Cyber Security Public Working Group
Table of Contents	Useful Links
Purpose Objectives VVSG 2.0 Draft Requirements Open Areas: VVSG 2.0 DRAFT Testing Strategies Analysis of the 2007 VVSG DRAFT Recommendations Potential Areas for Voluntary Best Practices for Security Logistics Officers Chair Agency Lead Members List of regular telecon participants include, but are not limited to: Websites Email List Meeting Archive Relevant Documents	GETTING STARTED Subscribe To Working Group Email Lists TWiki Quick Start Guide Working Group Quick Start Guide HELP Voting TWiki Help TWiki Users' Quick Reference Sheet (pdf) Webinars and Step-by-step Video Tutorials VVSG 2.0 DRAFT REQUIREMENTS VVSG 2.0 draft requirements DEVELOP VVSG PRINCIPLES AND GUIDELINES VVSG 2.0 Principles and Guidelines LINKS Historical Election Process Work NIST Voting Website EAC Website

Purpose

The new VVSG is a nimble set of high level principles that will be supplemented by accompanying requirements for how systems can meet the new guidelines and obtain certification. The supplemental requirements will also detail test assertions for how the accredited test laboratories will validate that the system complies with those requirements.

The new VVSG structure is anticipated to be:

• Principles: High level system design goals;
• Guidelines: Broad description of the functions that make up a voting system;
• Requirements: Technical details necessary for manufacturers to design devices that meet the principles and guidelines of a voting system;
• Test Assertions: Technical specifications required for laboratories to test a voting system against the requirements.

Objectives

• Identifying Security Objectives and Principles
  

  Main Topic: SecurityObjectives
  
  Identify critical high-level voting system security objectives to structure our work. Examine related requirements from the VVSG 1.1, the draft VVSG 2.0, and other general computer security guidelines to help us develop the list of objectives.
  
  

• Investigate Priority Election Use Cases (Complete)
  
  Main Topic: UseCasesSecurity
  
  Initial topics include:
  • Electronic Pollbooks
  • Ballot Delivery
  • Ballot-on-Demand
  • Ballot Marking
  • Auditing
  • Election Night Reporting
    
    
• Collect/Develop Best Practices
  

  Main Topic: SecurityBestPractices
  
  Provide election officials with security best practices tailored for voting systems, identifying actionable security controls and procedures that can be implemented by jurisdictions.

• Identifying and Prioritizing Risks
  

  Collect, discuss and analyze information on risks in voting systems in order to identify and prioritize issues that should be addressed in the next VVSG.

VVSG 2.0 Draft Requirements

The following are draft requirements under development, organized by VVSG 2.0 Prinicples & Guidelines.

Prinicple 2 - High Quality Implementation

• Software Requirements (Clean) - Draft - March 27, 2019
• Software Requirements (Tracked Changed) - Draft, May 24, 2018
• Software Requirements - Draft, May 9, 2018

• Auditable Requirements (Clean) - Draft, March 22, 2019
• Auditable Requirements (Clean) - Draft, April 23, 2018
• Auditable Requirements (Tracked Changed) - Draft, April 23, 2018
• Auditable Requirements (Track Changes) - Draft, December 12, 2018
• Auditable Requirements - Draft, December 12, 2017
• Auditable Requirements - Draft, December 1, 2017
• Early Risk Limiting Audit Requirements - Draft, November 17, 2017
• Early Software Independence Requirements - Draft, October 20, 2017
• Early Software Independence Requirements - Draft, October 6, 2017

• Ballot Secrecy Requirements (Clean) - Draft, March 20, 2019
• Ballot Secrecy Requirements (Clean) - Draft, April 23, 2018
• Ballot Secrecy Requirements (Tracked Changed) - Draft, April 23, 2018
• Ballot Secrecy Requirements - Draft, January 17, 2018
• Ballot Secrecy Comments - February 1, 2018
• Ballot Secrecy Requirements - Draft, January 5, 2018

• Access Control Requirements (Clean) - Draft, March 21, 2019
• Access Control Requirements (Clean) - Draft, April 23, 2018
• Access Control Requirements (Tracked Changed) - Draft, April 23, 2018
• Access Control Requirements - Draft, February 14, 2018
• Access Control Requirements - Draft, February 1, 2018
• Access Control Comments - February 1, 2018
• Access Control Requirements - Draft, January 17, 2018

