Difference: VVSGPrinciplesAndGuidelines (1 vs. 23)

Revision 232017-09-21 - JoshuaFranklin

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 12 to 12
 
  • Human factors
  • Security
Principle Name Principle & Guideline Descriptions
Changed:
<
<
High-Quality Design The voting system is designed to accurately, completely, and robustly carry out election processes.
  The voting system is designed using commonly-accepted election process specifications.
  The voting system is designed to function correctly under all realistic operating conditions.
  Voting system design supports evaluation methods enabling testers to clearly and easily distinguish systems that correctly implement specified properties from those that do not.
High-Quality Implementation The voting system is implemented using high quality best practices.
  The voting system is implemented using trustworthy materials and methods.
  The voting system is implemented using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities.
  Voting system logic is clear, meaningful, and well-structured.
  Voting system structure is modular, scalable, and robust.
  The voting system supports system processes and data with integrity.
  The voting system handles errors robustly and gracefully recovers from failure.
  The voting system performs reliably in intended environments.
Transparency The voting system and voting processes are designed to provide transparency.
  The documentation describing the voting system design, operation, accessibility features, security measures, and other aspects of the voting system can be easily read and understood by election officials, testing labs, and independent auditors.
  The processes and transactions, both physical and digital, associated with the voting system are readily available for inspection.
  The operations of the voting systems are easy for the public to understand and verify during pre-election setup and post-election audits.
Interoperability The voting system is designed to support interoperability in its interfaces to external systems, its interfaces to internal components, its data, and its peripherals.
  Voting system data that is imported, exported, or otherwise reported, is in an interoperable format.
  Standard, publicly-available formats for other types of data are used, where available.
  Widely-used hardware interfaces and communications protocols are used.
  Commercial-off-the-shelf (COTS) devices can be used when their usage meets applicable requirements.
Equivalent and Consistent Voter Access All voters can access and use the voting system regardless of their abilities, without discrimination.
  Voters have a consistent experience throughout the voting process in all modes of voting.
  Voters receive equivalent information and options in all modes of voting.
Voter Privacy Voters can mark, verify, and cast their ballot privately and independently.
  The voting process preserves the privacy of the voter's interaction with the ballot, modes of voting, and ballot selections.
  Voters can mark their ballot and verify and cast their vote selections or other associated cast vote record, without assistance from others.
Marked, Verified, and Cast as Intended Ballots are presented in a clear, understandable way and can be marked, verifed, and cast by all voters.
  PERCEIVABLE - The default system settings for displaying the ballot work for the widest range of voters, and voters can adjust settings and preferences to meet their needs.
  OPERABLE - Voters and poll workers are able to use all controls accurately, and voters have direct control of all ballot changes.
  UNDERSTANDABLE - Voters can understand all information as it is presented, including instructions, messages from the system, and error messages.
Robust, Usable, and Accessible The voting system and voting processes provide a robust, safe, usable, and accessible experience for all users.
  The voting system's hardware and accessories protect voters from harmful conditions.
  The voting system meets currently accepted federal standards for accessibility.
  The voting system is measured with a wide range of representative voters and poll workers, including those with and without disabilities, for effectiveness, efficiency, and satisfaction.
Auditability The voting system is auditable and enables evidence-based elections.
  An undetected error or fault in the voting system software or hardware cannot cause an undetectable change in election results.
  The voting system produces records that provide the ability to check whether the election outcome is correct and, to the extent possible, identify the root cause of any irregularities.
  Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
  The voting system supports efficient audits.
Ballot Secrecy The voting system protects the secrecy of voters' ballot selections.
  Ballot secrecy is maintained throughout the voting process.
  The voting system does not produce records, notifications, information about the voter or other election artifacts that can be used to associate the voter’s identity with the voter’s intent, choices, or selections.
Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
  Access privileges, accounts, activities, and authorizations are logged, monitored, and reviewed periodically and modified as needed.
  The voting system limits the access of users, roles, and processes to the specific functions and data to which each entity holds authorized access.
  The voting system supports strong, configurable authentication mechanisms to verify the identities of authorized users and includes multi-factor authentication mechanisms for critical operations.
  Default access control policies enforce the principles of least privilege and separation of duties.
  Logical access to voting system assets are revoked when no longer required.
Physical Security The voting system prevents or detects attempts to tamper with voting system hardware.
  Any unauthorized physical access to the voting system, ballot box, ballots, or other hardware, leaves physical evidence.
  The voting system only exposes physical ports and access points that are essential to voting operations, testing, or auditing.
Data Protection The voting system protects sensitive data from unauthorized access, modification, or deletion.
  The voting system prevents unauthorized access to or manipulation of configuration data, cast vote records, transmitted data, or audit records.
  The source and integrity of electronic tabulation reports are verifiable.
  All cryptographic algorithms are public, well-vetted, and standardized.
  The voting system protects the integrity, authenticity, and confidentiality of sensitive data transmitted over all networks.
System Integrity

The voting system performs its intended function in an unimpaired manner, free from unauthorized manipulation of the

system, whether intentional or accidental.
  The voting system uses multiple layers of controls to provide redundancy against security failures or vulnerabilities.
  The voting system limits its attack surface by reducing unnecessary code, data paths, physical ports and by using other technical controls.
  The voting system maintains and verifies the integrity of software, firmware, and other critical components.
  Software updates are authorized by an administrator prior to installation.
Detection/
Monitoring
The voting system provides mechanisms to detect and remediate anomalous or malicious behavior.
  Voting system equipment records important activities through event logging mechanisms, which are stored in a format suitable for automated processing.
  The voting system generates, stores, and reports to the user or election official, all error messages as they occur.
  The voting system employs mechanisms to protect against malware.
  A voting system with networking capabilities employs appropriate, well-vetted modern defenses against network-based attacks, commensurate with current best practice.
>
>
1. High Quality Design The voting system is designed to accurately, completely, and robustly carry out election processes.
1.1 The voting system is designed using commonly-accepted election process specifications.
1.2 The voting system is designed to function correctly under real-world operating conditions.
1.3 Voting system design supports evaluation methods enabling testers to clearly distinguish systems that correctly implement specified properties from those that do not.
2. High Quality Implementation The voting system is implemented using high quality best practices.
2.1 The voting system and its software are implemented using trustworthy materials and best practices in software development.
2.2 The voting system is implemented using best practice user-centered design methods, for a wide range of representative voters, including those with and without disabilities, and election workers.
2.3 Voting system logic is clear, meaningful, and well-structured.
2.4 Voting system structure is modular, scalable, and robust.
2.5 The voting system supports system processes and data with integrity.
2.6 The voting system handles errors robustly and gracefully recovers from failure.
2.7 The voting system performs reliably in anticipated physical environments.
3. Transparency The voting system and voting processes are designed to provide transparency.
3.1 The documentation describing the voting system design, operation, accessibility
features, security measures, and other aspects of the voting system can be read and
understood.
3.2 The processes and transactions, both physical and digital, associated with the voting system are readily available for inspection.
3.3 The public can understand and verify the operations of the voting system throughout the entirety of the election.
Interoperable The voting system is designed to support interoperability in its interfaces to external systems, its interfaces to internal components, its data, and its peripherals.
4.1 Voting system data that is imported, exported, or otherwise reported, is in an interoperable format.
4.2 Standard, publicly-available formats for other types of data are used, where available.
4.3 Widely-used hardware interfaces and communications protocols are used.
4.4 Commercial-off-the-shelf (COTS) devices can be used when their usage meets applicable VVSG requirements.
5. Equivalent and Consistent Voter Access All voters can access and use the voting system regardless of their abilities, without discrimination.
5.1 Voters have a consistent experience throughout the voting process in all modes of voting.
5.2 Voters receive equivalent information and options in all modes of voting.
6. Voter Privacy Voters can mark, verify, and cast their ballot privately and independently.
6.1 The voting process preserves the privacy of the voter's interaction with the ballot, modes of voting, and vote selections
6.2 Voters can mark, verify and cast their ballot or other associated cast vote record, without assistance from others.
7. Marked, Verified, and Cast as Intended Ballots and vote selections are presented in a perceivable, operable, and understandable way and can be marked, verified, and cast by all voters.
7.1 The default voting system settings for displaying the ballot work for the widest range
of voters, and voters can adjust settings and preferences to meet their needs.
7.2 Voters and election workers can use all controls accurately, and voters have direct
control of all ballot changes.
7.3 Voters can understand all information as it is presented, including instructions, messages from the system, and error messages.
8. Robust, Safe, Usable, and Accessible The voting system and voting processes provide a robust, safe, usable, and accessible experience for all users.
8.1 The voting system’s hardware and accessories protect users from harmful conditionshe voting system’s hardware and accessories protect users from harmful conditions.
8.2 The voting system meets currently accepted federal standards for accessibility.
8.3 The voting system is measured with a wide range of representative voters, including those with and without disabilities, for effectiveness, efficiency, and satisfaction.
8.4 The voting system is evaluated for usability by election workers.
9 Auditable The voting system is auditable and enables evidence-based elections.
9.1 An error or fault in the voting system software or hardware cannot cause an undetectable change in election results.
9.2 The voting system produces readily available records that provide the ability to check whether the election outcome is correct and, to the extent possible, identify the root cause of any irregularities.
9.3 Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
9.4 The voting system supports efficient audits.
10. Ballot Secrecy The voting system protects the secrecy of voters' ballot selections.
10.1 Ballot secrecy is maintained throughout the voting process.
10.2 The voting system does not contain nor produce records, notifications, information about the voter or other election artifacts that can be used to associate the voter’s identity with the voter’s intent, choices, or selections.
11. Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
11.1 Access privileges, accounts, activities, and authorizations are logged, monitored, and reviewed periodically and modified as needed.
11.2 The voting system limits the access of users, roles, and processes to the specific functions and data to which each entity holds authorized access.
11.3 The voting system supports strong, configurable authentication mechanisms to verify the identities of authorized users and includes multi-factor authentication mechanisms for critical operations.
11.4 Default access control policies enforce the principles of least privilege and separation of duties.
11.5 Logical access to voting system assets are revoked when no longer required.
12. Physical Security The voting system prevents or detects attempts to tamper with voting system hardware.
12.1 The voting system supports mechanisms to detect unauthorized physical access.
12.2 The voting system only exposes physical ports and access points that are essential to voting operations.
13. Data Protection The voting system protects sensitive data from unauthorized access, modification, or deletion.
13.1 The voting system prevents unauthorized access to or manipulation of configuration data, cast vote records, transmitted data, or audit records.
13.2 The source and integrity of electronic tabulation reports are verifiable.
13.3 All cryptographic algorithms are public, well-vetted, and standardized.
13.4 The voting system protects the integrity, authenticity, and confidentiality of sensitive data transmitted over all networks.
14. System Integrity

