1 / 17

NIST Voting Program

NIST Voting Program. Barbara Guttman 12/6/07 www.vote.nist.gov. NIST “Help America Vote Act” Responsibilities. Chair Technical Guidelines Development Committee (TGDC) Provide technical support to TGDC in the development of voluntary voting system guidelines including

stacia
Télécharger la présentation

NIST Voting Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NIST Voting Program Barbara Guttman 12/6/07 www.vote.nist.gov

  2. NIST “Help America Vote Act” Responsibilities Chair Technical Guidelines Development Committee (TGDC) Provide technical support to TGDC in the development of voluntary voting system guidelines including Recommend independent labs to the EAC for accreditation

  3. TGDC Background • Created by HAVA • 15 members, different disciplines • Chaired by NIST Director • NIST performs research and technical support • Delivers recommendations to the EAC Voting Program Activities Update

  4. NIST/TGDC Committee Structure & Coordination TGDC resolution (July ‘04) established 3 subcommittees: Security and Transparency (STS) Human Factors and Privacy (HFP) Core Requirements and Testing (CRT) Each subcommittee has NIST staff assigned to it

  5. NIST & the TGDC • NIST performs research for the TGDC • TGDC makes recommendations to the EAC • NIST does the technical writing of the VVSG Voting Program Activities Update

  6. NIST/TGDC Activities July 2004: 1st plenary session of TGDC May 2005: Provided initial recommendations for voting system guidelines (VVSG 2005) Sep 2007: Provided next set of recommendations for voting system guidelines (Next VVSG)

  7. Why are there two versions of the VVSG? • HAVA required initial recommendations from the TGDC in 9 months • VVGS 2005 limited due to timeframe – incremental improvement to the 2002 VSS • There was a need to develop comprehensive, updated requirements for voting systems • Therefore, TGDC developed two versions: • VVSG 2005 is an update of the VSS 2002 • Next VVSG is a complete re-write Voting Program Activities Update

  8. What is in the Next VVSG? • Complete re-write of VVSG 2005 in all areas • Usability and Accessibility • Security • Core Requirements Voting Program Activities Update

  9. VVSG Major Re-Organization Part 1: Equipment Requirements Part 2: Documentation Requirements Part 3: Testing Requirements in Parts 1 and 2 reference general test methods in Part 3 Voting Program Activities Update

  10. Walk Through of Requirements • Human Factors & Privacy • Usability, Accessibility, Other • Security & Transparency • SI, Innovation Class, IVVR, Other • Core Requirements & Testing • Reliability, COTS, Other Voting Program Activities Update

  11. Software Independence • Voting systems must be SI • Accuracy of the election must not rely exclusively on the accuracy of the voting system software • Accuracy of the system’s electronic records will be able to be independently audited against an independent voter-verified record (IVVR) • Systems that do this currently are paper-based e.g., optical scan, VVPAT Voting Program Activities Update

  12. Innovation Class • Next VVSG includes an Innovative Class • The VVSG will allow for developers to create new and innovative, possibly paperless, voting system approaches that would still be independently auditable and conform to the next VVSG • This may include newer, cryptographic-based systems that potentially promise greater usability and accessibility as well as security Voting Program Activities Update

  13. Other Security • Radio-Frequency (RF) wireless is no longer permitted for use on voting systems • Requirements for test labs to conduct open-ended vulnerability testing on voting systems to search for vulnerabilities • Requirements to digitally sign electronic records for integrity and to identify each record by machine and election • Requirements for all software to be digitally signed and verified before being permitted to load or run on voting system • Other security areas: access control, auditing, event logging, and physical security Voting Program Activities Update

  14. Reliability Benchmarks • Voting system quality, reliability (MTBF), and accuracy requirements updated • To improve voting system design and testing techniques • To ensure that voting systems are robust and work properly • Replaced MTBF method with volume testing (based on CA’s) • Worked with NASED to develop number and types of allowed failures Voting Program Activities Update

  15. COTS • COTS testing requirements re-written • To make clearer whether to exclude certain COTS products from in-depth source code reviews • Definition of unmodified COTS narrowed • Modified COTS grouped into several categories, each with its own testing requirements Voting Program Activities Update

  16. Other Core Requirements • Conventions for software coding were examined • E.g., requiring software languages that contain improved integrity and security constructs • To promote quality systems, requirements for vendors to comply with ISO 9000/9001 • Updated electrical, clarified requirements for all voting activities Voting Program Activities Update

  17. Discussion Voting Program Activities Update

More Related