[Federal Register Volume 67, Number 214 (Tuesday, November 5, 2002)]
[Notices]
[Pages 67425-67430]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-28039]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Postage Evidencing Product Submission Procedures

AGENCY: Postal Service.

ACTION: Final notice of procedures.

-----------------------------------------------------------------------

SUMMARY: The Postal Service is implementing product submission 
procedures for postage meters and other postage evidencing systems.

DATES: The procedures are effective November 5, 2002.

FOR FURTHER INFORMATION CONTACT: Wayne Wilkerson, manager, Postage 
Technology Management, by fax at 703-292-4050.

SUPPLEMENTARY INFORMATION: With the expansion of postage application 
methods and technologies, it is essential that the product submission 
procedures for all postage evidencing products be clearly stated and 
defined while remaining flexible enough to accommodate evolving 
technologies. The Postal Service evaluation process can be effective 
and efficient if all suppliers follow these procedures. In this way, 
secure and convenient technology will be made available to the mailing 
public with minimal delay and with the complete assurance that all 
Postal Service technical, quality, and security requirements are met. 
These procedures apply to all proposed postage evidencing products and 
systems, whether the provider is new or is currently authorized by the 
Postal Service.
    Title 39, Code of Federal Regulations (CFR) section 501.9, Security 
Testing, states: ``The Postal Service reserves the right to require or 
conduct additional examination and testing at any time, without cause, 
of any meter submitted to the Postal Service for approval or approved 
by the Postal Service for manufacture and distribution.'' For products 
meeting the performance criteria for postage evidencing systems that 
generate an information-based indicia (IBI), including PC Postage[reg] 
products, the equivalent section is 39 CFR section 502.10, Security 
Testing, published as a proposed rule in the Federal Register on 
October 2, 2000. When the Postal Service elects to retest a previously 
approved product, the provider will be required to resubmit the product 
for evaluation according to part or all of the proposed procedures. The 
Postal Service will determine full or partial compliance with the 
procedures prior to resubmission by the provider.
    The procedures were published as proposed procedures in the Federal 
Register on May 1, 2002 [Vol. 67, No. 84, pages 21780-21785] with a 
request for submission of comments by May 31, 2002. We received three 
submissions in response to the solicitation of public comments. These 
comments were carefully considered, as explained in the discussion of 
comments. No changes were made to the procedures as a result of these 
comments. However, a few changes were made to clarify the meaning of 
the procedures, as explained following the discussion of comments. The 
procedures, as revised, follow these explanations.

Discussion of Comments

    1. One commenter asked the Postal Service to add maximum time 
frames for responding to product submissions

[[Page 67426]]

to ensure the Postal Service and the independent test laboratory 
complete their reviews in a timely manner.
    The Postal Service understands the commenter's concern and does in 
fact strive to complete each stage of the product review, test, and 
evaluation process in a timely manner. However, it is difficult if not 
impossible for the Postal Service to commit to a set timetable for 
response, given resource constraints, the unpredictability of product 
submissions, and the dependence on outside agents. The product 
providers can help the Postal Service to respond in a timely manner by 
ensuring that product submissions are complete and meet all 
requirements specified in the product submission procedures. No 
revision of the procedures is made in response to this comment.
    2. One commenter assumed that the Postal Service will pay for costs 
associated with ``resources under direct contract to the Postal 
Service'' referenced in section 1.3, Additional Security Testing.
    At the current time, the Postal Service does assume all costs 
associated with resources under direct contract to the Postal Service. 
However, there is no guarantee that the Postal Service will be able to 
assume all such costs for the future. In particular, the Postal Service 
might ask for cost recovery from a provider when the provider's 
submittal is inadequate or incomplete and the direct contract resource 
must perform additional or repeated reviews. No revision of the 
procedures is made in response to this comment.
    3. One commenter noted that the revised policy on intellectual 
property is an improvement over prior policy because it removes the 
Postal Service from involvement in patent disputes among other parties, 
and places responsibility on the provider for determining and meeting 
intellectual property requirements for the provider's system. However, 
the commenter suggested that we delete the requirement for providers 
``to acquire intellectual property licenses that may be required . . . 
to allow the Postal Service to process mail bearing the indicia 
produced by the product.'' The commenter noted that the providers do 
not control how the Postal Service elects to process mail. The 
commenter stated that just as it is the responsibility of providers to 
determine what intellectual property licenses they may need, it is the 
responsibility of the Postal Service to determine what intellectual 
property licenses it needs for its processes.
    The provider must demonstrate that the system submitted satisfies 
all applicable postal processing and interface requirements in a real-
world environment, in accordance with procedures in section 7, Limited-
Distribution Field Test. If the ability to satisfy all applicable 
current Postal Service processing and interface requirements requires 
property licenses to allow the Postal Service to process mail bearing 
the indicia produced by the product, it is the provider's 
responsibility to acquire these licenses. No revision of the procedures 
is made in response to this comment.

