Postage Meter Testing and Certifications

AEGISOLVE conducts certification testing to provide independent and unbiased third-party assurance that network-connected postage meter devices can meet industry accepted best security practices when installed and configured properly. Postage meter devices are verified to meet a set of testable requirements, which are publicly available.  

Explore our postage meter testing and certification by submitting an inquiry below.

Get Started

Summary of Requirements

To attain certification the postage meter must pass a rigorous set of tests to verify that each of the following requirements are met:

  • The postage meter uses industry accepted standards-based security protocols, which provide confidentiality, integrity, and authenticity for network-based communications.
  • Standard-based cryptographic algorithms with sufficient strength that meet standards bodies recommendations are employed.
  • No sensitive information is exposed in any non-secure communications.
  • Strong administrative and user authentication is enforced, where applicable.
  • If supported, logging is accurate and provides sufficient detail for authentication and other notable events.
  • If remote device upgrades are supported, the postage meter relies on the secure communication capability to download the software upgrade.
  • Known remotely exploitable vulnerabilities have been mitigated in the certified version listed in this report.

Certification testing does not necessarily determine that any identified features and functions of the product(s) under test, the overall product(s) under test, or any untargeted features and functions of the product(s) under test are free from security vulnerabilities or whether other relevant aspects operate adequately or correctly.

Network-Connected Postage Meter Test Methodology

  1. Cryptographic algorithms (and related strengths) used to satisfy any of the other requirements herein SHALL meet industry accepted standards and/or practices (for example, IETF RFCs, cryptographic algorithms and key strengths).
    a. The Product Under Test (PUT) SHALL have the capability to disable any other algorithms or cryptographic mechanisms that do not satisfy this requirement.
  2. The PUT SHALL provide confidentiality, integrity, and authenticity protection for all sensitive data in transit (for example, authentication credentials, customer information).
    a. Security protocols used to satisfy this requirement SHALL be based on industry accepted standards, for example TLS, IPsec.
  3. If the PUT supports administrative or user authentication, it SHALL support and enforce a strong authentication mechanism(s) that cannot be trivially circumvented.
  4. If the PUT supports logging, authentication events SHALL be logged with the associated user and a timestamp when the event occurred and be available for later retrieval.
  5. If the PUT supports remote upgrade capabilities, the protection of the related remote upgrade communication SHALL meet the security protocol and cryptographic algorithm requirements herein.
  6. The PUT SHALL have the capability to mitigate any known exploitable security vulnerabilities.

Postage Meter Certificates

The following postage meters have been tested and certified by AEGISOLVE.

Pitney Bowes
SendPro C-Series
Mailing Version: #:2243
SendProTM Version: 2.0.114DBuild #:20113
Base SW Version: 03.03.1046
Pitney Bowes
SendPro Mail Center
APP Version: 00.12.0057.0000
Qt Version: 5.15.0
RTM Version: 08.05
DSDD Version: 06.00.0041.0000

Cybersecurity testing services

Fast - Easy - Direct

Get Started with Your Postage Meter Certification

Get updates from AEGISOLVE

News, publications, cybersecurity, FIPS, and DCI updates, and more