Final notice of procedures; correction.
The Postal Service is correcting an error in the printing of the final product submission procedures published in the Federal Register November 5, 2002 (Vol. 67, No. 214, pages 67425-67430).
The procedures were effective November 5, 2002.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Wayne Wilkerson, manager, Postage Technology Management, by fax at 703-292-4050.End Further Info End Preamble Start Supplemental Information
When the notice of the final Product Submission Procedures was published on November 5, 2002, several lines were inadvertently omitted from the table of Required Documentation in section 4.2 on pages 67428 to 67429. We are reprinting the final procedures here in full for reader convenience.
Product Submission Procedures for Postage Meters (Postage Evidencing Systems)
1. General Information
1.1 Independent Testing Laboratory
To receive authorization from the Postal Service to manufacture, produce, or distribute a postage meter (postage evidencing system) under 39 CFR part 501, Authorization to Manufacture and Distribute Postage Meters, the provider must obtain approval under these product submission procedures. These Start Printed Page 71994procedures also apply to providers requesting approval to manufacture, produce, or distribute a product under proposed 39 CFR part 502, Authority to Produce and Distribute Postage-Evidencing Systems that Generate Information-Based Indicia (IBI) (65 FR 58689).
The provider must select an independent testing laboratory accredited by the National Institutes of Standards and Technology (NIST) under the National Voluntary Laboratory Accreditation Program (NVLAP) to conduct the detailed product review and testing required by these procedures. When the product contains a postal security device (PSD) or cryptographic module, the laboratory must be an NVLAP-accredited cryptographic module testing laboratory.
Technical documentation (section 4) and production systems (section 5) must be provided to the selected test laboratory in sufficient detail to support testing. The testing laboratory will submit an executive summary containing the information referenced in the Required Documentation table set forth in paragraph 4.2 and the results of the product evaluation directly to the Postal Service. All supporting documentation, products, PSDs and cryptographic modules, and other materials used or generated during testing will be maintained by the testing laboratory for the life of the test. At the time of product approval, the manager, Postage Technology Management (PTM), will determine the ongoing disposition of all supporting documentation, products, PSDs and cryptographic modules, and other materials used or generated during testing.
During the product's life cycle, the provider may choose to use a different laboratory. In that event, all materials used or generated during testing and product evaluation must be transferred to the new laboratory.
Upon completion of the testing, the Postal Service may require that any or all of the following categories of information be forwarded directly from the accredited laboratory to the manager, PTM:
(a) A copy of all information that the provider gives to the laboratory, including a summary of all information transmitted orally.
(b) A copy of all instructions from the provider to the testing laboratory with respect to what is and what is not to be tested.
(c) Copies of all proprietary and nonproprietary reports and recommendations generated during the test process.
(d) Written full disclosure identifying any contribution by the test laboratory to the design, development, or ongoing maintenance of the system.
1.2 Product Submission Procedures
To submit a postage meter (postage evidencing system) for Postal Service approval, the provider will complete the following steps:
(a) Submit a letter of intent (section 2).
(b) Complete and sign the nondisclosure agreements (section 3).
(c) Submit the required documentation (section 4).
(d) Submit the postage evidencing system for evaluation (section 5).
(e) Enable the Postal Service to review the provider's system infrastructure (section 6).
(f) Place the product into limited distribution for field testing (section 7), after completing any additional security testing that the Postal Service requires.
1.3 Additional Security Testing
The Postal Service may choose to use resources under direct contract to the Postal Service to support the product review for additional security testing. The activities of these resources are independent of the testing laboratory selected by the provider and must be covered by nondisclosure agreements (section 3).
1.4 Product Approval Process
When the field testing (section 7) is completed successfully, the Postal Service performs an administrative review of the test and evaluation results and, when appropriate, grants authorization to distribute the product, as described in section 8.
At each stage of the product submission process, the manager, PTM, reserves the right to terminate testing if a review shows that the system as proposed will adversely impact Postal Service processes. The provider may resubmit the product after the problems have been resolved.
The provider can avoid unnecessary delays in the review and evaluation process by testing the product thoroughly prior to submitting it to the independent testing laboratory and to the Postal Service. If the Postal Service determines that there are significant deficiencies in the product or in the required supporting materials, then the Postal Service will return the submission to the provider without reviewing it further.
2. Letter of Intent
The provider must submit a letter of intent to Manager, Postage Technology Management (PTM), United States Postal Service, 1735 N. Lynn Street, Room 5011, Arlington, VA 22209-6050. The manager, PTM, will assign a point of contact to coordinate the submission and review process. The letter of intent must be dated and must include the following:
(a) Identification (name, mailing address, e-mail address, and telephone number) of all parties involved in the proposed product, including the provider, those responsible for the product's assembly, product management, hardware/firmware/software development and testing, and any other party involved (or expected to be involved) with the design or construction of the product, including all suppliers of product components which could affect the security of Postal Service revenues.
(b) Provider's business qualifications, including proof of financial viability and proof of the provider's ability to be responsive and responsible.
(c) System concept narrative, including the provider's infrastructure that will support the product.
(d) Target Postal Service market segment the proposed system is envisioned to serve.
When there is a significant change to any aspect of the product described in the letter of intent, or of the parties involved in developing or producing the product, prior to submission of the concept of operations (section 4), the provider must revise the letter of intent and resubmit it.
3. Nondisclosure Agreements
When the Postal Service uses resources under direct contract to the Postal Service to support the product review, the provider must establish a nondisclosure agreement with these resources. These nondisclosure agreements may require extension to third-party suppliers or others identified in the letter of intent (section 2). Providers are encouraged to share copies of nondisclosure agreements provided by the Postal Service with all parties identified in the letter of intent, to ensure that these parties will execute the agreement if needed to support Postal Service review of the product. Failure to sign nondisclosure agreements, provided by the Postal Service to support review activities, might adversely affect a product submission. Questions regarding this process should be directed to the manager, PTM. Start Printed Page 71995
4. Technical Documentation
The provider must submit the materials listed in the Required Documentation table. If the provider considers that a given requirement is not applicable to the product, the provider should note this in the document submission. The table is not meant to be an exhaustive list of all possible areas that need to be documented to support the evaluation of a postage meter (postage evidencing system). Ongoing advances and changes in technology and new approaches to providing postage evidencing can add other components that must be considered. The provider should submit any additional information that it considers necessary or desirable to describe the product fully. The independent testing laboratory may determine the level of detail that must be submitted to meet its test and evaluation requirements. The laboratory or the Postal Service may request additional information if needed for a complete evaluation.
Documentation must be submitted to the independent laboratory and the Postal Service as indicated in the Required Documentation table. The laboratory will prepare an executive summary and submit it to the Postal Service when required. Documentation must be in English and must be formatted for standard letter size (8.5″ × 11″) paper, except for engineering drawings, which must be folded to letter size. Where appropriate, documentation must be marked as “Confidential.” The document recipient will determine the number of paper copies and the format of electronic copies of each document at the time of submission based on current technology and review requirements.
The provider should schedule a meeting with PTM staff shortly after or simultaneously with the submission of technical data and the concept of operations to permit full discussion and understanding of the technical concepts being presented for evaluation. The manager, PTM, will indicate Postal Service agreement or concerns relevant to the concept, as appropriate. However, no Postal Service communication or acknowledgement of receipt of documentation or other submission is meant to imply acceptance or approval of the concept of operation, of any documentation, or of the product. Approval of the product is granted only after the product prototype has been developed and testing has been successfully completed in accordance with all requirements of these procedures.
4.2 Required Documentation
The following table details the documents that the provider must prepare. Providers are responsible for submitting any additional documentation the Postal Service may require during the product submission process. The table shows which documents must be submitted directly to the Postal Service and which must be submitted to the independent testing laboratory.
|Document/section||Submit to test laboratory?||Postal Service requirement|
|Concept of Operations (CONOPS)|
|System overview, including: • Concept overview and business model. • Postal security device (PSD) implementation, features, and components, including the digital signature algorithm. • System life cycle overview. • Adherence to industry standards, such as FIPS PUB 140-1 or 140-2 (after May 25, 2002), as required by Postal Service||Yes||Provider submits in full. Executive summary prepared by laboratory.|
|System design details, including: • PSD features and functions. • All aspects of key management. • Client (host) system features and functions. • Other components required for system use including, but not limited to, the proposed indicia design and label stock.||Yes||Executive summary prepared by laboratory. Laboratory report on indicium compliance with Postal Service requirements as given in the performance criteria.|
|Indicium Specification for Human Readable Data||No||Provider submits in full.|
|System life cycle, including: • Manufacturing • Postal Service certification of the system. • Production. • Distribution. • Meter licensing. • Initialization. • System authorization and installation. • Postage value download or resetting process. • System and support system audits. • Inspections. • Procedures for system withdrawal and replacement, including procedures for system malfunctions. • Procedures to destroy scrapped systems.||Yes||Provider submits in full. Executive summary prepared by laboratory.|
