[Federal Register Volume 65, Number 73 (Friday, April 14, 2000)]
[Notices]
[Pages 20211-20218]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-9268]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Postage Evidencing Product Submission Procedures

AGENCY: Postal Service.

ACTION: Notice of proposed procedure; response to comments; extension 
of time for comments.

-----------------------------------------------------------------------

SUMMARY: ``Postage Evidencing Product Submission Procedures,'' as 
published in the Federal Register on August 17, 1999, was a 
notification of proposed product submission procedures for all postage 
evidencing products, including those in the Information Based Indicia 
Program (IBIP). In response to the solicitation of public comments, two 
submissions were received. These comments were considered in making the 
changes incorporated in this revised version, as noted in the 
discussion of comments, below. In addition to these changes, this 
version includes new policy on the relationship between the Postal 
Service and the Provider regarding intellectual property issues.
    The USPS, in a cooperative effort with Product Providers and other 
interested parties, is allowing 30 days for submission of any 
additional comments to ensure all issues are considered prior to 
publication of the final rule.

DATES: Comments must be received on or before May 15, 2000.

ADDRESSES: Written comments should be mailed or delivered to the 
Manager, Postage Technology Management, Room 8430, 475 L'Enfant Plaza 
SW, Washington DC 20260-2444. Copies of all written comments will be 
available at the above address for inspection and photocopying between 
9 a.m. and 4 p.m., Monday through Friday.

FOR FURTHER INFORMATION CONTACT: Nicholas S. Stankosky, (202) 268-5311.

SUPPLEMENTARY INFORMATION: With the expansion of postage application 
methods and technologies, it is essential that product submission 
procedures for all postage evidencing products be clearly stated and 
defined. The Postal Service evaluation process can be effective and 
efficient if these procedures are followed explicitly by all suppliers. 
In this way, secure and convenient technology will be made available to 
the mailing public with minimal delay and with the complete assurance 
that all Postal Service technical, quality, and security requirements 
have been met. These procedures apply to all proposed postage 
evidencing products and systems, whether the Provider is new or is 
currently authorized by the Postal Service.
    Title 39, Code of Federal Regulations (CFR) Section 501.9, Security 
Testing, states, ``the Postal Service reserves the right to require or 
conduct additional examination and testing at any time, without cause, 
of any meter submitted to the Postal Service for approval or approved 
by the Postal Service for manufacture and distribution.'' For products 
meeting the performance criteria for postage evidencing under the 
Information Based Indicia Program (IBIP), including PC Postage 
products, the equivalent section is 39 CFR Section 502.10, Security 
Testing, published as a proposed rule in the Federal Register, 
September 2, 1998. When the Postal Service elects to retest a 
previously approved product, the Provider will be required to resubmit 
the product for evaluation according to part or all of the proposed 
procedures. Full or partial compliance with the procedures will be 
determined by the Postal Service prior to resubmission by the Provider. 
The proposed submission procedures will be referenced in 39 CFR parts 
501 and 502 but will be published as a separate document titled 
``Postage Technology Management, Postage Evidencing Product Submission 
Procedures.''

Discussion of Comments

A. Scope of Review

    1. One commenter expressed concern that the scope of Postal Service 
review of any postage evidencing device should be limited to the 
boundaries of the logical security device and to the infrastructures 
and interfaces through which the Postal Service verifies that payment 
for postage has been received.

[[Page 20212]]

    The Postal Service does not accept the commenter's view that the 
review of any postage evidencing device should be limited to the 
boundaries of the logical security device and to the infrastructures 
and interfaces through which the Postal Service verifies that payment 
for postage has been received. The Postal Service is concerned with 
other potentially security-related aspects of postage evidencing 
systems beyond those associated with the logical security device and 
postage payment, such as communications and other administrative 
functions. The Postal Service must also verify that all aspects of the 
postage evidencing system submitted for evaluation work together as 
specified. No revision of the procedures was made as a result of this 
comment.
    2. One commenter had a concern with providing any copies of product 
software to the Postal Service, as well as with the number of copies 
required and the stated intent of the Postal Service to keep copies of 
the software.
    The Postal Service agrees in part with the commenter. The 
requirement was changed so that the Postal Service will require only 
one copy of the software code, as opposed to the five copies previously 
requested.
    However, the Postal Service does not agree with the commenter that 
software should be provided only to the National Institute of Standards 
and Technology (NIST) laboratory, and not to the Postal Service. A copy 
of the source code is required by the Postal Service because the Postal 
Service tests many other aspects of the product beyond the security and 
other features tested by the NIST laboratories. Should the Postal 
Service have any question about the completeness of a NIST laboratory 
report, it may require the source code for comparison purposes. Also, 
for audit and control purposes there is a need for the Postal Service 
to have on file a full copy of the source code of the most current 
version of the software for all approved products. This requirement 
remains unchanged.
    3. One commenter had a concern about the procedures to be applied 
to product modifications and suggested these rules should exempt from 
the approval process any modification to an approved product when the 
modification does not affect the boundaries of the security device or 
its operation.
    The Postal Service does not accept the commenter's view that only 
certain changes to an approved product should be submitted for 
evaluation. The Postal Service wants to see all changes to an approved 
product in order to verify that the proposed modification does not 
affect the boundaries of the security device or its operation, or 
otherwise affect security. Each proposed change is evaluated to 
determine the level of testing required to assess the impact of the 
change under consideration. No revision of the procedures was made as a 
result of this comment.
    4. One commenter was concerned that the procedures seem to allow 
the Postal Service to change a test plan that has been submitted by the 
Provider and approved by the Postal Service during the test process, 
for any reason or for no reason at all. The commenter also stated that 
retesting should occur if, but only if, there is a known and proven 
defect within the security boundaries or a known, proven, and 
commercially viable technology has been developed that would permit 
breach of the security device under examination.
    The Postal Service does not accept the commenter's views on 
limiting possible changes to an approved test plan. Postal Service 
findings during the test and evaluation process can result in the need 
for additional testing, product retesting, or even resubmission of the 
product.
    Similarly, the Postal Service does not accept the commenter's views 
on putting limitations on the Postal Service's retesting of an approved 
product. In accordance with current regulations for metering products 
(CFR Section 501.9, Security Testing) and proposed regulations for IBI 
products (502.10, Security Testing, as published in the Federal 
Register September 2, 1998), the Postal Service can require retesting 
at any time. The text of the regulations states that the Postal Service 
reserves the right to require or conduct additional examination and 
testing at any time, without cause, of any meter/IBI system submitted 
to the Postal Service for approval or previously approved by the Postal 
Service for manufacture and distribution. No revision of the procedures 
or the regulations was made as a result of this comment.

B. Communication and Postal Service Response

    1. One commenter requested that the Postal Service establish target 
dates for its responses at each stage of the product submission and 
approval process and to commit to responding to Providers' submissions 
within a reasonable and prompt time frame, with standardized time 
frames and methodologies for communication.
    The Postal Service understands the commenter's concern and does in 
fact strive to complete each stage of the product review, test, and 
evaluation process in a timely manner. However, it is difficult if not 
impossible for the Postal Service to commit to a set timetable for 
response, given resource constraints, the unpredictability of product 
submissions, and the dependence on outside agents. The Product 
Providers can help the Postal Service to respond in a timely manner by 
ensuring that product submissions are complete and meet all 
requirements specified in the product submission procedures. No 
revision of the procedures was made as a result of this comment.
    2. One commenter asked that a formal communication process be 
established between the Provider and third party laboratories or 
consultants retained by the Postal Service in order to discuss 
significant findings impacting the security assessment of the product 
submission and communicate significant findings in a timely manner.
    The Postal Service does not agree with this request. In order to 
evaluate postage evidencing products, the Postal Service secures the 
services of various third parties. These third parties are Postal 
Service resources paid by the Postal Service to complete tasking at 
Postal Service direction and to provide reports directly to the Postal 
Service only. We do not wish to have the efforts of these third parties 
and the costs of their services diverted by the need to communicate 
with anyone outside the Postal Service. Any communication between the 
Provider and these third party resources shall be accomplished through 
discussions with the Manager, Postage Technology Management. No 
revision of the procedures was made as a result of this comment.
    3. One commenter asked that the Postal Service communicate interim 
test results and bring to the immediate attention of the Provider any 
circumstance where there is the potential for test failure.
    The Postal Service does not agree with this request. Before 
submission of a product for Postal Service test and evaluation, the 
Provider should ensure that the product meets all performance criteria 
and specifications. A product that is not ready for testing and has 
functional problems delays the Postal Service evaluation of the 
product. The Postal Service does not have the resources to act as a 
test laboratory for the Provider, nor is it an appropriate role for the 
Postal Service. The Submission Procedures were amended to allow for the 
Postal Service to charge the Provider for the costs associated with 
additional testing by the Postal Service that is required as the result 
of

[[Page 20213]]

an incomplete or inadequate initial product submission.

C. Requirements for FIPS 140 Certification

    1. One commenter asked for clarification of the Postal Service 
policy and position on recognition of FIPS 140 certification for both 
the Postal Security Device (PSD) and the actual application running on 
the PSD.
    The Postal Service requires only that the PSD itself receive the 
NIST FIPS 140 certification. The FIPS certification of the PSD is 
independent of the application. Additional (non-FIPS) functions 
required of the PSD are specified in the USPS Benchmark Test 
requirements. These functions will be tested in addition to FIPS-140 
functions by a NIST-certified laboratory. The Postal Service has 
revised the product submission procedures in response to this comment.

D. Requirements for Use of AMS CD-ROM

    1. One commenter questioned the requirement to use and integrate 
the USPS Address Matching System (AMS) CD-ROM with some IBI systems, 
claiming that this program does not support all the functionality 
required, such as coding of addresses to the delivery point and 
validation of exact input addresses.
    The Postage Evidencing Product Submission Procedures that are the 
subject of this Federal Register notice require the Provider to meet 
Postal Service performance criteria for specific postage evidencing 
products, as applicable. Any comments on the details of the performance 
criteria for individual products should be addressed separately to the 
Manager, Postage Technology Management.

