Prep for nist eac meeting status and issues
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Prep for NIST/EAC Meeting: Status and Issues PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on
  • Presentation posted in: General

Prep for NIST/EAC Meeting: Status and Issues. February 24, 2006 Mark Skall Chief, SDCT ITL. Content. Background Recap of 2005 Activities New VVSG Work Issues. Background: NIST “Help America Vote Act” Responsibilities. Chair Technical Guidelines Development Committee (TGDC)

Download Presentation

Prep for NIST/EAC Meeting: Status and Issues

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Prep for nist eac meeting status and issues

Prep for NIST/EAC Meeting:Status and Issues

February 24, 2006

Mark Skall

Chief, SDCT

ITL


Content

Content

  • Background

  • Recap of 2005 Activities

  • New VVSG Work

  • Issues


Background nist help america vote act responsibilities

Background: NIST “Help America Vote Act” Responsibilities

Chair Technical Guidelines Development Committee (TGDC)

Provide technical support to TGDC in the development of voluntary voting system guidelines including:

Human factors

Security

Methods to detect and prevent fraud

Accredit testing labs (NVLAP)


Activities since 9 05 tgdc meeting

Activities Since 9/05 TGDC Meeting

October 2005: NIST Threat Analysis for Voting Systems Workshop

November 2005: VVSG 2007 Timeline approved by EAC

November/December 2005: Assisted EAC in VVSG Comments Resolution

December 2005: Final VVSG adopted Dec 13, 2005

EAC to publish final version February 2006

January/February: Continued VVSG 2007 development

Preparation for March 2006 TGDC meeting

SOW signed


Threat analysis workshop

Threat Analysis Workshop

  • Held October 2005, NIST

  • Goal was to arrive at general agreement on justifications for security requirements

    • Most major players from academia and election community

    • All threats and analysis were public

  • General agreement that the workshop was effective at focusing work on specific threats (as opposed to speculation)

  • Follow-on planned for June, 2006 with George Washington U.

  • Extensive threat analysis report being considered with Brennan Center

    • Recommendations for voting system requirements

    • Recommendations for election officials


Vvsg 2005 comments resolution

VVSG 2005 Comments Resolution

  • EAC asked NIST for assistance

  • Significant 45 day effort, led by EAC

  • NIST analyzed comments and provided input, EAC made final determinations

  • Many (50%) are to be addressed in 2007 version

  • NIST awaiting all comments/resolutions from EAC for use in 2007 development


Final 2005 vvsg

Final 2005 VVSG

  • Final version expected to be published in Federal Register within next weeks


Vvsg 2007 timeline

VVSG 2007 Timeline

  • Reached agreement with EAC on general timeline of VVSG development

  • Final delivery date is July 2007

  • Staged modules of new requirements

    • VVPAT – April 2006

    • Usability – July 2006 (may now be Fall 2006)

    • IV (Independent Verification) – Jan, 2007

  • EAC will handle subsequent public reviews and comments for each module

    • Ramifications of time/effort required for NIST staff unknown


Major goals for vvsg 2007

Major Goals for VVSG 2007

  • A comprehensive standards guideline, a complete rewrite of 2002 VSS with updated and expanded material, to:

    • Provide complete and comprehensive guideline for vendors and test labs

    • Provide clear, usable requirements discussion with associated test methods

    • Address security and human factors developments since 2002 VSS

    • Respond to all TGDC Jan’05 resolutions

    • Must also address comments submitted for VVSG 2005


Vvsg 2007 overview

VVSG 2007 Overview

  • 4 major sections (plus large overview):

    • A product standard, containing general and voting-activity related requirements (e.g., setup, cast, count, …)

    • A terminology standard (NIST glossary)

    • A standard on data to be provided by testing authorities or the vendor

    • A testing standard including all test methods, testing requirements, evaluation guidelines, test cases, etc.


Current status

Current Status

  • Work underway in HFP, CRT, and STS

  • More outreach to EAC, election community, and vendors

  • Preparation for March TGDC meeting


Outreach efforts

Outreach Efforts

  • NIST reaching out to vendors, election community for input and data

    • ITAA-sponsored vendor teleconferences

    • Q&As with vendors on accuracy and security issues

    • Presentations/talks at NASS, NASED, The Election Center, State governments

    • Involvement with NSF-funded ACCURATE group

    • More workshops planned (e.g., threat analysis, cryptographic voting protocols)


Accurate

ACCURATE

  • A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections

  • Funded by NSF for 7.5M

  • Mainly academic researchers

    • Research appears useful to NIST requirements development

    • NIST invited to attend ACCURATE workshops, Sharon Laskowski on ACCURATE board

    • Closer working relationships planned


Current hfp work

Current HFP Work

  • Lab populated with systems from major vendors – for usability research and metrics development

  • Working with contractors on white papers, usability benchmarks

  • Tests involve human subjects, required for accuracy and time-to-vote requirements

  • Issues with usability module for July, 2006


Hfp white papers for tgdc meeting

HFP White Papers for TGDC Meeting

  • "Progress Report on the Development of a User-Based Conformance Test for the Usability of Voting Equipment”

  • "Overview of Proposed Human Performance Metrics for Voting Systems“

  • "Guidelines for Writing Clear Instructions and Messages for Voters and Poll Workers“

  • "Ballot Design Guidance"


Current crt work

Current CRT Work

  • Various VSS and VVSG 2005 issue resolution

  • Requirements conformance specification

    • Definition of voting system classes, conformance definitions

  • Test methods development

  • Voting by activity requirements development

    • Pre-voting, casting, counting, reporting requirements

  • Performance and workmanship requirements development

  • Continued glossary development


Crt deliverables for tgdc meeting

CRT Deliverables for TGDC Meeting

  • Hardware/Software performance requirements

  • Workmanship requirements

  • Casting, counting, reporting requirements


Current sts work

Current STS Work

  • Requirements development for general security

    • Access control, cryptography

  • Open-ended testing white paper

  • IV research, VVPAT update

  • Threat Analysis workshop

  • Outreach with ACCURATE, other groups


Sts deliverables for tgdc meeting

STS Deliverables for TGDC Meeting

  • Access Control requirements

  • General Cryptography requirements

  • Open-Ended Testing requirements

  • VVPAT update


Possible eac issues

Possible EAC Issues

  • NVLAP voting system test lab accreditation issues

  • EAC Internet Voting requests

  • Revisiting the timeline


Nvlap issues

NVLAP Issues

  • 3 potential test labs scheduled for pre-assessments in March, April, May

    • 3 day on-site visits

    • NVLAP requests EAC, extensive NIST involvement

    • NIST to recommend labs to EAC within 12 months of VVSG 2005 publish (in FR?)

    • Optimistic schedule is Winter, 2006

    • Possible 4th lab for next round of pre-assessments

  • EAC has interim approach to use existing ITAs

    • EAC implication that NVLAP is behind schedule – not true

    • EAC implication that NVLAP-level accreditation of existing ITAs occurred earlier – not true


Internet voting

Internet Voting

  • Unclear what EAC needs or requires

  • TGDC, security community against Internet voting

  • NIST staff fully occupied with current deliverables


Timeline

Timeline

  • EAC may wish to revisit timeline

    • Need to coordinate module reviews with TGDC, Standards Board meetings

    • Election cycles impact meeting schedules

    • EAC may favor certain material for earlier development over other material


  • Login