From the Highlights: "Our objective was to determine if the U.S. Postal Service has an effective security posture to protect its Information Technology (IT) infrastructure from external cyberattacks and prevent unauthorized access to restricted data. [...] We contracted with a provider to conduct a simulated phishing campaign and an external penetration test targeting the Postal Service's internet-facing systems from November 30, 2020, to February 9, 2021. We also reviewed the Postal Service's information security awareness program. [...] We determined the Postal Service established a security awareness program aligned with industry best practices. Additionally, we found Postal Service employees performed better than industry benchmarks during our phishing campaign."
United States Postal Service, Office of the Inspector General, Report No. 20-277-R21