The Postal inspector general has called on USPS management to establish operating procedures and security requirements and to improve oversight of data storage environments.
The Postal IT, Computer Operations, Data Management Services group manages a storage environment supporting 230 systems and applications, and spends about $30 million a year on storage components.
However, a system outage in 2010 revealed that Postal Service storage environments had not been subject to security reviews or audits. After looking into this the IG concluded that the Data Management Services group did not manage the storage environment in accordance with Postal Service security requirements because its managers did not provide adequate oversight of the storage teams – such as conducting periodic employee access reviews.
In addition, the Corporate Information Security Office did not provide guidance for storage environments as it has for operating systems, databases, and telecommunication security, the IG found.
It called on the USPS to ensure personnel are trained to maintain storage skills, and to develop a schedule to bring the storage environment into compliance with established requirements.
