Difference: AuditingSecurity (1 vs. 4)

Revision 42016-09-12 - AndrewRegenscheid

Line: 1 to 1
 
META TOPICPARENT name="UseCasesSecurity"

Auditing- Security Use Case

Line: 18 to 18
 
  • Integrity: High (CVRs, tabulator reports), otherwise Moderate
  • Availability: High (CVRs, tabulator reports), otherwise Moderate
Notes:
Changed:
<
<
  • placeholder
>
>
  • Auditing potentially covers a wide variety of different tasks:
    • Auditing Cast Vote Records and Tabulator Reports
    • Checking voting system audit logs for anomalies
    • Verifying election process checklists
    • Ballot accounting and reconciliation
  • Including Auditing in-scope could could mean:
    • Does the system produce records to support auditing?
    • What are the proper procedures to conduct particular audits?
  • System support would largely depend on the audit that need to be supported.
 

VVSG Security Gap Analysis

Applicability of the VVSG 1.1 and/or draft VVSG 2.0

Changed:
<
<
  • placeholder
>
>
  • VVSG 1.1: Minimal guidelines on system support within VVPAT and Electronic Reports
  • VVSG 2.0: Minimal guidelines on system support within VVPAT and Electronic Reports
 Estimated Level-of-Effort to Address
Changed:
<
<
  • Polling
>
>
  • System Support: Moderate- While system requirements should be relatively straight-forward to develop, initial activities must determine what types of audits should be supported.
  • Audit Procedures: Moderate-to-Significant- This would be a new area that has not been addresed by the VVSG or TGDC, but there are existing resourses that could be collected.
 Gap Areas
Changed:
<
<
  • Placeholder
>
>
  • Revisit types of audits that should be supported by voting systems (i.e., Section 4 of the draft VVSG 2.0)

Related Resources

 

Comments

<--/commentPlugin-->

Revision 32016-09-12 - AndrewRegenscheid

Line: 1 to 1
 
META TOPICPARENT name="UseCasesSecurity"

Auditing- Security Use Case

Line: 10 to 10
 Information Types:
  • Cast Vote Records
  • Tabulator reports
Added:
>
>
  • Pollbooks
  • Audit Logs
  • Election process logs/checklists
 Security Objectives and Impact Levels
Changed:
<
<
  • Confidentiality: Low
  • Integrity: Moderate
  • Availability: Moderate
>
>
  • Confidentiality: Low-to-Moderate
  • Integrity: High (CVRs, tabulator reports), otherwise Moderate
  • Availability: High (CVRs, tabulator reports), otherwise Moderate
 Notes:
  • placeholder

VVSG Security Gap Analysis

Revision 22016-08-30 - AndrewRegenscheid

Line: 1 to 1
 
META TOPICPARENT name="UseCasesSecurity"

Auditing- Security Use Case

Changed:
<
<
Article text.
>
>
This topic is for discussions of security-related issues associated with the AuditingUseCase
 
Changed:
<
<
-- Andrew Regenscheid - 2016-08-22
>
>

Security Considerations

Information Types:

  • Cast Vote Records
  • Tabulator reports
Security Objectives and Impact Levels
  • Confidentiality: Low
  • Integrity: Moderate
  • Availability: Moderate
Notes:
  • placeholder

VVSG Security Gap Analysis

Applicability of the VVSG 1.1 and/or draft VVSG 2.0

  • placeholder
Estimated Level-of-Effort to Address
  • Polling
Gap Areas
  • Placeholder
 

Comments

Revision 12016-08-22 - AndrewRegenscheid

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="UseCasesSecurity"

Auditing- Security Use Case

Article text.

-- Andrew Regenscheid - 2016-08-22

Comments

<--/commentPlugin-->
 
This site is powered by the TWiki collaboration platform Powered by PerlPLEASE NOTE: This wiki is a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. All the material on this website is in the public domain, including any text, diagrams, or images, unless indicated explicitly. Don't share anything on this site that you do not want to be public. Do not pass any proprietary documents or put any on the TWiki with implied public disclosure. If you do, it shall be deemed to have been disclosed on a non-confidential basis, without any restrictions on use by anyone, except that no valid copyright or patent right shall be deemed to have been waived by such disclosure. Certain commercial equipment, instruments, materials, systems, software, and trade names may be identified throughout this site in order to specify or identify technologies adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the systems or products identified are necessarily the best available for the purpose. Any data provided on this site is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, you will be leaving NIST webspace. Links to other websites are provided because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose.