Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Cybersecurity Public Working Group
READ-ONLY SITE MATERIALS: Historical voting TWiki site (2015-2020) ARCHIVED from https://collaborate.nist.gov/voting/bin/view/Voting
Purpose
The new VVSG is a nimble set of high level principles that will be supplemented by accompanying requirements for how systems can meet the new guidelines and obtain certification. The supplemental requirements will also detail test assertions for how the accredited test laboratories will validate that the system complies with those requirements.
The new VVSG structure is anticipated to be:
- Principles: High level system design goals;
- Guidelines: Broad description of the functions that make up a voting system;
- Requirements: Technical details necessary for manufacturers to design devices that meet the principles and guidelines of a voting system;
- Test Assertions: Technical specifications required for laboratories to test a voting system against the requirements.
The NIST Voting System CyberSecurity Working Group is for the discussion and development of guidance for voting system cybersecurity-related issues, including various aspects of security controls and auditing capabilities. The guidance will inform the development of requirements for the Election Assistance Commission (EAC) Voluntary Voting System Guidelines (VVSG).
Objectives
- Identifying Security Objectives and Principles
Main Topic: SecurityObjectives
Identify critical high-level voting system security objectives to structure our work. Examine related requirements from the VVSG 1.1, the draft VVSG 2.0, and other general computer security guidelines to help us develop the list of objectives.
- Investigate Priority Election Use Cases (Complete)
Main Topic: UseCasesSecurity
Initial topics include:- Electronic Pollbooks
- Ballot Delivery
- Ballot-on-Demand
- Ballot Marking
- Auditing
- Election Night Reporting
- Collect/Develop Best Practices
Main Topic: SecurityBestPractices
Provide election officials with security best practices tailored for voting systems, identifying actionable security controls and procedures that can be implemented by jurisdictions. -
Identifying and Prioritizing Risks
Collect, discuss and analyze information on risks in voting systems in order to identify and prioritize issues that should be addressed in the next VVSG.
VVSG 2.0 Draft Requirements
The following are draft requirements under development, organized by VVSG 2.0 Prinicples & Guidelines.
Prinicple 2 - High Quality Implementation
- Software Requirements (Clean) - Draft - March 27, 2019
- Software Requirements (Tracked Changed) - Draft, May 24, 2018
- Software Requirements - Draft, May 9, 2018
Principle 9 - Auditable
- Auditable Requirements (Clean) - Draft, March 22, 2019
- Auditable Requirements (Clean) - Draft, April 23, 2018
- Auditable Requirements (Tracked Changed) - Draft, April 23, 2018
- Auditable Requirements (Track Changes) - Draft, December 12, 2018
- Auditable Requirements - Draft, December 12, 2017
- Auditable Requirements - Draft, December 1, 2017
- Early Risk Limiting Audit Requirements - Draft, November 17, 2017
- Early Software Independence Requirements - Draft, October 20, 2017
- Early Software Independence Requirements - Draft, October 6, 2017
Principle 10 - Ballot Secrecy
- Ballot Secrecy Requirements (Clean) - Draft, March 20, 2019
- Ballot Secrecy Requirements (Clean) - Draft, April 23, 2018
- Ballot Secrecy Requirements (Tracked Changed) - Draft, April 23, 2018
- Ballot Secrecy Requirements - Draft, January 17, 2018
- Ballot Secrecy Comments - February 1, 2018
- Ballot Secrecy Requirements - Draft, January 5, 2018
Principle 11 - Access Control
- Access Control Requirements (Clean) - Draft, March 21, 2019
- Access Control Requirements (Clean) - Draft, April 23, 2018
- Access Control Requirements (Tracked Changed) - Draft, April 23, 2018
- Access Control Requirements - Draft, February 14, 2018
- Access Control Requirements - Draft, February 1, 2018
- Access Control Comments - February 1, 2018
- Access Control Requirements - Draft, January 17, 2018
Principle 12 - Physical Security
- Physical Security (Clean) - Draft, March 20, 2019
- Physical Security (Clean) - Draft, April 23, 2018
- Physical Security Requirements - Draft, January 3, 2018
- Physical Security Requirements - Draft, December 15, 2017
Principle 13 - Data Protection
- Data Protection (Clean) - Draft, March 21, 2019
- Data Protection (Clean) - Draft, April 23, 2018
- Data Protection Requirements (Tracked Changed) - Draft, April 23, 2018
- Data Protection Requirements - Draft, March 21, 2018
Principle 14 - System Integrity
- System Integrity Requirements (Clean) - Draft, March 22, 2019
- System Integrity Requirements (Clean) - Draft, April 23, 2018
- System Integrity Requirements (Tracked Changes) - Draft, April 23, 2018
- System Integrity Requirements - Draft, February 14, 2018
- System Integrity Comments - February 14, 2018
- System Integrity Requirements - Draft, January 29, 2018
Principle 15 - Detection & Monitoring
- Detection & Monitoring Requirements (Clean) - Draft, March 22, 2019
- Detection & Monitoring Requirements (Clean) - Draft, April 23, 2018
- Detection & Monitoring Requirements - Draft, February 28, 2018
Open Areas:
This is a list of open areas within the VVSG 2.0 draft requirements.
