This section contains a description of manufacturer documentation relating to the voting system that must be submitted with the system as a precondition of conformity assessment. These items are necessary to define the product and its method of operation; to provide technical and test data supporting the manufacturer's claims of the system's functional capabilities and performance levels; and to document instructions and procedures governing system operation and field maintenance. Any other items relevant to the system evaluation, such as media, materials, source code, object code, and sample output report formats, must be submitted along with this documentation.
This documentation is used by the test lab in constructing the test plan. Testing of systems submitted by manufacturers that consistently adhere to particularly strong and well-documented quality assurance and configuration management practices will generally be more efficient than for systems developed and maintained using less rigorous or less well-documented practices.
Both formal documentation and notes of the manufacturer's system development process must be submitted for conformity assessment. Documentation describing the system development process permits assessment of the manufacturer's systematic efforts to develop and test the system and correct defects. Inspection of this process also enables the design of a more precise test plan. The accredited test lab must design and conduct the appropriate tests to cover all elements of the system and to ensure conformance with all system requirements.
The content of the Technical Data Package (TDP) is intended to provide clear, complete descriptions of the following information about the system:
The manufacturer SHALL submit to the test lab documentation necessary for the identification of the full system configuration submitted for evaluation and for the development of an appropriate test plan by the test lab.
Applies To: Voting system
Source: [VSS2002] I.9.2
The manufacturer SHALL provide a list of all documents submitted controlling the design, construction, operation, and maintenance of the system.
Applies To: Voting system
Source: [VSS2002] II.2.1.1
At minimum, the TDP SHALL contain the following documentation:
Applies To: Voting system
Source: [VSS2002] II.2.1.1.1
For systems seeking reassessment, manufacturers SHALL submit system change notes as described in Part 2: 3.7 “System Change Notes”, as well as current versions of all documents that have been updated to reflect system changes.
Applies To: Voting system
DISCUSSION
Manufacturers may also submit other information relevant to the evaluation of the system, such as test documentation, and records of the system's performance history, failure analysis, and corrective actions.
Source: [VSS2002] II.2.1.1.2
The requirements for formatting the TDP are general in nature; specific format details are of the manufacturer's choosing.
The TDP SHALL include a detailed table of contents for the required documents, an abstract of each document, and a listing of each of the informational sections and appendices presented.
Applies To: Voting system
Source: [VSS2002] II.2.1.1.3
A cross-index SHALL be provided indicating the portions of the documents that are responsive to documentation requirements enumerated in Requirement Part 2: 3.1.1.1-C.
Applies To: Voting system
Source: [VSS2002] II.2.1.1.3
Although all of the TDP documentation is required for conformity assessment, some of these same items may also be required during the state certification process and local level acceptance testing. Therefore, it is recommended that the technical documentation required for conformity assessment and acceptance testing be deposited in escrow.
The manufacturer SHALL identify all documents, or portions of documents, containing proprietary information that is not releasable to the public.
Applies To: Voting system
DISCUSSION
This requirement was added to make it easier for test labs to identify information that the manufacturer considers proprietary. In current practice, test labs accepting proprietary information about a voting system from the manufacturer normally agree to use that information solely for the purpose of analyzing and testing the system, and agree to refrain from otherwise using the proprietary information or disclosing it to any other person or agency. While the content of any agreement between the test lab and manufacturer is outside of the scope of the VVSG, this requirement is intended to provide support for that practice.
An accredited test lab may reject a TDP if it is so encumbered by intellectual property claims as to obstruct the lab's delivery of the Test Plan (Part 2: Chapter 5) or Test Report (Part 2: Chapter 6).
An overuse of trade secret and patent protection may prevent certification by a certification authority (e.g., [KS05] 3.42: "The Manufacturer's entire proposal response package shall not be considered proprietary.").
Source: [VSS2002] II.2.1.3
The manufacturer SHOULD consolidate proprietary information to facilitate its removal from the Public Information Package.