Discussion of Clarifications and Changes

    1. In 1.1, we clarified the requirements for selection of the 
independent test laboratory. The provider must select an independent 
testing laboratory accredited by the National Institutes of Standards 
and Technology (NIST) under the National Voluntary Laboratory 
Accreditation Program (NVLAP).
    2. In 4.1, we clarified the meaning of the Postal Service response 
to provider submissions of documentation during the product submission 
process. When the manager, Postage Technology Management (PTM), 
acknowledges receipt of the concept of operations or other 
documentation, the acknowledgement does not imply acceptance or 
approval of the concept of operation, of the documentation itself, or 
of the product. Approval of the product is granted only after the 
product prototype has been developed and testing has been successfully 
completed in accordance with all requirements of these procedures.
    3. In describing the letter of intent (2.0), we clarified the 
requirements for identifying those involved in the product development 
and production. We also added a requirement for providers to submit an 
updated list with the concept of operations documentation (4.2). The 
list must be resubmitted to ensure that the Postal Service has current 
information about all entities involved in product development and 
production.
    4. In the table of Required Documentation, we added a requirement 
for providers to submit the ``Indicium Specification for Human Readable 
Data'' directly to the Postal Service. We also indicated that the 
Postal Service may require submission of additional documentation, if 
deemed necessary for any product approval.
    The submission procedures will be referenced in 39 CFR part 501 and 
will be published as a separate document titled ``Postage Technology 
Management, Postage Evidencing Product Submission Procedures.''

Product Submission Procedures for Postage Meters (Postage Evidencing 
Systems)

1. General Information

1.1 Independent Testing Laboratory
    To receive authorization from the Postal Service to manufacture, 
produce, or distribute a postage meter (postage evidencing system) 
under 39 CFR part 501, Authorization to Manufacture and Distribute 
Postage Meters, the provider must obtain approval under these product 
submission procedures. These procedures also apply to providers 
requesting approval to manufacture, produce, or distribute a product 
under proposed 39 CFR part 502, Authority to Produce and Distribute 
Postage-Evidencing Systems that Generate Information-Based Indicia 
(IBI) (65 FR 58689).
    The provider must select an independent testing laboratory 
accredited by the National Institutes of Standards and Technology 
(NIST) under the National Voluntary Laboratory Accreditation Program 
(NVLAP) to conduct the detailed product review and testing required by 
these procedures. When the product contains a postal security device 
(PSD) or cryptographic module, the laboratory must be an NVLAP-
accredited cryptographic module testing laboratory.
    Technical documentation (section 4) and production systems (section 
5) must be provided to the selected test laboratory in sufficient 
detail to support testing. The testing laboratory will submit an 
executive summary containing the information referenced in the Required 
Documentation table set forth in paragraph 4.2 and the results of the 
product evaluation directly to the Postal Service. All supporting 
documentation, products, PSDs and cryptographic modules, and other 
materials used or generated during testing will be maintained by the 
testing laboratory for the life of the test. At the time of product 
approval, the manager, Postage Technology Management (PTM), will 
determine the ongoing disposition of all supporting documentation, 
products, PSDs and cryptographic modules, and other materials used or 
generated during testing.
    During the product's life cycle, the provider may choose to use a 
different laboratory. In that event, all materials used or generated 
during testing and product evaluation must be transferred to the new 
laboratory.