1. Product Submission Procedures

    In submitting any postage-evidencing product for Postal Service 
evaluation, the proposed Provider must provide detailed documentation 
and comply with requirements in the following areas:
    (1) Letter of Intent.
    (2) Nondisclosure Agreements.
    (3) Concept of Operations (CONOPS).
    (4) Software and Documentation Requirements.
    (5) Provider Infrastructure Plan.
    (6) USPS Address Matching System (AMS) CD-ROM Integration.
    (7) Product Submission/Testing.
    (8) Provider Infrastructure Testing.
    (9) Field Test (Beta) Approval (Limited Distribution).
    (10) Provider/Product Approval (Full Distribution).
    The Provider shall indicate the specific requirement(s) addressed 
by each document submitted in compliance with these Postage Evidencing 
Product Submission Procedures. The Postal Service requests that the 
documentation include a matrix showing where each specific requirement 
is addressed. Documentation shall be in English and formatted for 
standard letter-size (8.5"  x  11") paper, except for engineering 
drawings, which shall be folded to the required size. Where 
appropriate, documentation shall be marked as ``Confidential.'' The 
steps in the Postage Evidencing Product Submission Procedures must be 
completed in sequential order, except as detailed below.

1.1. Letter of Intent

    The Provider must submit a Letter of Intent to the Manager, Postage 
Technology Management, United States Postal Service, 475 L'Enfant Plaza 
SW, Room 8430, Washington, DC 20260-2444.
    A. The Letter of Intent must include:
    (1) Date of correspondence.
    (2) Name and address of all parties involved in the proposal. In 
addition to the Provider, the parties listed shall include those 
responsible for assembly, distribution, management of the product/
device, hardware/firmware/software development, testing, and other 
organizations involved (or expected to be involved) with the product, 
including suppliers of significant product components. In these 
procedures, the term ``product'' is used when referring generically to 
processes and so forth. However, the term ``product'' includes 
``product/device.''
    (3) Name and phone number of official point of contact for each 
company identified.
    (4) Provider's business qualifications (i.e., proof of financial 
viability, certifications and representations, proof of ability to be 
responsive and responsible).
    (5) Product/device concept narrative.
    (6) Provider infrastructure concept narrative.
    (7) Narrative that identifies the internal resources knowledgeable 
of current Postal Service policies, procedures, performance criteria, 
and technical specifications to be used to develop security, audit, and 
control features of the proposed product.
    (8) The target Postal Service market segment the proposed product 
is envisioned to serve.
    B. The Provider must submit with the Letter of Intent a proposed 
product development plan of actions and milestones (POA&M) with a start 
date coinciding with the date of the Letter of Intent. Reasonable 
progress must be shown against these stated milestones.
    C. The Manager, Postage Technology Management, will acknowledge in 
writing the receipt of the Provider's Letter of Intent and will 
designate a Postal Service point-of-contact. Upon receipt of this 
acknowledgment, the Provider may continue with the sequential 
requirements of the product submission process.

1.2. Nondisclosure Agreements

    These agreements are intended to ensure confidentiality and 
fairness in business. The Postal Service is not obligated to provide 
product submission status to any parties not identified in the Letter 
of Intent. After obtaining signed nondisclosure agreements, the 
Provider may continue with the sequential requirements of the product 
submission process.

1.3. Concept of Operations

    A. The Provider must submit a Concept of Operations (CONOPS) that 
discusses at a moderate level of detail the features and usage 
conditions for the proposed product. The Provider should submit 10 
serialized printed copies and one electronic copy on a PC-formatted 
3.5" floppy disk. Additionally, the Provider must submit a detailed 
process model supporting each CONOPS section.
    B. At a minimum, the CONOPS should cover the following areas:
    (1) System Overview.
    (a) Concept overview/business model.
    (b) Concept of production/maintenance administration.
    (c) For Information Based Indicia (IBI) systems, including PC 
Postage products, the system design overview, including:
    (i) Postal Security Device (PSD) implementation (stand-alone, LAN, 
WAN, hybrid).
    (ii) Features.
    (iii) Components, including the digital signature algorithm.
    (d) Product life cycle overview.
    (e) Adherence to industry standards, such as Federal Information 
Processing Standard (FIPS) 140-1, as required by the Postal Service.
    (2) System Design Details (for proposed IBI systems, including PC 
Postage products).
    (a) PSD features and functions.
    (b) Host system features and functions.
    (c) Other components required for system use including, but not 
limited to, the proposed indicia design and label stock.

