eLaws | eCases | United States Code | Federal Courts |
Home » 2012 Issues » 77 FR (04/19/2012) » 2012-9396. Revisions to the Requirements for Authority To Manufacture and Distribute Postage Evidencing Systems

  2012-9396. Revisions to the Requirements for Authority To Manufacture and Distribute Postage Evidencing Systems  

  • Start Preamble

    AGENCY:

    Postal Service TM.

    ACTION:

    Final rule.

    SUMMARY:

    This rule establishes the responsibility of the providers of Postage Evidencing Systems (PES) to notify the U.S. Postal Service® of any cyber attacks to their systems.

    DATES:

    This rule is effective May 21, 2012.

    ADDRESSES:

    Mail or deliver written comments to the Manager, Payment Technology, U.S. Postal Service, 475 L'Enfant Plaza SW., Room 3436, Washington, DC 20260-0911. Copies of all written comments will be available for inspection and photocopying between 9 a.m. and 4 p.m., Monday through Friday, at the Payment Technology office.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Marlo Kay Ivey, Business Programs Specialist, Payment Technology, U.S. Postal Service, at 202-268-7613.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    Providers currently must disclose all findings or results of any testing concerning the security or revenue protection features, capabilities, or failings of any PES, as well as all potential security weaknesses or methods of tampering with the PES. This rule applies the same standard to cyber attacks against the provider's systems.

    Start List of Subjects

    List of Subjects in 39 CFR Part 501

    • Postal Service
    End List of Subjects

    Accordingly, for the reasons stated, 39 CFR Part 501 is amended as follows:

    Start Part

    PART 501—AUTHORIZATION TO MANUFACTURE AND DISTRIBUTE POSTAGE EVIDENCING SYSTEMS

    End Part Start Amendment Part

    1. The authority citation for 39 CFR Part 501 continues to read as follows:

    End Amendment Part Start Authority

    Authority: 5 U.S.C. 552(a); 39 U.S.C. 101, 401, 403, 404, 410, 2601, 2605, Inspector General Act of 1978, as amended (Pub. L. 95-452, as amended); 5 U.S.C. App. 3.

    End Authority Start Amendment Part

    2. Section 501.11 is amended by adding paragraph (b)(3) as follows:

    End Amendment Part
    Reporting Postage Evidencing System security weaknesses.
    * * * * *

    (b) * * *

    (3) Cyber attacks that include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks may also be carried out in a manner that does not require gaining unauthorized access, such as by causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or insiders using techniques that range from highly sophisticated efforts to electronically circumvent network security or overwhelm Web sites to more traditional intelligence gathering and social engineering aimed at obtaining information necessary to gain access. Cyber security risk disclosures reported must adequately describe the nature of the material risks and specify how each risk affects the Postage Evidencing System.

    * * * * *
    Start Signature

    Stanley F. Mires,

    Attorney, Legal Policy & Legislative Advice.

    End Signature End Supplemental Information

    [FR Doc. 2012-9396 Filed 4-18-12; 8:45 am]

    BILLING CODE 7710-12-P

Visit the Official Version
Leave a Comment

Document Information

Effective Date:
5/21/2012
Published:
04/19/2012
Department:
Postal Service
Entry Type:
Rule
Action:
Final rule.
Document Number:
2012-9396
Dates:
This rule is effective May 21, 2012.
Pages:
23396-23396 (1 pages)
Topics:
Postal Service
PDF File:
2012-9396.pdf
CFR: (1)
39 CFR 501.11