|Start Printed Page 71996|
|Finance overview, including: • Customer account management (payment methods, statements, and refunds). • Individual product finance account management (resetting or postage value download, refunds). • Daily account reconciliation (provider reconciliation, Postal Service detailed transaction reporting). • Periodic summaries (monthly reconciliation, other reporting as required by the Postal Service).||Yes||Provider submits in full. Executive summary prepared by laboratory.|
|Interfaces, including: • Communications and message interfaces with the Postal Service infrastructure for resetting or postage value downloads, refunds, inspections, product audits, and lost or stolen product procedures. • Communications and message interfaces with Postal Service financial functions for resetting or postage value downloads, daily account reconciliation, and refunds. • Communications and message interfaces with customer infrastructure for cryptographic key management, product audits, and inspections. • Message error detection and handling.||Yes||Provider submits in full. Executive summary prepared by laboratory.|
|Configuration management and detailed change control procedures for all components, including, but not limited to: • Software. • Hardware and firmware. • Indicia. • Provider infrastructure. • Postal rate change procedures. • Interfaces.||Yes||Executive summary prepared by laboratory.|
|Physical security||Yes||Executive summary prepared by laboratory.|
|Personnel/site security||Yes||Executive summary prepared by laboratory.|
|Update the identification of all parties involved in the proposed product as originally submitted in accordance with the letter of intent||No||Provider submits in full.|
|Softeware and Documentation|
|Detailed design||Yes||Executive summary prepared by laboratory.|
|Executable code||Yes||On request.|
|Source code||Yes||On request.|
|Operations manuals||Yes||Executive summary prepared by laboratory.|
|Communications interfaces||Yes||Executive summary prepared by laboratory.|
|Maintenance manuals||Yes||Executive summary prepared by laboratory.|
|Schematics||Yes||Executive summary prepared by laboratory.|
|Product initialization procedures||Yes||Executive summary prepared by laboratory.|
|Finite state machine models/diagrams||Yes||Executive summary prepared by laboratory.|
|Block diagrams||Yes||Executive summary prepared by laboratory.|
|Details of security features||Yes||Executive summary prepared by laboratory.|
|Description of cryptographic operations, as required by FIPS PUB 140-1 or 140-2 (after May 25, 2002), Appendix A||Yes||Executive summary prepared by laboratory.|
|Postal Service requirements||Yes||Executive summary prepared by laboratory.|
|FIPS PUB 140-1 or 140-2 (after May 25, 2002) requirements||Yes||Executive summary prepared by laboratory.|
|Physical security of provider's Internet server, administrative site, and firewall||Yes||Executive summary prepared by laboratory.|
|Security for remote administrative access and configuration control||Yes||Executive summary prepared by laboratory.|
|Secure distribution or transmission of software and cryptographic keys||Yes||Executive summary prepared by laboratory.|
|Test plan for system infrastructure: • Test parameters. • Infrastructure systems. • Interfaces. • Reporting requirements.||Yes||Executive summary prepared by laboratory.|
|Test plan for limited-distribution field tests: • Test parameters • System quantities • Geographic location • Test participants • Test duration • Test milestones • Systems recall plan||Yes||Executive summary prepared by laboratory.|
|Start Printed Page 71997|
|Provider Infrastructure Plan|
|Public key infrastructure||Yes||Executive summary prepared by laboratory.|
|Procedures for enforcement of all provider-related, customer-related, and Postal Service-related processes, procedures, and interfaces discussed in CONOPS or required by Postal Service regulations.||Yes||Executive summary prepared by laboratory.|
5. Product Submission and Testing
5.1 General Submission Requirements
The provider must submit complete production systems to the independent testing laboratory for evaluation. The laboratory will determine how many systems are needed for a complete evaluation. The provider must also provide any equipment and consumables required to use the submitted systems in the manner described in the CONOPS. The provider must also submit complete production systems, supporting equipment, and consumables directly to the Postal Service, if requested. The Postal Service may test these for compliance with Postal Service regulations and processes under section 6, System Infrastructure Testing.
5.2 Submission Requirements for Products Containing a Postal Security Device or Cryptographic Module
The NVLAP-accredited cryptographic modules testing (CMT) laboratory must evaluate all PSDs and cryptographic modules for FIPS PUB 140-1 or 140-2 certification, or equivalent, as authorized by the Postal Service. After May 25, 2002, FIPS PUB 140-2 certification will be required. The Postal Service requires that the PSD or cryptographic module receive FIPS PUB 140-1 or 140-2 certification as it is implemented. That is, the PSD or cryptographic module and the installed application must be considered as a whole in determining whether or not it receives FIPS certification. The FIPS certification of the PSD or cryptographic module is dependent on the application. Since any certification could be in question once any noncertified or untested software is installed, the PSD or cryptographic module must be certified as it will be implemented, and the accredited CMT lab must reevaluate any changes that would risk the certification.
