Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Test Assertions for VVSG 1.0 Section 7.2.1.2, August 2015
Requirement 7.2.1.2
VVSG 1.0 Requirement 7.2.1.2: Vendors shall provide a detailed description of all system access control measures designed to permit authorized access to the system and prevent unauthorized access. Examples of such measures include:
a. Use of data and user authorization
b. Program unit ownership and other regional boundaries
c. One-end or two-end port protection devices
d. Security kernels
e. Computer-generated password keys
f. Special protocols
g. Message encryption
h. Controlled access security
Vendors also shall define and provide a detailed description of the methods used to prevent unauthorized access to the access control capabilities of the system itself.
Test Assertions
TA7212-1: The TDP SHALL contain a detailed description of all system access control measures designed to permit authorized access to the voting system.
TA7212-2: The TDP SHALL contain a detailed description of all system access control measures designed to prevent unauthorized access to the voting system.
TA7212a-1: The description of measures designed to permit authorized access to the system and/or prevent unauthorized access MAY include use of data and user authorization.
TA7212b-1: The description of measures designed to permit authorized access to the system and/or prevent unauthorized access MAY include program unit ownership and other regional boundaries.
TA7212c-1: The description of measures designed to permit authorized access to the system and/or prevent unauthorized access MAY include one-end or two-end port protection devices.
TA7212d-1: The description of measures designed to permit authorized access to the system and/or prevent unauthorized access MAY include security kernels.
TA7212e-1: The description of measures designed to permit authorized access to the system. and/or prevent unauthorized access MAY include computer-generated password keys.
TA7212f-1: The description of measures designed to permit authorized access to the system and/or prevent unauthorized access MAY include special protocols.
TA7212g-1: The description of measures designed to permit authorized access to the system and/or prevent unauthorized access MAY include message encryption.
TA7212h-1: The description of measures designed to permit authorized access to the system and/or prevent unauthorized access MAY include controlled access security.
TA7212i-1: The description of measures designed to permit authorized access to the system and/or prevent unauthorized access MAY include any other types of access control measures implemented that are not included in the previous test assertions.
TA7212-3: The TDP SHALL contain a description of the methods used to prevent unauthorized access to the access control capabilities of the system itself.
Operational Definitions
access control – The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).
(source: http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf)