Expands the main menu

Breadcrumb

Audit Reports

  • Image
Oct
12
2018
Report Number:
IT-AR-19-001
Report Type:
Audit Reports
Category: Technology

Informed Visibility Vulnerability Assessment

Objective

Our objective was to evaluate the Informed Visibility (IV) system’s externally-facing and supporting servers and databases to determine whether they comply with U.S. Postal Service security control requirements and industry best practices; and whether they pose a risk to the confidentiality, integrity, and availability of the system. The security-related information in this report reflects a specific point in time and may have changed since our testing.

Report Recommendations

# Recommendation Status Value Initial Management Response USPS Proposed Resolution OIG Response Final Resolution
1

develop a process to ensure that Informed Visibility server configurations comply with the established configuration baseline.

Closed $0 Agree
2

Review the controls identified in the Center for Internet Security benchmarks and consider them for inclusion into the published standard.

Closed $0 Agree
3

include communication protocols in future IV web application configuration reviews and address any control weaknesses identified.

Closed $0 Disagree
4

Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

Closed $0 Agree
5

Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

Closed $0 Agree
6

Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

Closed $0 Disagree