12/9-10/2009 TGDC Meeting NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology

Slides:



Advertisements
Similar presentations
12/9-10/2009 TGDC Meeting Ballot On Demand David Flater National Institute of Standards and Technology
Advertisements

IEEE P1622 Meeting, Oct 2011 IEEE P1622 Meeting October 24-25, 2011 Overview of IEEE P1622 Draft Standard for Electronic Distribution of Blank Ballots.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
© Copyright 2009 TEM Consulting, LP - All Rights Reserved Presentation To Travis County, TX - May 27, 2009Rev 1 – 05/22/09 - HSB US Voting System Conformity.
United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
TGDC Meeting, December 2011 Andrew Regenscheid National Institute of Standards and Technology Update on UOCAVA Risk Assessment by.
TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.
Improving U.S. Voting Systems The Voters’ Perspective: Next generation guidelines for usability and accessibility Sharon Laskowski NIST Whitney Quesenbery.
Accessibility and Usability Considerations for Remote Electronic UOCAVA Voting Sharon Laskowski, PhD National Institute of Standards and Technology
TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL
Absentee Voting I.C. Title 34, Chapter 10. No Excuse Voting Any registered elector may vote absentee.
TGDC Meeting, July 2011 Update on the UOCAVA Working Group Andrew Regenscheid Mathematician, Computer Security Division, ITL
United States Election Assistance Commission EAC UOCAVA Documents: Status &Update EAC Technical Guidelines Development Committee Meeting (TGDC)
Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.
12/9-10/2009 TGDC Meeting Vote-by-Phone David Flater / Sharon Laskowski National Institute of Standards and Technology
TGDC Meeting, July 2011 UOCAVA Roadmap Update Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
TGDC Meeting, July 2011 IEEE P.1622 Update John P. Wack Computer Scientist, Software and Systems Division, ITL
Federal Voting Assistance Program Technology Programs and 2012 Cycle Initiatives Technical Guidelines Development Committee EAC-NIST January 13, 2011.
Election Mail Changes and Challenges Joint Election Officials Liaison Committee January 7, 2011 Paul Vogel President and Chief Marketing/Sales Officer.
NIST HAVA-Related Work: Status and Plans June 16, 2005 National Institute of Standards and Technology
Making every vote count. United States Election Assistance Commission HAVA 101 TGDC Meeting December 9-10, 2009.
Maryland‘s Experience with the MOVE Act Linda H. Lamone State Administrator Maryland State Board of Elections.
UOCAVA Report Overview and Status July 2008 Andrew Regenscheid Computer Security Division National Institute of Standards and Technology.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
IEEE P1622 Meeting, Feb 2011 Common Data Format (CDF) Update John P. Wack National Institute of Standards and Technology
Improving U.S. Voting Systems Security Breakout Session Improving U.S. Voting Systems Andrew Regenscheid National Institute.
Federal Voting Assistance Program Voting Initiatives and MOVE Act Joint Election Officials Liaison Committee January 7 th, 2010.
TGDC Meeting, December 2011 IEEE P1622 Common Data Format Standardization Update John P. Wack National Institute of Standards and Technology
ITU-T X.1254 | ISO/IEC An Overview of the Entity Authentication Assurance Framework.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
UOCAVA Voting in Four States A Study of Election Administration.
Usability and Accessibility Working Group Report Sharon Laskowski, PhD National Institute of Standards and Technology TGDC Meeting,
Briefing for NIST Acting Director James Turner regarding visit from EAC Commissioners March 26, 2008 For internal use only 1.
NIST Voting Program Activities Update February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
TGDC Meeting, Jan 2011 Accessibility and Usability Considerations for UOCAVA Remote Electronic Voting Systems Sharon Laskowski, PhD National Institute.
Page 1 June 2009 Internet Voting Panel - CFP Conference – OVF Presentation May 15, 2008 OVF Solutions Tour and Demonstration Daemmon Hughes, Technology.
TGDC Meeting, July 2010 Security Considerations for Remote Electronic UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology
TGDC Meeting, July 2010 Report of the UOCAVA Working Group John Wack National Institute of Standards and Technology DRAFT.
NIST Voting Program Page 1 NIST Voting Program Lynne Rosenthal National Institute of Standards and Technology
TGDC Meeting, December 2011 Overview of December TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards
TGDC Meeting, July 2011 Voluntary Voting System Guidelines Roadmap Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
ABSENTEE VOTING PROCEDURES FOR UNIFORMED AND OVERSEAS CITIZENS Election Commissioners’ Association of Mississippi Annual Meeting Presented by: Liz Bolin.
TGDC Meeting, Jan 2011 Help America Vote Act (HAVA) Roadmap Nelson Hastings National Institute of Standards and Technology
UOCAVA What we know What works Dr. Donald S. Inbody Texas State University.
TGDC Meeting, July 2010 Report on Other Resolutions from Dec 2009 TGDC Meeting John Wack National Institute of Standards and Technology
TGDC Meeting, Jan 2011 Common Data Format (CDF) Update John P. Wack National Institute of Standards and Technology
TGDC Meeting, Jan 2011 Review of UOCAVA Roadmap Nelson Hastings National Institute of Standards and Technology
NIST Voting Program Activities Update January 4, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
1 DECEMBER 9-10, 2009 Gaithersburg, Maryland TECHNICAL GUIDELINES DEVELOPMENT COMMITTEE Commissioner Donetta Davidson.
The VVSG Version 1.1 Overview Matthew Masterson Election Assistance Commission
EAC-requested VVSG Research Overview and Status June 2008 Mark Skall Chief, Software Diagnostics and Conformance Testing Division National Institute of.
© 2011 TGDC Meeting Scope of Standards and Testing Washington, DC February 8-9, 2016.
TGDC Meeting, July 2010 Overview of NIST Activities and TGDC Meeting Agenda Martin Herman, PhD National Institute of Standards and Technology
TGDC Meeting, Jan 2011 Development of High Level Guidelines for UOCAVA voting systems Andrew Regenscheid National Institute of Standards and Technology.
TGDC Meeting, Jan 2011 Path Forward for FY11 UOCAVA Activities Nelson Hastings National Institute of Standards and Technology
Briefing for the EAC Public Meeting Boston, Massachusetts April 26, 2005 Dr. Hratch Semerjian, Acting Director National Institute of Standards and Technology.
12/9-10/2009 TGDC Meeting NIST-developed Test Suites David Flater National Institute of Standards and Technology
Update: Revising the VVSG Structure Sharon Laskowski vote.nist.gov April 14, 2016 EAC Standards Board Meeting 1.
TGDC Meeting, Jan 2011 Report from Workshop on UOCAVA Remote Voting Systems Nelson Hastings National Institute of Standards and Technology
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
TGDC Meeting, Jan 2011 VVSG 2.0 and Beyond: Usability and Accessibility Issues, Gaps, and Performance Tests Sharon Laskowski, PhD National Institute of.
TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.
TGDC Meeting, Jan 2011 Accessibility and Usability Considerations for UOCAVA Remote Electronic Voting Systems Sharon Laskowski, PhD National Institute.
National Institute of Standards and Technology
Internet Voting Resources and Reports
Cloud Computing Kelley Raines.
UOCAVA Electronic Blank Ballot Delivery Use Case
Element 49 Page 217.
Presentation transcript:

12/9-10/2009 TGDC Meeting NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology

12/9-10/2009 TGDC Meeting Page 2 Overview EAC/NIST Involvement in UOCAVA voting Overview of UOCAVA Threats Report Current Work

12/9-10/2009 TGDC Meeting Page 3 EAC/NIST Involvement in UOCAVA voting -1 Help America Vote Act - EAC to study electronic transmission of ballots National Defense Authorization Act FY EAC guidelines on electronic absentee voting Military and Overseas Voting Empowerment Act- Pilot Project

12/9-10/2009 TGDC Meeting Page 4 NIST conducting research to support EAC’s efforts on UOCAVA voting Scope of current NIST research focused on security New security issues introduced by UOCAVA voting Past NIST research on usability, accessibility, reliability, software assurance, etc., would apply to UOCAVA voting systems EAC/NIST Involvement in UOCAVA voting -2

12/9-10/2009 TGDC Meeting Page 5 Past Work A Threat Analysis on UOCAVA Voting Systems Current Work IT Security Best Practices for UOCAVA Voting Systems Best Practices for Securing the Electronic Transmission of Election Materials Security Considerations for Remote Electronic UOCAVA Voting EAC/NIST Involvement in UOCAVA voting -3

12/9-10/2009 TGDC Meeting Page 6 UOCAVA Report Overview -1 NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems Report looks at using different technologies for all aspects of UOCAVA voting Splits voting process into three stages Voter Registration/Ballot Request (e.g, FPCA) Ballot Delivery Ballot Return

12/9-10/2009 TGDC Meeting Page 7 UOCAVA Report Overview -2 Five transmission methods considered for each stage Postal Mail Telephone Fax Electronic Mail Web-based (e.g., web sites)

12/9-10/2009 TGDC Meeting Page 8 UOCAVA Report Overview -3 Threat analysis performed for each transmission option at each stage Analysis based on NIST SP Risk Management Guide for Information Technology Systems Identified mitigating security controls, where possible Both technical and procedural controls Security controls taken from NIST SP Recommended Security Controls for Federal Information Systems

12/9-10/2009 TGDC Meeting Page 9 Initial Conclusions -1 Registration and Ballot Request Main concern: handling/transmitting sensitive voter information Threats to electronic transmission can be mitigated through technical controls and procedures Threats to and web-based systems pose greater security challenges

12/9-10/2009 TGDC Meeting Page 10 Initial Conclusions -2 Blank Ballot Delivery Main concerns: reliable delivery, integrity of ballots Threats to electronic transmission can be mitigated through technical controls and procedures Electronic ballot accounting more difficult than with physical ballots

12/9-10/2009 TGDC Meeting Page 11 Initial Conclusions -3 Voted Ballot Return Main concerns: reliable delivery, privacy, integrity of voter selections Electronic methods pose significant challenges Fax presents fewer challenges, but limited privacy protection Threats to telephone, , and web voting are more serious and challenging to overcome

12/9-10/2009 TGDC Meeting Current Work -1 IT Security Best Practices for UOCAVA Voting Systems Minimal set of best practices applicable to all UOCAVA election system components Intended to help jurisdictions and manufacturers develop better systems and supporting procedures Based on NIST guidelines for federal IT systems Will include best practices on user authentication, cryptography, system hardening, and network security Expected draft for public comment: 1 st quarter of 2010 Page 12

12/9-10/2009 TGDC Meeting Page 13 Current Work -2 Best Practices for Securing the Electronic Transmission of Election Materials Collected UOCAVA election procedures from multiple jurisdictions Will document security best practices for using and web sites for ballot requests and ballot delivery Augments EAC’s existing best practices for UOCAVA voting Expected draft for public comment: 2 nd quarter of 2010

12/9-10/2009 TGDC Meeting Page 14 Current Work -3 Security Considerations for Remote Electronic UOCAVA Voting Research document that will define security objectives for remote electronic voting Will identify security issues that can or cannot be solved with current technology Purpose to inform future work on remote electronic voting Expected release: 2 nd quarter of 2010

12/9-10/2009 TGDC Meeting Page 15 NISTIR 7551: A Threat Analysis on UOCAVA Voting Systems available at: UOCAVA Report