[[Page 20214]]

    (3) Product Life Cycle.
    (a) Manufacturer.
    (b) Postal Service certification of product/device.
    (c) Production.
    (d) Distribution.
    (e) Product/device licensing and registration.
    (f) Initialization.
    (g) Product authorization and installation.
    (h) Postage Value Download (PVD) process.
    (i) Product and support system audits.
    (j) Inspections.
    (k) Product withdrawal/replacement.
    (i) Overall process.
    (ii) Product failure/malfunction procedures.
    (l) Scrapped product process.
    (4) Finance Overview.
    (a) Customer account management.
    (i) Payment methods.
    (ii) Statement of account.
    (iii) Refund.
    (b) Individual product finance account management.
    (i) Postage Value Download (PVD).
    (ii) Refund.
    (c) Daily account reconciliation.
    (i) Provider reconciliation.
    (ii) Postal Service detailed transaction reporting.
    (d) Periodic summaries.
    (i) Monthly reconciliation.
    (ii) Other reporting, as required by the Postal Service.
    (5) Interfaces.
    (a) Communications and message interfaces with Postal Service 
infrastructure, including but not limited to:
    (i) PVDs.
    (ii) Refunds.
    (iii) Inspections.
    (iv) Product audits.
    (v) Lost or stolen product procedures.
    (b) Communications and message interfaces with applicable Postal 
Service financial functions, including but not limited to:
    (i) Postage settings, including those done remotely.
    (ii) Daily account reconciliation.
    (iii) Refunds.
    (c) Communication and message interfaces with Customer 
Infrastructure, including but not limited to:
    (i) Cryptographic key management.
    (ii) Product audits (device and host system).
    (iii) Inspections.
    (d) Message error detection and handling.
    (6) Technical Support and Customer Service.
    (a) User training and support.
    (b) Software Configuration Management (CM) and update procedures.
    (c) Hardware/firmware CM and update procedures.
    (7) Other.
    (a) Change control procedures.
    (b) Postal rate change procedures.
    (c) Address Management System ZIP+4 CD-ROM updates, if applicable.
    (d) Physical security.
    (e) Personnel/site security.
    C. Supplementary requirements, CONOPS:
    (1) The CONOPS must be accompanied by substantiated market analysis 
supporting the target Postal Service market segment that the proposed 
product is envisioned to serve, as identified in the Letter of Intent.
    (2) The CONOPS must include a list and a detailed explanation of 
any proposed deviations from Postal Service performance criteria or 
specifications. Any proposed deviation to audit and control functions 
required by current Postal Service policy, procedure, performance 
criteria, or specification must be accompanied by an independent 
assessment by a nationally recognized, independent, certified public 
accounting firm attesting to the proposed auditing method. The report 
of this information is to be signed by an officer of the accounting 
firm.
    D. Postal Service response:
    (1) The Postal Service will respond in a timely manner.
    (2) For each submission, the Postal Service will appoint a Product 
Review Control Officer. All communications between the Provider and the 
Postal Service are to be coordinated through the Product Review Control 
Officer.
    (3) The Postal Service will acknowledge, in writing, receipt of the 
CONOPS and perform an initial review. The Postal Service will provide 
the Provider with a written summary of the CONOPS review. In the 
written review, the Postal Service will provide authorization to 
continue with the product submission process, or a listing of CONOPS 
requirements that are not met.
    (4) If, in the sole opinion of the Postal Service, it is determined 
that significant CONOPS deficiencies do exist, the Postal Service, at 
the discretion of the Manager, Postage Technology Management, may 
return the CONOPS to the Provider without further review. It will then 
be incumbent on the Provider to resubmit a corrected CONOPS.
    (5) The Provider may continue with the product submission process 
upon receipt of authorization from the Postal Service to proceed.

1.4. Software and Documentation Requirements

    A. The Provider must submit to the Postal Service one copy of 
executable code and one copy of source code for all software included 
in the product.
    B. The Provider must submit a detailed design document of the 
product. For IBI products, this shall include the proposed IBIP indicia 
design, which must be approved by the Manager, Postage Technology 
Management.
    C. Additionally, depending on the product, the Postal Service 
requires design documentation that includes, but is not limited to, the 
following:
    (1) Operations manuals for product usage.
    (2) Interface description documents for all proposed communications 
interfaces.
    (3) Maintenance manuals.
    (4) Schematics.
    (5) Product initialization procedures.
    (6) Finite state machine models/diagrams.
    (7) Block diagrams.
    (8) Security features descriptions.
    (9) Cryptographic operations descriptions. Detailed references for 
much of this documentation are listed in FIPS 140-1, Appendix A. The 
Postal Service will determine the number of copies needed of the 
aforementioned documentation based on the CONOPS review. The Postal 
Service will notify the Provider of the required number of copies. The 
required number of copies are to be uniquely numbered for control 
purposes.
    D. The Provider must submit a comprehensive test plan that will 
validate that the product meets all Postal Service requirements and, 
where appropriate, the requirements of FIPS 140-1. With respect to the 
Provider's Internet server, the test plan shall indicate how the 
Provider will test to ensure the physical security of the Provider's 
server and administrative site and the firewall, and to ensure the 
security of the processes for remote administrative access and 
configuration control. With respect to the process for initializing 
customer accounts, the test plan shall describe the tests for ensuring 
secure distribution or transmission of software and cryptographic keys. 
The test plan must list the parameters to be tested, test equipment, 
procedures, test sample sizes, and test data formats. Also, the plan 
must include detailed descriptions, specifications, design drawings, 
schematic diagrams, and explanations of the purposes for all special 
test equipment and nonstandard or noncommercial instrumentation.