Applies To: Voting system
Source: New requirement
The TDP SHALL include an implementation statement as defined in Part 1: 2.4 “Implementation Statement”.
Applies To: Voting system
DISCUSSION
Manufacturers may wish to contact their intended testing labs in advance to determine if those labs can supply them with an implementation statement pro forma to facilitate meeting this requirement.
Source: New requirement
The manufacturer SHALL expand on the system overview included in the user documentation by providing detailed specifications of the hardware components of the system, including specifications of hardware used to support the telecommunications capabilities of the system, if applicable.
Applies To: Voting system
Source: [VSS2002] II.2.4
The manufacturer SHALL provide a detailed discussion of the characteristics of the system, indicating how the hardware meets individual requirements defined in Part 1, including:
Applies To: Voting system
Source: [VSS2002] II.2.4.1
The manufacturer SHALL provide sufficient data, or references to data, to identify unequivocally the details of the system configuration submitted for testing.
Applies To: Voting system
Source: [VSS2002] II.2.4.2
The manufacturer SHALL provide photographs of the exterior and interior of devices included in the system to identify the hardware of the system configuration submitted for testing.
Applies To: Voting system
Source: New requirement
The manufacturer SHALL provide a list of materials and components used in the system and a description of their assembly into major system components and the system as a whole.
Applies To: Voting system
Source: [VSS2002] II.2.4.2
Text and diagrams SHALL be provided that describe:
Applies To: Voting system
Source: [VSS2002] II.2.4.2
For each non-COTS hardware component (e.g., an Application-Specific Integrated Circuit or a manufacturer-specific integration of smaller components), the manufacturer SHALL provide complete design and logic specifications, such as Computer Aided Design and Hardware Description Language files.
Applies To: Voting system
Source: New requirement
For each Programmable Logic Device (PLD), Field-Programmable Gate Array (FPGA), or Peripheral Interface Controller (PIC) that is programmed with non-COTS logic, the manufacturer SHALL provide complete logic specifications, such as Hardware Description Language files or source code.
Applies To: Voting system
Source: New requirement
The manufacturer SHALL expand on the system overview included in the user documentation by providing detailed specifications of the application logic components of the system, including those used to support the telecommunications capabilities of the system, if applicable.
Applies To: Programmed device
Source: [VSS2002] II.2.5
The manufacturer SHALL describe the function or functions that are performed by the application logic comprising the system, including that used to support the telecommunications capabilities of the system, if applicable.
Applies To: Programmed device
Source: [VSS2002] II.2.5.1
The manufacturer SHALL list all documents controlling the development of application logic and its specifications.
Applies To: Programmed device
Source: [VSS2002] II.2.5.2
The manufacturer SHALL provide an overview of the application logic.
Applies To: Programmed device
Source: [VSS2002] II.2.5.3
The overview SHALL include a description of the architecture, the design objectives, and the logic structure and algorithms used to accomplish those objectives.
Applies To: Programmed device
Source: [VSS2002] II.2.5.3.a, reworded
The overview SHALL include the general design, operational considerations, and constraints influencing the design.
Applies To: Programmed device
Source: [VSS2002] II.2.5.3.b
The overview SHALL include the following additional information for each separate software package:
Applies To: Programmed device
Source: [VSS2002] II.2.5.3.d
The manufacturer SHALL provide information on application logic standards and conventions developed internally by the manufacturer as well as published industry standards that have been applied by the manufacturer.
Applies To: Programmed device
Source: [VSS2002] II.2.5.4
The manufacturer SHALL provide information that addresses the following standards and conventions related to application logic:
Applies To: Programmed device
Source: [VSS2002] II.2.5.4
The manufacturer SHALL furnish evidence that the selected coding conventions are "published" and "credible" as specified in Requirement Part 1: 6.4.1.3-A.
Applies To: Programmed device
Source: New requirement
The manufacturer SHALL describe or make reference to all operating environment factors that influence the design of application logic.
Applies To: Programmed device
Source: [VSS2002] II.2.5.5
The manufacturer SHALL identify and describe the hardware characteristics that influence the design of the application logic, such as:
Applies To: Programmed device
Source: [VSS2002] II.2.5.5.1
The manufacturer SHALL identify the operating system and the specific version thereof, or else clarify how the application logic operates without an operating system.
Applies To: Programmed device
Source: [VSS2002] II.2.5.5.2
For systems containing compiled or assembled application logic, the manufacturer SHALL identify the COTS compilers or assemblers used in the generation of executable code, and the specific versions thereof.
Applies To: Programmed device
DISCUSSION
See Requirement Part 1: 6.4.1.7-A.3. Although compiled code should not be very sensitive to the versioning of the compiler, this information should be documented in case complications arise.
Source: [VSS2002] II.2.5.5.2
For systems containing interpreted application logic, the manufacturer SHALL specify the COTS runtime interpreter that SHALL be used to run this code, and the specific version thereof.
Applies To: Programmed device
DISCUSSION
See Requirement Part 1: 6.4.1.7-A.4.
Source: New requirement
The manufacturer SHALL provide a description of the operating modes of the system and of application logic capabilities to perform specific functions.
Applies To: Programmed device
Source: [VSS2002] II.2.5.6
The manufacturer SHALL describe all application logic functions and operating modes of the system, such as ballot preparation, election programming, preparation for opening the polls, recording votes and/or counting ballots, closing the polls, and generating reports.
Applies To: Programmed device
DISCUSSION
The word "function" here has the meaning suggested by the list of voting activities and should not be interpreted in the sense of callable unit.
Source: [VSS2002] II.2.5.6.1
For each application logic function or operating mode, the manufacturer SHALL provide:
Applies To: Programmed device
Source: [VSS2002] II.2.5.6.1
The manufacturer SHALL describe the application logic's capabilities or methods for detecting or handling:
Applies To: Programmed device
Source: [VSS2002] II.2.5.6.2
The manufacturer SHALL provide in this section an overview of the application logic's design, its structure, and implementation algorithms and detailed specifications for individual modules.
Applies To: Programmed device
Source: [VSS2002] II.2.5.7
The programming specifications overview SHALL document the architecture of the application logic.
Applies To: Programmed device
Source: Summary of [VSS2002] II.2.5.7.1
This overview SHALL include such items as UML diagrams, data flow diagrams, and/or other graphical techniques that facilitate understanding of the programming specifications.
Applies To: Programmed device
Source: [VSS2002] II.2.5.7.1
This section SHALL be prepared to facilitate understanding of the internal functioning of the individual modules.
Applies To: Programmed device
Source: [VSS2002] II.2.5.7.1
Implementation of the functions SHALL be described in terms of the architecture, algorithms, and data structures.
Applies To: Programmed device
Source: [VSS2002] II.2.5.7.1
The programming specifications SHALL describe individual application logic modules and their component units, if applicable.
Applies To: Programmed device
Source: [VSS2002] II.2.5.7.2
For each application logic module and callable unit, the manufacturer SHALL document:
Applies To: Programmed device
Source: [VSS2002] II.2.5.7.2.a, b, and e
If an application logic module is written in a programming language other than that generally used within the system, the specification for the module SHALL indicate the programming language used and the reason for the difference.
Applies To: Programmed device
Source: [VSS2002] II.2.5.7.2.c
If a module contains embedded border logic commands for an external library or package (e.g., menu selections in a database management system for defining forms and reports, on-line queries for database access and manipulation, input to a graphical user interface builder for automated code generation, commands to the operating system, or shell scripts), the specification for the module SHALL contain a reference to user manuals or other documents that explain them.
