Cybersecurity Meeting Archives

-- Andrew Regenscheid - 2016-08-22

August 11, 2016 Teleconference

Purpose: To discuss the role of the Cybersecurity Constituency Group and near-term work items.

Notes:

1) Identifying Security Objectives and Principles
Identify critical high-level voting system security objectives to structure our work. Examine related requirements from the VVSG 1.1, the draft VVSG 2.0, and other general computer security guidelines to help us develop the list of objectives.

2) Investigate Priority Election Use Cases
Initial topics include
a) Electronic Pollbooks
b) Ballot Delivery
c) Ballot-on-Demand
d) Ballot Marking
e) Auditing
f) Election Night Reporting

NIST can provide a high-level description of each use case to the group. The initial objective of this task is to provide input to the TGDC and the Election Public Working Groups to help them to make decisions regarding scope and priorities within the VVSG and other related efforts.

3) Collect/Develop Best Practices
Provide election officials with security best practices tailored for voting systems, identifying actionable security controls and procedures that can be implemented by jurisdictions.

4) Identifying and Prioritizing Risks
Collect, discuss and analyze information on risks in voting systems in order to identify and prioritize issues that should be addressed in the next VVSG.

Meeting Materials:

Presentation ( Powerpoint), ( PDF)

Actions:

  • Solicit feedback on best practices (David and Andy)
  • Distribute security principles/objectives based on VVSG 1.1 (Andy)

Comments

Might you put up the list of attendees here? Thanks, Joe

-- Joseph Kiniry - 2016-09-10

Andy reported via email to the vvsg-cybersecurity mailing list on 22 August that attendees were:

NIST: -Mary Brady -John Wack -Andrew Regenscheid -Benjamin Long -Sharon Laskowski -Gema Howell -Shanee Dawkins

EAC: -Commissioner Masterson -Ryan Macias

Members: -David Wagner -Tom Caddy - Mike F. - Matt Bishop - Neal McBurnett - Barbara Simons - David Jefferson - David Tarrant - Lauren Mass Lochridge - ~approx. 14 other call-in users

-- Joseph Kiniry - 2016-09-13

Topic attachments
I Attachment History Action Size Date Who Comment
PDFpdf cybersecurity-wg-kickoff.pdf r1 manage 1476.9 K 2016-08-22 - 16:25 AndrewRegenscheid  
PowerPointpptx cybersecurity-wg-kickoff.pptx r1 manage 745.6 K 2016-08-22 - 16:25 AndrewRegenscheid  
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r3 - 2016-09-13 - JosephKiniry
 
This site is powered by the TWiki collaboration platform Powered by PerlPLEASE NOTE: This wiki is a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. All the material on this website is in the public domain, including any text, diagrams, or images, unless indicated explicitly. Don't share anything on this site that you do not want to be public. Do not pass any proprietary documents or put any on the TWiki with implied public disclosure. If you do, it shall be deemed to have been disclosed on a non-confidential basis, without any restrictions on use by anyone, except that no valid copyright or patent right shall be deemed to have been waived by such disclosure. Certain commercial equipment, instruments, materials, systems, software, and trade names may be identified throughout this site in order to specify or identify technologies adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the systems or products identified are necessarily the best available for the purpose. Any data provided on this site is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, you will be leaving NIST webspace. Links to other websites are provided because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose.