Updates to the draft VVSG 2.0 Security Requirements

11 views

Skip to first unread message

Howell, Gema E. (Fed)

unread,

Oct 29, 2019, 4:35:38 PM10/29/19

to vvsg-cybersecurity

Hi All,

Attached are the draft VVSG 2.0 security requirements that we discussed on the call today. Here is a list that summarizes the changes and where the changes are located:

New E2E Requirements -

Updated Section 9.1.6,
Updated 10.2.1-F
Updated 13.3-B

Unique identifiers added for auditing

Updated 9.1.5-F to remove "external mechanism"
Updated 9.1.1.C to address printing concerns.
Also added 9.1.5-G Preserving Software Independence

-unable to print in “ballot selection area

Preserving ballot secrecy for aggregating and ordering through random number generation

Updated 10.2.2-F
Updated 9.1.7-C

Prevent deletion of logs, with the exception of log rotation

Updated 11.1-C

Password complexity now points to NIST guidance

Updated 11.3.2-B
Added 11.3.2-B.1

No Wireless connections

Updated 14.2-D, 14.2-D.1 14.2-K, 15.4-C.1

No Internet usage

Updated 14.2-E and 15.4-B
Deleted the old 15.4-B on Telecommunications

Any additional thoughts or feedback by Wednesday would awesome! I will be presenting the updates to the TGDC this Friday, Nov. 1st (Here is the link to the Federal Register Notice). The requirements posted in the Federal Register Notice are the last set of requirements presented to the TGDC in September and do not include any of the updates that will be discussed on Friday.

I will work to incorporate your suggestions to the draft tonight.

Thanks for a great call and have an amazing week!

Gema Howell
National Institute of Standards and Technology
Applied Cybersecurity Division
Phone: (301)-975-0326

09-Auditability-draft-vvsg2.0-2019-10-29-GEH-trackchanges.docx

14-System-Integrity-draft-vvsg-2.0-2019-10-29-TrackChanges.docx

11-Access-Control-draft-vvsg2-2019-10-29-GEH-TrackChanges.docx

15-Detection-Monitoring-draft-vvsg2.0-2019-10-29-GH-TrackChanges.docx

13-Data-Protection-draft-vvsg2.0-2019-10-29-GEH-TrackChanges.docx

10-Ballot-Secrecy-draft-vvsg2.0-2019-10-29-GemaH-TrackChanges.docx

Josh Benaloh

unread,

Oct 31, 2019, 12:30:44 AM10/31/19

to Howell, Gema E. (Fed), vvsg-cybersecurity

All,

I am – in response to a request – including links to some extant open-source E2E-verifiable election systems and tools.

Helios – https://heliosvoting.org/

Helios is an Internet-based E2E-verifiable system that has been available for about a decade and which has been used for the casting of millions of votes.

ElectionGuard – https://github.com/microsoft/ElectionGuard-SDK

ElectionGuard is an open-source toolkit (not a stand alone election system) that was released last month. It can be incorporated into new and existing systems (both paper-based and paperless, BMDs or scanners, etc.) to enable E2E-verifiability. Many vendors are partners on this project.

Scantegirty – http://scantegrity.com/

Scantegrity is a hand-marked paper-based E2E-verifiable system that was used for public municipal elections in Takoma Park, MD in 2009 and 2011.

Many other E2E-verifiable election systems have been built and used in a variety of pilots, university elections, and other scenarios.

Josh

--
To unsubscribe from this group, send email to vvsg-cybersecur...@list.nist.gov
Visit this group at https://groups.google.com/a/list.nist.gov/d/forum/vvsg-cybersecurity
---
To unsubscribe from this group and stop receiving emails from it, send an email to vvsg-cybersecur...@list.nist.gov.

Reply all

Reply to author

Forward

0 new messages