Applies To: Programmed device
Source: [VSS2002] II.2.5.7.2.d
For each callable unit (function, method, operation, subroutine, procedure, etc.) in application logic, border logic, and third-party logic, the manufacturer SHALL supply the source code.
Applies To: Programmed device
Source: [VSS2002] II.2.1
For each callable unit (function, method, operation, subroutine, procedure, etc.) in core logic, the manufacturer SHALL specify:
Applies To: Programmed device
DISCUSSION
Sufficient invariants and assertions should be provided to make it possible to perform the verification of Part 3: 4.6 “Logic Verification” through purely local checks (i.e., using the callable unit itself, the pre- and postconditions of any invoked units, and the invariants of any global data accessed by the callable unit, but not the source code of the invoked units nor any other logic).
The use of preconditions and postconditions as inductive assertions derives primarily from [Hoare69], but a list of relevant work predating [Hoare69] can be found in [Morris84]. As a pragmatic compromise to avert "analysis paralysis," the verification described here is considerably less rigorous than was envisioned in the literature.
A sound argument need not be complicated. In cases where the relationship between preconditions and postconditions and the behavior of the callable unit is completely obvious or trivial, it may suffice to state as much. The acceptance of such a statement is at the discretion of the test lab.
Postconditions that impact something outside the domain of discourse are not of interest unless that thing impacts the behavior of some function with respect to the domain of discourse. The manufacturer must define such terms as are necessary to state any and all dependencies and assumptions that may impact the behavior and use them consistently in all affected preconditions and postconditions. An excess of extraneous dependencies may negatively impact the test lab's ability to verify the system's correctness and thereby preclude a positive finding of conformance.
A callable unit that has no impact on anything in the domain of discourse and no dependency on anything in the domain of discourse is not core logic.
Source: New requirement
The manufacturer SHALL specify a sound argument (possibly, but not necessarily, a formal proof) that the core logic as a whole satisfies each of the constraints indicated in Part 1: 8.3 “Logic Model (normative)” for all cases within the aforementioned capacities and limits, assuming that the preconditions and postconditions of callable units accurately characterize their behaviors.
Applies To: Programmed device
Source: New requirement
The manufacturer SHALL specify a sound argument (possibly, but not necessarily, a formal proof) that application logic is free of race conditions, deadlocks, livelocks, and resource starvation.
Applies To: Programmed device
DISCUSSION
If application logic does not perform any sort of concurrent computing (e.g., multiple processes or threads), it suffices to note this fact.
Source: New requirement
The manufacturer SHALL justify any callable unit lengths that violate Requirement Part 1: 6.4.1.4-B.1.
Applies To: Programmed device
Source: [VSS2002] II.5.4.2.i
The manufacturer SHALL identify and provide a diagram and narrative description of the system's databases and any external files used for data input or output.
Applies To: Programmed device
Source: [VSS2002] II.2.5.8
For each database or external file, the manufacturer SHALL specify the number of levels of design and the names of those levels (e.g., conceptual, internal, logical, and physical).
Applies To: Programmed device
Source: [VSS2002] II.2.5.8.a
For each database or external file, the manufacturer SHALL specify any design conventions and standards (which may be incorporated by reference) needed to understand the design.
Applies To: Programmed device
Source: [VSS2002] II.2.5.8.b
For each database or external file, the manufacturer SHALL identify and describe all logical entities and relationships and how these are implemented physically (e.g., tables, files).
Applies To: Programmed device
DISCUSSION
This requirement calls for a data model but a specific modeling language is no longer mandated. ([VSS2005] II.2.5.8 required an E-R diagram.)
Source: [VSS2002] II.2.5.8.c and d
The manufacturer SHALL document the details of table, record or file contents (as applicable), individual data elements and their specifications, including:
Applies To: Programmed device
DISCUSSION
The majority of this requirement may be satisfied by supplying the source of the database schema if it is in a widely recognized and standardized language.
Source: [VSS2002] II.2.5.8.e
For external files, manufacturers SHALL document the procedures for file maintenance, management of access privileges, and security.
