US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Matt Bishop
Organization :   University of California Davis
Post Date :   9/30/2005

Section Comments
Section :  6.2.1
Page no. :  2-6
Line no.:  
Comment :  Further, the standards choose language to avoid constraining the vendor’s choice in access control policy and
enforcement mechanisms. This potentially allows vendors to use practices that are considered poor.

For example, one section [7, Vol I §6.2.1 g] requires vendors to “provide a description of recommended policies for . . . segregation of duties,” while it would not have been much harder to require that the vendor’s policy adhere to the principle of separation of duty wherever applicable. The incorporation of this best practice in a security
policy should not be left to the vendor’s judgement.