Presentation is loading. Please wait.

Presentation is loading. Please wait.

NIST and Computer Security Competencies and Resources to Support E-Voting and Security Ed Roback Chief, Computer Security Division Information Technology.

Published byIra Mills Modified over 9 years ago

Similar presentations

Presentation on theme: "NIST and Computer Security Competencies and Resources to Support E-Voting and Security Ed Roback Chief, Computer Security Division Information Technology."— Presentation transcript:

1 NIST and Computer Security Competencies and Resources to Support E-Voting and Security Ed Roback Chief, Computer Security Division Information Technology Laboratory July 9, 2004

2 2 NIST Security Statutory Mandates Federal Information Security Management Act (FISMA) of 2002 Federal security standards and guidelines Minimum requirements Categorization standards Support of Information Security and Privacy Advisory Board (ISPAB)

3 3 Statutory Mandates (concluded) Cyber Security Research and Development Act of 2002 Extramural research support Fellowships Intramural research Checklists National Research Council (NRC) study

4 4 General Security Issues with E-Voting Systems  Accidental misuse  Non-malicious errors  Voter manipulation  Over voting, voter coercion  Vote manipulation  Modifying vote tallies  Adding/deleting votes  Results verification  Modification of the software/firmware  Addition/deletion of software/firmware

5 5 Specific Risks to E-Voting Systems Unauthorized modification of system components Alteration of system audit trails Modification/prevention of vote recording Adding vote data Adding duplicate votes

6 6 Specific Risks to E-Voting Systems (concluded) Modifying calculated vote totals Modifying vote tallies in transit Preventing access to individual votes and vote tallies Unauthorized access to vote data Unauthorized access to security-relevant data, e.g., audit logs Unauthorized disclosure of voting data Denial of service during or after an election

7 Security Control RisksRelated NIST Documents and Standards Access ControlUnauthorized modification, unauthorized access FIPS 190, FIPS 196, SP 800-56, SP 800-57 AssuranceUnauthorized modification, Modifying votes, preventing vote recording, denial of service FIPS 140-2, Common Criteria, SP 800-37, SP 800-53, SP 800- 53A IntegrityDuplicate/fraudulent votes, modifying vote totals, modifying tallies in transit FIPS 180-2, FIPS 186- 2, FIPS 198, SP 800- 56, SP 800-57 AuditingAltering audit trails, modifying vote record, preventing vote recording SP 800-12, SP 800-14 ConfidentialityUnauthorized disclosure of vote data, audit data, system configuration FIPS 46-3, FIPS 197, SP 800-17, SP 800-20, SP 800-38A Available via csrc.nist.gov

8 8 Applicable NIST Security Activities Cryptographic Standards and E-Authentication Key management guidance Identity management infrastructure Emerging Technologies Smartcard infrastructure Wireless/Mobile device security Checklists/benchmarks Management and Assistance Guide for selecting IT security products and services Certification and Accreditation (C&A)

9 9 Applicable NIST Security Activities (concluded) Security Testing Cryptographic Module Validation Program (CMVP) Certification and Accreditation (C&A) National Information Assurance Partnership (NIAP) Additional NIST security-related competencies Protocols Network Security Forensics Biometrics

10 10 Contact Information Ed Roback, Chief, Computer Security Division 100 Bureau Dr., Stop 8930 Gaithersburg, MD 20899-8930 phone: 301.975.3696 email: edward.roback@nist.govedward.roback@nist.gov Web site: csrc.nist.gov

Download ppt "NIST and Computer Security Competencies and Resources to Support E-Voting and Security Ed Roback Chief, Computer Security Division Information Technology."

Similar presentations

Trusting the Vote Ben Adida - Cryptography and Information Security Group MIT Computer Science and Artificial.

Trusting the Vote Ben Adida - Cryptography and Information Security Group MIT Computer Science and Artificial.
NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
NIST Special Publication 800-26, “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.

NIST Special Publication , “Security Self- Assessment Guide for IT Systems” and Other NIST Resources Marianne Swanson Computer Security Division.
1 Securing U.S. Federal Information Systems and Beyond: NIST Activities and Other Government Initiatives Ed Roback Chief, Computer Security Division April.

1 Securing U.S. Federal Information Systems and Beyond: NIST Activities and Other Government Initiatives Ed Roback Chief, Computer Security Division April.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.

1 NIST, FIPS, and you... Bob Grill Medi-Cal ISO July 16, 2009.
National Institute of Standards and Technology (NIST) The Information Technology Lab Computer Security Division (893)

National Institute of Standards and Technology (NIST) The Information Technology Lab Computer Security Division (893)
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information System Security Association-Washington D.C. NIST Special Publication 800-171 Protecting Controlled.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information System Security Association-Washington D.C. NIST Special Publication Protecting Controlled.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
NIST Computer Security Activities William C. Barker April 2009 U.S. Department of Commerce.

NIST Computer Security Activities William C. Barker April 2009 U.S. Department of Commerce.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Information Security and Assurance Center 1 Address: 615 McCallie Avenue Phone: 423-425-4043 Chattanooga TN 37403

Information Security and Assurance Center 1 Address: 615 McCallie Avenue Phone: Chattanooga TN 37403
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
November 9, 19991 NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.

November 9, NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.
Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.

Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Stephen S. Yau 1CSE465-591 Fall 2006 IA Policies.

Stephen S. Yau 1CSE Fall 2006 IA Policies.

Similar presentations

Ads by Google