• Physical Security (Clean) - Draft, March 20, 2019
• Physical Security (Clean) - Draft, April 23, 2018
• Physical Security Requirements - Draft, January 3, 2018
• Physical Security Requirements - Draft, December 15, 2017

• Data Protection (Clean) - Draft, March 21, 2019
• Data Protection (Clean) - Draft, April 23, 2018
• Data Protection Requirements (Tracked Changed) - Draft, April 23, 2018
• Data Protection Requirements - Draft, March 21, 2018

• System Integrity Requirements (Clean) - Draft, March 22, 2019
• System Integrity Requirements (Clean) - Draft, April 23, 2018
• System Integrity Requirements (Tracked Changes) - Draft, April 23, 2018
• System Integrity Requirements - Draft, February 14, 2018
• System Integrity Comments - February 14, 2018
• System Integrity Requirements - Draft, January 29, 2018

• Detection & Monitoring Requirements (Clean) - Draft, March 22, 2019
• Detection & Monitoring Requirements (Clean) - Draft, April 23, 2018
• Detection & Monitoring Requirements - Draft, February 28, 2018

Open Areas:

This is a list of open areas within the VVSG 2.0 draft requirements. The open areas are unresolved topics.

• Ballot Barcodes & Encoding Schemes
  • DRAFT June 21, 2019
  • DRAFT Req Suggestions June 21, 2019
  • DRAFT June 14, 2019
  • DRAFT March 29, 2019
  • DRAFT March 19, 2019
  • DRAFT February 28, 2019
• Indirect Voter Associations
  • DRAFT June 14, 2019
• Cryptographic End-to-End Systems
• Use of Wireless Technology (WiFi, Bluetooth, NFC, etc.)
• Internet Connectivity

VVSG 2.0 DRAFT Testing Strategies

We will develop testing guidance for the VVSG 2.0 security requirements.

Methodology document for developing testing guidance.

PA VOTING SYSTEM SECURITY STANDARD: This document is Attachment E to the Directive for electronic voting systems by Pennsylvania's Department of State. It includes test specifications for testing and analysis of Pennsylvania's voting systems.

Analysis of the 2007 VVSG DRAFT Recommendations

Copies of draft and final gap analysis documents are located here.

• Preliminary 2007 VVSG Security Gap Analysis
• February 13, 2017 TGDC Presentation on Security Principles & Guidelines

• 2007 VVSG Auditing Requirements - Final, June 20, 2017
• 2007 VVSG Auditing Requirements - Draft, June 12, 2017
• 2007 VVSG Auditing Requirements - Draft, June 1, 2017
• 2007 VVSG Auditing Requirements Gap Analysis
• Draft Post Election Outcomes Audit Types (Link to Google Doc)
• Draft Risk Limiting Audits Requirements ( Link to Google Doc)
• February 13, 2017 TGDC Presentation on Auditability

• 2007 VVSG Ballot Secrecy Requirements - Final, June 21, 2017
• 2007 VVSG Ballot Secrecy Requirements - Draft, June 12, 2017
• 2007 VVSG Ballot Secrecy Requirements Gap Analysis

• 2007 VVSG System Event Log Requirements - Final, July 12, 2017
• 2007 VVSG System Event Log Requirements - Draft, June 12, 2017
• 2007 VVSG System Event Log Requirements Gap Analysis

• 2007 VVSG Communication Security Requirements - Final, October 11, 2017
• 2007 VVSG Communication Security Requirements - Draft, June 26, 2017
• 2007 VVSG Communication Security Requirements Gap Analysis

• 2007 VVSG Physical Security Requirements - Final July 12, 2017
• 2007 VVSG Physical Security Requirements - Draft, June 26, 2017
• 2007 VVSG Physical Security Requirements Gap Analysis

• 2007 VVSG Cryptography Requirements - Final, October 11, 2017
• 2007 VVSG Cryptography Requirements - Draft, July 12, 2017
• 2007 VVSG Cryptography Requirements Gap Analysis

• 2007 VVSG Setup Inspection Requirements - Final, October 20, 2017
• 2007 VVSG Setup Inspection Requirements - Draft, August 7, 2017
• 2007 VVSG Setup Inspection Requirements Gap Analysis

