Improving the Security and Resilience of U.S. Postal Service Mail Products and Services Using the CERT® Resilience Management Model

Developing and implementing measurable methodologies for improving the security and resilience of a national postal sector directly contribute to protecting the public and postal employees, assets, and revenues. Such methodologies also contribute to the security and resilience of the mode of transport used to carry mail and the protection of the global mail supply chain. Since 2011, the U.S. Postal Inspection Service (USPIS) has collaborated with the CERT^® Division at Carnegie Mellon University’s Software Engineering Institute to improve the resilience of selected U.S. Postal Service (USPS) products and services. The CERT^® Resilience Management Model (CERT^®-RMM) and its companion diagnostic methods have served as the foundational tool for this collaboration. CERT-RMM is a capability-focused maturity model for improving an organization’s management of operational resilience activities across the domains of security management, business continuity management, and aspects of information technology operations management. These improvements enable high-value services to meet their missions consistently and with high quality, particularly during times of stress and disruption. This report describes the USPIS/CERT collaboration, how CERT-RMM has been applied to meet USPIS project objectives, how project outcomes are improving the resilience of USPS products and services, and how similar use of CERT-RMM applies to other transportation-systems subsectors.