- Ballot Barcodes & Encoding Schemes
- Barcode Open Area Overview; Barcode Use Case Analysis - September 2019
- DRAFT August 21, 2019
- DRAFT August 15, 2019
- DRAFT July 2, 2019
- DRAFT Req Suggestions July 2, 2019
- DRAFT June 21, 2019
- DRAFT Req Suggestions June 21, 2019
- DRAFT June 14, 2019
- DRAFT March 29, 2019
- DRAFT March 19, 2019
- DRAFT February 28, 2019
- Indirect Voter Associations (IVAs)
- Wireless Technology /Internet Connectivity
- Wireless/Internet Open Area Overview; Wireless/Internet Use Case Analysis - September 2019
- DRAFT August 23, 2019
- DRAFT August 21, 2019
- DRAFT August 2, 2019 - (Primay focus and updates on pages 4-9)
- DRAFT July 19, 2019
- Cryptographic End-to-End Systems
VVSG 2.0 DRAFT Testing Strategies
We will develop testing guidance for the VVSG 2.0 security requirements.
Methodology document for developing testing guidance.
PA VOTING SYSTEM SECURITY STANDARD: This document is Attachment E to the Directive for electronic voting systems by Pennsylvania's Department of State. It includes test specifications for testing and analysis of Pennsylvania's voting systems.
Analysis of the 2007 VVSG DRAFT Recommendations
Copies of draft and final gap analysis documents are located here.
- Preliminary 2007 VVSG Security Gap Analysis
- February 13, 2017 TGDC Presentation on Security Principles & Guidelines
Auditability
- 2007 VVSG Auditing Requirements - Final, June 20, 2017
- 2007 VVSG Auditing Requirements - Draft, June 12, 2017
- 2007 VVSG Auditing Requirements - Draft, June 1, 2017
- 2007 VVSG Auditing Requirements Gap Analysis
- Draft Post Election Outcomes Audit Types
- Draft Risk Limiting Audits Requirements
- February 13, 2017 TGDC Presentation on Auditability
Ballot Secrecy
- 2007 VVSG Ballot Secrecy Requirements - Final, June 21, 2017
- 2007 VVSG Ballot Secrecy Requirements - Draft, June 12, 2017
- 2007 VVSG Ballot Secrecy Requirements Gap Analysis
System Event Logs
- 2007 VVSG System Event Log Requirements - Final, July 12, 2017
- 2007 VVSG System Event Log Requirements - Draft, June 12, 2017
- 2007 VVSG System Event Log Requirements Gap Analysis
Communication Security
- 2007 VVSG Communication Security Requirements - Final, October 11, 2017
- 2007 VVSG Communication Security Requirements - Draft, June 26, 2017
- 2007 VVSG Communication Security Requirements Gap Analysis
Physical Security
- 2007 VVSG Physical Security Requirements - Final July 12, 2017
- 2007 VVSG Physical Security Requirements - Draft, June 26, 2017
- 2007 VVSG Physical Security Requirements Gap Analysis
Cryptography
- 2007 VVSG Cryptography Requirements - Final, October 11, 2017
- 2007 VVSG Cryptography Requirements - Draft, July 12, 2017
- 2007 VVSG Cryptography Requirements Gap Analysis
Setup Inspection
- 2007 VVSG Setup Inspection Requirements - Final, October 20, 2017
- 2007 VVSG Setup Inspection Requirements - Draft, August 7, 2017
- 2007 VVSG Setup Inspection Requirements Gap Analysis
Software Installation
- 2007 VVSG Software Installation Requirements - Final, October 20, 2017
- 2007 VVSG Software Installation Requirements - Draft, August 7, 2017
- 2007 VVSG Software Installation Requirements Gap Analysis
Access Control
- 2007 VVSG Access Control Requirements - Final, December 07, 2017
- 2007 VVSG Access Control Requirements - Draft, September 21, 2017
- 2007 VVSG Access Control Requirements Gap Analysis
System Integrity Management
- 2007 VVSG System Integrity Requirements - Final, December 07, 2017
- 2007 VVSG System Integrity Requirements - Draft, September 21, 2017
- 2007 VVSG System Integrity Requirements Gap Analysis
Potential Areas for Voluntary Best Practices for Security
In no particular order:
-
Electronic signature verification
- Provisional ballot and qualification in question handling
- Use of public telecom
- Indicators of compromise for voting systems
- Compliance audits
- Risk limiting audits
- Cryptographic key and password management
Logistics
Meeting Information:
Cybersecurity Working Group Call
Please join my meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/790412477
You can also dial in using your phone.
United States: +1 (571) 317-3122
Access Code: 790-412-477
The schedule for the Working Group is:
Every Friday from 2-3:30pm.
(Schedule updated 06/07/2019)
The first NIST Voting System CyberSecurity Working Group teleconference was on August 11th, 2016 from 11:00AM-12:00PM Eastern Time.