The voting system performs its intended function in an unimpaired manner, free from unauthorized manipulation of the

system, whether intentional or accidental.
14.1 The voting system uses multiple layers of controls to provide redundancy against security failures or vulnerabilities.
14.2 The voting system limits its attack surface by reducing unnecessary code, data paths, physical ports and by using other technical controls.
14.3 The voting system maintains and verifies the integrity of software, firmware, and other critical components.
14.4 Software updates are authorized by an administrator prior to installation.
15. Detection &
Monitoring
The voting system provides mechanisms to detect and remediate anomalous or malicious behavior.
15.1 Voting system equipment records important activities through event logging mechanisms, which are stored in a format suitable for automated processing.
15.2 The voting system generates, stores, and reports all error messages as they occur.
15.3 The voting system employs mechanisms to protect against malware.
15.4 A voting system with networking capabilities employs appropriate, well-vetted modern defenses against network-based attacks, commensurate with current best practice.
 


Comments

On June 21st, 2017, the first Auditability guideline was updated to include "hardware".

Line: 100 to 101
 I updated the HF related stuff, Transparency, and added the new system integrity P&G that Josh just sent around.

-- Sharon Laskowski - 2017-08-11

Added:
>
>

I updated to the Principles and Guidelines based on the output of the September 2017 Technical Guidelines Development Committee meeting.

https://www.eac.gov/assets/1/6/TGDC_Recommended_VVSG2.0_P_Gs.pdf

-- Joshua Franklin - 2017-09-21

 
<--/commentPlugin-->

META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.pdf" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.pdf" path="vvsg-2.0-draft-principles-and-guidelines.pdf" size="240527" user="BenjaminLong" version="1"

Revision 222017-08-23 - GemaHowell

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 12 to 12
 
  • Human factors
  • Security
Principle Name Principle & Guideline Descriptions
Changed:
<
<
High-Quality Design Election processes are designed accurately, completely, and robustly.
  Voting system design adheres to commonly-accepted election process specifications.
  Voting system design addresses all realistic operating conditions.
>
>
High-Quality Design The voting system is designed to accurately, completely, and robustly carry out election processes.
  The voting system is designed using commonly-accepted election process specifications.
  The voting system is designed to function correctly under all realistic operating conditions.
 
  Voting system design supports evaluation methods enabling testers to clearly and easily distinguish systems that correctly implement specified properties from those that do not.
Changed:
<
<
High-Quality Implementation Voting systems and processes are implemented using high-quality best practices.
  Voting systems are implemented using trustworthy materials and methods.
  Voting systems are implemented to ensure system logic is clear, meaningful, and well-structured.
  Voting systems are implemented to ensure the system organization is modular, scalable, and robust to change.
  Voting systems are implemented to ensure the system can support system processes and data with integrity.
  Voting systems are implemented to handle errors robustly and to recover from failure gracefully.
  Voting systems are implemented to perform reliably in intended environments.
  Voting systems are implemented using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities.
Transparency The voting system and voting processes are designed to provide transparency.
>
>
High-Quality Implementation The voting system is implemented using high quality best practices.
  The voting system is implemented using trustworthy materials and methods.
  The voting system is implemented using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities.
  Voting system logic is clear, meaningful, and well-structured.
  Voting system structure is modular, scalable, and robust.
  The voting system supports system processes and data with integrity.
  The voting system handles errors robustly and gracefully recovers from failure.
  The voting system performs reliably in intended environments.
Transparency The voting system and voting processes are designed to provide transparency.
 
  The documentation describing the voting system design, operation, accessibility features, security measures, and other aspects of the voting system can be easily read and understood by election officials, testing labs, and independent auditors.
  The processes and transactions, both physical and digital, associated with the voting system are readily available for inspection.
  The operations of the voting systems are easy for the public to understand and verify during pre-election setup and post-election audits.
Interoperability The voting system is designed to support interoperability in its interfaces to external systems, its interfaces to internal components, its data, and its peripherals.
  Voting system data that is imported, exported, or otherwise reported, is in an interoperable format.
Changed:
<
<
  Standard, publicly-available formats for other types of data are used wherever possible.
  Components of voting systems are designed to interoperate with components from other manufacturers.
  Widely used hardware interfaces and communications protocols are used where possible.
  Where possible, commercial-off-the-shelf (COTS) items can be used for peripherals such as printers, portable memory devices, or accessible interfaces.
>
>
  Standard, publicly-available formats for other types of data are used, where available.
  Widely-used hardware interfaces and communications protocols are used.
  Commercial-off-the-shelf (COTS) devices can be used when their usage meets applicable requirements.
 
Equivalent and Consistent Voter Access All voters can access and use the voting system regardless of their abilities, without discrimination.
  Voters have a consistent experience throughout the voting process in all modes of voting.
  Voters receive equivalent information and options in all modes of voting.
Voter Privacy Voters can mark, verify, and cast their ballot privately and independently.
  The voting process preserves the privacy of the voter's interaction with the ballot, modes of voting, and ballot selections.
Changed:
<
<
  Voters can mark, verify and cast their ballot without assistance.
>
>
  Voters can mark their ballot and verify and cast their vote selections or other associated cast vote record, without assistance from others.
 
Marked, Verified, and Cast as Intended Ballots are presented in a clear, understandable way and can be marked, verifed, and cast by all voters.
  PERCEIVABLE - The default system settings for displaying the ballot work for the widest range of voters, and voters can adjust settings and preferences to meet their needs.
  OPERABLE - Voters and poll workers are able to use all controls accurately, and voters have direct control of all ballot changes.
  UNDERSTANDABLE - Voters can understand all information as it is presented, including instructions, messages from the system, and error messages.
Changed:
<
<
Robust, Usable, and Accessible The election process and voting system provides a robust, safe, usable, and accessible experience for all users.
>
>
Robust, Usable, and Accessible The voting system and voting processes provide a robust, safe, usable, and accessible experience for all users.
 
  The voting system's hardware and accessories protect voters from harmful conditions.
Changed:
<
<
  The voting system meets currently accepted state and federal standards for accessibility.
>
>
  The voting system meets currently accepted federal standards for accessibility.
 
  The voting system is measured with a wide range of representative voters and poll workers, including those with and without disabilities, for effectiveness, efficiency, and satisfaction.
Auditability The voting system is auditable and enables evidence-based elections.
Changed:
<
<
  An undetected error or fault in the voting system’s software or hardware is not capable of causing an undetectable change in election results.
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.
>
>
  An undetected error or fault in the voting system software or hardware cannot cause an undetectable change in election results.
  The voting system produces records that provide the ability to check whether the election outcome is correct and, to the extent possible, identify the root cause of any irregularities.
 
  Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
  The voting system supports efficient audits.
Changed:
<
<
Ballot Secrecy The voting system protects the secrecy of voter's ballot selections.
>
>
Ballot Secrecy The voting system protects the secrecy of voters' ballot selections.
 
  Ballot secrecy is maintained throughout the voting process.
Changed:
<
<
  Records, notifications, and other election artifacts produced by the voting system do not reveal the intent, choices, or selections of any identifiable voter.
  The voting system ensures that ballot selections, interface options, voter identity, and information about voters are not associated with the cast vote record.
>
>
  The voting system does not produce records, notifications, information about the voter or other election artifacts that can be used to associate the voter’s identity with the voter’s intent, choices, or selections.
 
Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
Changed:
<
<
  The voting system identifies users, roles and/or processes to which access is granted and the specific functions and data to which each entity holds authorized access.
  The voting system supports authentication mechanisms and allows administrators to configure them.
  Default access control policies enforce the principle of least privilege.
>
>
  Access privileges, accounts, activities, and authorizations are logged, monitored, and reviewed periodically and modified as needed.
  The voting system limits the access of users, roles, and processes to the specific functions and data to which each entity holds authorized access.
  The voting system supports strong, configurable authentication mechanisms to verify the identities of authorized users and includes multi-factor authentication mechanisms for critical operations.
  Default access control policies enforce the principles of least privilege and separation of duties.
  Logical access to voting system assets are revoked when no longer required.
 
Physical Security The voting system prevents or detects attempts to tamper with voting system hardware.
  Any unauthorized physical access to the voting system, ballot box, ballots, or other hardware, leaves physical evidence.
Changed:
<
<
  Voting systems only expose physical ports and access points that are essential to voting operations, testing, or auditing.
>
>
  The voting system only exposes physical ports and access points that are essential to voting operations, testing, or auditing.
 
Data Protection The voting system protects sensitive data from unauthorized access, modification, or deletion.
Changed:
<
<
  Voting systems prevent unauthorized access to or manipulation of configuration data, cast vote records, transmitted data, or audit records.
>
>
  The voting system prevents unauthorized access to or manipulation of configuration data, cast vote records, transmitted data, or audit records.
 
  The source and integrity of electronic tabulation reports are verifiable.
  All cryptographic algorithms are public, well-vetted, and standardized.
Changed:
<
<
  Voting systems protect the integrity, authenticity and confidentiality of sensitive data transmitted over all networks.
>
>
  The voting system protects the integrity, authenticity, and confidentiality of sensitive data transmitted over all networks.
 
System Integrity

The voting system performs its intended function in an unimpaired manner, free from unauthorized manipulation of the

system, whether intentional or accidental.
  The voting system uses multiple layers of controls to provide redundancy against security failures or vulnerabilities.
Changed:
<
<
  To the extent practical, the voting system limits its attack surface by reducing unnecessary code, data paths, physical ports, and via other technical controls.
>
>
  The voting system limits its attack surface by reducing unnecessary code, data paths, physical ports and by using other technical controls.
 
  The voting system maintains and verifies the integrity of software, firmware, and other critical components.
Changed:
<
<
  Voting systems prevent the unauthorized installation or modification of firmware, software, and critical configuration files.
  The authenticity and integrity of software updates are verified by the voting system prior to installation, and authorized by an administrator.
>
>
  Software updates are authorized by an administrator prior to installation.
 
Detection/
Monitoring
The voting system provides mechanisms to detect and remediate anomalous or malicious behavior.
  Voting system equipment records important activities through event logging mechanisms, which are stored in a format suitable for automated processing.
  The voting system generates, stores, and reports to the user or election official, all error messages as they occur.
Changed:
<
<
  Voting systems employ mechanisms to protect against malware.
  If the voting system contains networking capabilities, it employs appropriate modern defenses against network-based attacks.
>
>
  The voting system employs mechanisms to protect against malware.
  A voting system with networking capabilities employs appropriate, well-vetted modern defenses against network-based attacks, commensurate with current best practice.
 


Comments

On June 21st, 2017, the first Auditability guideline was updated to include "hardware".

Revision 212017-08-14 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 23 to 23
 
  Voting systems are implemented to ensure the system can support system processes and data with integrity.
  Voting systems are implemented to handle errors robustly and to recover from failure gracefully.
  Voting systems are implemented to perform reliably in intended environments.
Changed:
<
<
  Voting systems are implemented using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities.    
>
>
  Voting systems are implemented using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities.
 
Transparency The voting system and voting processes are designed to provide transparency.
  The documentation describing the voting system design, operation, accessibility features, security measures, and other aspects of the voting system can be easily read and understood by election officials, testing labs, and independent auditors.
  The processes and transactions, both physical and digital, associated with the voting system are readily available for inspection.

Revision 202017-08-14 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 20 to 20
 
  Voting systems are implemented using trustworthy materials and methods.
  Voting systems are implemented to ensure system logic is clear, meaningful, and well-structured.
  Voting systems are implemented to ensure the system organization is modular, scalable, and robust to change.
Changed:
<
<
  Voting systems are implemented to the system can support system processes and data with integrity.
>
>
  Voting systems are implemented to ensure the system can support system processes and data with integrity.
 
  Voting systems are implemented to handle errors robustly and to recover from failure gracefully.
  Voting systems are implemented to perform reliably in intended environments.
  Voting systems are implemented using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities.    

Revision 192017-08-14 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 12 to 12
 
  • Human factors
  • Security
Principle Name Principle & Guideline Descriptions
Changed:
<
<
Preserve Accurate Process Specification Election processes are implemented robustly, completely, and accurately as specified.
  Specify election processes completely, accurately, and robustly.
  Preserve conformance to election process specifications across the implemented election process.
  Preserve conformance to election process specifications under all realistic operating conditions.
  Preserve conformance to election process specifications across the entire implemented system lifecycle.
>
>
High-Quality Design Election processes are designed accurately, completely, and robustly.
  Voting system design adheres to commonly-accepted election process specifications.
  Voting system design addresses all realistic operating conditions.
  Voting system design supports evaluation methods enabling testers to clearly and easily distinguish systems that correctly implement specified properties from those that do not.
 
High-Quality Implementation Voting systems and processes are implemented using high-quality best practices.
Changed:
<
<
  Implement election processes using trustworthy materials and methods.
  Implement election processes by ensuring system logic is clear, meaningful, and well-structured.
  Implement election processes by ensuring the system organization is modular, scalable, and robust to change.
  Implement election processes by ensuring the system can support system processes and data with integrity.
  Implement election processes by handling errors robustly and recovering from failure gracefully.
  Implement election processes by performing reliably in intended environments.
  Implement election processes by including support for auxiliary functions necessary for system operations and transparency (such as testing, auditing, configuration, and/or any implementation-specific support of election processing.).
  Voting systems are designed and built using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities,
Effective Evaluation Support clear evaluation by reviewers.
  Specify evaluation methods so that evaluators can clearly relate (a) observations of implemented system properties to (b) specified election technology properties.
  Specify evaluation methods so that evaluators can clearly distinguish (a) systems that correctly implement specified properties from (b) those that do not.
  Specify evaluation methods so that evaluators can determine how well a given test method performs its testing task by ensuring that test method specifications include defined (a) test method performance goals and (b) test method evaluation criteria.
   
>
>
  Voting systems are implemented using trustworthy materials and methods.
  Voting systems are implemented to ensure system logic is clear, meaningful, and well-structured.
  Voting systems are implemented to ensure the system organization is modular, scalable, and robust to change.
  Voting systems are implemented to the system can support system processes and data with integrity.
  Voting systems are implemented to handle errors robustly and to recover from failure gracefully.
  Voting systems are implemented to perform reliably in intended environments.
  Voting systems are implemented using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities.    
 
Transparency The voting system and voting processes are designed to provide transparency.
  The documentation describing the voting system design, operation, accessibility features, security measures, and other aspects of the voting system can be easily read and understood by election officials, testing labs, and independent auditors.
  The processes and transactions, both physical and digital, associated with the voting system are readily available for inspection.

