39 CFR § 267.4 - Information security standards.

---
identifier: "/us/cfr/t39/s267.4"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "39 CFR § 267.4 - Information security standards."
title_number: 39
title_name: "Postal Service"
section_number: "267.4"
section_name: "Information security standards."
chapter_name: "UNITED STATES POSTAL SERVICE"
subchapter_number: "D"
subchapter_name: "ORGANIZATION AND ADMINISTRATION"
part_number: "267"
part_name: "PROTECTION OF INFORMATION"
positive_law: false
currency: "2026-03-24"
last_updated: "2026-03-24"
format_version: "1.1.0"
generator: "[email protected]"
authority: "39 U.S.C. 401; Pub. L. 93-579, 88 Stat. 1896."
cfr_part: "267"
---


# 267.4 Information security standards.

(a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow and management:

(1) Information system development,

(2) Information collection,

(3) Information handling and processing,

(4) Information dissemination and disclosure,

(5) Information storage and destruction,

(b) Supplementing this list are information security standards pertaining to the following administrative areas:

(1) Personnel selection and training,

(2) Physical environment protection,

(3) Contingency planning,

(4) Information processing or storage system procurement,

(5) Contractual relationships.

[40 FR 45726, Oct. 2, 1975; 40 FR 48512, Oct. 16, 1975]