[[Page 67427]]

    Upon completion of the testing, the Postal Service may require that 
any or all of the following categories of information be forwarded 
directly from the accredited laboratory to the manager, PTM:
    (a) A copy of all information that the provider gives to the 
laboratory, including a summary of all information transmitted orally.
    (b) A copy of all instructions from the provider to the testing 
laboratory with respect to what is and what is not to be tested.
    (c) Copies of all proprietary and nonproprietary reports and 
recommendations generated during the test process.
    (d) Written full disclosure identifying any contribution by the 
test laboratory to the design, development, or ongoing maintenance of 
the system.
1.2 Product Submission Procedures
    To submit a postage meter (postage evidencing system) for Postal 
Service approval, the provider will complete the following steps:
    (a) Submit a letter of intent (section 2).
    (b) Complete and sign the nondisclosure agreements (section 3).
    (c) Submit the required documentation (section 4).
    (d) Submit the postage evidencing system for evaluation (section 
5).
    (e) Enable the Postal Service to review the provider's system 
infrastructure (section 6).
    (f) Place the product into limited distribution for field testing 
(section 7), after completing any additional security testing that the 
Postal Service requires.
1.3 Additional Security Testing
    The Postal Service may choose to use resources under direct 
contract to the Postal Service to support the product review for 
additional security testing. The activities of these resources are 
independent of the testing laboratory selected by the provider and must 
be covered by nondisclosure agreements (section 3).
1.4 Product Approval Process
    When the field testing (section 7) is completed successfully, the 
Postal Service performs an administrative review of the test and 
evaluation results and, when appropriate, grants authorization to 
distribute the product, as described in section 8.
    At each stage of the product submission process, the manager, PTM, 
reserves the right to terminate testing if a review shows that the 
system as proposed will adversely impact Postal Service processes. The 
provider may resubmit the product after the problems have been 
resolved.
    The provider can avoid unnecessary delays in the review and 
evaluation process by testing the product thoroughly prior to 
submitting it to the independent testing laboratory and to the Postal 
Service. If the Postal Service determines that there are significant 
deficiencies in the product or in the required supporting materials, 
then the Postal Service will return the submission to the provider 
without reviewing it further.

2. Letter of Intent

    The provider must submit a letter of intent to Manager, Postage 
Technology Management (PTM), United States Postal Service, 1735 N. Lynn 
Street, Room 5011, Arlington, VA 22209-6050. The manager, PTM, will 
assign a point of contact to coordinate the submission and review 
process. The letter of intent must be dated and must include the 
following:
    (a) Identification (name, mailing address, e-mail address, and 
telephone number) of all parties involved in the proposed product, 
including the provider, those responsible for the product's assembly, 
product management, hardware/firmware/software development and testing, 
and any other party involved (or expected to be involved) with the 
design or construction of the product, including all suppliers of 
product components which could affect the security of Postal Service 
revenues.
    (b) Provider's business qualifications, including proof of 
financial viability and proof of the provider's ability to be 
responsive and responsible.
    (c) System concept narrative, including the provider's 
infrastructure that will support the product.
    (d) Target Postal Service market segment the proposed system is 
envisioned to serve.
    When there is a significant change to any aspect of the product 
described in the letter of intent, or of the parties involved in 
developing or producing the product, prior to submission of the concept 
of operations (section 4), the provider must revise the letter of 
intent and resubmit it.

3. Nondisclosure Agreements

    When the Postal Service uses resources under direct contract to the 
Postal Service to support the product review, the provider must 
establish a nondisclosure agreement with these resources. These 
nondisclosure agreements may require extension to third-party suppliers 
or others identified in the letter of intent (section 2). Providers are 
encouraged to share copies of nondisclosure agreements provided by the 
Postal Service with all parties identified in the letter of intent, to 
ensure that these parties will execute the agreement if needed to 
support Postal Service review of the product. Failure to sign 
nondisclosure agreements, provided by the Postal Service to support 
review activities, might adversely affect a product submission. 
Questions regarding this process should be directed to the manager, 
PTM.

4. Technical Documentation

4.1 Introduction
    The provider must submit the materials listed in the Required 
Documentation table. If the provider considers that a given requirement 
is not applicable to the product, the provider should note this in the 
document submission. The table is not meant to be an exhaustive list of 
all possible areas that need to be documented to support the evaluation 
of a postage meter (postage evidencing system). Ongoing advances and 
changes in technology and new approaches to providing postage 
evidencing can add other components that must be considered. The 
provider should submit any additional information that it considers 
necessary or desirable to describe the product fully. The independent 
testing laboratory may determine the level of detail that must be 
submitted to meet its test and evaluation requirements. The laboratory 
or the Postal Service may request additional information if needed for 
a complete evaluation.
    Documentation must be submitted to the independent laboratory and 
the Postal Service as indicated in the Required Documentation table. 
The laboratory will prepare an executive summary and submit it to the 
Postal Service when required. Documentation must be in English and must 
be formatted for standard letter size (8.5'' x 11'') paper, except for 
engineering drawings, which must be folded to letter size. Where 
appropriate, documentation must be marked as ``Confidential.'' The 
document recipient will determine the number of paper copies and the 
format of electronic copies of each document at the time of submission 
based on current technology and review requirements.
    The provider should schedule a meeting with PTM staff shortly after 
or simultaneously with the submission of technical data and the concept 
of operations to permit full discussion and understanding of the 
technical concepts being presented for evaluation. The