Officers
Chair
Name: David Wagner
Email: daw [at] cs.berkeley.edu (daw[at]cs[dot]berkeley[dot]edu)
Affiliation: Univ. of California, Berkeley
Agency Lead
Name: Gema Howell
Email: gema.howell [at] nist.gov (Gema[dot]Howell[at]nist[dot]gov)
Affiliation: NIST
Members
Participation in this Working Group is open to all interested parties. There are no membership fees.
List of regular telecon participants include, but are not limited to:
- Gema Howell, NIST
- Jessica Bowers, EAC
- Lynn Garland
- Steven Blachman, Hart
- Aaron Wilson, CIS
- Neal McBurnett, ElectionAudits
- Lauren Massa Lochridge
- Trevor Timmons, Colorado Secretary of State's Office
- Paul Hain, Election Systems & Software
- Susan Greenhalgh, Verified Voting
- Joel Franklin, ES&S
- John Dziurlaj, Hilton Roscoe
- John McCarthy, Verified Voting
- Marc Schneider, MITRE
- Bernie Hirsch, MicroVote
- Josh Benaloh, Microsoft
- Jared Marcotte, The Turnout
Email List
Email List Name: vvsg-cybersecurity
To join the list or find more information about list policies and related procedures, please visit the VVSG Working Group Lists page.
Meeting Archive
Notes from past meetings are available on the CybersecurityMeetingArchives page.
Relevant Documents
Reference relevant documents here.
Ballot Casting Assurance: Ben Adida & C. Andrew Neff
Public Evidence from Secret Ballots: Matthew Bernhard, Josh Benaloh, J. Alex Halderman, Ronald L. Rivest, Peter Y. A. Ryan, Philip B. Stark, Vanessa Teague, Poorvi L. Vora, & Dan S. Wallach
DEFCON Voting Machine Hacking Village Report: Matt Blaze, Jake Braun, Harri Hursti, Joseph Lorenzo Hall, Margaret MacAlpine, & Jeff Moss
In-depth Discussion on 17 Functions from February 2017 TGDC Meeting: Brian Hancock & Ryan Macias
Voluntary Voting System Guidelines (VVSG) Recommendations to the Election Assistance Commission - 2007: Prepared at the Direction of the TGDC
Evidence-Based Elections: P.B. Stark & D.A. Wagner
On the Notion of Software Idependence: Ronald L. Rivest & John P. Wack
A Gentle Introduction to Risk-limiting Audits: Mark Lindeman & Philip B. Stark
Machine-Assisted Election Auditing: Joseph A. Calandrino, J. Alex Halderman, & Edward W. Felten
Risks of E-Voting: Matt Bishop & David Wagner
Election Operations Assessment - Threat Trees and Matrices: University of South Alabama / EAC
Voting: What Has Changed, What Hasn't, & Why - Research Bibliography: CALTECH/MIT Voting Technology Project
Voluntary Voting System Guidelines (VVSG) 1.1 - 2015
Voting TWiki Archive (2015-2020): read-only, archived wiki site, National Institute of Standards and Technology (NIST)
ARCHIVE SITE DESCRIPTION AND DISCLAIMER
This page, and related pages, represent archived materials (pages, documents, links, and content) that were produced and/or provided by members of public working groups engaged in collaborative activities to support the development of the Voluntary Voting System Guidelines (VVSG) 2.0. These TWiki activities began in 2015 and continued until early 2020. During that time period, this content was hosted on a Voting TWiki site. That TWiki site was decommissioned in 2020 due to technology migration needs. The TWiki activities that generated this content ceased to operate actively through the TWiki at the time the draft VVSG 2.0 was released, in February of 2020. The historical pages and documents produced there have been archived now in read-only, static form.
- The archived materials of this TWiki (including pages, documents, links, content) are provided for historical purposes only.
- They are not actively maintained.
- They are provided "as is" as a public service.
- They represent the "work in progress" efforts of a community of volunteer members of public working groups collaborating from late 2015 to February of 2020.
- These archived materials do not necessarily represent official or peer-reviewed NIST documents nor do they necessarily represent official views or statements of NIST.
- Unless otherwise stated these materials should be treated as historical, pre-decisional, artifacts of public working group activities only.
- NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY.
- NIST does not warrant or make any representations regarding the correctness, accuracy, reliability or usefulness of the archived materials.
ARCHIVED VOTING TWIKI SITE MATERIALS
This wiki was a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these archived TWiki materials. Further, NIST does not endorse any commercial products that may be mentioned in these materials. Archived material on this TWiki site is made available to interested parties for informational and research purposes. Materials were contributed by Participants with the understanding that all contributed material would be publicly available. Contributions were made by Participants with the understanding that that no copyright or patent right shall be deemed to have been waived by such contribution or disclosure. Any data or information provided is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, users of these materials will be leaving NIST webspace. Links to other websites were provided because they may have information that would be of interest to readers of this TWiki. No inferences should be drawn on account of other sites being referenced, or not referenced, from this page or these materials. There may be other websites or references that are more appropriate for a particular reader's purpose.