Section 7 of the VVSG 1.0 contains requirements for security. NIST has completed a set of draft test assertions for the security requirements of Section 7. Section 7 includes, but is not limited to, access control, software setup and validation, polling place security, and use of public telecommunications networks.
Test assertions are measurable expressions that must be tested in order to evaluate conformance of an implementation (in this case a voting system) to a requirement. The goal of creating these test assertions is to make clear, to testing laboratories and manufacturers of voting systems, exactly what conditions of each requirement in the VVSG need to be tested in order to be certified by the Election Assistance Commission (EAC). Different testing laboratories, using this set of test assertions, should arrive at the same pass/fail results for each requirement in the VVSG, thus helping to ensure uniformity in testing among testing laboratories. These test assertions were developed by NIST and distributed to EAC and testing laboratories for their comments. This version of the test assertions has incorporated all applicable laboratory and EAC comments.
In developing these assertions, we first examined the VVSG 1.0 requirement. If the requirement was general, vague or ambiguous, we examined the discussion section of the VVSG 1.0 requirement as well as the equivalent VVSG 1.1 requirement for further guidance. We included information from these sources as SHALLs (mandatory conditions) in the test assertions only if they helped clarify the VVSG 1.0 requirement in question.
NIST has previously completed a draft set of test assertions for the usability and accessibility requirements of Section 3.
A complete version of the VVSG 1.0 can be found at http://www.eac.gov/testing_and_certification/voluntary_voting_system_guidelines.aspx.
These posted security test assertions have already incorporated changes from the comments received and constitute the final version.
Test Assertions for VVSG 1.0, section 7, subsections: