Demystifying the Independent Test Authority (ITA)

Slides:



Advertisements
Similar presentations
Software Quality Assurance Plan
Advertisements

Systems Analysis and Design in a Changing World
Chapter 8: Evaluating Alternatives for Requirements, Environment, and Implementation.
Chapter 4 Quality Assurance in Context
More CMM Part Two : Details.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Overview Lesson 10,11 - Software Quality Assurance
School of Computing, Dublin Institute of Technology.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
7.2 System Development Life Cycle (SDLC)
Computer Security: Principles and Practice
8 Systems Analysis and Design in a Changing World, Fifth Edition.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Voting System Qualification How it happens and why.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL
Configuration Management Process and Environment MACS Review 1 February 5th, 2010 Roland Moser PR a-RMO, February 5 th, 2010 R. Moser 1 R. Gutleber.
SEC835 Database and Web application security Information Security Architecture.
PMP® Exam Preparation Course
Presentation of ES&S John Groh, Senior Vice President of Government Relations October 15, 2007.
Introduction to Software Quality Assurance (SQA)
Test Organization and Management
Information Systems Security Computer System Life Cycle Security.
Security Assessments FITSP-A Module 5
Software Inspection A basic tool for defect removal A basic tool for defect removal Urgent need for QA and removal can be supported by inspection Urgent.
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.
NIST HAVA-Related Work: Status and Plans June 16, 2005 National Institute of Standards and Technology
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Secretary of State Voting System Security Standards Juanita Woods Secretary of State Elections Division HAVA Information Security.
Laboratory Accreditation as a Component of the Help America Vote Act Mary H. Saunders Chief, Standards Services Division.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Accreditation for Voting Equipment Testing Laboratories Gordon Gillerman Standard Services Division Chief
Georgia Electronic Voting System Testing and Security Voting Systems Testing Summit November 29, 2005.
Briefing for NIST Acting Director James Turner regarding visit from EAC Commissioners March 26, 2008 For internal use only 1.
NIST Voting Program Activities Update February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
Panel One Why Audit? Mary Batcher Ernst & Young and Chair of ASA Working Group on Elections.
Configuration Management and Change Control Change is inevitable! So it has to be planned for and managed.
Making every vote count. United States Election Assistance Commission EAC Voting System Certification TGDC Meeting December 9-10, 2009.
1 The Evolution of Voting Systems Paul DeGregorio Vice Chairman Donetta Davidson Commissioner The U.S. Election Assistance Commission.
NIST Voting Program Barbara Guttman 12/6/07
TGDC Meeting, July 2011 Voluntary Voting System Guidelines Roadmap Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Network design Topic 6 Testing and documentation.
© Copyright 2005 TEM Consulting, LP - All Rights Reserved Presentation To EAC Aug. 23, 2005 Hearing, Denver, CORev 1 – 08/16/05 - HSB Considerations In.
NIST Voting Program Activities Update January 4, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
© Copyright 2002 TEM Consulting, LP - All Rights Reserved Presentation To GTRI Voting Technology WorkshopRev – 05/31/02 - HSB GTRI Future of Voting Technology.
The VVSG Version 1.1 Overview Matthew Masterson Election Assistance Commission
Creating Accessibility, Usability and Privacy Requirements for the Voluntary Voting System Guidelines (VVSG) Whitney Quesenbery TGDC Member Chair, Subcommittee.
PREPARATIONS FOR VOTING: IN QUEST OF INTEGRITY AND PUBLIC CONFIDENCE by Roy G. Saltman Consultant on Election Policy and Technology
Election Assistance Commission 1 Technical Guidelines Development Committee Meeting Post-HAVA Voting System Requirements – Federal Perspective February.
Briefing for the EAC Public Meeting Boston, Massachusetts April 26, 2005 Dr. Hratch Semerjian, Acting Director National Institute of Standards and Technology.
Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
TGDC Meeting, Jan 2011 VVSG 2.0 and Beyond: Usability and Accessibility Issues, Gaps, and Performance Tests Sharon Laskowski, PhD National Institute of.
The VVSG 2005 Revision Overview EAC Standards Board Meeting February 26-27, 2009 John P. Wack NIST Voting Program National Institute.
Software Engineering — Software Life Cycle Processes — Maintenance
Systems Analysis and Design in a Changing World, Fifth Edition
Introduction for the Implementation of Software Configuration Management I thought I knew it all !
Software Project Configuration Management
Software Engineering (CSI 321)
Description of Revision
Demystifying the Independent Test Authority (ITA)
Demystifying the Independent Test Authority (ITA)
Demystifying the Independent Test Authority (ITA)
QA Reviews Lecture # 6.
{Project Name} Organizational Chart, Roles and Responsibilities
Presentation transcript:

Demystifying the Independent Test Authority (ITA)                       Voting Systems Testing Summit 2005 Sacramento, CA November 28-29, 2005 Presented by: Brian Phillips

Who is SysTest Labs? Established in 1996 Sole Business Focus is to Provide Test Engineering, Quality Assurance and Certification Services Voting Systems ITA Qualification Testing Independent Verification and Validation (IV&V) Software Test Engineering Consulting and Services Accredited Software Independent Test Authority in 2001 Accredited Hardware Independent Test Authority in 2004 Small and Woman-Owned Business (70+ staff)

What is an Independent Test Authority? ITA Charter from NASED Qualification Testing of DRE Election Systems to Voting System Standards 3 main components Election Management Polling Place Central Count Not Exhaustive Testing