[[Page 20215]]

Finally, this test plan must include a proposed schedule of major test 
milestones.
    E. The Provider must submit a benchmark assessment plan. The 
Manager, Postage Technology Management will provide reference 
standards, performance criteria, specifications, and so forth to be 
used as a basis for the Provider to produce this plan.
    F. Postal Service response:
    (1) The Postal Service will provide its response in a timely 
manner.
    (2) The Postal Service will acknowledge, in writing, receipt of the 
Provider's design and test plans and will perform an initial review. 
The Postal Service will furnish the Provider with a written summary of 
the design plan and test plan reviews. In the written review, the 
Postal Service will provide authorization to continue with the product 
submission process, or will provide a listing of design plan 
requirements or test plan requirements that are not met, and perhaps 
other deficiencies.
    (3) If, in the sole opinion of the Postal Service, it is determined 
that significant design plan or test plan deficiencies do exist, the 
Postal Service, at the discretion of the Manager, Postage Technology 
Management, may return the plans to the Provider without further 
review. It will then be incumbent on the Provider to resubmit revised 
plans that address the identified deficiencies.
    (4) The Provider may continue with the product submission process 
upon receipt of authorization from the Postal Service to proceed.

1.5. Provider Infrastructure Plan

    A. The Provider Infrastructure Plan may be submitted concurrently 
with the design and test plans described in 1.5, Software and 
Documentation Requirements. At this point in the product submission 
process, the Postal Service will provide additional performance 
criteria and specifications for the IBIP public key infrastructure, if 
required for the product/device, for use as a basis for the applicable 
elements of the Provider's Infrastructure Plan.
    B. The Provider must submit a Provider Infrastructure Plan that 
describes how the processes and procedures described in the CONOPS will 
be met or enforced. This includes, but is not limited to, a detailed 
description of all Provider-related and Postal Service-related 
operations, computer systems, and interfaces with both customers and 
the Postal Service that the Provider shall use in manufacturing, 
producing, distributing, customer support, product/device life cycle, 
inventory control, print readability quality assurance, and reporting.
    C. Postal Service response:
    (1) The Postal Service will respond in a timely manner.
    (2) The Postal Service will acknowledge in writing the receipt of 
the Provider's Infrastructure Plan and will perform an initial review. 
The Postal Service will provide the Provider with a written summary of 
the Infrastructure Plan review. In the written review, the Postal 
Service will provide authorization to continue with the product 
submission process, or a listing of the Infrastructure Plan 
requirements that are not met, and perhaps other deficiencies.
    (3) If, in the sole opinion of the Postal Service, it is determined 
that significant Provider Infrastructure Plan deficiencies do exist, 
the Postal Service, at the discretion of the Manager, Postage 
Technology Management, may return the Infrastructure Plan to the 
Provider without further review. It will then be incumbent on the 
Provider to resubmit a revised Infrastructure Plan to address the 
identified deficiencies.
    (4) The Provider may continue with the product submission process 
upon receipt of authorization from the Postal Service to proceed.

1.6. USPS Address Matching System (AMS) CD-ROM Integration

    A. The USPS AMS CD-ROM is a required component of IBIP open 
systems. For such systems, the Provider shall initiate and fully comply 
with a license agreement with the USPS National Customer Support Center 
(NCSC). This signed agreement shall describe responsibilities of the 
AMS CD-ROM supply chain process, including roles of the Provider. The 
only functionality of the AMS CD-ROM available through an IBIP system 
shall be address matching and ZIP+4 coding of input addresses.
    B. The Provider shall submit a detailed description of how the USPS 
AMS CD-ROM will be integrated in the product, including a description 
of the process by which an address is ZIP+4 coded, including all 
possible optional and required parameters. The Provider can submit this 
information concurrent with submission of the Software and 
Documentation Requirements and/or Provider Infrastructure Plan 
described above.
    C. Any CONOPS or products proposed for which the Provider requests 
a variance to the AMS CD-ROM requirements must be approved by the 
Manager, Postage Technology Management prior to proceeding with the 
next step in the submission process.

1.7. Product Submission/Testing

    A. The product/device Provider must be prepared to submit up to 
five complete production systems of each product/device for which 
Postal Service evaluation is requested. The required number of 
submitted systems will be determined by the Postal Service. The 
Provider must provide any equipment and consumables required to use the 
submitted product/device in the manner contemplated by the CONOPS.
    Thorough Provider testing prior to submission of the product to the 
Postal Service will avoid unnecessary delays in the review and 
evaluation process. If, in the opinion of the Postal Service, it is 
determined that significant product deficiencies exist, the Postal 
Service, at the discretion of the Manager, Postage Technology 
Management, may return the product to the Provider without further 
review. The Provider may resubmit a corrected product.
    The Postal Service reserves the right to charge the Provider for 
the costs associated with any additional testing by the Postal Service 
that is required as the result of an incomplete or inadequate initial 
product submission.
    B. If the product contains a cryptographic module, the Provider 
must submit the cryptographic module to a laboratory accredited under 
the National Voluntary Laboratory Accreditation Program (NVLAP) for 
FIPS 140-1 certification, or equivalent, as authorized by the Postal 
Service. The Postal Service requires only that the PSD itself receive 
the NIST FIPS 140-1 certification. The FIPS certification of the PSD is 
independent of the application.
    Upon completion of the FIPS 140-1 certification, or equivalent, the 
Postal Service requires the following to be forwarded directly from the 
accredited laboratory to the Manager, Postage Technology Management for 
review:
    (1) A copy of all information given to the laboratory by the 
Provider, including a summary of all information transmitted orally.
    (2) A copy of all instructions from the Provider with respect to 
what is or is not to be tested for.
    (3) A copy of the letter of recommendation for the product as 
submitted by the laboratory to the National Institute of Standards and 
Technology (NIST) of the United States of America.
    (4) Copies of all proprietary and nonproprietary reports and 
recommendations generated during the test process.

