Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Test Assertions for VVSG 1.1, Volume 1, Section 7.2.2, September 23, 2016

VVSG 1.1, Vol 1, Requirement 7.2.2: Access Control Identification

Identification requirements provide controls for accountability when operating and administering a voting system.

  1. The voting system shall identify users, roles and/or processes to which access is granted and the specific functions and data to which each entity holds authorized access.
  2. Voting system equipment that implement role-based access control shall support the recommendations for Core RBAC in the ANSI INCITS 359-2004 American National Standard for Information Technology- Role Based Access Control document.
  3. Voting system equipment shall allow the administrator group or role to configure the permissions and functionality for each identity, group, or role to include account and group/role creation, modification, and deletion.

 

Test Assertions

TA722a-1: IF users are used in a voting system, THEN the voting system SHALL identify each user to which access is granted.

TA722a-2: IF users are used in a voting system, THEN the voting system SHALL identify each role to which access is granted.

TA722a-3: IF users are used in a voting system, THEN the voting system SHALL identify each process to which access is granted.

TA722a-4: The voting system SHALL identify the specific functions to which each of the above entities holds authorized access.

TA722a-5: The voting system SHALL identify all the data to which each of the above entities holds authorized access.

TA722b-1: IF a voting system equipment implements role-based access control THEN it SHALL conform to the recommendations for Core RBAC in the ANSI INCITS 359-2004 American National Standard for Information Technology- Role Based Access Control document.

TA722c-1: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include account creation.

TA722c-2: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include account modification.

TA722c-3: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include account deletion.

TA722c-4: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include group/role creation.

TA722c-5: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include group/role modification.

TA722c-6: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include group/role deletion.

TA722c-7: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include account creation.

TA722c-8: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include account modification.

TA722c-9: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include account deletion.

TA722c-10: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include group/role creation.

TA722c-11: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include group/role modification.

TA722c-12: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include group/role deletion.

 

Operational Definitions

Access control: The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).

(source: http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf)

 

Created September 22, 2016, Updated October 19, 2016