Revision 182017-08-11 - SharonLaskowski

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 25 to 25
 
  Implement election processes by handling errors robustly and recovering from failure gracefully.
  Implement election processes by performing reliably in intended environments.
  Implement election processes by including support for auxiliary functions necessary for system operations and transparency (such as testing, auditing, configuration, and/or any implementation-specific support of election processing.).
Changed:
<
<
  Implement election processes by using a wide range of representative voters and poll workers, including those with and without disabilities, voting systems are designed and built using best practice user-centered design methods.
>
>
  Voting systems are designed and built using best practice user-centered design methods, for a wide range of representative voters and poll workers, including those with and without disabilities,
 
Effective Evaluation Support clear evaluation by reviewers.
  Specify evaluation methods so that evaluators can clearly relate (a) observations of implemented system properties to (b) specified election technology properties.
  Specify evaluation methods so that evaluators can clearly distinguish (a) systems that correctly implement specified properties from (b) those that do not.
  Specify evaluation methods so that evaluators can determine how well a given test method performs its testing task by ensuring that test method specifications include defined (a) test method performance goals and (b) test method evaluation criteria.
   
Changed:
<
<
Transparent The voting system provides for transparency [in a later draft, this principle is to be removed and its 3 guidelines below are to be covered in the other principles and guidelines]
  The documentation describing its design, its operation, accessibility features, its security measures, and other aspects of the voting system can be easily read and understood by election officials, testing labs, and independent auditors.
  The processes and transactions associated with the voting system are readily available for inspection.
  The operations of the voting systems are easy for the public to understand and verify during pre-election setup and post-election audits.
   
>
>
Transparency The voting system and voting processes are designed to provide transparency.
  The documentation describing the voting system design, operation, accessibility features, security measures, and other aspects of the voting system can be easily read and understood by election officials, testing labs, and independent auditors.
  The processes and transactions, both physical and digital, associated with the voting system are readily available for inspection.
  The operations of the voting systems are easy for the public to understand and verify during pre-election setup and post-election audits.
 
Interoperability The voting system is designed to support interoperability in its interfaces to external systems, its interfaces to internal components, its data, and its peripherals.
  Voting system data that is imported, exported, or otherwise reported, is in an interoperable format.
  Standard, publicly-available formats for other types of data are used wherever possible.
  Components of voting systems are designed to interoperate with components from other manufacturers.
  Widely used hardware interfaces and communications protocols are used where possible.
Changed:
<
<
  Where possible, COTS items can be used for peripherals such as printers, portable memory devices, or accessible interfaces.
>
>
  Where possible, commercial-off-the-shelf (COTS) items can be used for peripherals such as printers, portable memory devices, or accessible interfaces.
 
Equivalent and Consistent Voter Access All voters can access and use the voting system regardless of their abilities, without discrimination.
  Voters have a consistent experience throughout the voting process in all modes of voting.
  Voters receive equivalent information and options in all modes of voting.
Changed:
<
<
Voter Privacy Voters can mark, verify, and cast their ballot privately.
  The voting process preserves the privacy of the ballot.
  [MOVED to Secrecy:The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.]
  [MOVES to requirements under Operable and Understandable below: The voting system supports the voter in marking the ballot accurately.]
  [MOVES to requirements under Perceivable below: The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks.]
>
>
Voter Privacy Voters can mark, verify, and cast their ballot privately and independently.
  The voting process preserves the privacy of the voter's interaction with the ballot, modes of voting, and ballot selections.
  Voters can mark, verify and cast their ballot without assistance.
 
Marked, Verified, and Cast as Intended Ballots are presented in a clear, understandable way and can be marked, verifed, and cast by all voters.
  PERCEIVABLE - The default system settings for displaying the ballot work for the widest range of voters, and voters can adjust settings and preferences to meet their needs.
  OPERABLE - Voters and poll workers are able to use all controls accurately, and voters have direct control of all ballot changes.
  UNDERSTANDABLE - Voters can understand all information as it is presented, including instructions, messages from the system, and error messages.
Changed:
<
<
  [Moved down ROBUST - The voting systems hardware and accessories support usability and accessibility requirements while protecting voters from harmful conditions..]
Robust, Usable, and Accessible Meets performance standards for usability and accessibility.
  The voting system's hardware and accessories protect voters form harmful conditions.
  The voting system meets commonly used state and federal standards for accessibility. [Note: Specific standards such as “Section 508,” WCAG 2.0 level AA, or the ADA Accessibility Guidelines (ADAAG) will be defined in the detailed requirements]
  The voting system is measured with a wide range of representative voters and poll workers, including those with and without disabilities, for effectiveness, efficiency, and satisfaction (called “summative usability testing”).
Auditability The voting system is auditable and enables evidence-based elections
>
>
Robust, Usable, and Accessible The election process and voting system provides a robust, safe, usable, and accessible experience for all users.
  The voting system's hardware and accessories protect voters from harmful conditions.
  The voting system meets currently accepted state and federal standards for accessibility.
  The voting system is measured with a wide range of representative voters and poll workers, including those with and without disabilities, for effectiveness, efficiency, and satisfaction.
Auditability The voting system is auditable and enables evidence-based elections.
 
  An undetected error or fault in the voting system’s software or hardware is not capable of causing an undetectable change in election results.
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.
  Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
  The voting system supports efficient audits.
Changed:
<
<
Ballot Secrecy The voting systems protects the secrecy of voters’ ballot selections.
>
>
Ballot Secrecy The voting system protects the secrecy of voter's ballot selections.
 
  Ballot secrecy is maintained throughout the voting process.
Changed:
<
<
  Records, notifications, and other election artifacts produced by the voting system do not reveal the intent, choices, or selections of any identifable voter.
  MOVED from HF, needs editing? The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.
>
>
  Records, notifications, and other election artifacts produced by the voting system do not reveal the intent, choices, or selections of any identifiable voter.
  The voting system ensures that ballot selections, interface options, voter identity, and information about voters are not associated with the cast vote record.
 
Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
  The voting system identifies users, roles and/or processes to which access is granted and the specific functions and data to which each entity holds authorized access.
  The voting system supports authentication mechanisms and allows administrators to configure them.
  Default access control policies enforce the principle of least privilege.
Physical Security The voting system prevents or detects attempts to tamper with voting system hardware.
  Any unauthorized physical access to the voting system, ballot box, ballots, or other hardware, leaves physical evidence.
Changed:
<
<
 

Voting systems only expose physical ports and access points that are essential to voting operations, testing, or auditing.

>
>
  Voting systems only expose physical ports and access points that are essential to voting operations, testing, or auditing.
 
Data Protection The voting system protects sensitive data from unauthorized access, modification, or deletion.
  Voting systems prevent unauthorized access to or manipulation of configuration data, cast vote records, transmitted data, or audit records.
  The source and integrity of electronic tabulation reports are verifiable.
  All cryptographic algorithms are public, well-vetted, and standardized.
  Voting systems protect the integrity, authenticity and confidentiality of sensitive data transmitted over all networks.
Changed:
<
<
Software Integrity Voting systems prevent the unauthorized installation or modification of firmware, software, and critical configuration files.
  Only software that is digitally signed by the appropriate authorities is installed on the voting system.
  The authenticity and integrity of software updates must be verified by the voting system prior to installation and authorized by an administrator.
>
>
System Integrity

The voting system performs its intended function in an unimpaired manner, free from unauthorized manipulation of the

system, whether intentional or accidental.
  The voting system uses multiple layers of controls to provide redundancy against security failures or vulnerabilities.
  To the extent practical, the voting system limits its attack surface by reducing unnecessary code, data paths, physical ports, and via other technical controls.
  The voting system maintains and verifies the integrity of software, firmware, and other critical components.
  Voting systems prevent the unauthorized installation or modification of firmware, software, and critical configuration files.
  The authenticity and integrity of software updates are verified by the voting system prior to installation, and authorized by an administrator.
 
Detection/
Monitoring
The voting system provides mechanisms to detect and remediate anomalous or malicious behavior.
  Voting system equipment records important activities through event logging mechanisms, which are stored in a format suitable for automated processing.
  The voting system generates, stores, and reports to the user or election official, all error messages as they occur.
Line: 92 to 91
  On June 21st, 2017, the first Auditability guideline was updated to include "hardware".
Changed:
<
<
-- Gema Howell - 2017-06-28
>
>
-- Gema Howell - 2017-06-28
  Updated the second Secrecy guideline to include "notifications, and other election artifacts" and "the intent, choices, or selections of any identifiable voter".
Changed:
<
<
-- Gema Howell - 2017-07-03
>
>
-- Gema Howell - 2017-07-03
  Updated the principle description for "marked as intended" due to an error.
Changed:
<
<
-- Joshua Franklin - 2017-07-12
>
>
-- Joshua Franklin - 2017-07-12
  I revised the HF section, added a guideline to the high quality principle and noted some moves and suggested some wording
Changed:
<
<
-- Sharon Laskowski - 2017-08-08
>
>
-- Sharon Laskowski - 2017-08-08

I updated the HF related stuff, Transparency, and added the new system integrity P&G that Josh just sent around.

-- Sharon Laskowski - 2017-08-11

 
<--/commentPlugin-->

META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.pdf" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.pdf" path="vvsg-2.0-draft-principles-and-guidelines.pdf" size="240527" user="BenjaminLong" version="1"

Revision 172017-08-09 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 25 to 25
 
  Implement election processes by handling errors robustly and recovering from failure gracefully.
  Implement election processes by performing reliably in intended environments.
  Implement election processes by including support for auxiliary functions necessary for system operations and transparency (such as testing, auditing, configuration, and/or any implementation-specific support of election processing.).
Added:
>
>
  Implement election processes by using a wide range of representative voters and poll workers, including those with and without disabilities, voting systems are designed and built using best practice user-centered design methods.
 
Effective Evaluation Support clear evaluation by reviewers.
  Specify evaluation methods so that evaluators can clearly relate (a) observations of implemented system properties to (b) specified election technology properties.
  Specify evaluation methods so that evaluators can clearly distinguish (a) systems that correctly implement specified properties from (b) those that do not.

Revision 162017-08-09 - SharonLaskowski

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 46 to 46
 
  Voters receive equivalent information and options in all modes of voting.
Voter Privacy Voters can mark, verify, and cast their ballot privately.
  The voting process preserves the privacy of the ballot.
Changed:
<
<
  [REMOVED The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.]
>
>
  [MOVED to Secrecy:The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.]
 
  [MOVES to requirements under Operable and Understandable below: The voting system supports the voter in marking the ballot accurately.]
  [MOVES to requirements under Perceivable below: The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks.]
Marked, Verified, and Cast as Intended Ballots are presented in a clear, understandable way and can be marked, verifed, and cast by all voters.

Revision 152017-08-09 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 12 to 12
 
  • Human factors
  • Security
Principle Name Principle & Guideline Descriptions
Changed:
<
<
Correct Implementation Completely and accurately carry out election processes.
  Carry out election operations completely and accurately across the entire election process – supporting the integrity and maintainability of the entire process and data across hardware, software, telecom, data, and/or other technology layers of the system
  Carry out election processes completely and accurately under realistic operating conditions – including correct operation under expected workloads, expected environmental conditions, and means of data transfer
  Carry out election processes completely and accurately carry across the entire system lifecycle – ensuring election processes remain correct in definition and execution no matter whether how the system lifecycle processes may change (i.e., specification, implementation, testing, operations, or maintenance processes) and regardless of whether this is occurring in hardware, software, telecom, data, and/or other technology layers of the system

High-Quality Construction

alternate wording : Implementation

Construct to maximize quality. [alternate wording: Voting systems and processes are implemented using high-quality best practices.
  Use trustworthy materials, methods, standards, and best practices – including accepted and appropriate tools/standards for constructing hardware and software, protocols for constructing and performing telecommunications, as well as best practices for quality assurance and configuration management
  Organize the elements and logic of the system meaningfully – ensuring logic that is clear, meaningful, and well-structured; system organization that is simple, modular, and robust to change; and hardware, telecom, data, and related infrastructure that can support system processes and functions with integrity
  Handle errors actively and appropriately, recovering from failure gracefully –processing or avoiding well-known errors and/or software bugs; and avoiding single points of failure that could cause complete loss of voting capabilities
  Perform accurately and reliably in intended environments – ensuring system is free of well-known security vulnerabilities; is able to protect against threats to its software, execution, and/or environment; and ensuring accuracy, data integrity, durability, and safety across all logical and/or physical components and materials.
  Support auxiliary functions necessary for operations and transparency such as for supporting auditing and testing – ensuring these aims are achievable via supporting structures, functions, and data; are implemented in software, hardware, telecom, and/or other infrastructure; and are able to support accurate identification, tracking, and management of hardware, software, and data across the system lifecycle.
  Using a wide range of representative voters and poll workers, including those with and without disabilities, voting systems are designed and built using best practice user-centered design methods.
Ease of Evaluation Support clear evaluation by reviewers.
  Ensure reviewers can clearly identify all essential elements of a specified system in evaluated systems – including identification of unique election/auxiliary processes and functions; wherever they are implemented in software, hardware, telecom, data, and/or other technology layers of the system; and with an ability to record and track these identifications.
  Ensure reviewers can clearly distinguish correct from incorrect system configurations in evaluated systems wherever they are implemented in software, hardware, telecom, data, and/or other technology layers of the system; and with an ability to record and track these distinctions.
>
>
Preserve Accurate Process Specification Election processes are implemented robustly, completely, and accurately as specified.
  Specify election processes completely, accurately, and robustly.
  Preserve conformance to election process specifications across the implemented election process.
  Preserve conformance to election process specifications under all realistic operating conditions.
  Preserve conformance to election process specifications across the entire implemented system lifecycle.
High-Quality Implementation Voting systems and processes are implemented using high-quality best practices.
  Implement election processes using trustworthy materials and methods.
  Implement election processes by ensuring system logic is clear, meaningful, and well-structured.
  Implement election processes by ensuring the system organization is modular, scalable, and robust to change.
  Implement election processes by ensuring the system can support system processes and data with integrity.
  Implement election processes by handling errors robustly and recovering from failure gracefully.
  Implement election processes by performing reliably in intended environments.
  Implement election processes by including support for auxiliary functions necessary for system operations and transparency (such as testing, auditing, configuration, and/or any implementation-specific support of election processing.).
Effective Evaluation Support clear evaluation by reviewers.
  Specify evaluation methods so that evaluators can clearly relate (a) observations of implemented system properties to (b) specified election technology properties.
  Specify evaluation methods so that evaluators can clearly distinguish (a) systems that correctly implement specified properties from (b) those that do not.
  Specify evaluation methods so that evaluators can determine how well a given test method performs its testing task by ensuring that test method specifications include defined (a) test method performance goals and (b) test method evaluation criteria.
 
   
Transparent The voting system provides for transparency [in a later draft, this principle is to be removed and its 3 guidelines below are to be covered in the other principles and guidelines]
  The documentation describing its design, its operation, accessibility features, its security measures, and other aspects of the voting system can be easily read and understood by election officials, testing labs, and independent auditors.

Revision 142017-08-09 - JohnWack

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 26 to 26
 
Ease of Evaluation Support clear evaluation by reviewers.
  Ensure reviewers can clearly identify all essential elements of a specified system in evaluated systems – including identification of unique election/auxiliary processes and functions; wherever they are implemented in software, hardware, telecom, data, and/or other technology layers of the system; and with an ability to record and track these identifications.
  Ensure reviewers can clearly distinguish correct from incorrect system configurations in evaluated systems wherever they are implemented in software, hardware, telecom, data, and/or other technology layers of the system; and with an ability to record and track these distinctions.
Changed:
<
<
Transparent The voting system provides for transparency.
  The processes and transactions associated with the voting system are easy for the public to understand and verify.
  Voting system data is easily accessed via imports/exports and reports.
  Data reported by the voting system is in a publicly documented format.
  Data used in critical device operations such as for cast vote records, tabulations, and event logs includes all elements necessary for verification of the data, and analysis and auditability of the operations.
Scalable The voting system is scalable.
  The system provides sufficient technical and physical capacity to accommodate large and complex ballot styles, growing language needs, and large numbers of voters and precincts and consolidation of elections with local districts and municipalities.
  The system provides the ability to adapt to different election types, environments, and changing regulatory requirements.
Interoperable Components Components of the voting system are interoperable.
  Voting system data is in an interoperable format that is common across manufacturers and documented for each device by the manufacturer.
  Formats for other types of data use industry standard formats where applicable, but in any case, use formats that are publicly available.
  Components of voting systems interoperate without the need to replace the entire system or undertake costly system modifications or impact security.
>
>
   
Transparent The voting system provides for transparency [in a later draft, this principle is to be removed and its 3 guidelines below are to be covered in the other principles and guidelines]
  The documentation describing its design, its operation, accessibility features, its security measures, and other aspects of the voting system can be easily read and understood by election officials, testing labs, and independent auditors.
  The processes and transactions associated with the voting system are readily available for inspection.
  The operations of the voting systems are easy for the public to understand and verify during pre-election setup and post-election audits.
   
Interoperability The voting system is designed to support interoperability in its interfaces to external systems, its interfaces to internal components, its data, and its peripherals.
  Voting system data that is imported, exported, or otherwise reported, is in an interoperable format.
  Standard, publicly-available formats for other types of data are used wherever possible.
  Components of voting systems are designed to interoperate with components from other manufacturers.
 
  Widely used hardware interfaces and communications protocols are used where possible.
Added:
>
>
  Where possible, COTS items can be used for peripherals such as printers, portable memory devices, or accessible interfaces.
 
