Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Public Working Group

READ-ONLY SITE MATERIALS: Historical voting TWiki site (2015-2020) ARCHIVED from


The new VVSG is a nimble set of high level principles that will be supplemented by accompanying requirements for how systems can meet the new guidelines and obtain certification. The supplemental requirements will also detail test assertions for how the accredited test laboratories will validate that the system complies with those requirements.

The new VVSG structure is anticipated to be:

  • Principles: High level system design goals;
  • Guidelines: Broad description of the functions that make up a voting system;
  • Requirements: Technical details necessary for manufacturers to design devices that meet the principles and guidelines of a voting system;
  • Test Assertions: Technical specifications required for laboratories to test a voting system against the requirements.

The NIST Voting System CyberSecurity Working Group is for the discussion and development of guidance for voting system cybersecurity-related issues, including various aspects of security controls and auditing capabilities. The guidance will inform the development of requirements for the Election Assistance Commission (EAC) Voluntary Voting System Guidelines (VVSG).



  • Identifying Security Objectives and Principles

    Main Topic: SecurityObjectives

    Identify critical high-level voting system security objectives to structure our work. Examine related requirements from the VVSG 1.1, the draft VVSG 2.0, and other general computer security guidelines to help us develop the list of objectives.

  • Investigate Priority Election Use Cases (Complete)

    Main Topic: UseCasesSecurity

    Initial topics include:
    • Electronic Pollbooks
    • Ballot Delivery
    • Ballot-on-Demand
    • Ballot Marking
    • Auditing
    • Election Night Reporting
  • Collect/Develop Best Practices

    Main Topic: SecurityBestPractices

    Provide election officials with security best practices tailored for voting systems, identifying actionable security controls and procedures that can be implemented by jurisdictions.

  • Identifying and Prioritizing Risks

    Collect, discuss and analyze information on risks in voting systems in order to identify and prioritize issues that should be addressed in the next VVSG.

VVSG 2.0 Draft Requirements

The following are draft requirements under development, organized by VVSG 2.0 Prinicples & Guidelines.

Prinicple 2 - High Quality Implementation

Principle 9 - Auditable

Principle 10 - Ballot Secrecy

Principle 11 - Access Control

Principle 12 - Physical Security

Principle 13 - Data Protection

Principle 14 - System Integrity

Principle 15 - Detection & Monitoring

Open Areas:

This is a list of open areas within the VVSG 2.0 draft requirements.


VVSG 2.0 DRAFT Testing Strategies

We will develop testing guidance for the VVSG 2.0 security requirements.

Methodology document for developing testing guidance.

PA VOTING SYSTEM SECURITY STANDARD: This document is Attachment E to the Directive for electronic voting systems by Pennsylvania's Department of State. It includes test specifications for testing and analysis of Pennsylvania's voting systems.


Analysis of the 2007 VVSG DRAFT Recommendations

Copies of draft and final gap analysis documents are located here.



Ballot Secrecy

System Event Logs

Communication Security

Physical Security


Setup Inspection

Software Installation

Access Control

System Integrity Management

Potential Areas for Voluntary Best Practices for Security

In no particular order:

  • Electronic signature verification

  • Provisional ballot and qualification in question handling
  • Use of public telecom
  • Indicators of compromise for voting systems
  • Compliance audits
  • Risk limiting audits
  • Cryptographic key and password management


Meeting Information:

Cybersecurity Working Group Call

Please join my meeting from your computer, tablet or smartphone.

You can also dial in using your phone.
United States: +1 (571) 317-3122

Access Code: 790-412-477

The schedule for the Working Group is:

Every Friday from 2-3:30pm.

(Schedule updated 06/07/2019)

The first NIST Voting System CyberSecurity Working Group teleconference was on August 11th, 2016 from 11:00AM-12:00PM Eastern Time.



Name: David Wagner

Email: daw [at] (daw[at]cs[dot]berkeley[dot]edu)

Affiliation: Univ. of California, Berkeley

Agency Lead

Name: Gema Howell

Email: gema.howell [at] (Gema[dot]Howell[at]nist[dot]gov)

Affiliation: NIST



Participation in this Working Group is open to all interested parties. There are no membership fees.


