1 / 23

Prep for NIST/EAC Meeting: Status and Issues

Prep for NIST/EAC Meeting: Status and Issues. February 24, 2006 Mark Skall Chief, SDCT ITL. Content. Background Recap of 2005 Activities New VVSG Work Issues. Background: NIST “Help America Vote Act” Responsibilities. Chair Technical Guidelines Development Committee (TGDC)

gypsy
Download Presentation

Prep for NIST/EAC Meeting: Status and Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Prep for NIST/EAC Meeting:Status and Issues February 24, 2006 Mark Skall Chief, SDCT ITL

  2. Content • Background • Recap of 2005 Activities • New VVSG Work • Issues

  3. Background: NIST “Help America Vote Act” Responsibilities Chair Technical Guidelines Development Committee (TGDC) Provide technical support to TGDC in the development of voluntary voting system guidelines including: Human factors Security Methods to detect and prevent fraud Accredit testing labs (NVLAP)

  4. Activities Since 9/05 TGDC Meeting October 2005: NIST Threat Analysis for Voting Systems Workshop November 2005: VVSG 2007 Timeline approved by EAC November/December 2005: Assisted EAC in VVSG Comments Resolution December 2005: Final VVSG adopted Dec 13, 2005 EAC to publish final version February 2006 January/February: Continued VVSG 2007 development Preparation for March 2006 TGDC meeting SOW signed

  5. Threat Analysis Workshop • Held October 2005, NIST • Goal was to arrive at general agreement on justifications for security requirements • Most major players from academia and election community • All threats and analysis were public • General agreement that the workshop was effective at focusing work on specific threats (as opposed to speculation) • Follow-on planned for June, 2006 with George Washington U. • Extensive threat analysis report being considered with Brennan Center • Recommendations for voting system requirements • Recommendations for election officials

  6. VVSG 2005 Comments Resolution • EAC asked NIST for assistance • Significant 45 day effort, led by EAC • NIST analyzed comments and provided input, EAC made final determinations • Many (50%) are to be addressed in 2007 version • NIST awaiting all comments/resolutions from EAC for use in 2007 development

  7. Final 2005 VVSG • Final version expected to be published in Federal Register within next weeks

  8. VVSG 2007 Timeline • Reached agreement with EAC on general timeline of VVSG development • Final delivery date is July 2007 • Staged modules of new requirements • VVPAT – April 2006 • Usability – July 2006 (may now be Fall 2006) • IV (Independent Verification) – Jan, 2007 • EAC will handle subsequent public reviews and comments for each module • Ramifications of time/effort required for NIST staff unknown

  9. Major Goals for VVSG 2007 • A comprehensive standards guideline, a complete rewrite of 2002 VSS with updated and expanded material, to: • Provide complete and comprehensive guideline for vendors and test labs • Provide clear, usable requirements discussion with associated test methods • Address security and human factors developments since 2002 VSS • Respond to all TGDC Jan’05 resolutions • Must also address comments submitted for VVSG 2005

  10. VVSG 2007 Overview • 4 major sections (plus large overview): • A product standard, containing general and voting-activity related requirements (e.g., setup, cast, count, …) • A terminology standard (NIST glossary) • A standard on data to be provided by testing authorities or the vendor • A testing standard including all test methods, testing requirements, evaluation guidelines, test cases, etc.

  11. Current Status • Work underway in HFP, CRT, and STS • More outreach to EAC, election community, and vendors • Preparation for March TGDC meeting

  12. Outreach Efforts • NIST reaching out to vendors, election community for input and data • ITAA-sponsored vendor teleconferences • Q&As with vendors on accuracy and security issues • Presentations/talks at NASS, NASED, The Election Center, State governments • Involvement with NSF-funded ACCURATE group • More workshops planned (e.g., threat analysis, cryptographic voting protocols)

  13. ACCURATE • A Center for Correct, Usable, Reliable, Auditable, and Transparent Elections • Funded by NSF for 7.5M • Mainly academic researchers • Research appears useful to NIST requirements development • NIST invited to attend ACCURATE workshops, Sharon Laskowski on ACCURATE board • Closer working relationships planned

  14. Current HFP Work • Lab populated with systems from major vendors – for usability research and metrics development • Working with contractors on white papers, usability benchmarks • Tests involve human subjects, required for accuracy and time-to-vote requirements • Issues with usability module for July, 2006

  15. HFP White Papers for TGDC Meeting • "Progress Report on the Development of a User-Based Conformance Test for the Usability of Voting Equipment” • "Overview of Proposed Human Performance Metrics for Voting Systems“ • "Guidelines for Writing Clear Instructions and Messages for Voters and Poll Workers“ • "Ballot Design Guidance"

  16. Current CRT Work • Various VSS and VVSG 2005 issue resolution • Requirements conformance specification • Definition of voting system classes, conformance definitions • Test methods development • Voting by activity requirements development • Pre-voting, casting, counting, reporting requirements • Performance and workmanship requirements development • Continued glossary development

  17. CRT Deliverables for TGDC Meeting • Hardware/Software performance requirements • Workmanship requirements • Casting, counting, reporting requirements

  18. Current STS Work • Requirements development for general security • Access control, cryptography • Open-ended testing white paper • IV research, VVPAT update • Threat Analysis workshop • Outreach with ACCURATE, other groups

  19. STS Deliverables for TGDC Meeting • Access Control requirements • General Cryptography requirements • Open-Ended Testing requirements • VVPAT update

  20. Possible EAC Issues • NVLAP voting system test lab accreditation issues • EAC Internet Voting requests • Revisiting the timeline

  21. NVLAP Issues • 3 potential test labs scheduled for pre-assessments in March, April, May • 3 day on-site visits • NVLAP requests EAC, extensive NIST involvement • NIST to recommend labs to EAC within 12 months of VVSG 2005 publish (in FR?) • Optimistic schedule is Winter, 2006 • Possible 4th lab for next round of pre-assessments • EAC has interim approach to use existing ITAs • EAC implication that NVLAP is behind schedule – not true • EAC implication that NVLAP-level accreditation of existing ITAs occurred earlier – not true

  22. Internet Voting • Unclear what EAC needs or requires • TGDC, security community against Internet voting • NIST staff fully occupied with current deliverables

  23. Timeline • EAC may wish to revisit timeline • Need to coordinate module reviews with TGDC, Standards Board meetings • Election cycles impact meeting schedules • EAC may favor certain material for earlier development over other material

More Related