Equivalent and Consistent Voter Access All voters can access and use the voting system regardless of their abilities, without discrimination.
  Voters have a consistent experience throughout the voting process in all modes of voting.
  Voters receive equivalent information and options in all modes of voting.

Revision 132017-08-08 - SharonLaskowski

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 12 to 12
 
  • Human factors
  • Security
Principle Name Principle & Guideline Descriptions
Changed:
<
<
Correct Implementation Completely and accurately carry out election processes
>
>
Correct Implementation Completely and accurately carry out election processes.
 
  Carry out election operations completely and accurately across the entire election process – supporting the integrity and maintainability of the entire process and data across hardware, software, telecom, data, and/or other technology layers of the system
  Carry out election processes completely and accurately under realistic operating conditions – including correct operation under expected workloads, expected environmental conditions, and means of data transfer
  Carry out election processes completely and accurately carry across the entire system lifecycle – ensuring election processes remain correct in definition and execution no matter whether how the system lifecycle processes may change (i.e., specification, implementation, testing, operations, or maintenance processes) and regardless of whether this is occurring in hardware, software, telecom, data, and/or other technology layers of the system
Changed:
<
<
High-Quality Construction Construct to maximize quality
>
>

High-Quality Construction

alternate wording : Implementation

Construct to maximize quality. [alternate wording: Voting systems and processes are implemented using high-quality best practices.
 
  Use trustworthy materials, methods, standards, and best practices – including accepted and appropriate tools/standards for constructing hardware and software, protocols for constructing and performing telecommunications, as well as best practices for quality assurance and configuration management
  Organize the elements and logic of the system meaningfully – ensuring logic that is clear, meaningful, and well-structured; system organization that is simple, modular, and robust to change; and hardware, telecom, data, and related infrastructure that can support system processes and functions with integrity
  Handle errors actively and appropriately, recovering from failure gracefully –processing or avoiding well-known errors and/or software bugs; and avoiding single points of failure that could cause complete loss of voting capabilities
  Perform accurately and reliably in intended environments – ensuring system is free of well-known security vulnerabilities; is able to protect against threats to its software, execution, and/or environment; and ensuring accuracy, data integrity, durability, and safety across all logical and/or physical components and materials.
Changed:
<
<
  Support auxiliary functions necessary for operations and transparency such as for supporting auditing and testing – ensuring these aims are achievable via supporting structures, functions, and data; are implemented in software, hardware, telecom, and/or other infrastructure; and are able to support accurate identification, tracking, and management of hardware, software, and data across the system lifecycle
>
>
  Support auxiliary functions necessary for operations and transparency such as for supporting auditing and testing – ensuring these aims are achievable via supporting structures, functions, and data; are implemented in software, hardware, telecom, and/or other infrastructure; and are able to support accurate identification, tracking, and management of hardware, software, and data across the system lifecycle.
  Using a wide range of representative voters and poll workers, including those with and without disabilities, voting systems are designed and built using best practice user-centered design methods.
 
Ease of Evaluation Support clear evaluation by reviewers.
  Ensure reviewers can clearly identify all essential elements of a specified system in evaluated systems – including identification of unique election/auxiliary processes and functions; wherever they are implemented in software, hardware, telecom, data, and/or other technology layers of the system; and with an ability to record and track these identifications.
  Ensure reviewers can clearly distinguish correct from incorrect system configurations in evaluated systems wherever they are implemented in software, hardware, telecom, data, and/or other technology layers of the system; and with an ability to record and track these distinctions.
Line: 38 to 39
 
  Formats for other types of data use industry standard formats where applicable, but in any case, use formats that are publicly available.
  Components of voting systems interoperate without the need to replace the entire system or undertake costly system modifications or impact security.
  Widely used hardware interfaces and communications protocols are used where possible.
Changed:
<
<
Equivalent and Consistent All voters have access to mark and cast their ballot as intended, regardless of their abilities, without discrimination.
  Provide voters with a consistent experience of the voting process in all modes of voting
  Provide voters with equivalent information and options in all modes of voting.
Cast as Marked Ballots are cast as marked, both secretly and privately.
  The voting process preserves the secrecy of the ballot.
  The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.
  The voting system supports the voter in marking the ballot accurately.
  The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks.
Marked as Intended Ballots are presented in a clear, understandable way, and are operable by all voters.
>
>
Equivalent and Consistent Voter Access All voters can access and use the voting system regardless of their abilities, without discrimination.
  Voters have a consistent experience throughout the voting process in all modes of voting.
  Voters receive equivalent information and options in all modes of voting.
Voter Privacy Voters can mark, verify, and cast their ballot privately.
  The voting process preserves the privacy of the ballot.
  [REMOVED The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.]
  [MOVES to requirements under Operable and Understandable below: The voting system supports the voter in marking the ballot accurately.]
  [MOVES to requirements under Perceivable below: The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks.]
Marked, Verified, and Cast as Intended Ballots are presented in a clear, understandable way and can be marked, verifed, and cast by all voters.
 
  PERCEIVABLE - The default system settings for displaying the ballot work for the widest range of voters, and voters can adjust settings and preferences to meet their needs.
Changed:
<
<
  OPERABLE - Voters and poll workers are able to use all controls accurately, and all ballot changes are made with the direct control of the voter.
  UNDERSTANDABLE - Voters can understand all information as it is presented.
  ROBUST - The voting systems hardware and accessories support usability and accessibility requirements while protecting voters from harmful conditions..
Tested for Usability Meets performance standards for usability and accessibility.
  Completed systems are tested using a wide range of representative voters and poll workers, including those with and without disabilities to measure effectiveness, efficiency, and satisfaction (called “summative usability testing”).
Meets Web Accessibility Standards Browser-based systems meet web accessibility standards in addition to voting standards.
  When a voting system uses standard web software platforms (HTML or native apps), the voting system meets all requirements in WCAG 2.0 Level AA any applicable requirements in the VVSG.
>
>
  OPERABLE - Voters and poll workers are able to use all controls accurately, and voters have direct control of all ballot changes.
  UNDERSTANDABLE - Voters can understand all information as it is presented, including instructions, messages from the system, and error messages.
  [Moved down ROBUST - The voting systems hardware and accessories support usability and accessibility requirements while protecting voters from harmful conditions..]
Robust, Usable, and Accessible Meets performance standards for usability and accessibility.
  The voting system's hardware and accessories protect voters form harmful conditions.
  The voting system meets commonly used state and federal standards for accessibility. [Note: Specific standards such as “Section 508,” WCAG 2.0 level AA, or the ADA Accessibility Guidelines (ADAAG) will be defined in the detailed requirements]
  The voting system is measured with a wide range of representative voters and poll workers, including those with and without disabilities, for effectiveness, efficiency, and satisfaction (called “summative usability testing”).
 
Auditability The voting system is auditable and enables evidence-based elections
  An undetected error or fault in the voting system’s software or hardware is not capable of causing an undetectable change in election results.
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.
Line: 62 to 63
 
  The voting system supports efficient audits.
Ballot Secrecy The voting systems protects the secrecy of voters’ ballot selections.
  Ballot secrecy is maintained throughout the voting process.
Changed:
<
<
  Records, notifications and other election artifacts produced by the voting system do not reveal the intent, choices, or selections of any identifable voter.
>
>
  Records, notifications, and other election artifacts produced by the voting system do not reveal the intent, choices, or selections of any identifable voter.
  MOVED from HF, needs editing? The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.
 
Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
  The voting system identifies users, roles and/or processes to which access is granted and the specific functions and data to which each entity holds authorized access.
  The voting system supports authentication mechanisms and allows administrators to configure them.
Line: 96 to 98
 Updated the principle description for "marked as intended" due to an error.

-- Joshua Franklin - 2017-07-12

Added:
>
>

I revised the HF section, added a guideline to the high quality principle and noted some moves and suggested some wording

-- Sharon Laskowski - 2017-08-08

 
<--/commentPlugin-->

META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.pdf" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.pdf" path="vvsg-2.0-draft-principles-and-guidelines.pdf" size="240527" user="BenjaminLong" version="1"

Revision 122017-07-12 - JoshuaFranklin

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 46 to 46
 
  The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.
  The voting system supports the voter in marking the ballot accurately.
  The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks.
Changed:
<
<
Marked as Intended Ballots are cast as marked, both secretly and privately.
>
>
Marked as Intended Ballots are presented in a clear, understandable way, and are operable by all voters.
 
