search icon-carat-right cmu-wordmark

USPS Case Study

Created January 2018

SEI researchers teamed with the United States Postal Service (USPS) to help the USPS improve its cybersecurity and resilience. Using metrics based on the CERT Resilience Management Model (CERT-RMM), the SEI and USPS tracked USPS performance and made recommendations based on those assessments. The SEI then collaborated with the USPS to form the CISO Academy, a program for developing a strong cybersecurity workforce at the USPS.

Cyber Attack on the U.S. Post Office

In 2014, the USPS experienced a cyber attack that compromised the personally identifiable information of more than 800,000 employees and over 2 million customers. The USPS recognized the need to improve, and it reached out to the SEI to help bolster its cybersecurity posture and operational resilience. The ultimate goal of the USPS was to protect its critical capabilities and assets and enhance its ability to continue business operations under degraded conditions.

Fighting Back with Cybersecurity Strategy and Training

SEI researchers developed metrics, based on the CERT Resilience Management Model (CERT-RMM), to track USPS progress. The measurement activities of the CERT-RMM are an essential element in executing the strategy. SEI researchers used the CERT-RMM to assess USPS performance in important areas—including risk management, system assessment and authorization, software development, incident management, and policy development—and made recommendations based on those assessments.

CISO Academy, a groundbreaking approach to cybersecurity workforce development, offers a 12-week curriculum, including tracks for program managers and technical staff as well as courses delivered through the SEI's Simulation, Training, and Exercise Platform (STEPfwd).

Software and Tools

CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience

July 2016

In this book, the authors present best practices for managing the security and survivability of people, information, technology, and...

read

CERT Resilience Management Model (CERT-RMM) Collection

February 2016

CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational resilience....

read

CERT Resilience Management Model (CERT-RMM) Version 1.2

February 2016

CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational...

read

Learn More

Process and Technical Vulnerabilities: 6 Key Takeaways from a Chemical Plant Disaster

May 08, 2023 Blog Post
Daniel J. Kambic

Weak processes can be as risky as technical vulnerabilities. This post describes how both of them worsened a cyber attack on a chemical...

read

The CISO Academy

February 23, 2017 White Paper
Pamela D. Curtis, Summer C. Fowler, David Tobar, David Ulicne

In this paper, the authors describe the project that led to the creation of the U.S. Postal Service's CISO...

read

CERT Resilience Management Model: A Maturity Model for Managing Operational Resilience

July 08, 2016 Book
Richard A. Caralli, Julia H. Allen, David W. White

In this book, the authors present best practices for managing the security and survivability of people, information, technology, and...

read

CERT Resilience Management Model (CERT-RMM) Version 1.2

February 15, 2016 Handbook

CERT-RMM, the foundation for a process improvement approach to operational resilience management, defines the practices needed to manage operational...

read

CERT-RMM and the U.S. Postal Service (USPS)

October 10, 2014 Collection

Read how the U.S. Postal Service (USPS) uses CERT-RMM to improve the resilience of its products and...

view