Expands the main menu

Breadcrumb

Audit Reports

  • Image
    22-037-R22 Report Thumbnail
Sep
19
2022
Report Number:
22-037-R22
Report Type:
Audit Reports
Category: Technology

U.S. Postal Inspection Service’s Oversight of Facility Security and Access Control

Background

The U.S. Postal Inspection Service is responsible for Postal Service policies, procedures, standards, and requirements for facility security and access controls. It has also established a risk management process — the Vulnerability Risk Assessment Tool (VRAT) — to ensure compliance with facility security policies and procedures and identify facility security deficiencies. Additionally, the Postal Inspection Service is an associate member of the Interagency Security Committee (ISC) formed by Executive Order 12977 to enhance the quality and effectiveness of security in protecting federal facilities.

 

What We Did

Our objective was to assess whether the Postal Inspection Service’s facility security and access control policies align with federal standards and best practices and how identified security deficiencies are addressed. Specifically, we evaluated policies and procedures related to facility security and access control, assessed risk management policies and procedures for facilities, reviewed the ISC’s standards and best practices for facility security, and analyzed VRAT data.

Report Recommendations

# Recommendation Status Value Initial Management Response USPS Proposed Resolution OIG Response Final Resolution
1

Establish a facility security level determination process that considers al six factors in the Risk Management Process Standard.

Closed $0 Agree
2

Redesign the baseline level of protection process to align with the Risk Management Process Standard, to include establishing a baseline level of protection for each facility security level and regularly reassessing the baseline level of protection.

Closed $0 Agree
3

Update the Vulnerability Risk Assessment Tool User Guide to provide specific guidance on responding to identified security deficiencies.

Closed $0 Agree