Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Appendix B: References and End Notes

Appendix B: References and End Notes


American National Standard for Methods of Measurement of Compatibility between Wireless Communication Devices and Hearing Aids, ANSI C63.19-2001.


ANSI/TIA-968-A: 2002, Technical Requirements for Connection of Terminal Equipment to the Telephone Network.


ANSI C84.1:2006, Electric Power Systems and Equipment—Voltage Ratings (60 Hertz).


CISPR 22 Ed. 5.2 b: 2006, Information technology equipment - Radio disturbance characteristics - Limits and methods of measurement. 


ANSI C63.16:1993, American National Standard Guide for Electrostatic Discharge Test – Methodology and Criteria for Electronic Equipment.


CISPR 24 Ed. 1.0 b: 1999, Information technology equipment - Immunity characteristics - Limits and methods of measurement. 


Boris Beizer, Software System Testing and Quality Assurance, Van Nostrand Reinhold Company, 1984.


California Volume Reliability Testing Protocol rev. January 31, 2006-01-31. Available from


CERT® Coordination Center, Secure Coding homepage,, July 2006.


Capability Maturity Model Integration,, July 2006.


Department of Homeland Security, Build Security In,, July 2006.


U.S. Election Assistance Commission, Quick Start Management Guide for Ballot Preparation/Printing and Pre-Election Testing, October 2006. Available from


U.S. Election Assistance Commission, Quick Start Management Guide for Voting System Security, October 2006. Available from


U.S. Election Assistance Commission, Testing and Certification Program Manual, Version 1.0, December 5, 2006. Available from


Benjamin Epstein and Milton Sobel, "Sequential Life Tests in the Exponential Case," Annals of Mathematical Statistics, v. 26, n. 1, March 1955, pp. 82-93.


Title 47, Part 15, Rules and Regulations of the Federal Communications Commission, Radio Frequency Devices: 2000.


Title 47, Part 68, Rules and Regulations of the Federal Communications Commission, Connection of Terminal Equipment to the Telephone Network: 2000.


Performance and Test Standards for Punchcard, Marksense, and Direct Recording Electronic Voting Systems, January 1990 edition with April 1990 revisions, in Voting System Standards, U.S. Government Printing Office, 1990.14 Available from


T.E. Grebe, "Application of Distribution Systems Capacitor Banks and their Impact on Power Quality," IEEE Transactions IA-32, May-June 1996. Available from IEEE.


The Help America Vote Act of 2002, Public Law 107-252. Available from


C. A. R. Hoare, "An Axiomatic Basis for Computer Programming," Communications of the ACM, v. 12, n. 10, October 1969, pp. 576-580, 583.


IEEE 100:2000 The Authoritative Dictionary of IEEE Standard Terms, Seventh Edition. 


IEEE Std. C62.41.1™:2002 IEEE Guide on the Surge Environment in Low-Voltage (1000 V and less) AC Power Circuits.


IEEE Std. C62.41.2™:2002 IEEE Recommended Practice on Characterization of Surges in Low-Voltage (1000V and Less) AC Power Circuits.  


IEEE Std. C62.45™:2002 IEEE Recommended Practice on Surge Testing for Equipment Connected to Low-Voltage (1000V and Less) AC Power Circuits


IEEE Std. 1100™:2005 IEEE Recommended Practice for Powering and Grounding Electronic Equipment. 


IEEE Std. 587™:1980 IEEE Guide for Surge Voltages in Low-Voltage AC Power Circuits. 


IEEE Std. C62.41™:1991 Recommended Practice for Surge Voltages in Low-Voltage AC Power Circuits. 


IEEE Std. 519™:1992 519-1992 IEEE Recommended Practices and Requirements for Harmonic Control in Electrical Power Systems.


IEEE/EIA 12207.1-1997, Industry implementation of International Standard ISO/IEC 12207:1995—(ISO/IEC 12207) standard for information technology—software life cycle processes—life cycle data. 


IEEE Std 829-1998, IEEE standard for software test documentation.


ISO 9001:2000, Quality management systems – Requirements. 


ISO/IEC TR 15942:2000, Information technology—Programming languages—Guide for the use of the Ada programming language in high integrity systems. 


ISO/IEC 61000-4-2:2001, Electromagnetic compatibility (EMC) - Part 4-2: Testing and measurement techniques - Electrostatic discharge immunity test. 


ISO 18921:2002, Imaging materials—Compact discs (CD-ROM)—Method for estimating the life expectancy based on the effects of temperature and relative humidity.


ISO 10007:2003, Quality management systems – Guidelines for configuration management. 


ISO/IEC 14882:2003, Programming languages—C


ISO/IEC 23270:2003, Information technology—C# language specification. Superseded by [ISO06].


ISO 8601:2004, Data elements and interchange formats—Information interchange—Representation of dates and times. 


ISO 17000:2004, Conformity assessment—Vocabulary and general principles.


ISO/IEC 61000-4-4:2004 Electromagnetic compatibility (EMC) - Part 4-3. Testing and measurement techniques – Electrical fast transient/burst immunity test.