[[Page 67428]]

manager, PTM, will indicate Postal Service agreement or concerns 
relevant to the concept, as appropriate. However, no Postal Service 
communication or acknowledgement of receipt of documentation or other 
submission is meant to imply acceptance or approval of the concept of 
operation, of any documentation, or of the product. Approval of the 
product is granted only after the product prototype has been developed 
and testing has been successfully completed in accordance with all 
requirements of these procedures.
4.2 Required Documentation
    The following table details the documents that the provider must 
prepare. Providers are responsible for submitting any additional 
documentation the Postal Service may require during the product 
submission process. The table shows which documents must be submitted 
directly to the Postal Service and which must be submitted to the 
independent testing laboratory.

                                                                 Required Documentation
--------------------------------------------------------------------------------------------------------------------------------------------------------
                            Document/section                                 Submit to test laboratory?              Postal Service requirement
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                                             Concept of Operations (CONOPS)
--------------------------------------------------------------------------------------------------------------------------------------------------------
System overview, including:                                              Yes                                Provider submits in full. Executive summary
[sbull] Concept overview and business model                                                                  prepared by laboratory.
[sbull] Postal security device (PSD) implementation, features, and
 components, including the digital signature algorithm
[sbull] System life cycle overview
[sbull] Adherence to industry standards, such as FIPS PUB 140-1 or 140-
 2 (after May 25, 2002), as required by Postal Service
System design details, including:                                        Yes                                Executive summary prepared by laboratory.
[sbull] PSD features and functions                                                                           Laboratory report on indicium compliance
[sbull] All aspects of key management                                                                        with Postal Service requirements as given
[sbull] Client (host) system features and functions                                                          in the performance criteria.
[sbull] Other components required for system use including, but not
 limited to, the proposed indicia design and label stock
Indicium Specification for Human Readable Data                           No                                 Provider submits in full.
System life cycle, including:                                            Yes                                Provider submits in full. Executive summary
[sbull] Manufacturing                                                                                        prepared by laboratory.
[sbull] Postal Service certification of the system
[sbull] Production
[sbull] Distribution
[sbull] Meter licensing
[sbull] Initialization
[sbull] System authorization and installation
[sbull] Postage value download or resetting process
[sbull] System and support system audits
[sbull] Inspections
[sbull] Procedures for system withdrawal and replacement, including
 procedures for system malfunctions
[sbull] Procedures to destroy scrapped systems
Finance overview, including:                                             Yes                                Provider submits in full. Executive summary
[sbull] Customer account management (payment methods, statements, and                                        prepared by laboratory.
 refunds)
[sbull] Individual product finance account management (resetting or
 postage value download, refunds)
[sbull] Daily account reconciliation (provider reconciliation, Postal
 Service detailed transaction reporting)
[sbull] Periodic summaries (monthly reconciliation, other reporting as
 required by the Postal Service)
Interfaces, including:                                                   Yes                                Provider submits in full. Executive summary
[sbull] Communications and message interfaces with the Postal Service                                        prepared by laboratory.
 infrastructure for resetting or postage value downloads, refunds,
 inspections, product audits, and lost or stolen product procedures
[sbull] Communications and message interfaces with Postal Service
 financial functions for resetting or postage value downloads, daily
 account reconciliation, and refunds
[sbull] Communications and message interfaces with customer
 infrastructure for cryptographic key management, product audits, and
 inspections
[sbull] Message error detection and handling
Configuration management and detailed change control procedures for all  Yes                                Executive summary prepared by laboratory.
 components, including, but not limited to:
[sbull] Software
[sbull] Hardware and firmware
[sbull] Indicia
[sbull] Provider infrastructure
[sbull] Postal rate change procedures
[sbull] Interfaces
Physical security                                                        Yes                                Executive summary prepared by laboratory.

