Expands the main menu

Breadcrumb

Audit Reports

  • Image
Aug
18
2022
Report Number:
21-221-R22
Report Type:
Audit Reports
Category: Security, Technology

Wireless Assessment

Background

The U.S. Postal Service’s daily operations depend on both wired and wireless networks and technologies to collect, process, and deliver the nation’s mail. Wireless networks provide access to critical systems and devices without requiring a physical connection. Appropriately securing these networks to increase protection against cyberattacks is vital to Postal Service business operations. The Postal Service’s Corporate Information Security Office ensures the security of wireless connections to internal and external resources. The Network & Compute Technology group designs, secures, and manages the wireless network infrastructure, while the Network Change Review Board manages and approves wireless network standards and activities. Finally, the Chief Technology Office performs research and development for delivery, mail processing, and retail systems and equipment.

What We Did

Our objective was to evaluate the effectiveness of the Postal Service’s security controls to protect and manage its wireless infrastructure. Specifically, we conducted a technical wireless network assessment at four postal facilities from January through April 2022 using both [redacted] to determine if security controls were in place and functioning as intended.

What We Found

While the Postal Service utilized appropriate encryption standards and managed wireless channels to improve network performance, the agency did not have other technical security controls in place. Specifically, we found insufficient technical security controls that allowed [redacted] and allowed devices to [redacted]. We also found that management did not conduct [redacted] of the wireless network and that they were not aware of [redacted] at Postal Service facilities. These issues occurred because the [redacted] was not configured properly. In addition, instead of performing visual inspections and walk-throughs, management relied on software to identify wireless devices. Finally, there were no established procedures for how to account for [redacted] at Postal Service facilities.

Report Recommendations

# Recommendation Status Value Management Response OIG Response USPS Proposed Resolution
1

Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

Closed $0 Agree
2

Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

Closed $0 Agree
3

Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

Closed $0 Agree
4

Develop a process for verifying that physical access points are labeled in accordance with policy.

Closed $0 Agree
5

Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

Closed $0 Agree