Requirement 7.2.1.1
VVSG 1.0 Requirement 7.2.1.1: Voting system vendors shall:
a. Identify each person to whom access is granted, and the specific functions and data to which each person holds authorized access
b. Specify whether an individual's authorization is limited to a specific time, time interval or phase of the voting or counting operations
c. Permit the voter to cast a ballot expeditiously, but preclude voter access to all aspects of the vote counting processes
Test Assertions
TA7211a-1: The voting system SHALL identify each person to whom access is granted.
TA7211a-1-1: The voting system SHALL identify the specific functions for each person.
TA7211a-1-2: The voting system SHALL identify the data to which each person holds authorized access.
TA 7211a-1-3: The voting system SHOULD identify each process to which access is granted.
TA7211a-1-4: The voting device SHOULD prevent a lower-privileged process from modifying a higher-privileged process.
TA 7211b-1: The voting system SHALL specify IF a person's authorization is limited to EITHER: a) A specific time of the voting or counting operations; OR b) a time interval of the voting or counting operations; OR c) a phase of the voting or counting operations
TA7211c-1: The voting system SHALL allow a voter to cast a ballot promptly.
TA7211c-2: While casting the ballot promptly, the voting system SHALL preclude voters from accessing any aspect of the vote counting process THAT is not already made public.
Operational Definitions
access control – The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).
(source: http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf)