Expands the main menu

Audit Reports

Dec
12
2014
Report Number:
IT-AR-15-001
Report Type:
Audit Reports

Capital District Vulnerability Assessment

Background

The U.S. Postal Service Office of Inspector General’s Information Technology Security Risk Model identified the Capital District as being among the five most at-risk districts for multiple quarters during fiscal years (FY) 2013 and 2014. Security events during those periods included instances of malicious software which can affect the confidentiality, integrity, and availability of sensitive data and potentially compromise critical mail processing applications.

During FY 2013, the Capital District processed about 2 billion mailpieces and generated about $470.9 million in revenue. The district had about 6,600 employees working in 260 facilities during that time. Our objective was to review system security controls in the Capital District to determine whether proper security exists to protect U.S. Postal Service infrastructure and data.

What The OIG Recommended

We recommended management evaluate, test, and install critical patches and correct configuration settings on the identified databases and operating systems. We also recommended management disallow software that permits unsecure communications, discontinue the use of shared user accounts, and uniformly manage assets. Additionally, we recommended management remove the from databases.

Report Recommendations

# Recommendation Status Value Initial Management Response USPS Proposed Resolution OIG Response Final Resolution
1

R - 1 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
2

R - 2 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
3

R - 3 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
4

R - 4 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
5

R - 5 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
6

R - 6 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
7

R - 7 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
8

R - 8 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
9

R - 9 -- Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

 Closed $0 Agree
10

R - 10 -- Develop a uniform process for information systems management to identify the location of all systems physically connected to the network, and the administrators associated with each system.

 Closed $0 Agree