Summary Tabular Format
Requirement | Assertion(s) |
VVSG 1.1, Vol 1, Requirement 7.7.5: Protecting the Voting System Physical security measures to prevent access to a voting system are not possible when using a wireless communications interface because there is no discrete physical communications path that can be secured. a. The security requirements in Subsection 2.1.1 shall be applicable to systems with wireless communications. b. The accuracy requirements in Subsection 2.1.2 shall be applicable to systems with wireless communications. c. The use of wireless communications that may cause impact to the system accuracy through electromagnetic stresses is prohibited. d. The error recovery requirements in Subsection 2.1.3 shall be applicable to systems with wireless communications. e. All wireless communications actions shall be logged.
DISCUSSION: Other information such as the number of frames or packets transmitted or received at various logical layers may be useful, but is dependent on the wireless technology used. f. Device authentication shall occur before any access to, or services from, the voting system are granted through wireless communications. DISCUSSION: Authentication is an important element to protect the security of wireless communications. Authentication verifies the identity and legitimacy of users, devices, and services.
|
|
| TA775a-1: IF a Voting System contains wireless communications capabilities THEN it SHALL conform to VVSG 1.1, Section 2.1.1, including subsections a through g.
|
| TA775b-1: IF a Voting System contains wireless communications capabilities THEN it SHALL conform to VVSG 1.1, Subsection 2.1.2, including subsections a through g. |
| TA775c-1: IF it is possible for a wireless communication to cause impact to the system accuracy through electromagnetic stresses THEN voting systems SHALL NOT use that wireless communication. |
| TA775d-1: IF a Voting System contains wireless communications capabilities THEN it SHALL conform to VVSG 1.1, Subsection 2.1.3, including subsections a through c. |
| TA775e-1: IF a Voting System contains wireless communications capabilities THEN all wireless communications actions SHALL be logged. |
| TA775ei-1: The log SHALL contain, but not be limited to, the following entries:
|
| TA775ei-2: The log MAY contain the following entries:
|
| TA775f-1: IF a Voting System contains wireless communications capabilities THEN device authentication SHALL occur before any access to the voting system is granted through wireless communications. |
| TA775f-2: IF a Voting System contains wireless communications capabilities THEN device authentication SHALL occur before any services from the voting system are granted through wireless communications. |
| TA775fi-1: User authentication SHALL be at least level 2 as per NIST Special Publication 800-63-2, Electronic Authentication Guideline. |
| TA775fi-1-1: The password MAY be a randomly generated string consisting of 6 or more digits, a user generated string consisting of 8 or more characters chosen from an alphabet of 90 or more characters, or a secret with equivalent entropy. |
| TA775fi-1-2: The voting system SHALL implement dictionary or composition rules to constrain user generated passwords. |