[[Page 67429]]

 
Personnel/site security                                                  Yes                                Executive summary prepared by laboratory.
Executable code                                                          Yes                                On request.
Source code.                                                             Yes                                On request.
Operations manuals                                                       Yes                                Executive summary prepared by laboratory.
Communications interfaces                                                Yes                                Executive summary prepared by laboratory.
Maintenance manuals                                                      Yes                                Executive summary prepared by laboratory.
Schematics                                                               Yes                                Executive summary prepared by laboratory.
Product initialization procedures                                        Yes                                Executive summary prepared by laboratory.
Finite state machine models/diagrams                                     Yes                                Executive summary prepared by laboratory.
Block diagrams                                                           Yes                                Executive summary prepared by laboratory.
Details of security features                                             Yes                                Executive summary prepared by laboratory.
Description of cryptographic operations, as required by FIPS PUB 140-1   Yes                                Executive summary prepared by laboratory.
 or 140-2 (after May 25, 2002), Appendix A
------------------------------------------------------------------------
                                                                        Test Plan
--------------------------------------------------------------------------------------------------------------------------------------------------------
Postal Service requirements                                              Yes                                Executive summary prepared by laboratory.
FIPS PUB 140-1 or 140-2 (after May 25, 2002) requirements                Yes                                Executive summary prepared by laboratory.
Physical security of provider's Internet server, administrative site,    Yes                                Executive summary prepared by laboratory.
 and firewall
Security for remote administrative access and configuration control      Yes                                Executive summary prepared by laboratory.
Secure distribution or transmission of software and cryptographic keys   Yes                                Executive summary prepared by laboratory.
Test plan for system infrastructure:                                     Yes                                Executive summary prepared by laboratory.
[sbull] Test parameters
[sbull] Infrastructure systems
[sbull] Interfaces
[sbull] Reporting requirements
Test plan for limited-distribution field tests:                          Yes                                Executive summary prepared by laboratory.
[sbull] Test parameters
[sbull] System quantities
[sbull] Geographic location
[sbull] Test participants
[sbull] Test duration
[sbull] Test milestones
[sbull] System recall plan
------------------------------------------------------------------------
                                                              Provider Infrastructure Plan
--------------------------------------------------------------------------------------------------------------------------------------------------------
Public key infrastructure                                                Yes                                Executive summary prepared by laboratory.
Procedures for enforcement of all provider-related, customer-related,    Yes                                Executive summary prepared by laboratory.
 and Postal Service-related processes, procedures, and interfaces
 discussed in CONOPS or required by Postal Service regulations
--------------------------------------------------------------------------------------------------------------------------------------------------------

5. Product Submission and Testing

5.1 General Submission Requirements
    The provider must submit complete production systems to the 
independent testing laboratory for evaluation. The laboratory will 
determine how many systems are needed for a complete evaluation. The 
provider must also provide any equipment and consumables required to 
use the submitted systems in the manner described in the CONOPS. The 
provider must also submit complete production systems, supporting 
equipment, and consumables directly to the Postal Service, if 
requested. The Postal Service may test these for compliance with Postal 
Service regulations and processes under section 6, System 
Infrastructure Testing.
5.2 Submission Requirements for Products Containing a Postal Security 
Device or Cryptographic Module
    The NVLAP-accredited cryptographic modules testing (CMT) laboratory 
must evaluate all PSDs and cryptographic modules for FIPS PUB 140-1 or 
140-2 certification, or equivalent, as authorized by the Postal 
Service. After May 25, 2002, FIPS PUB 140-2

[[Page 67430]]

certification will be required. The Postal Service requires that the 
PSD or cryptographic module receive FIPS PUB 140-1 or 140-2 
certification as it is implemented. That is, the PSD or cryptographic 
module and the installed application must be considered as a whole in 
determining whether or not it receives FIPS certification. The FIPS 
certification of the PSD or cryptographic module is dependent on the 
application. Since any certification could be in question once any 
noncertified or untested software is installed, the PSD or 
cryptographic module must be certified as it will be implemented, and 
the accredited CMT lab must reevaluate any changes that would risk the 
certification.
    Upon completing FIPS PUB 140-1 or 140-2 certification, or 
equivalent, the CMT laboratory must forward the following documentation 
directly to the manager, PTM:
    (a) A copy of the letter of recommendation for certification of the 
PSD or cryptographic module that the laboratory submitted to NIST.
    (b) A copy of the certificate, if any, issued by NIST for the PSD 
or cryptographic module.