[[Page 20216]]

    (5) A copy of the certificate, if any, issued by NIST for the 
product.
    (6) Written full disclosure identifying any contribution of the 
NVLAP laboratory to the design, development, or ongoing maintenance of 
the cryptographic module or the product/device.
    C. For products with a cryptographic module, non-FIPS functions 
required of the module are specified in the USPS Benchmark Test 
requirements. A NIST-certified laboratory will test these functions in 
addition to testing the FIPS 140-1 functions.
    D. If the cryptographic module is submitted to an accredited test 
laboratory to meet the requirements of paragraph B or C of this 
section, the laboratory must meet all the requirements specified by 
NIST in the Implementation Guidance for FIPS PUB 140-1 and the 
Cryptographic Module Validation Program; NIST document 150-17, 
Cryptographic Module Testing; and other documents issued by NIST to 
govern the conduct of accredited laboratories.
    E. All cryptographic modules submitted to an accredited laboratory 
for testing under paragraph B or C of this section shall be retained by 
the laboratory for 3 years from date of product approval by the Postal 
Service.
    F. The Provider may submit the product to the Postal Service for 
test and evaluation prior to completion of any required FIPS 140-1 
testing, provided a letter is submitted from the NVLAP laboratory to 
the Postal Service indicating:
    (1) That the cryptographic module included in the product is being 
tested under FIPS 140-1 for the required security levels, in accordance 
with the current, relevant performance criteria.
    (2) That the cryptographic module has a reasonable chance of 
meeting the FIPS 140-1/USPS security levels.
    (3) The timeline for FIPS 140-1 test completion.
    G. The Postal Service reserves the right to require or conduct 
additional examination and testing at any time, without cause, of any 
product submitted to the Postal Service for approval or approved by the 
Postal Service for manufacture and distribution.
    H. Upon satisfactory completion of the Postal Service testing and 
NVLAP laboratory testing (where required), the Postal Service will 
provide authorization to continue the product submission process. The 
Provider may continue with the product submission process upon receipt 
of authorization from the Postal Service to proceed.
    I. The Provider shall obtain, maintain, and comply with the 
certification requirements as established by the USPS in the Coding 
Accuracy Support System (CASS) program. The Provider shall obtain, 
maintain, and comply with CASS certification requirements prior to 
product offering.

1.8. Product Infrastructure Testing

    A. Prior to approval for distribution of any product/device, the 
Provider must achieve test and approval of all reporting requirements, 
including, but not limited to, Postal Service/customer licensing 
support, product status activity reporting, total product population 
inventory, irregularity reporting, lost and stolen reporting, financial 
transaction reporting, account reconciliation, digital certificate 
acquisition, product initialization, cryptographic key changes, rate 
table changes, print quality assurance, device authorization, device 
audit, product audit, and remote inspections.
    B. Testing of these activities and functions includes computer-
based testing of all interfaces with the Postal Service, including but 
not limited to the following:
    (1) Product manufacture and life cycle (including leased, unleased, 
new product/device stock, installation, withdrawal, replacement, key 
management, lost, stolen, and irregularity reporting).
    (2) Product distribution and initialization (including product 
authorization, product initialization, customer authorization, and 
product maintenance).
    (3) Licensing (including license application, license update, and 
license revocation).
    (4) Finance (including cash management, individual product 
financial accounting, refund management, daily summary reports, daily 
transaction reporting, and monthly summary reports).
    (5) Audits and inspections, including site audits.
    C. The Provider must complete a ``Product-Provider Infrastructure-
Financial Institution-USPS Infrastructure'' (Alpha) test involving all 
entities in the proposed architecture. At a minimum this includes the 
proposed product, Provider Infrastructure, financial institution, and 
Postal Service Infrastructure systems and interfaces. Alpha testing is 
intended to demonstrate the proposed product utility and its 
functionality and compatibility with other systems. Alpha testing may 
be conducted in a laboratory environment.
    D. Provider Infrastructure Testing (Alpha) test note: The Postal 
Service reserves the right to require or conduct additional examination 
and testing at any time, without cause, of any Provider Infrastructure 
system supporting a postage evidencing product/device approved by the 
Postal Service for manufacture and distribution. Initial Provider 
Infrastructure testing and (Alpha) testing schedules will be supported 
at the convenience of the Postal Service.
    E. Demonstrable evidence of successful completion for each test is 
required prior to proceeding.
    F. The Provider may continue with the product submission process 
upon receipt of authorization from the Postal Service to proceed.

1.9. Field Test (Beta) Approval (Limited Distribution)

    A. The Provider will submit a proposed Field (Beta) Test Plan 
identifying test parameters, product quantities, geographic location, 
test participants, test duration, test milestones, and product recall 
plan. The Beta Test Plan will be in accordance with the Beta Test 
Strategy in effect for the given product type. The Postal Service will 
supply the appropriate Beta Test Strategy to the Provider upon request.
    The purpose of the Beta test is to demonstrate the proposed 
product's utility, security, audit and control, functionality, and 
compatibility with other systems, including mail entry, acceptance, and 
processing, in a real-world environment. The Beta test will employ 
available communications and will interface with current operational 
systems to conduct all product functions. The Manager, Postage 
Technology Management will determine acceptance of Provider-proposed 
Beta Test Plans based on, but not limited to, assessed risk of the 
product, product impact on Postal Service operations, and requirements 
for Postal Service resources. Proposed candidates for Beta test 
participation must be approved by the Postal Service. Beta test 
approval consideration will be based in whole or in part on the 
location, mail volume, mail characteristics, and mail origination and 
destination patterns.
    B. The Provider has a duty to report security weaknesses to the 
Postal Service to ensure that each product/device model and every 
product/device in service protects the Postal Service against loss of 
revenue at all times. Beta participants must agree to a nondisclosure 
confidentiality agreement when reporting product security, audit, and 
control issues, deficiencies, or failures to the Provider and the 
Postal Service. A grant of Field Test Approval (FTA) does not 
constitute an irrevocable

[[Page 20217]]

determination that the Postal Service is satisfied with the revenue-
protection capabilities of the product/device. After approval is 
granted to manufacture and distribute a product/device, no change 
affecting the basic features or safeguards of a product/device may be 
made except as authorized or ordered by the Postal Service in writing 
from the Manager, Postage Technology Management.
    C. The Provider may continue with the product submission process 
upon receipt of authorization from the Postal Service to proceed.

1.10. Provider/Product Approval (Full Distribution)

    A. Upon receipt of the final certificate of evaluation from the 
national laboratory, where required, and after obtaining positive 
results of internal testing of the product/device, successful 
completion of Provider infrastructure testing, Alpha testing, 
demonstration of limited distribution activities (Beta testing), and 
audits of Provider site security, the Postal Service will 
administratively review the submitted product, the Provider 
infrastructure, and the Provider qualification requirements for final 
approval of full distribution. In preparation for the administrative 
review, the Provider shall update any product submission documentation 
submitted in compliance with the requirements of the Postage Evidencing 
Product Submission Procedure that is no longer accurate with respect to 
the product in review.

    Note: Required qualifications for Providers of IBI systems can 
be found in draft 39 CFR part 502, Manufacture, Distribution, and 
Use of Postal Security Devices and Information-Based Indicia, as 
published in the Federal Register on September 2, 1998. Copies are 
available by contacting USPS, Postage Technology Management, 475 
L'Enfant Plaza SW, Room 8430, Washington DC 20260-2444. Copies of 
CFR part 501 pertaining to manufacturer qualifications regarding 
postage meters are available also at the above address.


    B. The Postal Service may require, at any time, that models/
versions of approved products, and the design and user manuals and 
specifications applicable to such products, and any revisions thereof, 
be deposited with the Postal Service.

2. Change Control Procedure

2.1. Overview

    A. After approval is granted to manufacture and distribute a 
product/device, no change affecting the basic features or safeguards of 
a product/device may be made except as authorized or ordered by the 
Postal Service in writing from the Manager, Postage Technology 
Management. The submission of a change proposal and the subsequent test 
and acceptance of a product change are designed to ensure not only that 
the changed product meets all requirements and performance criteria but 
also that the stated changes made to a product do not introduce any 
unintended, unidentified, unexpected, or undesirable changes to the 
form, fit, function, or security of the product.
    B. Once a postage evidencing product/device has received final 
approval from the Postal Service, the Provider is required to submit 
any change(s) to that product for Postal Service approval. Changes 
covered by this process include, but are not limited to, the following:
    (1) Changes to the form, fit, function, or security of the product/
device.
    (2) Changes resulting from new Postal Service regulations, such as 
an updated postal rate table.
    (3) Changes to the software or firmware.
    (4) Changes to the PSD, for products using such a device.
    (5) Changes to the physical configuration of the product.
    (6) Changes to the indicia design or to consumables, such as 
labels, that can be used with the product.
    (7) Changes to product documentation or packaging.
    (8) Changes to product distribution methods.
    (9) Changes to third party providers of significant product 
components.
    C. For an IBI product, the changed product shall be in compliance 
with the IBI performance criteria and all other Postal Service 
regulations in effect at the time the change is implemented. All 
changes to previously approved products must be approved by the Postal 
Service before implementation. The Postal Service must also approve the 
timetable and procedures for implementing changes.
    D. Providers are encouraged to consolidate multiple changes in a 
single change proposal to enable the Postal Service to expedite review 
of the changes.
    E. The Provider shall fully document all changes, in accordance 
with the requirements described in the following sections.

