
1-5 Policy Owner
1-6 Information Resources
1-7 Organizations and Personnel
1-8 Importance of Compliance
2 Security Roles and Responsibilities
2-1 Policy
2-2 Consolidated Roles and Responsibilities
3 Information Designation and Control
3-1 Policy
3-2 Information Designation and Categorization
3-3 Determination of the Categorization of Information Resources
3-4 Security Requirement Categories
3-5 Protection of Postal Service Information and Media
3-6 Protection of Non-Postal Service Information
4 Security Risk Management
4-1 Policy
4-2 Types of Risk Management
4-3 Information Resource Risk Management
4-4 Independent Risk Management
4-5 Site Risk Management
4-6 Risk-Based Information Security Framework
5 Acceptable Use
5-1 Policy
5-2 Personal Use of Government Office Equipment Including Information Technology
5-3 Electronic Mail and Messaging
5-4 Internet: Access and Prohibited Activities
5-5 Prohibited Uses of Information Resources
5-6 Protection of Sensitive Data and Privacy-Related Data
6 Personnel Security
6-1 Policy
6-2 Employee Accountability
6-3 Sensitive Positions
6-4 Background Investigations and Clearances
6-5 Information Security Awareness and Training
6-6 Departing Personnel
7 Physical and Environmental Security
7-1 Policy
7-2 Physical Access Controls
7-3 Physical Protection of Information Resources
7-4 Environmental Security
7-5 Facility Continuity Planning
7-6 Facility Contracts
8 Development and Operations Security
8-1 Policy
8-2 Development Security
8-3 Operations Security
8-4 Certification and Accreditation
8-5 Information Resource C&A
9 Information Security Services
9-1 Policy
9-2 Security Services Overview
9-3 Authorization
9-4 Accountability
9-5 Identification
9-6 Authentication
9-7 Confidentiality
9-8 Integrity
9-9 Availability
9-10 Security Administration
9-11 Audit Logging
10 Hardware and Software Security
10-1 Policy
10-2 Hardware Security
10-3 Software and Applications Security
10-4 General Policies for Hardware and Software
10-5 Configuration and Change Management
10-6 Protection Against Viruses and Malicious Code
10-7 Operating System, Database Management System, and Application Audit Log Requirements
11 Network Security
11-1 Policy
11-2 Network Architecture
11-3 Protecting the Network Infrastructure
11-4 Internet Technologies
11-5 Protecting the Network/Internet Perimeter
11-6 Network Connections
11-7 Business Partner Connectivity Requirements
11-8 Limiting Third-Party Network Services
11-9 Remote Access Requirements
11-10 Network Audit Log Requirements
11-11 Wireless Networking Requirements
12 Business Continuity Management
12-1 Policy
12-2 Business Continuity Management Program
12-3 BCM Objectives
12-4 Business Continuity Plan Requirements
12-5 Disaster Recovery Plan Requirements
13 Security Incident Management
13-1 Policy
13-2 Information Security Incident Identification
13-3 Incident Prevention, Reporting, and Containment
13-4 CIRT Incident Process and Activities
14 Security Compliance and Monitoring
14-1 Policy
14-2 Compliance
14-3 Monitoring
14-4 Audits
14-5 Confiscation and Removal of Information Resources