Improving the Security and Resilience of U.S. Postal Service Mail Products and Services Using the CERT ® Resilience Management Model

Abstract

Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting public and postal employees, assets, and revenues. Such methodologies also contribute to the security and resilience of the mode of transport used to carry mail and to the protection of the global mail supply chain. Since 2011, the United States Postal Inspection Service (USPIS) has collaborated with the CERT® Program at Carnegie Mellon University’s Software Engineering Institute to improve the resilience of selected United States Postal Service (USPS) products and services. This collaboration has included projects dealing with incident response, export screening, authentication services, physical security and aviation screening for international mail, Express Mail revenue assurance, and development of mail-specific resilience management practices for mail induction, transportation, delivery, and revenue assurance. The CERT Resilience Management Model (CERT-RMM) and its companion diagnostic methods have served as the foundational tool for this collaboration. CERT-RMM is a capability-focused maturity model for improving an organization’s management of operational resilience activities across the domains of security management, business continuity management, and aspects of information technology operations management. These improvements enable high-value services to meet their missions consistently and with high quality, particularly during times of stress and disruption. This paper describes the USPIS/CERT collaboration, how CERT-RMM has been applied to meet USPIS project objectives, how project outcomes are contributing to improving the resilience of USPS products and services, and how similar use of CERT-RMM is applicable to other transportation sectors.