[Federal Register: December 3, 2002 (Volume 67, Number 232)]
[Notices]
[Page 71993-71998]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr03de02-123]
=======================================================================
-----------------------------------------------------------------------
POSTAL SERVICE
Postage Evidencing Product Submission Procedures; Correction
AGENCY: Postal Service.
ACTION: Final notice of procedures; correction.
-----------------------------------------------------------------------
SUMMARY: The Postal Service is correcting an error in the printing of
the final product submission procedures published in the Federal
Register November 5, 2002 (Vol. 67, No. 214, pages 67425-67430).
DATES: The procedures were effective November 5, 2002.
FOR FURTHER INFORMATION CONTACT: Wayne Wilkerson, manager, Postage
Technology Management, by fax at 703-292-4050.
SUPPLEMENTARY INFORMATION: When the notice of the final Product
Submission Procedures was published on November 5, 2002, several lines
were inadvertently omitted from the table of Required Documentation in
section 4.2 on pages 67428 to 67429. We are reprinting the final
procedures here in full for reader convenience.
Product Submission Procedures for Postage Meters (Postage Evidencing
Systems)
1. General Information
1.1 Independent Testing Laboratory
To receive authorization from the Postal Service to manufacture,
produce, or distribute a postage meter (postage evidencing system)
under 39 CFR part 501, Authorization to Manufacture and Distribute
Postage Meters, the provider must obtain approval under these product
submission procedures. These
[[Page 71994]]
procedures also apply to providers requesting approval to manufacture,
produce, or distribute a product under proposed 39 CFR part 502,
Authority to Produce and Distribute Postage-Evidencing Systems that
Generate Information-Based Indicia (IBI) (65 FR 58689).
The provider must select an independent testing laboratory
accredited by the National Institutes of Standards and Technology
(NIST) under the National Voluntary Laboratory Accreditation Program
(NVLAP) to conduct the detailed product review and testing required by
these procedures. When the product contains a postal security device
(PSD) or cryptographic module, the laboratory must be an NVLAP-
accredited cryptographic module testing laboratory.
Technical documentation (section 4) and production systems (section
5) must be provided to the selected test laboratory in sufficient
detail to support testing. The testing laboratory will submit an
executive summary containing the information referenced in the Required
Documentation table set forth in paragraph 4.2 and the results of the
product evaluation directly to the Postal Service. All supporting
documentation, products, PSDs and cryptographic modules, and other
materials used or generated during testing will be maintained by the
testing laboratory for the life of the test. At the time of product
approval, the manager, Postage Technology Management (PTM), will
determine the ongoing disposition of all supporting documentation,
products, PSDs and cryptographic modules, and other materials used or
generated during testing.
During the product's life cycle, the provider may choose to use a
different laboratory. In that event, all materials used or generated
during testing and product evaluation must be transferred to the new
laboratory.
Upon completion of the testing, the Postal Service may require that
any or all of the following categories of information be forwarded
directly from the accredited laboratory to the manager, PTM:
(a) A copy of all information that the provider gives to the
laboratory, including a summary of all information transmitted orally.
(b) A copy of all instructions from the provider to the testing
laboratory with respect to what is and what is not to be tested.
(c) Copies of all proprietary and nonproprietary reports and
recommendations generated during the test process.
(d) Written full disclosure identifying any contribution by the
test laboratory to the design, development, or ongoing maintenance of
the system.
1.2 Product Submission Procedures
To submit a postage meter (postage evidencing system) for Postal
Service approval, the provider will complete the following steps:
(a) Submit a letter of intent (section 2).
(b) Complete and sign the nondisclosure agreements (section 3).
(c) Submit the required documentation (section 4).
(d) Submit the postage evidencing system for evaluation (section
5).
(e) Enable the Postal Service to review the provider's system
infrastructure (section 6).
(f) Place the product into limited distribution for field testing
(section 7), after completing any additional security testing that the
Postal Service requires.
1.3 Additional Security Testing
The Postal Service may choose to use resources under direct
contract to the Postal Service to support the product review for
additional security testing. The activities of these resources are
independent of the testing laboratory selected by the provider and must
be covered by nondisclosure agreements (section 3).
