July 20, 2015
While the Postal Service appreciates the intent and role of the USPS OIG in developing its recent audit on cyber security issues, the findings do not reflect the current state of the organization’s capabilities. The scope of this audit was based solely on the state of cybersecurity when a significant cyber intrusion was discovered in 2014. Since then, the Postal Service has substantially and extensively upgraded management processes, staffing, computing environment protections, training and awareness, and other controls based upon the learnings from the 2014 cyber intrusion.
We agree with the broad intent of most of the recommendations in the audit and believe that the nature of the threats we face require more flexible and active management processes and modes of response than those identified by the OIG – many of which have already been or are in the process of being implemented.
Protecting the privacy of customer, employee, supplier and Postal Service information has been and always will be a priority for the Postal Service. This incident, along with many others that have occurred in the federal government and commercial entities over the past year, has demonstrated the need for greater vigilance and comprehensive cybersecurity capabilities involving technology, people and processes to defend against threats.”
For more detailed information about the Postal Service commentary about the OIG audit, please see Appendix H in the report to review the USPS Management Response.