Applies To: Programmed device
Source: [VSS2002] II.2.5.8.f
Using a combination of text and diagrams, the manufacturer SHALL identify and provide a complete description of all major internal and external interfaces.
Applies To: Programmed device
DISCUSSION
"Major" interfaces are at the level of those identified in the system overview (Part 2: 4.1 “System Overview”). These are interfaces between subsystems and components, not callable units.
Source: [VSS2002] II.2.5.9
For each interface identified in the system overview, the manufacturer SHALL:
Applies To: Programmed device
Source: [VSS2002] II.2.5.9.1
For each interface identified in the system overview, the manufacturer SHALL describe the type of interface (e.g., real-time data transfer or data storage-and-retrieval) to be implemented.
Applies To: Programmed device
Source: [VSS2002] II.2.5.9.2.a
For each interface identified in the system overview, the manufacturer SHALL describe characteristics of individual data elements that the interfacing entity(ies) will provide, store, send, access, receive, etc., such as:
Applies To: Programmed device
Source: [VSS2002] II.2.5.9.2.b
For each interface identified in the system overview, the manufacturer SHALL describe characteristics of communication methods that the interfacing entity(ies) will use for the interface, such as:
Applies To: Programmed device
Source: [VSS2002] II.2.5.9.2.c
For each interface identified in the system overview, the manufacturer SHALL describe characteristics of protocols the interfacing entity(ies) will use for the interface, such as:
Applies To: Programmed device
Source: [VSS2002] II.2.5.9.2.d
For each interface identified in the system overview, the manufacturer SHALL describe any other pertinent characteristics, such as physical compatibility of the interfacing entity(ies) (dimensions, tolerances, loads, voltages, plug compatibility, etc.).
Applies To: Programmed device
Source: [VSS2002] II.2.5.9.2.e
The manufacturer may provide descriptive material and data supplementing the various sections of the body of the logic specifications. The content and arrangement of appendices are at the discretion of the manufacturer. Topics recommended for amplification or treatment in appendix form include:
This section defines the documentation requirements for voting systems. These recommendations apply to the full scope of voting system functionality, including functionality for defining the ballot and other pre-voting functions, as well as functions for casting and storing votes, vote reporting, system logging, and maintenance of the voting system. User documentation includes all public information that is provided to the end users. The Technical Data Package (TDP) includes the user documentation along with other private information that is viewed only by the test labs.
Manufacturers SHALL document in the TDP all aspects of system design, development, and proper usage that are relevant to system security. This includes, but is not limited to the following:
Applies To: Voting system
Source: [VVSG2005] I.8.7
Manufacturers SHALL provide at a minimum the high-level documents listed in Part 2: Table 3-1 as part of the TDP.
Applies To: Voting system
Source: [VVSG2005] I.8.7
Document |
Description |
Security Threats Controls |
This document shall identify the threats the voting system protects against and the implemented security controls on voting system and system components. |
Security Architecture |
This document shall provide an architecture level description of how the security requirements are met, and shall include the various authentication, access control, audit, confidentiality, integrity, and availability requirements. |
Interface Specification |
This document shall describe external interfaces (programmatic, human, and network) provided by each of the computer components of the voting system (examples of components are DRE, Central Tabulator, Independent Audit machine). |
Design Specification |
This document shall provide a high-level design of each voting system component. |
Development Environment Specification |
This document shall provide descriptions of the physical, personnel, procedural, and technical security of the development environment including configuration management, tools used, coding standards used, software engineering model used, and description of developer and independent testing. |
Security Testing and Vulnerability Analysis Documentation |
These documents shall describe security tests performed to identify vulnerabilities and the results of the testing. This also includes testing performed as part of software development, such as unit, module, and subsystem testing. |
Manufacturers SHALL provide user and TDP documentation of access control capabilities of the voting system.
