The voting system
"Equipment (including hardware, firmware, and software), materials, and documentation used to enact the following functions of an election: # define elections and ballot styles, # configure voting equipment, # identify and validate voting equipment configurations, # perform logic and accuracy tests, # activate ballots for voters, # record votes cast by voters, # count votes, # label ballots needing special treatment, # generate reports, # export election data including election results, # archive election data, and # produce records in support of audits." All voting systems must also: # Permit the voter to verify (in a private and independent manner) their choices before their ballot is cast and counted. # Provide the voter with the opportunity (in a private and independent manner) to change their choices or correct any error before their ballot is cast and counted. # Notify the voter if they have selected more than one candidate for a single office, inform the voter of the effect of casting multiple votes for a single office, and provide the voter an opportunity to correct their ballot before it is cast and counted. # Be accessible for individuals with disabilities in a manner that provides the same opportunity for access and participation (including privacy and independence) as for all voters. # Provide alternative language accessibility pursuant to Section 203 of the Voting Rights Act RA65Principles
High Quality Design
* Functional equipment requirements are organized as phases of running an election: ** Election and Ballot Definition ** Pre-election Setup and logic and accuracy (L&A) testing ** Opening Polls, Casting Ballots ** Closing Polls, Results Reporting ** Tabulation, Audit ** Storage * Requirements dovetail with cybersecurity in areas including: ** Pre-election setup ** Audits of barcodes versus readable content for ballot marking devices (BMDs) ** Audits of scanned ballot images versus paper ballots ** Audits of Cast Vote Record (CVR) creation ** Content of various reports ** Ability to match a ballot with its corresponding CVR * Guidance relevant to testing and certification has been moved to the EAC testing and certification manuals.High Quality Implementation
* Adds requirement to document and report on user-centered design process by developer to ensure system is designed for a wide range of representative voters, including those with and without disabilities, and election workersTransparent
* Addresses transparency from the point of view of documentation that is necessary and sufficient to understand and perform all operationsInteroperable
* Ensures that devices are capable of importing and exporting data in common data formats * Requires manufacturers to provide complete specification of how the format is implemented * Requires that encoded data uses publicly available, no-cost method * Uses common methods (for example, a USB) for all hardware interfaces * Permits commercial-off-the-shelf (COTS) devices as long as relevant requirements are still satisfiedEquivalent and Consistent Voter Access
* Applies to all modes of interaction and presentation throughout the voting session, fully supporting accessibilityVoter Privacy
* Distinguishes voter privacy from ballot secrecy and ensures privacy for marking, verifying, and casting the ballotMarked, Verified, and Cast as Intended
* Updates voter interface requirements such as font, text size, audio, interaction control and navigation, scrolling, and ballot selections review * Describes requirements that are voting system specific, but derived from federal accessibility lawRobust, Safe, Usable, and Accessible
* References, Section 508 Information and Communication Technology (ICT) Final Standards and Guidelines SAB18and Web Content Accessibility Guidelines 2.0 (WCAG 2.0) 3C10* Updates requirements for reporting developer usability testing with voters and election workersAuditable
* Focuses on machine support for post-election audits * Makes software independence mandatory * Supports paper-based and end-to-end (E2E) verifiable systems * Supports all types of audits, including risk-limiting audits (RLAs), compliance audits, and ballot-level auditsBallot Secrecy
* Includes a dedicated ballot secrecy section * Prevents association of a voter identity to ballot selectionsAccess Control
* Prevents the ability to disable logging * Bases access control on voting stage (pre-voting, activated, suspended, post-voting) * Does not require role-based access control (RBAC) * Requires multi-factor authentication for critical operations: ** Software updates to the certified voting system ** Aggregating and tabulating ** Enabling network functions ** Changing device states, including opening and closing the polls ** Deleting the audit trail ** Modifying authentication mechanismsPhysical Security
* Requires using only those exposed physical ports that are essential to voting operations * Ensures that physical ports are able to be logically disabled * Requires that all new connections and disconnections be loggedData Protection
* Clarifies that there are no hardware security requirements (for example, TPM (trusted platform module)) * Requires Federal Information Processing Standard (FIPS) 140-2 IST01validated cryptographic modules (except for end-to-end cryptographic functions) * Requires cryptographic protection of various election artifacts * Requires digitally signed cast vote records and ballot images * Ensures transmitted data is encrypted with end-to-end authenticationSystem Integrity
* Requires risk assessment and supply chain risk management strategy * Removes non-essential services * Secures configurations and system hardening * Exploit mitigation (for example, address space layout randomization (ASLR) data execution prevention (DEP) and free of known vulnerabilities * Requires cryptographic boot validation * Requires authenticated updates * Ensure sandboxing and runtime integrityDetection and Monitoring
* Ensures moderately updated list of log types * Detection systems must be updateable * Requires digital signatures or allowlisting for voting systems * Requires malware detection focusing on backend PCsHistory
Timeline
* 1990:See also
*References