  PERCEIVABLE - The default system settings for displaying the ballot work for the widest range of voters, and voters can adjust settings and preferences to meet their needs.
  OPERABLE - Voters and poll workers are able to use all controls accurately, and all ballot changes are made with the direct control of the voter.
  UNDERSTANDABLE - Voters can understand all information as it is presented.
Line: 60 to 60
 
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.
  Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
  The voting system supports efficient audits.
Changed:
<
<
Secrecy The voting systems protects the secrecy of voters’ ballot selections.
>
>
Ballot Secrecy The voting systems protects the secrecy of voters’ ballot selections.
 
  Ballot secrecy is maintained throughout the voting process.
  Records, notifications and other election artifacts produced by the voting system do not reveal the intent, choices, or selections of any identifable voter.
Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
Line: 92 to 92
 Updated the second Secrecy guideline to include "notifications, and other election artifacts" and "the intent, choices, or selections of any identifiable voter".

-- Gema Howell - 2017-07-03

Added:
>
>
Updated the principle description for "marked as intended" due to an error.

-- Joshua Franklin - 2017-07-12

 
<--/commentPlugin-->

META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.pdf" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.pdf" path="vvsg-2.0-draft-principles-and-guidelines.pdf" size="240527" user="BenjaminLong" version="1"

Revision 112017-07-12 - GemaHowell

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 56 to 56
 
Meets Web Accessibility Standards Browser-based systems meet web accessibility standards in addition to voting standards.
  When a voting system uses standard web software platforms (HTML or native apps), the voting system meets all requirements in WCAG 2.0 Level AA any applicable requirements in the VVSG.
Auditability The voting system is auditable and enables evidence-based elections
Changed:
<
<
  An undetected error or fault in the voting system’s software or hardware is not capable of causing an undetectable change in election results
>
>
  An undetected error or fault in the voting system’s software or hardware is not capable of causing an undetectable change in election results.
 
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.
  Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
  The voting system supports efficient audits.
Line: 89 to 89
  -- Gema Howell - 2017-06-28
Changed:
<
<
Updated the second Secrecy guideline to include "notifications, and other election artifacts" and "the intent, choices, or selections of any identifiable voter".
>
>
Updated the second Secrecy guideline to include "notifications, and other election artifacts" and "the intent, choices, or selections of any identifiable voter".
  -- Gema Howell - 2017-07-03
<--/commentPlugin-->

Revision 102017-07-03 - GemaHowell

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 62 to 62
 
  The voting system supports efficient audits.
Secrecy The voting systems protects the secrecy of voters’ ballot selections.
  Ballot secrecy is maintained throughout the voting process.
Changed:
<
<
  Records produced by the voting system do not reveal how a voter voted.
>
>
  Records, notifications and other election artifacts produced by the voting system do not reveal the intent, choices, or selections of any identifable voter.
 
Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
  The voting system identifies users, roles and/or processes to which access is granted and the specific functions and data to which each entity holds authorized access.
  The voting system supports authentication mechanisms and allows administrators to configure them.
Line: 85 to 85
 
  If the voting system contains networking capabilities, it employs appropriate modern defenses against network-based attacks.


Comments

Changed:
<
<

On June 21st, 2017, the first Auditability guideline was updated to include "hardware".

>
>
On June 21st, 2017, the first Auditability guideline was updated to include "hardware".
  -- Gema Howell - 2017-06-28
Added:
>
>

Updated the second Secrecy guideline to include "notifications, and other election artifacts" and "the intent, choices, or selections of any identifiable voter".

-- Gema Howell - 2017-07-03

 
<--/commentPlugin-->

META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.pdf" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.pdf" path="vvsg-2.0-draft-principles-and-guidelines.pdf" size="240527" user="BenjaminLong" version="1"

Revision 92017-06-28 - GemaHowell

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 85 to 85
 
  If the voting system contains networking capabilities, it employs appropriate modern defenses against network-based attacks.


Comments

Changed:
<
<

<--/commentPlugin-->
>
>

On June 21st, 2017, the first Auditability guideline was updated to include "hardware".

-- Gema Howell - 2017-06-28

<--/commentPlugin-->
 
META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.pdf" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.pdf" path="vvsg-2.0-draft-principles-and-guidelines.pdf" size="240527" user="BenjaminLong" version="1"
META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.docx" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.docx" path="vvsg-2.0-draft-principles-and-guidelines.docx" size="29120" user="BenjaminLong" version="1"

Revision 82017-06-21 - GemaHowell

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 56 to 56
 
Meets Web Accessibility Standards Browser-based systems meet web accessibility standards in addition to voting standards.
  When a voting system uses standard web software platforms (HTML or native apps), the voting system meets all requirements in WCAG 2.0 Level AA any applicable requirements in the VVSG.
Auditability The voting system is auditable and enables evidence-based elections
Changed:
<
<
  An undetected error or fault in the voting system’s software is not capable of causing an undetectable change in election results
>
>
  An undetected error or fault in the voting system’s software or hardware is not capable of causing an undetectable change in election results
 
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.
  Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
  The voting system supports efficient audits.

Revision 72017-06-20 - JoshuaFranklin

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 47 to 45
 
  The voting process preserves the secrecy of the ballot.
  The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.
  The voting system supports the voter in marking the ballot accurately.
Changed:
<
<
  The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks..

Cast as Marked Ballots are cast as marked, both secretly and privately.
  The voting process preserves the secrecy of the ballot.
  The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.
  The voting system supports the voter in marking the ballot accurately.
  The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks..
>
>
  The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks.
Marked as Intended Ballots are cast as marked, both secretly and privately.
  PERCEIVABLE - The default system settings for displaying the ballot work for the widest range of voters, and voters can adjust settings and preferences to meet their needs.
  OPERABLE - Voters and poll workers are able to use all controls accurately, and all ballot changes are made with the direct control of the voter.
  UNDERSTANDABLE - Voters can understand all information as it is presented.
  ROBUST - The voting systems hardware and accessories support usability and accessibility requirements while protecting voters from harmful conditions..
Tested for Usability Meets performance standards for usability and accessibility.
  Completed systems are tested using a wide range of representative voters and poll workers, including those with and without disabilities to measure effectiveness, efficiency, and satisfaction (called “summative usability testing”).
Meets Web Accessibility Standards Browser-based systems meet web accessibility standards in addition to voting standards.
  When a voting system uses standard web software platforms (HTML or native apps), the voting system meets all requirements in WCAG 2.0 Level AA any applicable requirements in the VVSG.
 
Auditability The voting system is auditable and enables evidence-based elections
  An undetected error or fault in the voting system’s software is not capable of causing an undetectable change in election results
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.

Revision 62017-06-20 - JoshuaFranklin

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 6 to 6
 

Purpose

Changed:
<
<
This topic is for the discussion and development of the Principles and Guidlines for VVSG 2.0.

  • An initial document capturing preliminary thoughts on principles and guidelines is located here in MS-word and PDF formats.

Introduction

This document contains high-level principles and guidelines for the following areas:

>
>
This document contains high-level principles and guidelines for the following areas:
 
  • General considerations for specification, implementation and evaluation of election processes and technology
  • Interoperability
  • Human factors
  • Security
Changed:
<
<

