READ-ONLY SITE MATERIALS: Historical voting TWiki site (2015-2020) ARCHIVED from https://collaborate.nist.gov/voting/bin/view/Voting
The new VVSG is a nimble set of high level principles that will be supplemented by accompanying requirements for how systems can meet the new guidelines and obtain certification. The supplemental requirements will also detail test assertions for how the accredited test laboratories will validate that the system complies with those requirements.
The new VVSG structure is anticipated to be:
The NIST Voting System CyberSecurity Working Group is for the discussion and development of guidance for voting system cybersecurity-related issues, including various aspects of security controls and auditing capabilities. The guidance will inform the development of requirements for the Election Assistance Commission (EAC) Voluntary Voting System Guidelines (VVSG).
Main Topic: SecurityObjectives
Identify critical high-level voting system security objectives to structure our work. Examine related requirements from the VVSG 1.1, the draft VVSG 2.0, and other general computer security guidelines to help us develop the list of objectives.
Main Topic: SecurityBestPractices
Provide election officials with security best practices tailored for voting systems, identifying actionable security controls and procedures that can be implemented by jurisdictions.
Identifying and Prioritizing Risks
Collect, discuss and analyze information on risks in voting systems in order to identify and prioritize issues that should be addressed in the next VVSG.
The following are draft requirements under development, organized by VVSG 2.0 Prinicples & Guidelines.
Prinicple 2 - High Quality Implementation
Principle 9 - Auditable
Principle 10 - Ballot Secrecy
Principle 11 - Access Control
Principle 12 - Physical Security
Principle 13 - Data Protection
Principle 14 - System Integrity
Principle 15 - Detection & Monitoring
This is a list of open areas within the VVSG 2.0 draft requirements.
We will develop testing guidance for the VVSG 2.0 security requirements.
Methodology document for developing testing guidance.
PA VOTING SYSTEM SECURITY STANDARD: This document is Attachment E to the Directive for electronic voting systems by Pennsylvania's Department of State. It includes test specifications for testing and analysis of Pennsylvania's voting systems.
Copies of draft and final gap analysis documents are located here.
System Event Logs
System Integrity Management
In no particular order:
Electronic signature verification
Cybersecurity Working Group Call
Please join my meeting from your computer, tablet or smartphone.
You can also dial in using your phone.
United States: +1 (571) 317-3122
Access Code: 790-412-477
The schedule for the Working Group is:
Every Friday from 2-3:30pm.
(Schedule updated 06/07/2019)
The first NIST Voting System CyberSecurity Working Group teleconference was on August 11th, 2016 from 11:00AM-12:00PM Eastern Time.
Name: David Wagner
Email: daw [at] cs.berkeley.edu (daw[at]cs[dot]berkeley[dot]edu)
Affiliation: Univ. of California, Berkeley
Name: Gema Howell
Email: gema.howell [at] nist.gov (Gema[dot]Howell[at]nist[dot]gov)
Participation in this Working Group is open to all interested parties. There are no membership fees.
Email List Name: vvsg-cybersecurity
To join the list or find more information about list policies and related procedures, please visit the VVSG Working Group Lists page.
Notes from past meetings are available on the CybersecurityMeetingArchives page.
Reference relevant documents here.
Ballot Casting Assurance: Ben Adida & C. Andrew Neff
Public Evidence from Secret Ballots: Matthew Bernhard, Josh Benaloh, J. Alex Halderman, Ronald L. Rivest, Peter Y. A. Ryan, Philip B. Stark, Vanessa Teague, Poorvi L. Vora, & Dan S. Wallach
DEFCON Voting Machine Hacking Village Report: Matt Blaze, Jake Braun, Harri Hursti, Joseph Lorenzo Hall, Margaret MacAlpine, & Jeff Moss
In-depth Discussion on 17 Functions from February 2017 TGDC Meeting: Brian Hancock & Ryan Macias
Voluntary Voting System Guidelines (VVSG) Recommendations to the Election Assistance Commission - 2007: Prepared at the Direction of the TGDC
Evidence-Based Elections: P.B. Stark & D.A. Wagner
On the Notion of Software Idependence: Ronald L. Rivest & John P. Wack
A Gentle Introduction to Risk-limiting Audits: Mark Lindeman & Philip B. Stark
Machine-Assisted Election Auditing: Joseph A. Calandrino, J. Alex Halderman, & Edward W. Felten
Risks of E-Voting: Matt Bishop & David Wagner
Election Operations Assessment - Threat Trees and Matrices: University of South Alabama / EAC
Voting: What Has Changed, What Hasn't, & Why - Research Bibliography: CALTECH/MIT Voting Technology Project
ARCHIVE SITE DESCRIPTION AND DISCLAIMER
This page, and related pages, represent archived materials (pages, documents, links, and content) that were produced and/or provided by members of public working groups engaged in collaborative activities to support the development of the Voluntary Voting System Guidelines (VVSG) 2.0. These TWiki activities began in 2015 and continued until early 2020. During that time period, this content was hosted on a Voting TWiki site. That TWiki site was decommissioned in 2020 due to technology migration needs. The TWiki activities that generated this content ceased to operate actively through the TWiki at the time the draft VVSG 2.0 was released, in February of 2020. The historical pages and documents produced there have been archived now in read-only, static form.
ARCHIVED VOTING TWIKI SITE MATERIALS
This wiki was a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these archived TWiki materials. Further, NIST does not endorse any commercial products that may be mentioned in these materials. Archived material on this TWiki site is made available to interested parties for informational and research purposes. Materials were contributed by Participants with the understanding that all contributed material would be publicly available. Contributions were made by Participants with the understanding that that no copyright or patent right shall be deemed to have been waived by such contribution or disclosure. Any data or information provided is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, users of these materials will be leaving NIST webspace. Links to other websites were provided because they may have information that would be of interest to readers of this TWiki. No inferences should be drawn on account of other sites being referenced, or not referenced, from this page or these materials. There may be other websites or references that are more appropriate for a particular reader's purpose.