WASHINGTON (CN) – Providers of postal meters must notify the U.S. Postal Service of any cyber attacks to their systems, according to new rules effective May 21.
Providers have had to disclose all results of any testing on the security or revenue protection features, capabilities, or failings of any postal meter, and all potential security weaknesses or methods of tampering with the system.
The new rules apply the same standard to cyber attacks against the provider’s systems.
Cyber attacks that include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption.
Cyber attacks also may also be carried out in a manner that does not require gaining unauthorized access, such as by causing denial-of-service attacks on websites.
Cyber attacks may be carried out by third parties or insiders using techniques that range from highly sophisticated efforts to electronically circumvent network security or overwhelm wites to more traditional intelligence gathering and social engineering aimed at obtaining information necessary to gain access.
Cyber security risk disclosures reported must adequately describe the nature of the material risks and specify how each risk affects the postal meter.
Click the document icon for this regulation and others.