U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory

Voting

Test Assertions for VVSG 1.1, Volume 1, Section 7.2.2, September 23, 2016

Share

VVSG 1.1, Vol 1, Requirement 7.2.2: Access Control Identification

Identification requirements provide controls for accountability when operating and administering a voting system.

  1. The voting system shall identify users, roles and/or processes to which access is granted and the specific functions and data to which each entity holds authorized access.
  2. Voting system equipment that implement role-based access control shall support the recommendations for Core RBAC in the ANSI INCITS 359-2004 American National Standard for Information Technology- Role Based Access Control document.
  3. Voting system equipment shall allow the administrator group or role to configure the permissions and functionality for each identity, group, or role to include account and group/role creation, modification, and deletion.

 

Test Assertions

TA722a-1: IF users are used in a voting system, THEN the voting system SHALL identify each user to which access is granted.

TA722a-2: IF users are used in a voting system, THEN the voting system SHALL identify each role to which access is granted.

TA722a-3: IF users are used in a voting system, THEN the voting system SHALL identify each process to which access is granted.

TA722a-4: The voting system SHALL identify the specific functions to which each of the above entities holds authorized access.

TA722a-5: The voting system SHALL identify all the data to which each of the above entities holds authorized access.

TA722b-1: IF a voting system equipment implements role-based access control THEN it SHALL conform to the recommendations for Core RBAC in the ANSI INCITS 359-2004 American National Standard for Information Technology- Role Based Access Control document.

TA722c-1: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include account creation.

TA722c-2: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include account modification.

TA722c-3: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include account deletion.

TA722c-4: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include group/role creation.

TA722c-5: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include group/role modification.

TA722c-6: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the permissions for each identity, group, or role to include group/role deletion.

TA722c-7: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include account creation.

TA722c-8: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include account modification.

TA722c-9: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include account deletion.

TA722c-10: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include group/role creation.

TA722c-11: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include group/role modification.

TA722c-12: Voting system equipment SHALL allow the administrator group OR SHALL allow the administrator role to configure the functionality for each identity, group, or role to include group/role deletion.

 

Operational Definitions

Access control: The process of granting or denying specific requests to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities (e.g., federal buildings, military establishments, border crossing entrances).

(source: http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf)

 

Information technology and Voting systems
Created September 22, 2016, Updated October 19, 2016