ISO 9000:2005, Quality management systems – Fundamentals and vocabulary. 


ISO/IEC 23270:2006, Information technology—Programming languages—C#. 


ISO/IEC 61000-4-3:2006, Electromagnetic compatibility (EMC) - Part 4-3. Testing and measurement techniques - Radiated, radio-frequency, electromagnetic field immunity test. 


ISO/IEC 61000-4-6:2006 Electromagnetic compatibility (EMC) - Part 4-6: Testing and measurement techniques - Immunity to conducted disturbances, induced by radio-frequency fields. 


ISO/IEC 61000-4-12:2006 Electromagnetic compatibility (EMC) - Part 4-12: Testing and measurement techniques – Ring wave immunity test.


ISO/IEC 61000-4-21:2003 Electromagnetic compatibility (EMC) - Part 4-21. Testing and measurement techniques - Reverberation chamber test methods. 


ISO/IEC 25062:2006 Common Industry Format (CIF) for Usability Test Reports. 


ISO/IEC 8652:1987, Programming languages—Ada. Superseded by [ISO95].


ISO/IEC 9899:1990, Programming languages—C. Superseded by [ISO99].


ISO 9706:1994, Information and documentation—Paper for documents—Requirements for permanence. 


ISO/IEC 8652:1995, Information technology—Programming languages—Ada. 


ISO/IEC 61000-2-5:1995, Electromagnetic compatibility (EMC) - Part 2-5: Environment – Classification of electromagnetic environments.


ISO/IEC 14882:1998, Programming languages—C. Superseded by [ISO03a].


ISO 9241-11:1998, Ergonomic requirements for office work with visual display terminals (VDTs) -- Part 11: Guidance on usability.


ISO/IEC 9899:1999, Programming languages—C. 


ITI (CBEMA) Curve, Information Technology Industry Council (ITI):2000. Available from ITI,


The Java Language Specification, Third Edition, 2005. Available from


T.S. Key and F.D. Martzloff, "Surging the Upside-Down House: Looking into Upsetting Reference Voltages," PQA'94 Conference, Amsterdam, Netherlands, 1994. Accessible on-line at the NIST-hosted SPD Anthology – Part 5,


Request For Proposal #08455, Kansas, 2005-05-16. Available from, July 2006.


Philippe A. Martin, Petri Net Linear Form (PNLF), in "Using PIPE and Woflan (and the Petri Net Linear Form)," May 9, 2007,


MIL-STD-810-D, Environmental Test Methods and Engineering Guidelines, 1983-7-19.


MIL-STD-1521B (USAF) Technical Reviews and Audits for Systems, Equipments [sic], and Computer Software, rev. December 19, 1985.


MIL-HDBK-781A, Handbook for Reliability Test Methods, Plans, and Environments for Engineering, Development, Qualification, and Production, April 1, 1996.


MISRA-C:2004: Guidelines for the use of the C language in critical systems, MIRA Limited, U.K., November 2004.


F. L. Morris and C. B. Jones, "An Early Program Proof by Alan Turing," IEEE Annals of the History of Computing, v. 6, n. 2, April 1984, pp. 139-143.


M. R. Moulding, "Designing for high integrity: the software fault tolerance approach," Section 3.4. In C. T. Sennett, ed., High-Integrity Software, Plenum Press, New York and London, 1989.


Request For Proposal #3443, Mississippi, Apreil 28, 2005. Available from, 2006-07. (THIS DOCUMENT IS NO LONGER AVAILABLE)


Paul Vick, The Microsoft® Visual Basic® Language Specification, Version 8.0, 2005. Available from Microsoft Download Center,


Request for Proposals #108.6-03-001, North Dakota, October 31, 2003. Available from, 2006-01-26.


National Electrical Code (NFPA 70):2005. Available from NFPA,


Nevada Gaming Commission and State Gaming Control Board, Technical Standards for Gaming Devices and On-Line Slot Systems, March 2006. Available from


National Institute of Standards and Technology Special Publication 800-41: Guidelines on Firewalls and Firewall Policy, Revised Sept 2009. Available from


Fred R. Byers, Care and Handling of CDs and DVDs—A Guide for Librarians and Archivists, National Institute of Standards and Technology Special Publication 500-252, 2003-10. Available from


Recommended Security Controls for Federal Information Systems, National Institute of Standards and Technology Special Publication 800-53, 2005-02. Available from


National Institute of Standards and Technology Special Publication 800-70: Security Configuration Checklist Program for IT Products – Guidance for Checklists Users and Developers, Revised Feb. 2011. Available from


Peter Mell, Karen Kent, Joseph Nusbaum, National Institute of Standards and Technology Special Publication 800-83: Guide to Malware Incident Prevention and Handling, November 2005. Available from


William Burr, Donna Dodson, W. Timothy Polk, National Institute of Standards and Technology Special Publication 800-63: Electronic Authentication Guideline, April 2006. Available from


Karen Kent, Murugiah Souppaya, National Institute of Standards and Technology Special Publication 800-92: Guide to Computer Security Log Management, September 2006. Available from


Karen Scarfone, Peter Mell, National Institute of Standards and Technology Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems, February 2007. Available from


OASIS EML v5.0 Committee Draft, Organization for the Advancement of Structured Information Standards (OASIS), March 2007. Available from


UML 2.0 Superstructure Specification, October 8, 2004,


New Shorter Oxford English Dictionary, Clarendon Press, Oxford, 1993.


