Draft Test Assertions for VVSG 1.0 Section 7.4.1 (Tabular Format), August 2015

Requirement

Assertion(s)

VVSG 1.0 Requirement 7.4.1: The system shall meet the following requirements for installation of software, including hardware with embedded firmware.

a. If software is resident in the system as firmware, the vendor shall require and state in the system documentation that every device is to be retested to validate each ROM prior to the start of elections operations.

b. To prevent alteration of executable code, no software shall be permanently installed or resident in the voting system unless the system documentation states that the jurisdiction must provide a secure physical and procedural environment for the storage, handling, preparation, and transportation of the system hardware.

c. The voting system bootstrap, monitor, and device-controller software may be resident permanently as firmware, provided that this firmware has been shown to be inaccessible to activation or control by any means other than by the authorized initiation and execution of the vote counting program, and its associated exception handlers.

d. The election-specific programming may be installed and resident as firmware, provided that such firmware is installed on a component (such as a computer chip) other than the component on which the operating system resides.

e. After initiation of election day testing, no source code or compilers or assemblers shall be resident or accessible.

TA741a-1: IF any voting system software is resident in the voting system as firmware THEN every device SHALL verify the integrity of each programmable read only memory device (including but not limited to ROM, EPROM, EEPROM, embedded flash).

TA741a-1a: The TDP SHALL document the methods for performing this verification and state that it be conducted before election operations begin.

TA741b-1: IF any voting system software is permanently resident in the voting system THEN the system documentation, contained within the TDP, SHALL state that the jurisdiction SHALL provide a secure physical environment for the storage, handling, preparation, and transportation of the system hardware.

TA741b-2: IF any voting system software is permanently resident in the voting system THEN the system documentation, contained within the TDP, SHALL state that the jurisdiction SHALL provide a secure procedural environment for the storage, handling, preparation, and transportation of the system hardware.

TA741c-1: IF the system bootstrap is permanently stored as firmware, THEN software other than the vote-counting-program and associated exception handlers SHALL NOT be able to tamper with the system bootstrap.

TA741c-2: IF the system monitor is permanently stored as firmware, THEN software other than the vote-counting-program and associated exception handlers SHALL NOT be able to tamper with the system monitor.

TA741c-3: IF the device-controller software is permanently stored as firmware, THEN software other than the vote-counting-program and associated exception handlers SHALL NOT be able to tamper with the device-controller software.

TA741d-1: IF election-specific programming is resident as firmware THEN such firmware SHALL NOT be installed on the component on which the operating system resides.

TA741e-1: IF election day testing has been initiated THEN source code SHALL NOT be resident in the voting system.

TA741e-2: IF election day testing has been initiated THEN compilers SHALL NOT be resident in the voting system.

TA741e-3: IF election day testing has been initiated THEN assemblers SHALL NOT be resident in the voting system.