List of regular telecon participants include, but are not limited to:

  • Gema Howell, NIST
  • Jessica Bowers, EAC
  • Lynn Garland
  • Steven Blachman, Hart
  • Aaron Wilson, CIS
  • Neal McBurnett, ElectionAudits
  • Lauren Massa Lochridge
  • Trevor Timmons, Colorado Secretary of State's Office
  • Paul Hain, Election Systems & Software
  • Susan Greenhalgh, Verified Voting
  • Joel Franklin, ES&S
  • John Dziurlaj, Hilton Roscoe
  • John McCarthy, Verified Voting
  • Marc Schneider, MITRE
  • Bernie Hirsch, MicroVote
  • Josh Benaloh, Microsoft
  • Jared Marcotte, The Turnout


Email List

Email List Name: vvsg-cybersecurity

To join the list or find more information about list policies and related procedures, please visit the VVSG Working Group Lists page.


Meeting Archive

Notes from past meetings are available on the CybersecurityMeetingArchives page.


Relevant Documents

Reference relevant documents here.

Ballot Casting Assurance: Ben Adida & C. Andrew Neff

Public Evidence from Secret Ballots: Matthew Bernhard, Josh Benaloh, J. Alex Halderman, Ronald L. Rivest, Peter Y. A. Ryan, Philip B. Stark, Vanessa Teague, Poorvi L. Vora, & Dan S. Wallach

DEFCON Voting Machine Hacking Village Report: Matt Blaze, Jake Braun, Harri Hursti, Joseph Lorenzo Hall, Margaret MacAlpine, & Jeff Moss

In-depth Discussion on 17 Functions from February 2017 TGDC Meeting: Brian Hancock & Ryan Macias

Voluntary Voting System Guidelines (VVSG) Recommendations to the Election Assistance Commission - 2007: Prepared at the Direction of the TGDC

Evidence-Based Elections: P.B. Stark & D.A. Wagner

On the Notion of Software Idependence: Ronald L. Rivest & John P. Wack

A Gentle Introduction to Risk-limiting Audits: Mark Lindeman & Philip B. Stark

Machine-Assisted Election Auditing: Joseph A. Calandrino, J. Alex Halderman, & Edward W. Felten

Risks of E-Voting: Matt Bishop & David Wagner

Election Operations Assessment - Threat Trees and Matrices: University of South Alabama / EAC

Voting: What Has Changed, What Hasn't, & Why - Research Bibliography: CALTECH/MIT Voting Technology Project

Voluntary Voting System Guidelines (VVSG) 1.1 - 2015

Voluntary Voting System Guidelines Recommendations to the Election Assistance Commission (Informally VVSG 2007)


Voting TWiki Archive (2015-2020): read-only, archived wiki site, National Institute of Standards and Technology (NIST)


This page, and related pages, represent archived materials (pages, documents, links, and content) that were produced and/or provided by members of public working groups engaged in collaborative activities to support the development of the Voluntary Voting System Guidelines (VVSG) 2.0. These TWiki activities began in 2015 and continued until early 2020. During that time period, this content was hosted on a Voting TWiki site. That TWiki site was decommissioned in 2020 due to technology migration needs. The TWiki activities that generated this content ceased to operate actively through the TWiki at the time the draft VVSG 2.0 was released, in February of 2020. The historical pages and documents produced there have been archived now in read-only, static form.

  • The archived materials of this TWiki (including pages, documents, links, content) are provided for historical purposes only.
  • They are not actively maintained.
  • They are provided "as is" as a public service.
  • They represent the "work in progress" efforts of a community of volunteer members of public working groups collaborating from late 2015 to February of 2020.
  • These archived materials do not necessarily represent official or peer-reviewed NIST documents nor do they necessarily represent official views or statements of NIST.
  • Unless otherwise stated these materials should be treated as historical, pre-decisional, artifacts of public working group activities only.
  • NIST does not warrant or make any representations regarding the correctness, accuracy, reliability or usefulness of the archived materials.


This wiki was a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these archived TWiki materials. Further, NIST does not endorse any commercial products that may be mentioned in these materials. Archived material on this TWiki site is made available to interested parties for informational and research purposes. Materials were contributed by Participants with the understanding that all contributed material would be publicly available.  Contributions were made by Participants with the understanding that that no copyright or patent right shall be deemed to have been waived by such contribution or disclosure. Any data or information provided is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, users of these materials will be leaving NIST webspace. Links to other websites were provided because they may have information that would be of interest to readers of this TWiki. No inferences should be drawn on account of other sites being referenced, or not referenced, from this page or these materials. There may be other websites or references that are more appropriate for a particular reader's purpose.


Created August 28, 2020, Updated February 5, 2021