NIST and Computer Security Competencies and Resources to Support E-Voting and Security Ed Roback Chief, Computer Security Division Information Technology.

Slides:



Advertisements
Similar presentations
Trusting the Vote Ben Adida - Cryptography and Information Security Group MIT Computer Science and Artificial.
Advertisements

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
NIST Special Publication , “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.
1 Securing U.S. Federal Information Systems and Beyond: NIST Activities and Other Government Initiatives Ed Roback Chief, Computer Security Division April.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.
National Institute of Standards and Technology (NIST) The Information Technology Lab Computer Security Division (893)
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information System Security Association-Washington D.C. NIST Special Publication Protecting Controlled.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
NIST Computer Security Activities William C. Barker April 2009 U.S. Department of Commerce.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Information Security and Assurance Center 1 Address: 615 McCallie Avenue Phone: Chattanooga TN 37403
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
November 9, NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.
Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Stephen S. Yau 1CSE Fall 2006 IA Policies.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
An Overview of the NIST’s Cyber Security Program Donna F. Dodson Deputy Chief Cyber Advisor October 2009.
Complying With The Federal Information Security Act (FISMA)
NVLAP Overview and Accreditation Process March 2006.
Election Assistance Commission United States VVSG Technical Guidelines Development Committee (TGDC) NIST July 20, 2015 Gaithersburg,
Panel: Moderator: Michele Iversen Guest Experts: Dr. Ron Ross, Rod Beckstrom, Bob Wandell.
Transport & Security Standards Workgroup Notice of Proposed Rulemaking Comments Dixie Baker, Chair Lisa Gallagher, Co-Chair May 15, 2015.
ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
Secure Information Technology Center - Austria Workshop on the certification of e-voting systems Council of Europe Strasbourg, 26 November 2009 Certification.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
A2LA IT Program Update 2008 Assessor Conclave. A2LA IT Accreditation Scope - Any aspect of a hardware and or software environment that is under test Scope.
12/9-10/2009 TGDC Meeting NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Integrated Enterprise-wide Risk Management Protecting Critical Information Assets and Records FIRM Forum.
National Institute of Standards and Technology 1 The Federal Information Security Management Act Reinforcing the Requirements for Security Awareness Training.
Accreditation for Voting Equipment Testing Laboratories Gordon Gillerman Standard Services Division Chief
Georgia Electronic Voting System Testing and Security Voting Systems Testing Summit November 29, 2005.
The Value of Common Criteria Evaluations Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive;
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Risk in New Computing Paradigms Applying FISMA Standards and Guidelines to Cloud Computing Workshop.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
TGDC Meeting, July 2010 Security Considerations for Remote Electronic UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology
NIST Computer Security Framework and Grids Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Freely Adapted by Bob Cowles (SLAC/OSG) for JSPG 13-Mar-2007.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
IEEE P2600 Working Group CygnaCom Solutions Introduction Kris Rogers 25 April 2007.
Certification and Validation Process NPIVP Workshop - March 03, 2006.
Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.
OFFICE OF VA ENTERPRISE ARCHITECTURE VA EA Cybersecurity Content Line of Sight Report April 29, 2016.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.
Computer Security Division Information Technology Laboratory
NIST Computer Security Activities
State Board of Elections Computers
Capabilities Matrix Access and Authentication
National Institute of Standards and Technology (NIST) The Information Technology Lab Computer Security Division (893)
Introduction to the Federal Defense Acquisition Regulation
Medical Device Cybersecurity Legislative Activities - Overview
Special Publication Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Dr. Ron Ross Computer Security.
NIST Computer Security Activities
Matthew Christian Dave Maddox Tim Toennies
NIST Computer Security Activities
NIST Computer Security Activities
NIST Computer Security Activities
National Institute of Standards and Technology (NIST) The Information Technology Lab Computer Security Division (893)
Group Meeting Ming Hong Tsai Date :
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

NIST and Computer Security Competencies and Resources to Support E-Voting and Security Ed Roback Chief, Computer Security Division Information Technology Laboratory July 9, 2004

2 NIST Security Statutory Mandates Federal Information Security Management Act (FISMA) of 2002 Federal security standards and guidelines Minimum requirements Categorization standards Support of Information Security and Privacy Advisory Board (ISPAB)

3 Statutory Mandates (concluded) Cyber Security Research and Development Act of 2002 Extramural research support Fellowships Intramural research Checklists National Research Council (NRC) study

4 General Security Issues with E-Voting Systems  Accidental misuse  Non-malicious errors  Voter manipulation  Over voting, voter coercion  Vote manipulation  Modifying vote tallies  Adding/deleting votes  Results verification  Modification of the software/firmware  Addition/deletion of software/firmware

5 Specific Risks to E-Voting Systems Unauthorized modification of system components Alteration of system audit trails Modification/prevention of vote recording Adding vote data Adding duplicate votes

6 Specific Risks to E-Voting Systems (concluded) Modifying calculated vote totals Modifying vote tallies in transit Preventing access to individual votes and vote tallies Unauthorized access to vote data Unauthorized access to security-relevant data, e.g., audit logs Unauthorized disclosure of voting data Denial of service during or after an election

Security Control RisksRelated NIST Documents and Standards Access ControlUnauthorized modification, unauthorized access FIPS 190, FIPS 196, SP , SP AssuranceUnauthorized modification, Modifying votes, preventing vote recording, denial of service FIPS 140-2, Common Criteria, SP , SP , SP A IntegrityDuplicate/fraudulent votes, modifying vote totals, modifying tallies in transit FIPS 180-2, FIPS , FIPS 198, SP , SP AuditingAltering audit trails, modifying vote record, preventing vote recording SP , SP ConfidentialityUnauthorized disclosure of vote data, audit data, system configuration FIPS 46-3, FIPS 197, SP , SP , SP A Available via csrc.nist.gov

8 Applicable NIST Security Activities Cryptographic Standards and E-Authentication Key management guidance Identity management infrastructure Emerging Technologies Smartcard infrastructure Wireless/Mobile device security Checklists/benchmarks Management and Assistance Guide for selecting IT security products and services Certification and Accreditation (C&A)

9 Applicable NIST Security Activities (concluded) Security Testing Cryptographic Module Validation Program (CMVP) Certification and Accreditation (C&A) National Information Assurance Partnership (NIAP) Additional NIST security-related competencies Protocols Network Security Forensics Biometrics

10 Contact Information Ed Roback, Chief, Computer Security Division 100 Bureau Dr., Stop 8930 Gaithersburg, MD phone: Web site: csrc.nist.gov