2.2. Provider Responsibilities

    A. The Provider shall be responsible for notifying the Postal 
Service of any proposed changes made as described in section 2.1. The 
Provider shall be responsible for having a Postal Service-approved 
process for configuration management of the versions of each approved 
product. The Provider's process shall ensure that no changes can be 
made without proper tracing of design changes, records of 
authorization, and notification to the Postal Service. The Provider is 
responsible for submitting a change proposal in accordance with the 
requirements of this procedure and for achieving Postal Service 
approval before implementing any change.
    B. Detailed Provider Actions
    (1) Letter of Intent to Change. The first step in the submission of 
a change proposal is to submit a Letter of Intent to Change, similar to 
the Letter of Intent described under Product Submission Procedures, 
above. The Letter of Intent to Change shall be submitted to the 
Manager, Postage Technology Management, United States Postal Service, 
475 L'Enfant Plaza SW, Room 8430, Washington DC 20260-2444. The letter 
must include:
    (a) Date of correspondence.
    (b) Name and address of all parties involved in the change 
proposal, including those responsible for assembly, distribution, 
management of the product/device, hardware/firmware/software 
development or testing, and other organizations involved (or expected 
to be involved) with the changed product.
    (c) Name and phone number of official point of contact for each 
party identified above.
    (d) Change concept narrative. A description of the proposed change, 
identifying any changes to the form, fit, function, or security of the 
product.
    (e) Discussion of the reasons for the change.
    (f) Discussion of the implications of the change for product 
security, product identification, and Provider procedures such as 
distribution, operations, or financial transactions, as well as any 
cost impact and impact on product customers. The document shall also 
discuss the impact of the change on Postal procedures such as mail 
entry, mail acceptance, and mail processing, as well as the impact on 
the interfaces between the Provider and the Postal Service and/or 
customers.
    (g) An outline of the actions the Provider will take in support of 
the change proposal, including a listing of the documentation the 
Provider will submit in support of the change and the testing that will 
be performed to ensure the changes meet Postal Service requirements.
    (h) The timetable for submission, test, acceptance, and 
implementation of the proposed change.
    (i) The procedure for implementation of the proposed change.

[[Page 20218]]

    (2) Additional documentation. Once the Letter of Intent to Change 
is submitted, the Provider shall review the following documents and 
submit any changes needed to ensure they are still current. Additional 
documentation may be required at the discretion of the Postal Service.
    (a) Nondisclosure Agreements.
    (b) Concept of Operations.
    (c) Software and Documentation.
    (d) Provider Infrastructure Plan.
    (e) USPS Address Matching System (AMS) CD-ROM Integration, if 
required for the product.
    (3) Testing. The Provider will test the product changes as 
described in the Postage Evidencing Product Submission Procedures to 
the extent required by the proposed change, in accordance with Postal 
Service direction. The Provider shall document the tests performed on 
product changes and shall submit this documentation along with 
verification of successful completion of the testing.

2.3. Postal Service Responsibilities

    A. The Postal Service will execute its responsibilities in a timely 
manner.
    B. The Postal Service will review the Letter of Intent to Change 
and accept or reject each component of the Provider's proposed approach 
for product change, documentation submittal, and testing, and schedule 
for release.
    C. The Postal Service will complete testing of the changes as 
required to ensure the changes meet Postal Service performance 
criteria, and provide written comments to the Provider. Approval of the 
change will be granted in writing by the Manager, Postage Technology 
Management.
    D. The Postal Service reserves the right to determine if a proposed 
change is extensive enough to constitute a new product, rather than a 
change to a previously approved product. If such a determination is 
made, the Provider shall comply with all requirements of the Postage 
Evidencing Product Submission Procedures, including field testing.

3. Intellectual Property and License Policy

    Product Service Providers who choose to produce a postage 
evidencing product or service must comply with USPS Intellectual 
Property (IP) Requirements as a condition for receiving and maintaining 
regulatory approval. If a Product Service Provider is unable or 
unwilling to meet the IP Requirements, it should not offer the product 
or service. Product Service Providers do not have authorization or 
consent from the USPS under 28 U.S.C. 1498(a) or otherwise to make or 
use any patented invention.
    The USPS reserves the right and authority to discontinue a Product 
Service Provider's authorization to distribute a postage evidencing 
device or service if the USPS or a court determines that the 
manufacture of the device or service, the use of the device or service 
by mailers, or the validation of the indicia produced by the device or 
service requires use of patented inventions for which the Product 
Service Provider has not procured appropriate licenses. This 
requirement applies to all aspects of the Product Service Provider's 
product or service, including those required or specified under 
applicable performance criteria.

4. Request for Comment

    It is emphasized that the proposed procedures for initial product 
submission and changes to already approved products are being published 
for comments and are subject to final definition.
    Although exempt from the notice and comment requirements of the 
Administrative Procedure Act (5 U.S.C. 553 (b), (c)) regarding proposed 
rule making by 39 U.S.C. 410 (a), the Postal Service invites public 
comments on the proposed procedures.

Stanley F. Mires,
Chief Counsel, Legislative.
[FR Doc. 00-9268 Filed 4-13-00; 8:45 am]
BILLING CODE 7710-12-P