Management Alert – Risks Associated with Information Technology Applications
Introduction
While conducting an audit, we found the Postal Service allowed IT applications to operate in the production environment with substantial vulnerabilities. Although the issues identified were not directly related to the scope of the audit, they are security weaknesses that warrant management’s attention and corrective action.
Our objective is to inform the Postal Service of significant vulnerabilities associated with applications developed and maintained under this contract that did not complete the Certification and Accreditation (C&A) process.