USPS Homepage Skip Navigation Home   |   Help   |   Sign In
  Find a ZIP Code   /   Calculate Postage   /   Print a Shipping Label   /   Schedule a Pickup   /   Locate a Post Office   /   Track & Confirm  
Main Navigation Bar Business Household Buy Stamps and Shop All Products and Services About USPS and News
Search
 

Home > About USPS & News > Forms & Publications > Postal Periodicals and Publications > Handbooks > Handbook AS-805 - Information Security > 9 Information Security Services > 9-11 Security Administration

Go to previous section of document Link to chapter contents   Go to next section of document

9-11 Security Administration

Security administration includes management constraints, operational procedures, and supplemental controls established to protect information resources. Sensitive, critical, and business-controlled information resources must implement logical access security.

9-11.1 Security Administration Requirements

Security administration functions that must be implemented for USPS information resources include, but are not limited to, the following:

a. Activating protective features (e.g., the login feature).

b. Displaying users logged on.

c. Creating, retrieving, updating, or deleting all security-related attributes of users, interfaces, and software and data elements.

d. Overriding or altering vendor-provided security defaults.

e. Configuring security-relevant options.

f. Configuring the display of security-related events.

g. Recording and archiving the information resource configurations.

h. Monitoring suspected activities related to a potential information security incident.

i. Detecting information security incidents promptly, isolating and investigating the problem, and recovering securely from the incident.

9-11.2 Security Administration Documentation Requirements

Security administrative requirements must be appropriately documented. These security administration documentation requirements include, but are not limited to, the following:

a. Cautions about functions and privileges that must be controlled when running a secure facility.

b. Administrator functions related to security, including adding or deleting users, changing user security characteristics, generating keying material, and revoking user-related security parameters.

c. Guidelines on consistent and effective use of security features, including their interaction and how to generate a new security configuration.

d. Guidelines for retaining accountability tracking information for an administrator-specified period of time.

e. Procedures necessary to start the information resource in a secure manner.

f. Procedures to resume secure operation after termination of information resource processes.

Go to previous section of document Link to chapter contents   Go to next section of document
 
       Site Map    Contact Us    Affiliates    Gov't Services    Jobs     |    National & Premier Accounts
Copyright © 1999-2006 USPS. All Rights Reserved.Terms of Use  Privacy Policy  No FEAR Act EEO Data
Postal Inspectors Web Page  Postal Inspectors
Preserving the Trust		 Inspector General Web Page Inspector General
Promoting Integrity