Applies To: Voting system
Source: [VVSG2005] I.7.2.1.2
Manufacturers SHALL provide descriptions and specifications of all access control mechanisms of the voting system including management capabilities of authentication, authorization, and passwords in the TDP.
Applies To: Voting system
DISCUSSION
Access control mechanisms include those that are designed to permit authorized access to the voting system and prevent unauthorized access to the voting system. Specific examples of access control measures include but are not limited to: use of data and user authorization, security kernels, computer-generated password keys, and special protocols.
Source: [VVSG2005] I.7.2.1.2
Manufacturers SHALL provide descriptions and specifications of methods to prevent unauthorized access to the access control mechanisms of the voting system in the TDP.
Applies To: Voting system
Source: [VVSG2005] I.7.2.1.2
Manufacturers SHALL provide descriptions and specifications of all other voting system mechanisms that are dependent upon, support, and interface with access controls in the TDP.
Applies To: Voting system
Source: [VVSG2005] I.7.2.1.2
Manufacturers SHALL provide a list of all of the operations possible on the voting device and list the default roles that have permission to perform each such operation as part of the TDP.
Applies To: Voting system
Source: [VVSG2005] I.7.2.1.2
Manufacturers SHALL provide TDP documentation of event logging capabilities of the voting devices.
Applies To: Voting system
Source: [VVSG2005] I.5.4
Manufacturers SHALL provide a technical data package that describes system event logging design and implementation.
Applies To: Voting system
Source: [VVSG2005] I.5.4
The manufacturer SHALL provide a list of all software related to the voting system in the technical data package (TDP).
Applies To: Voting system
DISCUSSION
This requirement establishes a list of the software used by the voting system. All software related to a voting system includes application logic, border logic, third party logic, COTS software, and installation software. Installation software is used to install and configure the software on non-volatile storage of programmed devices of the voting system. Software may be in the form of source code, executable code, or both.
The manufacturer SHALL provide at a minimum in the TDP the following information for each piece of software related to the voting system: software product name, software version number, software manufacturer name, software manufacturer contact information, type of software (application logic, border logic, third party logic, COTS software, or installation software), list of software documentation, component identifier(s) (such as filename(s)) of the software, type of software component (executable code, source code, or data).
Applies To: Voting system
As part of the TDP, the manufacturer SHALL provide the location (such as full path name or memory address) and storage device (such as type and part number of storage device) where each piece of software is installed on programmed devices of the voting system.
Applies To: Programmed device
DISCUSSION
This requirement applies to software installed on programmed devices of the voting system. The full directory path is the final destination of the software when installed in non-volatile storage with a file system.
As part of the TDP, the manufacturer SHALL document the functionality provided to the voting system by the software installed on programmed devices.
Applies To: Programmed device
DISCUSSION
This requirement provides implementation information for test labs to support the testing of the voting system.
As part of the TDP, the manufacturer SHALL map the dependencies and interactions between software installed on programmed devices of the voting system.
Applies To: Programmed device
DISCUSSION
This requirement provides implementation information for test labs to support the testing of the voting system.
As part of the TDP, the manufacturer SHALL provide a list of all software and hardware required to assemble the build environment used to create voting system software executable code including application logic, border logic, and third party logic.
Applies To: Voting system
DISCUSSION
Third party software (such as operating systems, compilers, and libraries) required to build voting system software are captured by this requirement.
As part of the TDP, the manufacturer SHALL document the procedures to assemble the build environment(s) used to create voting system software executable code including application logic, border logic, and third party logic.
Applies To: Voting system
Source: [EAC06] Section 5.6.1.2
As part of the TDP, the manufacturer SHALL document the procedures used to build the voting system software executable code including application logic, border logic, and third party logic.
Applies To: Voting system
As part of the TDP, the manufacturer SHALL provide the certification number associated with the voting system software to be updated.
