PB 22164 - September 29, 2005 - USPS.com® - About
PB 22164 - September 29, 2005 - USPS.com® - About
PB 22164 - September 29, 2005 - USPS.com® - About
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
POSTAL BULLETIN <strong>22164</strong> (9-<strong>29</strong>-05)<br />
HANDBOOK AS-805 REVISION<br />
Information Security<br />
Effective <strong>September</strong> <strong>29</strong>, <strong>2005</strong>, Handbook AS-805, Information<br />
Security, is revised as follows to address:<br />
Gaining access to controlled areas.<br />
Updating the facility business continuance management<br />
planning section.<br />
Registering applications in eAccess.<br />
Implementing an acceptance of responsibility letter<br />
for documented vulnerabilities that will not be<br />
mitigated.<br />
Implementing patch management of information<br />
resources.<br />
Updating Appendix A.<br />
Updating Appendix B.<br />
We will incorporate these revisions into the next online<br />
update of Handbook AS-805 available on the Postal Service<br />
PolicyNet Web site:<br />
Go to http://blue.usps.gov.<br />
Under “Essential Links” in the left-hand column, click<br />
on References.<br />
Under “References” in the right-hand column, under<br />
“Policies,” click on PolicyNet.<br />
Then click on HBKs.<br />
(The direct URL for the Postal Service PolicyNet Web<br />
site is http://blue.usps.gov/cpim.)<br />
Handbook AS−805, Information Security<br />
* * * * *<br />
7 Physical and Environmental Security<br />
* * * * *<br />
7-2 Roles and Responsibilities<br />
* * * * *<br />
7-2.6 All Personnel<br />
All personnel are responsible for the following:<br />
* * * * *<br />
[Reletter current items b through e as new items d through<br />
g. Add new items b and c to read as follows:]<br />
b. Always using their physical and technology electromechanical<br />
access control identification badge or<br />
device to gain entrance to a controlled area.<br />
c. Ensuring no one tailgates into a controlled area on<br />
their badge.<br />
* * * * *<br />
93<br />
7-3 Facility Security<br />
* * * * *<br />
7-3.1 Physical Access Controls<br />
* * * * *<br />
7-3.1.3 Access to Controlled Areas<br />
[Revise 7-3.1.3 to read as follows:]<br />
Access to controlled areas is restricted to personnel whose<br />
duties require access to such facilities and who possess<br />
appropriate security clearances. Access to controlled<br />
areas must be authorized and tailgating is not allowed.<br />
Access to controlled areas must be controlled by electromechanical<br />
means. Personnel authorized access to the<br />
controlled areas must always use their physical and<br />
technology electromechanical access control identification<br />
badge or device to gain entrance to the controlled area. It is<br />
their responsibility to ensure no one tailgates on their<br />
badge.<br />
Personnel without an authorized physical and technology<br />
electromechanical access control identification badge or<br />
device must be escorted by authorized personnel while in<br />
the controlled area.<br />
* * * * *<br />
[Revise the title and text of 7-3.4 to read as follows:]<br />
7-3.4 Facility Business Continuance Management<br />
Planning<br />
Physical security requirements must be included in facility<br />
business continuance management (BCM) planning to<br />
ensure the appropriate protection of information resources<br />
following a catastrophic event (see Chapter 12).<br />
* * * * *<br />
8 System, Applications, and Product<br />
Development<br />
* * * * *<br />
8-2 Roles and Responsibilities<br />
* * * * *<br />
8-2.6 Portfolio Managers<br />
Portfolio managers are responsible for the following:<br />
* * * * *<br />
[Reletter current items e through g as new items f through<br />
h. Add new item e to read as follows:]<br />
e. If a documented vulnerability will not be mitigated,<br />
preparing and signing an acceptance of responsibility<br />
letter as part of the ISA process.<br />
* * * * *