IEEE Draft Standard for the Evaluation of Voting Equipment, draft P1583/D5.3.2b, April 1, 2004. Unpublished.


IEEE Draft Standard for Voting Systems Electronic Data Interchange version 01.003. Information Available from


Matt Pietrek, "A Crash Course on the Depths of Win32™ Structured Exception Handling," Microsoft Systems Journal, January 1997. Available from


F. J. Redmill, Ed., Dependability of Critical Computer Systems 1, Elsevier Applied Science, London and New York, 1988.


Ronald R. Rivest and John P. Wack, "On the notion of "software independence" in voting systems," July 28, 2006. 


Joel Scambray, Stuart McClure, George Kurtz, Hacking Exposed: Network Security Secrets and Solutions, Second Edition, 2001.


CEXCEPT (exception handling in C), software package, 2000. Available from


Telcordia GR-1089:2006, Electromagnetic Compatibility and Electrical Safety - Generic Criteria for Network Telecommunications Equipment. Available from Telcordia,


2004 Presidential General Election Review Lessons Learned. Available from


UL 437:2003, Standard for Key Locks. (2003).


UL 60950-1:2005, Information Technology Equipment – Safety – Part 1: General Requirements.


UL 943:2006, Standard for Safety for Ground-Fault Circuit-Interrupters. 


Solicitation #DG5502, Utah, 2004-07-09. Available from, January 27, 2006. (THIS DOCUMENT IS NO LONGER AVAILABLE FROM THE UTAH.GOV SITE)


Valgrind home page,, July 2006.


2002 Voting Systems Standards. Available from


Voluntary Voting System Guidelines Version I Initial Report, May 9, 2005


2005 Voluntary Voting System Guidelines, Version 1.0, March 6, 2006. Available from


Abraham Wald, Sequential Analysis, John Wiley & Sons, 1947.



End Notes



[1] Visual Basic 8 does not support named block exit, but it does support specifying the kind of block (do loop, for loop, while loop, select, subroutine, function, etc.) from which to exit, which need not be the innermost block.

[2] Specific equipment and materials are identified in order to describe certain procedures. In no case does such identification imply recommendation or endorsement, nor does it imply that the materials or equipment identified are necessarily the best available for the purpose.

[3] A prerequisite for device-level certification would be prescribing a system architecture so that the responsibilities of each device and the interfaces between those devices could be well-specified. Such prescription is undesirable. More importantly, even with a prescribed architecture, a device-level certification would provide no assurance that any particular system that included that component would function as specified. That assurance can only be obtained by evaluating the complete system in the configuration in which it is to be deployed.

[4] Portions of this section are derived from Section of [P1583].

[5] This material is from an unapproved draft of a proposed IEEE Standard, P1583. As such, the material is subject to change in the final standard. Because this material is from an unapproved draft, the IEEE recommends that it not be utilized for any conformance/compliance purposes. It is used at your own risk.

[6] Portions of this section are derived from Sections and of [P1583].

[7] In mathematical jargon, the word domain would be more appropriate than range for input variables; however, "range checking" is the common programming jargon.

[8] These values are derived from category 3K3 of IEC 60721-3-3, which is described as, the product operating in a temperature-controlled enclosed location where the humidity is not controlled. Further, the product is not subject to condensed water or water from other sources.

[9] A compromised device could be programmed to give the correct answers during logic and accuracy testing but behave differently after polls are opened. This kind of fraud is detected and prevented through other means, beginning with the design review specified in Part 3 Section 4.3 and Requirement part1:6.1-A and continuing with setup validation and routine audits.

[10] The reasons that ranked order voting is not handled are discussed in Part 1 Section

[11] A system conforming to the Write-ins class is required to be capable of counting and reporting totals for all candidates that are written in by voters. In some states, write-in votes are not counted unless they exactly match one of a list of registered, accepted write-in candidates. Voting systems may support reporting options that meet the requirements of such states without disruption to the counting logic.

[12] The test lab may rely on media manufacturers' specifications for data retention or life expectancy if accelerated testing results are not available. See also [NIST03], [ISO94] and [ISO02].

[13] Requirement part1:6.6-A.3 and Requirement part1:6.6-A.4 indicate acceptable designs.

[14] The 1990 Voting System Standards package also included "A Plan for Implementing the FEC Voting System Standards," "System Escrow Plan for the Voting System Standards Program," and "A Process for Evaluating Independent Test Authorities."

Created September 28, 2010, Updated May 24, 2017