prep for nist eac meeting status and issues
Download
Skip this Video
Download Presentation
Prep for NIST/EAC Meeting: Status and Issues

Loading in 2 Seconds...

play fullscreen
1 / 23

Prep for NIST/EAC Meeting: Status and Issues - PowerPoint PPT Presentation


  • 123 Views
  • Uploaded on

Prep for NIST/EAC Meeting: Status and Issues. February 24, 2006 Mark Skall Chief, SDCT ITL. Content. Background Recap of 2005 Activities New VVSG Work Issues. Background: NIST “Help America Vote Act” Responsibilities. Chair Technical Guidelines Development Committee (TGDC)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Prep for NIST/EAC Meeting: Status and Issues' - gypsy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
prep for nist eac meeting status and issues

Prep for NIST/EAC Meeting:Status and Issues

February 24, 2006

Mark Skall

Chief, SDCT

ITL

content
Content
  • Background
  • Recap of 2005 Activities
  • New VVSG Work
  • Issues
background nist help america vote act responsibilities

Background: NIST “Help America Vote Act” Responsibilities

Chair Technical Guidelines Development Committee (TGDC)

Provide technical support to TGDC in the development of voluntary voting system guidelines including:

Human factors

Security

Methods to detect and prevent fraud

Accredit testing labs (NVLAP)

activities since 9 05 tgdc meeting

Activities Since 9/05 TGDC Meeting

October 2005: NIST Threat Analysis for Voting Systems Workshop

November 2005: VVSG 2007 Timeline approved by EAC

November/December 2005: Assisted EAC in VVSG Comments Resolution

December 2005: Final VVSG adopted Dec 13, 2005

EAC to publish final version February 2006

January/February: Continued VVSG 2007 development

Preparation for March 2006 TGDC meeting

SOW signed

threat analysis workshop
Threat Analysis Workshop
  • Held October 2005, NIST
  • Goal was to arrive at general agreement on justifications for security requirements
    • Most major players from academia and election community
    • All threats and analysis were public
  • General agreement that the workshop was effective at focusing work on specific threats (as opposed to speculation)
  • Follow-on planned for June, 2006 with George Washington U.
  • Extensive threat analysis report being considered with Brennan Center
    • Recommendations for voting system requirements
    • Recommendations for election officials
vvsg 2005 comments resolution
VVSG 2005 Comments Resolution
  • EAC asked NIST for assistance
  • Significant 45 day effort, led by EAC
  • NIST analyzed comments and provided input, EAC made final determinations
  • Many (50%) are to be addressed in 2007 version
  • NIST awaiting all comments/resolutions from EAC for use in 2007 development
final 2005 vvsg
Final 2005 VVSG
  • Final version expected to be published in Federal Register within next weeks
vvsg 2007 timeline
VVSG 2007 Timeline
  • Reached agreement with EAC on general timeline of VVSG development
  • Final delivery date is July 2007
  • Staged modules of new requirements
    • VVPAT – April 2006
    • Usability – July 2006 (may now be Fall 2006)
    • IV (Independent Verification) – Jan, 2007
  • EAC will handle subsequent public reviews and comments for each module
    • Ramifications of time/effort required for NIST staff unknown
major goals for vvsg 2007
Major Goals for VVSG 2007
  • A comprehensive standards guideline, a complete rewrite of 2002 VSS with updated and expanded material, to:
    • Provide complete and comprehensive guideline for vendors and test labs
    • Provide clear, usable requirements discussion with associated test methods
    • Address security and human factors developments since 2002 VSS
    • Respond to all TGDC Jan’05 resolutions
    • Must also address comments submitted for VVSG 2005
vvsg 2007 overview
VVSG 2007 Overview
  • 4 major sections (plus large overview):
    • A product standard, containing general and voting-activity related requirements (e.g., setup, cast, count, …)
    • A terminology standard (NIST glossary)
    • A standard on data to be provided by testing authorities or the vendor
    • A testing standard including all test methods, testing requirements, evaluation guidelines, test cases, etc.
current status
Current Status
  • Work underway in HFP, CRT, and STS
  • More outreach to EAC, election community, and vendors
  • Preparation for March TGDC meeting
outreach efforts
Outreach Efforts
  • NIST reaching out to vendors, election community for input and data
    • ITAA-sponsored vendor teleconferences
    • Q&As with vendors on accuracy and security issues
    • Presentations/talks at NASS, NASED, The Election Center, State governments
    • Involvement with NSF-funded ACCURATE group
    • More workshops planned (e.g., threat analysis, cryptographic voting protocols)
accurate
ACCURATE
  • A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections
  • Funded by NSF for 7.5M
  • Mainly academic researchers
    • Research appears useful to NIST requirements development
    • NIST invited to attend ACCURATE workshops, Sharon Laskowski on ACCURATE board
    • Closer working relationships planned
current hfp work
Current HFP Work
  • Lab populated with systems from major vendors – for usability research and metrics development
  • Working with contractors on white papers, usability benchmarks
  • Tests involve human subjects, required for accuracy and time-to-vote requirements
  • Issues with usability module for July, 2006
hfp white papers for tgdc meeting
HFP White Papers for TGDC Meeting
  • "Progress Report on the Development of a User-Based Conformance Test for the Usability of Voting Equipment”
  • "Overview of Proposed Human Performance Metrics for Voting Systems“
  • "Guidelines for Writing Clear Instructions and Messages for Voters and Poll Workers“
  • "Ballot Design Guidance"
current crt work
Current CRT Work
  • Various VSS and VVSG 2005 issue resolution
  • Requirements conformance specification
    • Definition of voting system classes, conformance definitions
  • Test methods development
  • Voting by activity requirements development
    • Pre-voting, casting, counting, reporting requirements
  • Performance and workmanship requirements development
  • Continued glossary development
crt deliverables for tgdc meeting
CRT Deliverables for TGDC Meeting
  • Hardware/Software performance requirements
  • Workmanship requirements
  • Casting, counting, reporting requirements
current sts work
Current STS Work
  • Requirements development for general security
    • Access control, cryptography
  • Open-ended testing white paper
  • IV research, VVPAT update
  • Threat Analysis workshop
  • Outreach with ACCURATE, other groups
sts deliverables for tgdc meeting
STS Deliverables for TGDC Meeting
  • Access Control requirements
  • General Cryptography requirements
  • Open-Ended Testing requirements
  • VVPAT update
possible eac issues
Possible EAC Issues
  • NVLAP voting system test lab accreditation issues
  • EAC Internet Voting requests
  • Revisiting the timeline
nvlap issues
NVLAP Issues
  • 3 potential test labs scheduled for pre-assessments in March, April, May
    • 3 day on-site visits
    • NVLAP requests EAC, extensive NIST involvement
    • NIST to recommend labs to EAC within 12 months of VVSG 2005 publish (in FR?)
    • Optimistic schedule is Winter, 2006
    • Possible 4th lab for next round of pre-assessments
  • EAC has interim approach to use existing ITAs
    • EAC implication that NVLAP is behind schedule – not true
    • EAC implication that NVLAP-level accreditation of existing ITAs occurred earlier – not true
internet voting
Internet Voting
  • Unclear what EAC needs or requires
  • TGDC, security community against Internet voting
  • NIST staff fully occupied with current deliverables
timeline
Timeline
  • EAC may wish to revisit timeline
    • Need to coordinate module reviews with TGDC, Standards Board meetings
    • Election cycles impact meeting schedules
    • EAC may favor certain material for earlier development over other material
ad