Prep for nist eac meeting status and issues
1 / 23

Prep for NIST/EAC Meeting: Status and Issues - PowerPoint PPT Presentation

  • Uploaded on

Prep for NIST/EAC Meeting: Status and Issues. February 24, 2006 Mark Skall Chief, SDCT ITL. Content. Background Recap of 2005 Activities New VVSG Work Issues. Background: NIST “Help America Vote Act” Responsibilities. Chair Technical Guidelines Development Committee (TGDC)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Prep for NIST/EAC Meeting: Status and Issues' - gypsy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Prep for nist eac meeting status and issues

Prep for NIST/EAC Meeting:Status and Issues

February 24, 2006

Mark Skall

Chief, SDCT



  • Background

  • Recap of 2005 Activities

  • New VVSG Work

  • Issues

Background nist help america vote act responsibilities

Background: NIST “Help America Vote Act” Responsibilities

Chair Technical Guidelines Development Committee (TGDC)

Provide technical support to TGDC in the development of voluntary voting system guidelines including:

Human factors


Methods to detect and prevent fraud

Accredit testing labs (NVLAP)

Activities since 9 05 tgdc meeting

Activities Since 9/05 TGDC Meeting Responsibilities

October 2005: NIST Threat Analysis for Voting Systems Workshop

November 2005: VVSG 2007 Timeline approved by EAC

November/December 2005: Assisted EAC in VVSG Comments Resolution

December 2005: Final VVSG adopted Dec 13, 2005

EAC to publish final version February 2006

January/February: Continued VVSG 2007 development

Preparation for March 2006 TGDC meeting

SOW signed

Threat analysis workshop
Threat Analysis Workshop Responsibilities

  • Held October 2005, NIST

  • Goal was to arrive at general agreement on justifications for security requirements

    • Most major players from academia and election community

    • All threats and analysis were public

  • General agreement that the workshop was effective at focusing work on specific threats (as opposed to speculation)

  • Follow-on planned for June, 2006 with George Washington U.

  • Extensive threat analysis report being considered with Brennan Center

    • Recommendations for voting system requirements

    • Recommendations for election officials

Vvsg 2005 comments resolution
VVSG 2005 Comments Resolution Responsibilities

  • EAC asked NIST for assistance

  • Significant 45 day effort, led by EAC

  • NIST analyzed comments and provided input, EAC made final determinations

  • Many (50%) are to be addressed in 2007 version

  • NIST awaiting all comments/resolutions from EAC for use in 2007 development

Final 2005 vvsg
Final 2005 VVSG Responsibilities

  • Final version expected to be published in Federal Register within next weeks

Vvsg 2007 timeline
VVSG 2007 Timeline Responsibilities

  • Reached agreement with EAC on general timeline of VVSG development

  • Final delivery date is July 2007

  • Staged modules of new requirements

    • VVPAT – April 2006

    • Usability – July 2006 (may now be Fall 2006)

    • IV (Independent Verification) – Jan, 2007

  • EAC will handle subsequent public reviews and comments for each module

    • Ramifications of time/effort required for NIST staff unknown

Major goals for vvsg 2007
Major Goals for VVSG 2007 Responsibilities

  • A comprehensive standards guideline, a complete rewrite of 2002 VSS with updated and expanded material, to:

    • Provide complete and comprehensive guideline for vendors and test labs

    • Provide clear, usable requirements discussion with associated test methods

    • Address security and human factors developments since 2002 VSS

    • Respond to all TGDC Jan’05 resolutions

    • Must also address comments submitted for VVSG 2005

Vvsg 2007 overview
VVSG 2007 Overview Responsibilities

  • 4 major sections (plus large overview):

    • A product standard, containing general and voting-activity related requirements (e.g., setup, cast, count, …)

    • A terminology standard (NIST glossary)

    • A standard on data to be provided by testing authorities or the vendor

    • A testing standard including all test methods, testing requirements, evaluation guidelines, test cases, etc.

Current status
Current Status Responsibilities

  • Work underway in HFP, CRT, and STS

  • More outreach to EAC, election community, and vendors

  • Preparation for March TGDC meeting

Outreach efforts
Outreach Efforts Responsibilities

  • NIST reaching out to vendors, election community for input and data

    • ITAA-sponsored vendor teleconferences

    • Q&As with vendors on accuracy and security issues

    • Presentations/talks at NASS, NASED, The Election Center, State governments

    • Involvement with NSF-funded ACCURATE group

    • More workshops planned (e.g., threat analysis, cryptographic voting protocols)

ACCURATE Responsibilities

  • A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections

  • Funded by NSF for 7.5M

  • Mainly academic researchers

    • Research appears useful to NIST requirements development

    • NIST invited to attend ACCURATE workshops, Sharon Laskowski on ACCURATE board

    • Closer working relationships planned

Current hfp work
Current HFP Work Responsibilities

  • Lab populated with systems from major vendors – for usability research and metrics development

  • Working with contractors on white papers, usability benchmarks

  • Tests involve human subjects, required for accuracy and time-to-vote requirements

  • Issues with usability module for July, 2006

Hfp white papers for tgdc meeting
HFP White Papers for TGDC Meeting Responsibilities

  • "Progress Report on the Development of a User-Based Conformance Test for the Usability of Voting Equipment”

  • "Overview of Proposed Human Performance Metrics for Voting Systems“

  • "Guidelines for Writing Clear Instructions and Messages for Voters and Poll Workers“

  • "Ballot Design Guidance"

Current crt work
Current CRT Work Responsibilities

  • Various VSS and VVSG 2005 issue resolution

  • Requirements conformance specification

    • Definition of voting system classes, conformance definitions

  • Test methods development

  • Voting by activity requirements development

    • Pre-voting, casting, counting, reporting requirements

  • Performance and workmanship requirements development

  • Continued glossary development

Crt deliverables for tgdc meeting
CRT Deliverables for TGDC Meeting Responsibilities

  • Hardware/Software performance requirements

  • Workmanship requirements

  • Casting, counting, reporting requirements

Current sts work
Current STS Work Responsibilities

  • Requirements development for general security

    • Access control, cryptography

  • Open-ended testing white paper

  • IV research, VVPAT update

  • Threat Analysis workshop

  • Outreach with ACCURATE, other groups

Sts deliverables for tgdc meeting
STS Deliverables for TGDC Meeting Responsibilities

  • Access Control requirements

  • General Cryptography requirements

  • Open-Ended Testing requirements

  • VVPAT update

Possible eac issues
Possible EAC Issues Responsibilities

  • NVLAP voting system test lab accreditation issues

  • EAC Internet Voting requests

  • Revisiting the timeline

Nvlap issues
NVLAP Issues Responsibilities

  • 3 potential test labs scheduled for pre-assessments in March, April, May

    • 3 day on-site visits

    • NVLAP requests EAC, extensive NIST involvement

    • NIST to recommend labs to EAC within 12 months of VVSG 2005 publish (in FR?)

    • Optimistic schedule is Winter, 2006

    • Possible 4th lab for next round of pre-assessments

  • EAC has interim approach to use existing ITAs

    • EAC implication that NVLAP is behind schedule – not true

    • EAC implication that NVLAP-level accreditation of existing ITAs occurred earlier – not true

Internet voting
Internet Voting Responsibilities

  • Unclear what EAC needs or requires

  • TGDC, security community against Internet voting

  • NIST staff fully occupied with current deliverables

Timeline Responsibilities

  • EAC may wish to revisit timeline

    • Need to coordinate module reviews with TGDC, Standards Board meetings

    • Election cycles impact meeting schedules

    • EAC may favor certain material for earlier development over other material