FEDweek IT

The Postal Service inspector general has called on USPS to shore up firewall configurations for its mail processing computer systems and networks, concluding that the firewalls are not properly managed and functioning.

It said firewall administrators did not apply six of nine critical security controls ranging from password strength enforcement and session timeouts to operating system updates across the 30 firewalls it looked at.

ADVERTISEMENT

The lapse occurred because Postal Service personnel have focused more on supporting system deployment and less on implementing required configurations and restricting network traffic, according to the IG.

USPS agreed with recommendations to perform a risk assessment at all mail-processing facilities, configure firewalls to enforce proper encryption, network time protocol, session timeouts and password complexity, as well as to remove overly permissive rules and duplication, however it gave a target completion date of late 2017.