Patch Management Policy

PURPOSESCOPEPOLICYSUPPORTING DOCUMENTATIONREVISION HISTORY

Policy Owner: Manager, IT Performance Achievement

Note: An owner must be a PCES-level manager.

PURPOSE

The enterprise Patch Management Policy establishes a unified patching approach across systems that are supported by the Postal Service Information Technology (IT) organization.

SCOPE

This policy applies to:

POLICY

Patches are implemented based on criticality ranking of the vulnerability that is being patched as described in the Risk Ranking Policy.

For all IT Computing systems, the following activities must take place:

SUPPORTING DOCUMENTATION

Access Supporting Documentation from ITWEB (Internal):

Access Supporting Documentation from USPS.com (External):

For access to the following documents, contact the US Postal Service. See Publication 5, Let's Do Business for further information about local US Postal Service contacts.

REVISION HISTORY

Version
Date
Description
1.0 06.01.2014 Initial release
1.1 11.07.2014 Updated definitions for consistency across all Patching documents.

1.1.1 07.15.2015 Annual Review: The annual review for functional accuracy and current PCI DSS requirements has been completed. CR 89584
1.1.2 02.05.2016 Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 145819

Non-substantive change: Risk Ranking Policy replaced Risk Ranking Standards; updated references and hyperlinks.
1.1.3 08.17.2016 Annual Review: The annual review for functional accuracy and current PCI requirements has been completed. CR 202501
Powered By OneLink