Home > About USPS & News > Forms & Publications > Postal Periodicals and Publications > Handbooks > Handbook AS-805 - Information Security > 7 Physical and Environmental Security > 7-2 Roles and Responsibilities

7-2 Roles and Responsibilities

Specific Postal Service roles and responsibilities for physical and environmental security are defined in the sections below and are depicted in Exhibit 7.2.

7-2.1 Chief Inspector

The chief inspector is responsible for the following:

a. Establishing policy and criteria for overall Postal Service physical and environmental security.

b. Providing physical protection assistance and investigating information security incidents involving the physical loss, theft, or destruction of Postal Service information resources.

c. Conducting periodic site security reviews, surveys, and investigations of Postal Service activities and sites to evaluate all aspects of physical and environmental security.

d. Providing technical guidance on physical security needs, such as controlled areas, access lists, physical access control systems, and identification badges.

e. Providing technical guidance on physical and environmental security that supports information resources, including the protection of workstations, portable devices, and sensitive, critical, and business-controlled media.

f. Providing guidance on the use of the Postal Service Security Force.

g. Investigating reported violations of security regulations.

7-2.2 Manager, Corporate Information Security Office

The manager, Corporate Information Security Office (CISO), is responsible for the following:

a. Providing overall consultation and advice on Postal Service physical, environmental, and administrative security controls.

b. Assessing the adequacy of physical, environmental, and administrative security controls in a changing information infrastructure.

c. Assessing and ensuring compliance with physical security policies related to information security through inspections, reviews, and evaluations.

7-2.3 Installation Heads

Installation heads are responsible for the following:

a. Designating a security control officer (SCO) who will be responsible for both personnel and physical security at that facility, including the physical protection of computer systems, equipment, and information located therein.

b. Implementing physical and environmental security, including support for information security, such as the protection of workstations, portable devices, and sensitive, critical, and business-controlled media.

c. Controlling physical access to the facility, including the establishment and implementation of controlled areas, access lists, physical access control systems, and identification badges.

d. Funding security equipment and building modifications.

e. Maintaining an accurate inventory of Postal Service information resources at their facility and implementing appropriate hardware security and configuration management.

f. Maintaining and upgrading as necessary all security investigative equipment.

g. Ensuring completion of a site security review, providing assistance to the Inspection Service and ISSO, as required, and accepting site residual risk.

h. Ensuring that the Postal Service security policy, guidelines, and procedures are followed in all activities related to information resources at their facility, including procurement, development, and operation.

i. Taking appropriate action in response to employees who violate established security policy or procedures.

j. Developing facility continuity of operations (COOP) plans.

7-2.4 Security Control Officers

Security control officers (SCO) are responsible for the following:

a. Establishing and maintaining overall physical and environmental security at the facility, with technical guidance from the Inspection Service.

b. Establishing controlled areas within the facility where required to protect sensitive or critical information resources.

c. Establishing and maintaining access control lists of people who have authorized access to specific controlled areas within the facility.

d. Ensuring positive identification and control of all personnel and visitors in the facility.

e. Ensuring the protection of workstations and portable devices and sensitive, critical, and business-controlled media.

f. Responding to physical security incidents.

g. Reporting physical security incidents to the Inspection Service.

h. Consulting on the facility continuity of operations (COOP) plans.

7-2.5 Contracting Officers

Contracting officers are responsible for the following:

a. Ensuring appropriate security requirements are addressed in contracts requiring access to Postal Service information resources and facilities.

b. Ensuring that the security provisions of the contract are met.

c. Ensuring that building access and other privileges are removed for contractor personnel when they are transferred or terminated.

7-2.6 All Personnel

All personnel are responsible for the following:

a. Displaying proper identification while in any facility that provides access to Postal Service information resources.

b. Always using their physical and technology electromechanical access control identification badge or device to gain entrance to a controlled area.

c. Ensuring no one tailgates into a controlled area on their badge.

d. Protecting information resources, including workstations, portable devices, information, and media.

e. Being aware of their physical surroundings, including weaknesses in physical security and the presence of any authorized or unauthorized visitor.

f. Promptly reporting suspicious or potentially dangerous activities or conditions (see Chapter 13, Incident Management).

g. Taking immediate action to protect the information resources at risk upon discovering a security deficiency or violation.

7-2.7 Inspector General

The inspector general, Office of the Inspector General (OIG), is responsible for audits, evaluations, and reviews of Postal Service programs and operations.

Exhibit 7.2

Physical and Environmental Security Responsibilities