6. System Infrastructure Testing and Provider System Security Testing

    To achieve Postal Service approval of a postage evidencing system, 
the provider must demonstrate that the system satisfies all applicable 
Postal Service regulations and reporting requirements and that it is 
compatible with Postal Service mail processing functions and all other 
functions with which the product or its users interface. The tests must 
involve all entities in the proposed architecture, including the 
postage evidencing system, the provider infrastructure, the financial 
institution, and Postal Service infrastructure systems and interfaces. 
The tests may be conducted in a laboratory environment in accordance 
with the test plan for system infrastructure testing. Test and approval 
of system infrastructure functions must be completed before the postage 
evidencing system can be field tested under section 7. The functions to 
be tested include, but are not limited to, the following:
    (a) Meter licensing, including license application, license update, 
and license revocation.
    (b) System status activity reporting.
    (c) System distribution and initialization, including system 
authorization, system initialization, customer authorization, and 
system maintenance.
    (d) Total system population inventory, including leased and 
unleased systems; new system stock; and system installation, 
withdrawal, and replacement.
    (e) Irregularity reporting.
    (f) Lost and stolen reporting.
    (g) Financial transactions, including cash management, individual 
system financial accounting, account reconciliation, and refund 
management.
    (h) Financial transaction reporting, including daily summary 
reports, daily transaction reporting, and monthly summary reports.
    (i) System initialization.
    (j) Cryptographic key changes and public key management.
    (k) Postal rate table changes.
    (l) Print quality assurance.
    (m) Device authorization.
    (n) Postage evidencing system examination and inspection, including 
physical and remote inspections.
    In addition to testing the system infrastructure, the Postal 
Service must be assured that the provider's support systems and 
infrastructure are secure and not vulnerable to security breaches. This 
will require site reviews of provider manufacturing, distribution, and 
other support facilities, and reviews of network security and system 
access controls.

7. Limited-Distribution Field Test

    To achieve Postal Service approval of a postage evidencing system, 
the provider must demonstrate that the system satisfies all applicable 
Postal Service processing and interface requirements in a real-world 
environment. This is achieved by placing a limited number of systems in 
distribution for field testing. The Postal Service will determine the 
number of systems to be tested. The test will be conducted in 
accordance with the Postal Service-approved test plan for limited-
distribution field testing. The purpose of the limited-distribution 
field test is to demonstrate the product's utility, security, audit and 
control, functionality, and compatibility with other systems, including 
mail entry, acceptance, and processing when in use. The field test will 
employ available communications and will interface with current 
operational systems to exercise all system functions.
    The manager, PTM, will review the executive summary of the 
provider-proposed test plan for limited-distribution field testing. The 
review will be based on, but not limited to, the assessed revenue risk 
of the system, system impact on Postal Service operations, and 
requirements for Postal Service resources. Approval may be based in 
whole or in part on the anticipated mail volume, mail characteristics, 
and mail origination and destination patterns of the proposed system. 
For systems designed for use by an individual meter user, product users 
engaged in field testing must be approved by the Postal Service before 
they are allowed to participate in the test. These participants must 
sign a nondisclosure/confidentiality agreement when reporting system 
security, audit and control issues, deficiencies, or failures to the 
provider and the Postal Service. This requirement does not apply to 
users of systems designed for public use.

8. Postage Evidencing System Approval

    Postal Service approval of the postage meter (postage evidencing 
system) is based on the results of an administrative review of the 
materials and test results generated during the product submission and 
approval process. In preparation for the administrative review, the 
provider must update all documentation submitted in compliance with 
these procedures to ensure accuracy. When approval is granted, the 
Postal Service will prepare a product approval letter detailing the 
conditions under which the specific product may be manufactured, 
distributed, and used. The provider must submit the following materials 
for the Postal Service administrative review:
    (a) Materials prepared for the Postal Service by the independent 
testing laboratory.
    (b) The final certificate of evaluation from the NVLAP laboratory, 
where required.
    (c) The results of system infrastructure testing.
    (d) The results of field testing of a limited number of systems.
    (e) The results of any other Postal Service testing of the system.
    (f) The results of provider site security reviews.

9. Intellectual Property

    Providers submitting postage evidencing systems to the Postal 
Service for approval are responsible for obtaining all intellectual 
property licenses that may be required to distribute their product in 
commerce and to allow the Postal Service to process mail bearing the 
indicia produced by the product.

Stanley F. Mires,
Chief Counsel, Legislative.
[FR Doc. 02-28039 Filed 11-4-02; 8:45 am]
BILLING CODE 7710-12-P