Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Objectives

READ-ONLY SITE MATERIALS: Historical voting TWiki site (2015-2020) ARCHIVED from

Security Principles

These security principles were derived from the requirements found in the VVSG 1.1 ( Vol 1Vol 2) and the 2007 Recommendations to the TGDC (previously known as the VVSG 2.0).


Principle Name Principle Descriptions & Guidelines
Auditability The voting system is auditable and enables evidence-based elections
  An undetected error or fault in the voting system’s software or hardware is not capable of causing an undetectable change in election results
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.
  Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
  The voting system supports efficient audits.
Ballot Secrecy The voting systems protects the secrecy of voters’ ballot selections.
  Ballot secrecy is maintained throughout the voting process.
  Records, notifications, and other election artifacs produced by the voting system do not reveal the intent, choices, or selections of any identifiable voter.
Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
  The voting system identifies users, roles and/or processes to which access is granted and the specific functions and data to which each entity holds authorized access.
  The voting system supports authentication mechanisms and allows administrators to configure them.
  Default access control policies enforce the principle of least privilege.
Physical Security The voting system prevents or detects attempts to tamper with voting system hardware.
  Any unauthorized physical access to the voting system, ballot box, ballots, or other hardware, leaves physical evidence.
  Voting systems only expose physical ports and access points that are essential to voting operations, testing, or auditing.
Data Protection The voting system protects sensitive data from unauthorized access, modification, or deletion.
  Voting systems prevent unauthorized access to or manipulation of configuration data, cast vote records, transmitted data, or audit records.
  The source and integrity of electronic tabulation reports are verifiable.
  All cryptographic algorithms are public, well-vetted, and standardized.
  Voting systems protect the integrity, authenticity and confidentiality of sensitive data transmitted over all networks.
Software Integrity Voting systems prevent the unauthorized installation or modification of firmware, software, and critical configuration files.
  Only software that is digitally signed by the appropriate authorities is installed on the voting system.
  The authenticity and integrity of software updates must be verified by the voting system prior to installation and authorized by an administrator.
The voting system provides mechanisms to detect and remediate anomalous or malicious behavior.
  Voting system equipment records important activities through event logging mechanisms, which are stored in a format suitable for automated processing.
  The voting system generates, stores, and reports to the user or election official, all error messages as they occur.
  Voting systems employ mechanisms to protect against malware.
  If the voting system contains networking capabilities, it employs appropriate modern defenses against network-based attacks.


Voting TWiki Archive (2015-2020): read-only, archived wiki site, National Institute of Standards and Technology (NIST)


This page, and related pages, represent archived materials (pages, documents, links, and content) that were produced and/or provided by members of public working groups engaged in collaborative activities to support the development of the Voluntary Voting System Guidelines (VVSG) 2.0. These TWiki activities began in 2015 and continued until early 2020. During that time period, this content was hosted on a Voting TWiki site. That TWiki site was decommissioned in 2020 due to technology migration needs. The TWiki activities that generated this content ceased to operate actively through the TWiki at the time the draft VVSG 2.0 was released, in February of 2020. The historical pages and documents produced there have been archived now in read-only, static form.

  • The archived materials of this TWiki (including pages, documents, links, content) are provided for historical purposes only.
  • They are not actively maintained.
  • They are provided "as is" as a public service.
  • They represent the "work in progress" efforts of a community of volunteer members of public working groups collaborating from late 2015 to February of 2020.
  • These archived materials do not necessarily represent official or peer-reviewed NIST documents nor do they necessarily represent official views or statements of NIST.
  • Unless otherwise stated these materials should be treated as historical, pre-decisional, artifacts of public working group activities only.
  • NIST does not warrant or make any representations regarding the correctness, accuracy, reliability or usefulness of the archived materials.


This wiki was a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these archived TWiki materials. Further, NIST does not endorse any commercial products that may be mentioned in these materials. Archived material on this TWiki site is made available to interested parties for informational and research purposes. Materials were contributed by Participants with the understanding that all contributed material would be publicly available.  Contributions were made by Participants with the understanding that that no copyright or patent right shall be deemed to have been waived by such contribution or disclosure. Any data or information provided is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, users of these materials will be leaving NIST webspace. Links to other websites were provided because they may have information that would be of interest to readers of this TWiki. No inferences should be drawn on account of other sites being referenced, or not referenced, from this page or these materials. There may be other websites or references that are more appropriate for a particular reader's purpose.


Created August 28, 2020, Updated February 5, 2021