Comments

>
>
Principle Name Principle & Guideline Descriptions
Correct Implementation Completely and accurately carry out election processes
  Carry out election operations completely and accurately across the entire election process – supporting the integrity and maintainability of the entire process and data across hardware, software, telecom, data, and/or other technology layers of the system
  Carry out election processes completely and accurately under realistic operating conditions – including correct operation under expected workloads, expected environmental conditions, and means of data transfer
  Carry out election processes completely and accurately carry across the entire system lifecycle – ensuring election processes remain correct in definition and execution no matter whether how the system lifecycle processes may change (i.e., specification, implementation, testing, operations, or maintenance processes) and regardless of whether this is occurring in hardware, software, telecom, data, and/or other technology layers of the system
High-Quality Construction Construct to maximize quality
  Use trustworthy materials, methods, standards, and best practices – including accepted and appropriate tools/standards for constructing hardware and software, protocols for constructing and performing telecommunications, as well as best practices for quality assurance and configuration management
  Organize the elements and logic of the system meaningfully – ensuring logic that is clear, meaningful, and well-structured; system organization that is simple, modular, and robust to change; and hardware, telecom, data, and related infrastructure that can support system processes and functions with integrity
  Handle errors actively and appropriately, recovering from failure gracefully –processing or avoiding well-known errors and/or software bugs; and avoiding single points of failure that could cause complete loss of voting capabilities
  Perform accurately and reliably in intended environments – ensuring system is free of well-known security vulnerabilities; is able to protect against threats to its software, execution, and/or environment; and ensuring accuracy, data integrity, durability, and safety across all logical and/or physical components and materials.
  Support auxiliary functions necessary for operations and transparency such as for supporting auditing and testing – ensuring these aims are achievable via supporting structures, functions, and data; are implemented in software, hardware, telecom, and/or other infrastructure; and are able to support accurate identification, tracking, and management of hardware, software, and data across the system lifecycle
Ease of Evaluation Support clear evaluation by reviewers.
  Ensure reviewers can clearly identify all essential elements of a specified system in evaluated systems – including identification of unique election/auxiliary processes and functions; wherever they are implemented in software, hardware, telecom, data, and/or other technology layers of the system; and with an ability to record and track these identifications.
  Ensure reviewers can clearly distinguish correct from incorrect system configurations in evaluated systems wherever they are implemented in software, hardware, telecom, data, and/or other technology layers of the system; and with an ability to record and track these distinctions.
Transparent The voting system provides for transparency.
  The processes and transactions associated with the voting system are easy for the public to understand and verify.
  Voting system data is easily accessed via imports/exports and reports.
  Data reported by the voting system is in a publicly documented format.
  Data used in critical device operations such as for cast vote records, tabulations, and event logs includes all elements necessary for verification of the data, and analysis and auditability of the operations.
Scalable The voting system is scalable.
  The system provides sufficient technical and physical capacity to accommodate large and complex ballot styles, growing language needs, and large numbers of voters and precincts and consolidation of elections with local districts and municipalities.
  The system provides the ability to adapt to different election types, environments, and changing regulatory requirements.
Interoperable Components Components of the voting system are interoperable.
  Voting system data is in an interoperable format that is common across manufacturers and documented for each device by the manufacturer.
  Formats for other types of data use industry standard formats where applicable, but in any case, use formats that are publicly available.
  Components of voting systems interoperate without the need to replace the entire system or undertake costly system modifications or impact security.
  Widely used hardware interfaces and communications protocols are used where possible.

Equivalent and Consistent All voters have access to mark and cast their ballot as intended, regardless of their abilities, without discrimination.
  Provide voters with a consistent experience of the voting process in all modes of voting
  Provide voters with equivalent information and options in all modes of voting.

Cast as Marked Ballots are cast as marked, both secretly and privately.
  The voting process preserves the secrecy of the ballot.
  The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.
  The voting system supports the voter in marking the ballot accurately.
  The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks..

Cast as Marked Ballots are cast as marked, both secretly and privately.
  The voting process preserves the secrecy of the ballot.
  The voting system ensures that ballot selections, interface options, voter identity and information about voters are kept private.
  The voting system supports the voter in marking the ballot accurately.
  The voting process helps voters avoid errors that invalidate their ballot, including blank ballots, undervotes, overvotes, and marginal marks..

Auditability The voting system is auditable and enables evidence-based elections
  An undetected error or fault in the voting system’s software is not capable of causing an undetectable change in election results
  The voting system produces records that provide the ability to check whether the election outcome is correct, and to the extent possible, identify the root cause of any irregularities.
  Voting system records are resilient in the presence of intentional forms of tampering and accidental errors.
  The voting system supports efficient audits.
Secrecy The voting systems protects the secrecy of voters’ ballot selections.
  Ballot secrecy is maintained throughout the voting process.
  Records produced by the voting system do not reveal how a voter voted.
Access Control The voting system authenticates administrators, users, devices and services before granting access to sensitive functions.
  The voting system identifies users, roles and/or processes to which access is granted and the specific functions and data to which each entity holds authorized access.
  The voting system supports authentication mechanisms and allows administrators to configure them.
  Default access control policies enforce the principle of least privilege.
Physical Security The voting system prevents or detects attempts to tamper with voting system hardware.
  Any unauthorized physical access to the voting system, ballot box, ballots, or other hardware, leaves physical evidence.
 

Voting systems only expose physical ports and access points that are essential to voting operations, testing, or auditing.

Data Protection The voting system protects sensitive data from unauthorized access, modification, or deletion.
  Voting systems prevent unauthorized access to or manipulation of configuration data, cast vote records, transmitted data, or audit records.
  The source and integrity of electronic tabulation reports are verifiable.
  All cryptographic algorithms are public, well-vetted, and standardized.
  Voting systems protect the integrity, authenticity and confidentiality of sensitive data transmitted over all networks.
Software Integrity Voting systems prevent the unauthorized installation or modification of firmware, software, and critical configuration files.
  Only software that is digitally signed by the appropriate authorities is installed on the voting system.
  The authenticity and integrity of software updates must be verified by the voting system prior to installation and authorized by an administrator.
Detection/
Monitoring
The voting system provides mechanisms to detect and remediate anomalous or malicious behavior.
  Voting system equipment records important activities through event logging mechanisms, which are stored in a format suitable for automated processing.
  The voting system generates, stores, and reports to the user or election official, all error messages as they occur.
  Voting systems employ mechanisms to protect against malware.
  If the voting system contains networking capabilities, it employs appropriate modern defenses against network-based attacks.


Comments

 
<--/commentPlugin-->

Revision 52017-06-16 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 11 to 11
 
  • An initial document capturing preliminary thoughts on principles and guidelines is located here in MS-word and PDF formats.

Introduction

Changed:
<
<
This document contains high-level principles and guidelines for:
  • General Considerations
>
>
This document contains high-level principles and guidelines for the following areas:
  • General considerations for specification, implementation and evaluation of election processes and technology
 
  • Interoperability
Changed:
<
<
  • Human Factors
>
>
  • Human factors
 
  • Security

Comments

Revision 42017-06-16 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 11 to 11
 
  • An initial document capturing preliminary thoughts on principles and guidelines is located here in MS-word and PDF formats.

Introduction

Changed:
<
<
This document contains high-level principles and guidelines for the following areas:
  • General principles applicable to election processes, as well as to high quality election technology design and evaluation
>
>
This document contains high-level principles and guidelines for:
  • General Considerations
 
  • Interoperability
  • Human Factors
  • Security

Revision 32017-06-16 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

Line: 8 to 8
  This topic is for the discussion and development of the Principles and Guidlines for VVSG 2.0.
Changed:
<
<
  • An initial document capturing preliminary thoughts on principles and guidelines is located here in MS-word and PDF formats.
>
>
  • An initial document capturing preliminary thoughts on principles and guidelines is located here in MS-word and PDF formats.

Introduction

 
Added:
>
>
This document contains high-level principles and guidelines for the following areas:
  • General principles applicable to election processes, as well as to high quality election technology design and evaluation
  • Interoperability
  • Human Factors
  • Security
 

Comments

Changed:
<
<
<--/commentPlugin-->
>
>

<--/commentPlugin-->
 
META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.pdf" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.pdf" path="vvsg-2.0-draft-principles-and-guidelines.pdf" size="240527" user="BenjaminLong" version="1"
META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.docx" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.docx" path="vvsg-2.0-draft-principles-and-guidelines.docx" size="29120" user="BenjaminLong" version="1"

Revision 22017-06-16 - BenjaminLong

Line: 1 to 1
 
META TOPICPARENT name="WebHome"
Added:
>
>
<--

Top Bar of TopMenuSkin

Top bar of TopMenuSkin, replacing WebTopBar.


-->

VVSG Principles and Guidelines

Purpose

This topic is for the discussion and development of the Principles and Guidlines for VVSG 2.0.

  • An initial document capturing preliminary thoughts on principles and guidelines is located here in MS-word and PDF formats.

Comments

<--/commentPlugin-->

META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.pdf" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.pdf" path="vvsg-2.0-draft-principles-and-guidelines.pdf" size="240527" user="BenjaminLong" version="1"
META FILEATTACHMENT attachment="vvsg-2.0-draft-principles-and-guidelines.docx" attr="" comment="" date="1497636508" name="vvsg-2.0-draft-principles-and-guidelines.docx" path="vvsg-2.0-draft-principles-and-guidelines.docx" size="29120" user="BenjaminLong" version="1"

Revision 12017-06-16 - BenjaminLong

Line: 1 to 1
Added:
>
>
META TOPICPARENT name="WebHome"
 
This site is powered by the TWiki collaboration platform Powered by PerlPLEASE NOTE: This wiki is a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. All the material on this website is in the public domain, including any text, diagrams, or images, unless indicated explicitly. Don't share anything on this site that you do not want to be public. Do not pass any proprietary documents or put any on the TWiki with implied public disclosure. If you do, it shall be deemed to have been disclosed on a non-confidential basis, without any restrictions on use by anyone, except that no valid copyright or patent right shall be deemed to have been waived by such disclosure. Certain commercial equipment, instruments, materials, systems, software, and trade names may be identified throughout this site in order to specify or identify technologies adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the systems or products identified are necessarily the best available for the purpose. Any data provided on this site is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, you will be leaving NIST webspace. Links to other websites are provided because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose.