Technology, Infrastructure, and Site Security Review
The U.S. Postal Service operates more than 8,500 automated systems and equipment at 313 facilities. Its network consists of computer systems and equipment that manage, monitor, and control mail functions. Without proper technological, physical, and environmental controls, there is an increased risk of adverse impacts to essential equipment. Our objective was to determine whether the Postal Service established and implemented adequate controls over these systems.
We found the Postal Service did not always establish and implement effective information technology, physical, and environmental controls. Specifically, the Postal Service did not have a process to proactively identify or remediate information technology vulnerabilities on the network. According to Engineering Systems, a process to improve vulnerability scanning coverage on the network is in the pilot phase.
We made 14 recommendations to address the issues identified in this report. Postal Service management agreed with eight recommendations and disagreed with six. Management’s comments and our evaluation are at the end of each finding and recommendation. We consider the Postal Service responsive to recommendations one through eight, as corrective actions should resolve these issues. We will work with management through the audit resolution process on the remaining six recommendations.