Upon completing FIPS PUB 140-1 or 140-2 certification, or equivalent, the CMT laboratory must forward the following documentation directly to the manager, PTM:
(a) A copy of the letter of recommendation for certification of the PSD or cryptographic module that the laboratory submitted to NIST.
(b) A copy of the certificate, if any, issued by NIST for the PSD or cryptographic module.
6. System Infrastructure Testing and Provider System Security Testing
To achieve Postal Service approval of a postage evidencing system, the provider must demonstrate that the system satisfies all applicable Postal Service regulations and reporting requirements and that it is compatible with Postal Service mail processing functions and all other functions with which the product or its users interface. The tests must involve all entities in the proposed architecture, including the postage evidencing system, the provider infrastructure, the financial institution, and Postal Service infrastructure systems and interfaces. The tests may be conducted in a laboratory environment in accordance with the test plan for system infrastructure testing. Test and approval of system infrastructure functions must be completed before the postage evidencing system can be field tested under section 7. The functions to be tested include, but are not limited to, the following:
(a) Meter licensing, including license application, license update, and license revocation.
(b) System status activity reporting.
(c) System distribution and initialization, including system authorization, system initialization, customer authorization, and system maintenance.
(d) Total system population inventory, including leased and unleased systems; new system stock; and system installation, withdrawal, and replacement.
(e) Irregularity reporting.
(f) Lost and stolen reporting.
(g) Financial transactions, including cash management, individual system financial accounting, account reconciliation, and refund management.
(h) Financial transaction reporting, including daily summary reports, daily transaction reporting, and monthly summary reports.
(i) System initialization.
(j) Cryptographic key changes and public key management.
(k) Postal rate table changes.
(l) Print quality assurance.
(m) Device authorization.
(n) Postage evidencing system examination and inspection, including physical and remote inspections.
In addition to testing the system infrastructure, the Postal Service must be assured that the provider's support systems and infrastructure are secure and not vulnerable to security breaches. This will require site reviews of provider manufacturing, distribution, and other support facilities, and reviews of network security and system access controls.
7. Limited-Distribution Field Test
To achieve Postal Service approval of a postage evidencing system, the provider must demonstrate that the system satisfies all applicable Postal Service processing and interface requirements in a real-world environment. This is achieved by placing a limited number of systems in distribution for field testing. The Postal Service will determine the number of systems to be tested. The test will be conducted in accordance with the Postal Service-approved test plan for limited-distribution field testing. The purpose of the limited-distribution field test is to demonstrate the product's utility, security, audit and control, functionality, and compatibility with other systems, including mail entry, acceptance, and processing when in use. The field test will employ available communications and will interface with current operational systems to exercise all system functions.
The manager, PTM, will review the executive summary of the provider-proposed test plan for limited-distribution field testing. The review will be based on, but not limited to, the assessed revenue risk of the system, system impact on Postal Service operations, and requirements for Postal Service resources. Approval may be Start Printed Page 71998based in whole or in part on the anticipated mail volume, mail characteristics, and mail origination and destination patterns of the proposed system. For systems designed for use by an individual meter user, product users engaged in field testing must be approved by the Postal Service before they are allowed to participate in the test. These participants must sign a nondisclosure/confidentiality agreement when reporting system security, audit and control issues, deficiencies, or failures to the provider and the Postal Service. This requirement does not apply to users of systems designed for public use.
8. Postage Evidencing System Approval
Postal Service approval of the postage meter (postage evidencing system) is based on the results of an administrative review of the materials and test results generated during the product submission and approval process. In preparation for the administrative review, the provider must update all documentation submitted in compliance with these procedures to ensure accuracy. When approval is granted, the Postal Service will prepare a product approval letter detailing the conditions under which the specific product may be manufactured, distributed, and used. The provider must submit the following materials for the Postal Service administrative review:
(a) Materials prepared for the Postal Service by the independent testing laboratory.
(b) The final certificate of evaluation from the NVLAP laboratory, where required.
(c) The results of system infrastructure testing.
(d) The results of field testing of a limited number of systems.
(e) The results of any other Postal Service testing of the system.
(f) The results of provider site security reviews.
9. Intellectual Property
Providers submitting postage evidencing systems to the Postal Service for approval are responsible for obtaining all intellectual property licenses that may be required to distribute their product in commerce and to allow the Postal Service to process mail bearing the indicia produced by the product.Start Signature
Stanley F. Mires,
Chief Counsel, Legislative.
[FR Doc. 02-30649 Filed 12-2-02; 8:45 am]
BILLING CODE 7710-12-P