9-3.2 Authorization Management

eAccess is the Postal Service application for managing authorization to information resources. eAccess centralizes the management of personnel and machine identities (i.e., human and nonhuman accounts/identities) and access rights over the entire life cycle, from account creation/registration to termination. eAccess operates on the premise that access is denied unless specifically approved by the user’s manager.

9-3.2.1 Requesting Authorization

All requests for authorization to access Postal Service information resources, including temporary information services, must be requested via eAccess at http://eaccess. If access to a Postal information resource cannot be requested through eAccess for any reason associated with a technical limitation of eAccess, then use PS Form 1357.

9-3.2.2 Temporary Information Services

Requests for temporary information services must go through eAccess for proper management approval. For contractor personnel who have submitted their documentation for security clearances or background investigations, the manager, Corporate Information Security Office (CISO), may authorize temporary access to the following information services until the contractor’s background investigation is completed and security clearance has been issued:

  1. ACE active directory account.
  2. E-mail access.
  3. Office suite of services.
  4. Intranet browser access.

The following information services are unavailable under temporary access:

  1. Internet browser access.
  2. Remote access.
  3. Access to e-mail except within the Postal Service intranet.

Note: No access beyond temporary information services will be authorized until the background investigation is completed and the appropriate personnel security clearance is granted. Upon receipt of an appropriate security clearance or background investigation, individuals requiring access beyond temporary information services may request additional authorization via eAccess.

9-3.2.3 Expiration of Temporary Access Authorization

Temporary access expires in 3 months and can be renewed if warranted.

9-3.2.4 Approving Requests

All requests for authorization must be approved by the individual’s manager or supervisor, the contracting officer’s representative (if the request is for a contractor), and the executive sponsor of the application.

9-3.2.5 Periodic Review of Access Authorization

Managers must review access granted to personnel under their supervision to ensure that the access is still required for personnel to perform their duties. The minimum acceptable review schedule is on a semiannual basis; more frequent reviews should be scheduled based on information sensitivity.

The manager CISO may require that some privileged system/application accounts be reconciled to related eAccess records on a monthly basis. Discrepancies must be investigated and resolved immediately.

9-3.2.6 Implementing Changes

System administrators and database administrators must implement all approved authorization requests for the information resources under their control. They must not add, modify, or revoke access to information resources except in accordance with Postal Service policies.

9-3.2.7 Revoking Access

All managers must ensure that access to information resources is immediately revoked for personnel when no longer required because of a change in job responsibilities, transfer, or termination. The manager will advise the system and/or database administrators as to the final disposition of files and data.

9-3.2.8 Sudo (Pseudo) Access

Sudo (pseudo) access has higher levels of rights, such as account creation/update/deletion, full application/platform functionality, or a subset of rights that have been designated as privileged. Sudo access must be restricted to a unique individual whose duties require these additional privileges. Use is restricted to performing those job functions required by the privileged access; individuals must use their regular user accounts to perform nonprivileged functions. Applications must not have the capability to run as “root.” An audit trail must be maintained on all privileged access.

9-3.2.9 User and Resource Registration Management

User and resource registration management must provide the following functionality to allow managers to perform their roles and responsibilities in the authorization process:

  1. Register user or resource to directory service or authoritative source.
  2. Assign or furnish unique identifier.
  3. Track modifications to user or resource access authorizations.
  4. Provide management reports.
  5. Validate user or resource identity.
  6. Revoke or keep user or resource access (two levels of approvals).
  7. Log and audit access requests.

9-3.2.10 Special Account Registration Management

Special account (i.e., Service, Shared and Vendor Default) registration management must be implemented to allow managers to identify special accounts under management control and provide appropriate accountability for the account usage from account creation through termination.

Accounts where access is required to perform credentialed scans are often designated within authentication packages such as eAccess as “special” accounts. “Special” accounts must not be used for PCI applications unless (a) required by COTS software to function correctly, (b) the account is properly configured (i.e., treated as an administrator account that will not be used as a true service account), and (c) it does not violate other requirements in this handbook.

All special accounts must be documented, registered, and reviewed by responsible managers (i.e., account custodians) monthly.

The responsibilities of an account custodian are as follows:

  1. Special accounts are assigned to eAccess managers who serve as the account custodians.
  2. The custodian is ultimately responsible for the use of these accounts with respect to access of Postal Service information systems.
  3. Service accounts (e.g., an account managed by Operating System) must be created with the minimum access rights and privileges required to perform the necessary business function and must be tightly controlled by the account custodian.
  4. The account custodian may assign members (including Postal Service employees and contractors) to shared accounts, who should be the sole users of the account. Shared accounts have a single log-on ID that is used by more than one individual. The managed e-mail account may only be created on the usps.gov domain.
  5. When a special account is accessible by more than one individual, those individuals (i.e., registered members in eAccess) must be registered, approved and reviewed periodically by the account custodian and/or custodian’s manager.

9-3.2.11 Emergency Access when Individual is not Available

In instances during which an individual has possession of Postal Service information that is required by his or her manager and the individual is unavailable (e.g., on annual leave), the following process must be followed:

  1. The individual’s manager initiates a request for access to the information using a documented procedure (e.g., remedy or information ticket). The individual’s manager is accountable for the emergency access.
  2. Audit logging for all activities related to an emergency access request is required and must be protected and retained according to Postal Service standards.
  3. The emergency access must be conducted under the identity of the user authorized by the manager and actually performing the access. Under no circumstance will the unavailable individual’s log-on ID or password be used or compromised in an emergency access.
  4. The system administrator either rewrites the access rules giving the manager or the manager’s designee access to the information (files), or the system administrator is authorized by the manager to access the information on the manager’s behalf.
  5. Upon completion of the emergency access, all access to the information is returned to its original state.
  6. The unavailable individual is notified of the emergency access as soon as he or she becomes available.

9-3.2.12 Emergency Access to Production Information

In instances during which a developer or database administrator needs emergency (e.g., after hours) access to production information, the following process must be followed:

  1. The individual opens a remedy ticket. The individual is accountable for the actions performed during the emergency access.
  2. Audit logging for all activities related to an emergency access request is required and must be protected and retained according to Postal Service standards.
  3. The emergency access must be conducted under the identity of the individual actually performing the access.
  4. Upon completion of the emergency access, all access is returned to its original state.
  5. The remedy ticket is closed.

Powered By OneLink