PB 22164 - September 29, 2005 - USPS.com® - About
PB 22164 - September 29, 2005 - USPS.com® - About
PB 22164 - September 29, 2005 - USPS.com® - About
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
96 POSTAL BULLETIN <strong>22164</strong> (9-<strong>29</strong>-05)<br />
patches to be installed; testing patches in a nonproduction<br />
environment first in order to check for unwanted or unforeseen<br />
side effects; developing a backout plan, which<br />
includes backing up the systems about to be patched to be<br />
sure that it is possible to return to a known-good working<br />
configuration should something go wrong with the patch;<br />
ensuring that patches are installed properly; testing<br />
information resources after installation; and documenting<br />
all associated procedures, such as specific configurations<br />
required.<br />
Patch management is critical to ensure the integrity and<br />
reliability of information resources. Patch management<br />
should be capable of:<br />
a. Highly granular patch update and installation administration<br />
(i.e., treating patches and mainframes,<br />
servers, desktops, and laptops separately).<br />
b. Tracking machines, and updating and enforcing<br />
patches centrally.<br />
c. Verifying successful deployment on each machine.<br />
d. Deploying client settings, service packs, patches, hot<br />
fixes, and similar items network-wide in a timely manner<br />
in order to address immediate threats.<br />
e. Initiating from a central management console.<br />
f. Providing scheduling, desktop management, and<br />
standardization tools to reduce the costs associated<br />
with distribution and management.<br />
g. Providing ongoing deployment for both new and<br />
legacy systems in mixed hardware and OS<br />
environments.<br />
h. Automating the repetitive activity associated with rolling<br />
out patches.<br />
i. Analyzing the operating system and applications to<br />
identify possible security holes.<br />
j. Scanning the entire network (IP address by IP address)<br />
and providing information such as service<br />
pack level of the machine, missing security patches,<br />
key registry entries, weak passwords, users and<br />
groups, and more.<br />
k. Analyzing scan results using filters and reports to<br />
proactively secure information resources (e.g., installing<br />
service packs and hotfixes, etc.).<br />
* * * * *<br />
Appendix A Consolidated Roles and<br />
Responsibilities<br />
* * * * *<br />
11 Portfolio Managers<br />
Portfolio managers are responsible for the following:<br />
* * * * *<br />
[Reletter current items e through i as new items f through j.<br />
Add new item e to read as follows:]<br />
e. If a documented vulnerability will not be mitigated,<br />
preparing and signing an acceptance of responsibility<br />
letter as part of the ISA process.<br />
* * * * *<br />
35 Database Administrators<br />
Database administrators are responsible for the following:<br />
* * * * *<br />
[Revise item l to read as follows:]<br />
l. Tracking hardware and software vulnerabilities, and<br />
deploying database security patches.<br />
* * * * *<br />
36 All Personnel<br />
* * * * *<br />
[Reletter current items e through s as new items g through<br />
u. Add new items e and f to read as follows:]<br />
e. Always using their physical and technology electromechanical<br />
access control identification badge or<br />
device to gain entrance to a controlled area.<br />
f. Ensuring no one tailgates into a controlled area on<br />
their badge.<br />
* * * * *<br />
Appendix B Information Security and Related<br />
Documents<br />
[Revise Appendix B to read as follows:]<br />
Administrative Support Manual (ASM)<br />
Subchapter 27, Security<br />
Subchapter 28, Emergency Preparedness<br />
Chapter 8, Information Resources<br />
Handbooks<br />
AS-805, Information Security<br />
AS-805-A, Application Information Security<br />
Assurance (ISA) Process<br />
AS-805-B, Infrastructure Information Security<br />
Assurance (ISA) Process<br />
AS-805-C, Information Security for General<br />
Users<br />
AS-805-D, Information Security Network<br />
Connectivity Process<br />
AS-805-G, Information Security for Mail<br />
Processing/Mail Handling Equipment<br />
AS-816, Open VMS Security<br />
AS-353, Guide to Privacy and the Freedom of<br />
Information Act<br />
Other Related Documents<br />
Enterprise Information Security Architecture<br />
<strong>USPS</strong> PKI Certificate Policy (CP)