• 2007 VVSG Software Installation Requirements - Final, October 20, 2017
• 2007 VVSG Software Installation Requirements - Draft, August 7, 2017
• 2007 VVSG Software Installation Requirements Gap Analysis

• 2007 VVSG Access Control Requirements - Final, December 07, 2017
• 2007 VVSG Access Control Requirements - Draft, September 21, 2017
• 2007 VVSG Access Control Requirements Gap Analysis

• 2007 VVSG System Integrity Requirements - Final, December 07, 2017
• 2007 VVSG System Integrity Requirements - Draft, September 21, 2017
• 2007 VVSG System Integrity Requirements Gap Analysis

Potential Areas for Voluntary Best Practices for Security

In no particular order:

• Electronic signature verification

• Provisional ballot and qualification in question handling
• Use of public telecom
• Indicators of compromise for voting systems
• Compliance audits
• Risk limiting audits
• Cryptographic key and password management

Logistics

Meeting Information:

Cybersecurity Working Group Call

Please join my meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/790412477

You can also dial in using your phone.
United States: +1 (571) 317-3122

Access Code: 790-412-477

The schedule for the Working Group is:

Every Friday from 2-3:30pm.

(Schedule updated 06/07/2019)

The first NIST Voting System CyberSecurity Working Group teleconference was on August 11th, 2016 from 11:00AM-12:00PM Eastern Time.

Officers

Chair

Name: David Wagner

Email: daw@cs.berkeley.edu

Affiliation: Univ. of California, Berkeley

Agency Lead

Name: Gema Howell

Email: Gema.Howell@nist.gov

Affiliation: NIST

Members

Participation in this Working Group is open to all interested parties. There are no membership fees.

List of regular telecon participants include, but are not limited to:

• Gema Howell, NIST
• Jessica Bowers, EAC
• Lynn Garland
• Steven Blachman, Hart
• Aaron Wilson, CIS
• Neal McBurnett, ElectionAudits
• Lauren Massa Lochridge
• Trevor Timmons, Colorado Secretary of State’s Office
• Paul Hain, Election Systems & Software
• Susan Greenhalgh, Verified Voting
• Joel Franklin, ES&S
• John Dziurlaj, Hilton Roscoe
• John McCarthy, Verified Voting
• Marc Schneider, MITRE
• Bernie Hirsch, MicroVote
• Josh Benaloh, Microsoft
• Jared Marcotte, The Turnout

Websites

Wiki URL: http://collaborate.nist.gov/voting/bin/view/Voting/CyberSecurity

Email List

Email List Name: vvsg-cybersecurity

To join the list or find more information about list policies and related procedures, please visit the VVSG Working Group Lists page.

Meeting Archive

Notes from past meetings are available on the CybersecurityMeetingArchives page.

Relevant Documents

Reference relevant documents here.

Ballot Casting Assurance: Ben Adida & C. Andrew Neff

Public Evidence from Secret Ballots: Matthew Bernhard, Josh Benaloh, J. Alex Halderman, Ronald L. Rivest, Peter Y. A. Ryan, Philip B. Stark, Vanessa Teague, Poorvi L. Vora, & Dan S. Wallach

DEFCON Voting Machine Hacking Village Report: Matt Blaze, Jake Braun, Harri Hursti, Joseph Lorenzo Hall, Margaret MacAlpine, & Jeff Moss

In-depth Discussion on 17 Functions from February 2017 TGDC Meeting: Brian Hancock & Ryan Macias

Voluntary Voting System Guidelines (VVSG) Recommendations to the Election Assistance Commission - 2007: Prepared at the Direction of the TGDC

Evidence-Based Elections: P.B. Stark & D.A. Wagner

On the Notion of Software Idependence: Ronald L. Rivest & John P. Wack

A Gentle Introduction to Risk-limiting Audits: Mark Lindeman & Philip B. Stark

Machine-Assisted Election Auditing: Joseph A. Calandrino, J. Alex Halderman, & Edward W. Felten

Risks of E-Voting: Matt Bishop & David Wagner

Election Operations Assessment - Threat Trees and Matrices: University of South Alabama / EAC

Voting: What Has Changed, What Hasn’t, & Why - Research Bibliography: CALTECH/MIT Voting Technology Project

Voluntary Voting System Guidelines (VVSG) 1.1 - 2015

Voluntary Voting System Guidelines Recommendations to the Election Assistance Commission (Informally VVSG 2.0)