1.4 Product Approval Process
When the field testing (section 7) is completed successfully, the
Postal Service performs an administrative review of the test and
evaluation results and, when appropriate, grants authorization to
distribute the product, as described in section 8.
At each stage of the product submission process, the manager, PTM,
reserves the right to terminate testing if a review shows that the
system as proposed will adversely impact Postal Service processes. The
provider may resubmit the product after the problems have been
resolved.
The provider can avoid unnecessary delays in the review and
evaluation process by testing the product thoroughly prior to
submitting it to the independent testing laboratory and to the Postal
Service. If the Postal Service determines that there are significant
deficiencies in the product or in the required supporting materials,
then the Postal Service will return the submission to the provider
without reviewing it further.
2. Letter of Intent
The provider must submit a letter of intent to Manager, Postage
Technology Management (PTM), United States Postal Service, 1735 N. Lynn
Street, Room 5011, Arlington, VA 22209-6050. The manager, PTM, will
assign a point of contact to coordinate the submission and review
process. The letter of intent must be dated and must include the
following:
(a) Identification (name, mailing address, e-mail address, and
telephone number) of all parties involved in the proposed product,
including the provider, those responsible for the product's assembly,
product management, hardware/firmware/software development and testing,
and any other party involved (or expected to be involved) with the
design or construction of the product, including all suppliers of
product components which could affect the security of Postal Service
revenues.
(b) Provider's business qualifications, including proof of
financial viability and proof of the provider's ability to be
responsive and responsible.
(c) System concept narrative, including the provider's
infrastructure that will support the product.
(d) Target Postal Service market segment the proposed system is
envisioned to serve.
When there is a significant change to any aspect of the product
described in the letter of intent, or of the parties involved in
developing or producing the product, prior to submission of the concept
of operations (section 4), the provider must revise the letter of
intent and resubmit it.
3. Nondisclosure Agreements
When the Postal Service uses resources under direct contract to the
Postal Service to support the product review, the provider must
establish a nondisclosure agreement with these resources. These
nondisclosure agreements may require extension to third-party suppliers
or others identified in the letter of intent (section 2). Providers are
encouraged to share copies of nondisclosure agreements provided by the
Postal Service with all parties identified in the letter of intent, to
ensure that these parties will execute the agreement if needed to
support Postal Service review of the product. Failure to sign
nondisclosure agreements, provided by the Postal Service to support
review activities, might adversely affect a product submission.
Questions regarding this process should be directed to the manager,
PTM.
[[Page 71995]]
4. Technical Documentation
4.1 Introduction
The provider must submit the materials listed in the Required
Documentation table. If the provider considers that a given requirement
is not applicable to the product, the provider should note this in the
document submission. The table is not meant to be an exhaustive list of
all possible areas that need to be documented to support the evaluation
of a postage meter (postage evidencing system). Ongoing advances and
changes in technology and new approaches to providing postage
evidencing can add other components that must be considered. The
provider should submit any additional information that it considers
necessary or desirable to describe the product fully. The independent
testing laboratory may determine the level of detail that must be
submitted to meet its test and evaluation requirements. The laboratory
or the Postal Service may request additional information if needed for
a complete evaluation.
Documentation must be submitted to the independent laboratory and
the Postal Service as indicated in the Required Documentation table.
The laboratory will prepare an executive summary and submit it to the
Postal Service when required. Documentation must be in English and must
be formatted for standard letter size (8.5'' x 11'') paper, except for
engineering drawings, which must be folded to letter size. Where
appropriate, documentation must be marked as ``Confidential.'' The
document recipient will determine the number of paper copies and the
format of electronic copies of each document at the time of submission
based on current technology and review requirements.
The provider should schedule a meeting with PTM staff shortly after
or simultaneously with the submission of technical data and the concept
of operations to permit full discussion and understanding of the
technical concepts being presented for evaluation. The manager, PTM,
will indicate Postal Service agreement or concerns relevant to the
concept, as appropriate. However, no Postal Service communication or
acknowledgement of receipt of documentation or other submission is
meant to imply acceptance or approval of the concept of operation, of
any documentation, or of the product. Approval of the product is
granted only after the product prototype has been developed and testing
has been successfully completed in accordance with all requirements of
these procedures.
4.2 Required Documentation
The following table details the documents that the provider must
prepare. Providers are responsible for submitting any additional
documentation the Postal Service may require during the product
submission process. The table shows which documents must be submitted
directly to the Postal Service and which must be submitted to the
independent testing laboratory.
Required Documentation
------------------------------------------------------------------------
Submit to test Postal Service
Document/section laboratory? requirement
------------------------------------------------------------------------
Concept of Operations (CONOPS)
------------------------------------------------------------------------
System overview, including: Yes............. Provider submits in
[sbull] Concept overview and full. Executive
business model. summary prepared by
[sbull] Postal security device laboratory.
(PSD) implementation,
features, and components,
including the digital
signature algorithm.
[sbull] System life cycle
overview.
[sbull] Adherence to industry
standards, such as FIPS PUB
140-1 or 140-2 (after May 25,
2002), as required by Postal
Service
System design details, Yes............. Executive summary
including: prepared by
[sbull] PSD features and laboratory.
functions. Laboratory report on
[sbull] All aspects of key indicium compliance
management. with Postal Service
[sbull] Client (host) system requirements as
features and functions. given in the
[sbull] Other components performance
required for system use criteria.
including, but not limited to,
the proposed indicia design
and label stock.
Indicium Specification for No.............. Provider submits in
Human Readable Data. full.
System life cycle, including: Yes............. Provider submits in
[sbull] Manufacturing full. Executive
[sbull] Postal Service summary prepared by
certification of the system. laboratory.
[sbull] Production.
[sbull] Distribution.
[sbull] Meter licensing.
[sbull] Initialization.
[sbull] System authorization
and installation.
[sbull] Postage value download
or resetting process.
[sbull] System and support
system audits.
[sbull] Inspections.
[sbull] Procedures for system
withdrawal and replacement,
including procedures for
system malfunctions.
[sbull] Procedures to destroy
scrapped systems.
[[Page 71996]]
Finance overview, including: Yes............. Provider submits in
[sbull] Customer account full. Executive
management (payment methods, summary prepared by
statements, and refunds). laboratory.
[sbull] Individual product
finance account management
(resetting or postage value
download, refunds).
[sbull] Daily account
reconciliation (provider
reconciliation, Postal Service
detailed transaction
reporting).
[sbull] Periodic summaries
(monthly reconciliation, other
reporting as required by the
Postal Service).
Interfaces, including: Yes............. Provider submits in
[sbull] Communications and full. Executive
message interfaces with the summary prepared by
Postal Service infrastructure laboratory.
for resetting or postage value
downloads, refunds,
inspections, product audits,
and lost or stolen product
procedures.
[sbull] Communications and
message interfaces with Postal
Service financial functions
for resetting or postage value
downloads, daily account
reconciliation, and refunds.
[sbull] Communications and
message interfaces with
customer infrastructure for
cryptographic key management,
product audits, and
inspections.
[sbull] Message error detection
and handling.
Configuration management and Yes............. Executive summary
detailed change control prepared by
procedures for all components, laboratory.
including, but not limited to:
[sbull] Software.
[sbull] Hardware and firmware.
[sbull] Indicia.
[sbull] Provider
infrastructure.
[sbull] Postal rate change
procedures.
[sbull] Interfaces.
Physical security.............. Yes............. Executive summary
prepared by
laboratory.
Personnel/site security........ Yes............. Executive summary
prepared by
laboratory.
Update the identification of No.............. Provider submits in
all parties involved in the full.
proposed product as originally
submitted in accordance with
the letter of intent.
--------------------------------
Softeware and Documentation
--------------------------------
Detailed design................ Yes............. Executive summary
prepared by
laboratory.
Executable code................ Yes............. On request.
Source code.................... Yes............. On request.
Operations manuals............. Yes............. Executive summary
prepared by
laboratory.
Communications interfaces...... Yes............. Executive summary
prepared by
laboratory.
Maintenance manuals............ Yes............. Executive summary
prepared by
laboratory.
Schematics..................... Yes............. Executive summary
prepared by
laboratory.
Product initialization Yes............. Executive summary
procedures. prepared by
laboratory.
Finite state machine models/ Yes............. Executive summary
diagrams. prepared by
laboratory.
Block diagrams................. Yes............. Executive summary
prepared by
laboratory.
Details of security features... Yes............. Executive summary
prepared by
laboratory.
Description of cryptographic Yes............. Executive summary
operations, as required by prepared by
FIPS PUB 140-1 or 140-2 (after laboratory.
May 25, 2002), Appendix A.
--------------------------------
Test Plan
------------------------------------------------------------------------
Postal Service requirements.... Yes............. Executive summary
prepared by
laboratory.
FIPS PUB 140-1 or 140-2 (after Yes............. Executive summary
May 25, 2002) requirements. prepared by
laboratory.
Physical security of provider's Yes............. Executive summary
Internet server, prepared by
administrative site, and laboratory.
firewall.
Security for remote Yes............. Executive summary
administrative access and prepared by
configuration control. laboratory.
Secure distribution or Yes............. Executive summary
transmission of software and prepared by
cryptographic keys. laboratory.
Test plan for system Yes............. Executive summary
infrastructure: prepared by
[sbull] Test parameters. laboratory.
[sbull] Infrastructure systems.
[sbull] Interfaces.
[sbull] Reporting requirements.
Test plan for limited- Yes............. Executive summary
distribution field tests: prepared by
[sbull] Test parameters laboratory.
[sbull] System quantities
[sbull] Geographic location
[sbull] Test participants
[sbull] Test duration
[sbull] Test milestones
[sbull] Systems recall plan
--------------------------------
[[Page 71997]]
Provider Infrastructure Plan
------------------------------------------------------------------------
Public key infrastructure...... Yes............. Executive summary
prepared by
laboratory.
Procedures for enforcement of Yes............. Executive summary
all provider-related, customer- prepared by
related, and Postal Service- laboratory.
related processes, procedures,
and interfaces discussed in
CONOPS or required by Postal
Service regulations..
------------------------------------------------------------------------
5. Product Submission and Testing
5.1 General Submission Requirements
The provider must submit complete production systems to the
independent testing laboratory for evaluation. The laboratory will
determine how many systems are needed for a complete evaluation. The
provider must also provide any equipment and consumables required to
use the submitted systems in the manner described in the CONOPS. The
provider must also submit complete production systems, supporting
equipment, and consumables directly to the Postal Service, if
requested. The Postal Service may test these for compliance with Postal
Service regulations and processes under section 6, System
Infrastructure Testing.
5.2 Submission Requirements for Products Containing a Postal Security
Device or Cryptographic Module
The NVLAP-accredited cryptographic modules testing (CMT) laboratory
must evaluate all PSDs and cryptographic modules for FIPS PUB 140-1 or
140-2 certification, or equivalent, as authorized by the Postal
Service. After May 25, 2002, FIPS PUB 140-2 certification will be
required. The Postal Service requires that the PSD or cryptographic
module receive FIPS PUB 140-1 or 140-2 certification as it is
implemented. That is, the PSD or cryptographic module and the installed
application must be considered as a whole in determining whether or not
it receives FIPS certification. The FIPS certification of the PSD or
cryptographic module is dependent on the application. Since any
certification could be in question once any noncertified or untested
software is installed, the PSD or cryptographic module must be
certified as it will be implemented, and the accredited CMT lab must
reevaluate any changes that would risk the certification.
Upon completing FIPS PUB 140-1 or 140-2 certification, or
equivalent, the CMT laboratory must forward the following documentation
directly to the manager, PTM:
(a) A copy of the letter of recommendation for certification of the
PSD or cryptographic module that the laboratory submitted to NIST.
(b) A copy of the certificate, if any, issued by NIST for the PSD
or cryptographic module.
6. System Infrastructure Testing and Provider System Security Testing
To achieve Postal Service approval of a postage evidencing system,
the provider must demonstrate that the system satisfies all applicable
Postal Service regulations and reporting requirements and that it is
compatible with Postal Service mail processing functions and all other
functions with which the product or its users interface. The tests must
involve all entities in the proposed architecture, including the
postage evidencing system, the provider infrastructure, the financial
institution, and Postal Service infrastructure systems and interfaces.
The tests may be conducted in a laboratory environment in accordance
with the test plan for system infrastructure testing. Test and approval
of system infrastructure functions must be completed before the postage
evidencing system can be field tested under section 7. The functions to
be tested include, but are not limited to, the following:
(a) Meter licensing, including license application, license update,
and license revocation.
(b) System status activity reporting.
(c) System distribution and initialization, including system
authorization, system initialization, customer authorization, and
system maintenance.
(d) Total system population inventory, including leased and
unleased systems; new system stock; and system installation,
withdrawal, and replacement.
(e) Irregularity reporting.
(f) Lost and stolen reporting.
(g) Financial transactions, including cash management, individual
system financial accounting, account reconciliation, and refund
management.
(h) Financial transaction reporting, including daily summary
reports, daily transaction reporting, and monthly summary reports.
(i) System initialization.
(j) Cryptographic key changes and public key management.
(k) Postal rate table changes.
(l) Print quality assurance.
(m) Device authorization.
(n) Postage evidencing system examination and inspection, including
physical and remote inspections.
In addition to testing the system infrastructure, the Postal
Service must be assured that the provider's support systems and
infrastructure are secure and not vulnerable to security breaches. This
will require site reviews of provider manufacturing, distribution, and
other support facilities, and reviews of network security and system
access controls.
7. Limited-Distribution Field Test
To achieve Postal Service approval of a postage evidencing system,
the provider must demonstrate that the system satisfies all applicable
Postal Service processing and interface requirements in a real-world
environment. This is achieved by placing a limited number of systems in
distribution for field testing. The Postal Service will determine the
number of systems to be tested. The test will be conducted in
accordance with the Postal Service-approved test plan for limited-
distribution field testing. The purpose of the limited-distribution
field test is to demonstrate the product's utility, security, audit and
control, functionality, and compatibility with other systems, including
mail entry, acceptance, and processing when in use. The field test will
employ available communications and will interface with current
operational systems to exercise all system functions.
The manager, PTM, will review the executive summary of the
provider-proposed test plan for limited-distribution field testing. The
review will be based on, but not limited to, the assessed revenue risk
of the system, system impact on Postal Service operations, and
requirements for Postal Service resources. Approval may be
[[Page 71998]]
based in whole or in part on the anticipated mail volume, mail
characteristics, and mail origination and destination patterns of the
proposed system. For systems designed for use by an individual meter
user, product users engaged in field testing must be approved by the
Postal Service before they are allowed to participate in the test.
These participants must sign a nondisclosure/confidentiality agreement
when reporting system security, audit and control issues, deficiencies,
or failures to the provider and the Postal Service. This requirement
does not apply to users of systems designed for public use.
8. Postage Evidencing System Approval
Postal Service approval of the postage meter (postage evidencing
system) is based on the results of an administrative review of the
materials and test results generated during the product submission and
approval process. In preparation for the administrative review, the
provider must update all documentation submitted in compliance with
these procedures to ensure accuracy. When approval is granted, the
Postal Service will prepare a product approval letter detailing the
conditions under which the specific product may be manufactured,
distributed, and used. The provider must submit the following materials
for the Postal Service administrative review:
(a) Materials prepared for the Postal Service by the independent
testing laboratory.
(b) The final certificate of evaluation from the NVLAP laboratory,
where required.
(c) The results of system infrastructure testing.
(d) The results of field testing of a limited number of systems.
(e) The results of any other Postal Service testing of the system.
(f) The results of provider site security reviews.
9. Intellectual Property
Providers submitting postage evidencing systems to the Postal
Service for approval are responsible for obtaining all intellectual
property licenses that may be required to distribute their product in
commerce and to allow the Postal Service to process mail bearing the
indicia produced by the product.
Stanley F. Mires,
Chief Counsel, Legislative.
[FR Doc. 02-30649 Filed 12-2-02; 8:45 am]
BILLING CODE 7710-12-P