Applies To: Voting system
As part of the TDP, the manufacturer SHALL document the procedures used to build the updated voting system software including application logic, border logic, and third party logic using the post build environment associated with the previously built voting system software.
Applies To: Voting system
As part of the TDP, the manufacturer SHALL provide a list of all software and hardware required to assemble the build environment used to create voting system software executable code including application logic, border logic, and third party logic.
Applies To: Voting system
DISCUSSION
Third party software (such as operating systems, compilers, and libraries) required to build voting system software are captured by this requirement.
As part of the TDP, the manufacturer SHALL document the procedures to assemble the build environment(s) used to create voting system software executable code including application logic, border logic, and third party logic.
Applies To: Voting system
Source: [EAC06] Section 5.6.1.2
As part of the TDP, the manufacturer SHALL document the procedures used to build the voting system software executable code including application logic, border logic, and third party logic.
Applies To: Voting system
As part of the TDP, the manufacturer SHALL provide the certification number associated with the voting system software to be updated.
Applies To: Voting system
As part of the TDP, the manufacturer SHALL document the procedures used to build the updated voting system software including application logic, border logic, and third party logic using the post build environment associated with the previously built voting system software.
Applies To: Voting system
The manufacturer SHALL provide a list of all voting device components to which access must be restricted and a description of the function of each said component.
Applies To: Voting device
DISCUSSION
This list may be included in the technical data package a well as in the user documentation.
As part of the TDP, the manufacturer SHALL provide a listing of all ports and access points.
Applies To: Voting device
For each lock used on a voting device, manufacturer SHALL document whether the lock was installed to secure an access point.
Applies To: Voting device
DISCUSSION
Locks on voting devices may be used to secure access points such as doors and panels or they may be used simply to fasten a segment of the voting device’s encasement. In the former case, testing labs must verify that the lock does indeed provide a measure of security. In the latter case, the testing lab must verify that bypassing the lock does not put the security of the system in jeopardy. Manufacturer attestation should be included in User documentation, and in the TDP.
Manufacturer SHALL provide a list of all physical security countermeasures that require power supplies.
Applies To: Voting device
Manufacturer SHALL provide a technical data package that documents the design and implementation of all physical security controls for the voting device and its components.
Applies To: Voting device
As part of the TDP, manufacturers SHALL provide a list of the binaries that are required to be executed on the electronic device for each voting system mode.
Applies To: Electronic device
DISCUSSION
This requirement supports requirements in Part 1: 5.5 “System Integrity Management”.
Source: [VVSG2005] I.7.4.6
The manufacturer SHALL provide the technical specifications of how programmed devices of voting systems identifies installed software in the TDP.
Applies To: Programmed device
DISCUSSION
The requirement provides implementation information for test labs to support the testing of the voting system.
Source: [VVSG2005] I.7.4.6 (c)
The manufacturer SHALL provide a technical specification of how the integrity of software installed on programmed devices of the voting system is verified as part of the TDP.
Applies To: Programmed device
DISCUSSION
The requirement provides implementation information for test labs to support the testing of the voting system.
Source: [VVSG2005] I.7.4.6 (c)
Software integrity verification techniques SHALL prevent the modification of software installed on programmed devices of the voting system.
Applies To: Programmed device
Source: [VVSG2005] I.7.4.6 (b) (iii)
The manufacturer SHALL provide a technical specification of how the inspection of all the voting device registers and variables is implemented by the voting device in the TDP.
Applies To: Voting device
DISCUSSION
This requirement provides implementation information for test labs to support the testing of the voting system.
Source: [VVSG2005] I.7.4.6 (f)(i)
The manufacturers SHALL provide a technical specification of how the inspection of the remaining charge of the backup power sources is implemented by the voting device in the TDP.
Applies To: Voting device
DISCUSSION
This requirement provides implementation information for test labs to support the testing of the voting system.
The manufacturers SHALL provide a technical specification of how the inspection of the connectivity of cabling attached to a voting device is implemented by the voting device in the TDP.
