US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Matt Bishop
Organization :   University of California Davis
Post Date :   9/30/2005

Section Comments
Section :  20.6.4.2
Page no. :  6-5
Line no.:  
Comment :  Data Interception and Disruption requires that the ITA review and use
judgement in deciding the acceptability of the manufacturer’s documented solutions to handling new external threats to the system’s use of a telecommunications network. Since man-in-the-middle attacks do not require intrusive actions that could be caught by an Intrusion Detection System, do not require physical tapping, and are not a “new threat,” this attack is not prevented by any version of these requirements nor does it fall under the responsibility of the ITA’s review.