Federal Voting System Standards (VSS) First Developed in 1990 Voluntary Program New Standards over 3 years in making, released April 2003 Technological advances force more changes Election Assistance Commission’s charter to include Accessibility and language components

Software ITA Test Standards & Resources SysTest Labs uses the following to perform ITA Qualification Testing: Federal Election Commission Voting System Standards published April 2002, Released 2003 SysTest Labs Quality Manual & Standard Procedures (Advanced Test Operations Management™) Various review/report forms, databases, templates, and tools

HAVA’s Impact on the ITA Process HAVA Requires that NIST Accredit and Administer ITAs EAC was Established and will Administer the Funding and the VSS However Does not enforce stricter testing Does not Require States to use the ITA Process Does not Impose a State Certification Does not Require Qualification of Statewide Voter Registration Systems

Software ITA Process Pre-Qualification Technical Data Package (TDP) review and report Physical Configuration Audit - documentation, source code, test result review Functional Configuration Audit – hardware and software testing to verify logic, results and accuracy Final Qualification Report

Physical Configuration Audit (PCA) PCA Document Review of the Technical Data Package The reviewer the completes the PCA Document Review Form for each submitted document against the requirements of the VSS Includes - System Functionality, Hardware/Software/Design Specifications, Security, Training, Maintenance, User Manuals, Configuration Management and QA Program Documented in the Pre-Qualification Report sent to NASED & the vendor. Verification of Software & Hardware Configuration Examine and set up the system hardware and software components for all documented components. Verify documentation is consistent with configuration used in the hardware ITA.

Physical Configuration Audit (PCA) Source Code Review Identify code to review (New code vs. Changed code). Review vendor coding standards and customize review criteria (if necessary) for the specific programming language Manual source code review, examine the software for: Integrity- No external modification of code Follow each function looking for worms, viruses or Trojan Horses Check for buffer overflows that can lead to security compromise and the execution of malicious code. Absolute logical correctness, modularity, overall construction, and for conformance with VSS requirements and vendor coding standards. Review the system architecture for use of systems that detect intrusion. Automated source code review (if possible). Use an automated tool to obtain metrics of the Logic Control Constructs. Use security tools run to checks for constructs known to be dangerous.

Functional Configuration Audit (FCA) FCA document review of the System Test & Verification Specification and all vendor testing Complete the FCA Vendor Testing Review Form to identify test coverage of: Required Ballot Preparation and Central Count Functionality Optional Features System Level Testing Document the results of the FCA Testing Review in the Pre-qualification Report, sent to NASED and the vendor. Assess the overall adequacy of the vendor’s testing Identify any gaps in testing Identify the scope of functional testing Identify the test tasks and predecessor tasks.

Functional Configuration Audit (FCA) Define scope of testing based upon results of FCA review Create the Test Plan, sent to NASED and the vendor Customize System Level Tests to the voting system Voting Variations: Primary/General Election, Straight Party, Rotation, etc. Security: Access control policies Unauthorized changes to ballot formats, cast votes, and vote totals Alteration of voting system audit trails Access to individual votes (maintaining ballot secrecy) Test election dates 0 to 8 years out, including the presidential election cycles. Accuracy & Reliability: Meets expected results for all tests over required number of votes and time Assess any additional risks for the specific system under test. Augment tests for the specific voting system.

Functional Configuration Audit (FCA) Test Execution: Observe the build of the executable from reviewed source code. Test environment is setup per the PCA - System Configuration. Execute test cases and record results Any discovered issues are logged on the project Discrepancy Report. Discrepancies: user documentation or claims about a system vs.actual system performance. Defects: issue prevents the system from functioning correctly. Vendors must address all issues and resolve issues that impact qualification. Fixes defect or discrepancy that impacts qualification. Sends new code, it’s reviewed, regression tested and issue is closed. Decides not to support functionality or address issue with documentation. Documentation changes are reviewed, verified and issue is closed. Logs a bug for a future release or chooses not to fix if it does not impact qualification. All vendor responses are noted in the Qualification Report.

Qualification Test Report The Qualification Test Report consists of: Introduction: The vendor’s system, any changes and SysTest. Qualification Test Background: Test Process and Terms System Identification: System, Version, Test Environment System Overview: System Design and Operations Qualification Test Results and Recommendations: Test/Review Results, Deficiencies and Recommendation Appendix – Test Operations , Findings and Data Analysis: Qualification Test Requirements, Source Code Review, TDP Review Summary, Test Results and Discrepancy Report NASED Signatory reviews and signs the report . The report’s sent to the vendor and the NASED Technical Committee. Committee has five days to question the report. Report is revised with NASED Certification Number added. Report is distributed to states or jurisdiction upon request from the vendor

Process after ITA State Certification County Acceptance Testing

DRE DRE’s, or Direct Recording Electronic devices are NOT Internet voting. Most Election systems are not even wired or networked for transmittal of any results Some burn CD’s with the data, and rely on poll workers or County officials to extract and handle the official data

DRE Risk Factors Risk Factors Voter Confidence, e.g., grocery scanning Now open to potential hacking Control of DRE components Audit Trail Poll Worker training Counterfeit receipts Logistic issues Voter Confidence, e.g., grocery scanning Receipts How does an ITA confirm reliability and accuracy

We Test . . . You Succeed Trust the Experts