Applies To: Voting device
DISCUSSION
This requirement provides implementation information for test labs to support the testing of the voting system.
The manufacturers SHALL provide a technical specification of how the inspection of the operational status of the communications capability is implemented by the voting device in the TDP.
Applies To: Voting device
DISCUSSION
This requirement provides implementation information for test labs to support the testing of the voting system.
The manufacturer SHALL provide a technical specification of how the inspection of the on/off status of the communications capability is implemented by the voting device in the TDP.
Applies To: Voting device
DISCUSSION
This requirement provides implementation information for test labs to support the testing of the voting system.
The manufacturer SHALL provide a technical specification of how the inspection of the remaining amount of each consumable is implemented by the voting device in the TDP.
Applies To: Voting device
The manufacturer SHALL provide a technical specification of how the inspection of the calibration for each component is implemented by the voting device in the TDP.
Applies To: Voting device
The manufacturers SHALL provide a technical specification of how the adjustment to the calibration of each component is implemented by the voting device in the TDP.
Applies To: Voting device
The manufacturer documentation SHALL include a precise definition of the fields in the Device Certificate, Election Certificate, the naming supported in certificates, the algorithms supported, and the format of the Election Closeout Record in the TDP.
Applies To: Voting system
The manufacturer SHALL provide test specifications for:
Applies To: Voting system
Source: [VSS2002] II.2.7
The manufacturer SHALL describe the plans, procedures, and data used during development and system integration to verify system logic correctness, data quality, and security. This description shall include:
Applies To: Voting system
DISCUSSION
Documentation that is already required under the life cycle process adopted by the manufacturer may satisfy this requirement.
Previous iterations of these VVSG cited MIL-STD-498, Software Test Plan and Software Test Description. That standard was cancelled in 1998. Currently applicable standards include [IEEE97] and [IEEE98].
Source: [VSS2002] II.2.7.1
Note: Part 1: Chapter 3: “VVSG Background” contains several requirements for usability testing by the manufacturer and that each of these requirements also mandates that the manufacturer report the test results as part of the TDP. These requirements are not present in this section but need to be considered as part of the system test specifications.
The manufacturer SHALL provide specifications for verification and validation of overall system performance. These specifications shall cover:
Applies To: Voting system
Source: [VSS2002] II.2.7.2
The specifications SHALL identify procedures for assessing and demonstrating the suitability of the system for election use.
Applies To: Voting system
Source: [VSS2002] II.2.7.2
Manufacturers submitting modifications for a system that has been tested previously SHALL submit system change notes.
Applies To: Voting system
DISCUSSION
These will be used by the accredited test lab to assist in developing and executing the test plan for the modified system.
Source: [VSS2002] II.2.13
The system change notes SHALL include the following information:
Applies To: Voting system
Source: [VSS2002] II.2.13
Configuration of hardware and software, both operating systems and applications, is critical to proper system functioning. Correct test design and sufficient test execution must account for the intended and proper configuration of all system components. If the voting system can be set up in both conforming and nonconforming configurations, the configuration actions necessary to obtain conforming behavior must be specified.
The manufacturer SHALL provide photographs illustrating the proper set-up of the voting system hardware.
Applies To: Voting system
Source: New requirement
The manufacturer SHALL provide a record of all user selections that must be made during software/firmware installation for the voting system to meet the requirements of the VVSG.
Applies To: Voting system
DISCUSSION
Screen shots showing the installation actions may be helpful.
Source: [VSS2002] I.4.1.1
The manufacturer SHALL also submit a record of all configuration changes that must be made to the software/firmware following its installation for the voting system to meet the requirements of the VVSG.
Applies To: Voting system
DISCUSSION
Screen shots showing the configuration actions may be helpful.
Source: [VSS2002] I.4.1.1
The manufacturer SHALL submit all configuration data needed to set up and operate the voting system.
Applies To: Voting system
Source: New requirement