US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Ron Crane
Organization :   N/A
Post Date :   9/30/2005

Section Comments
Section :  .20.1.3.1.4
Page no. :  
Line no.:  
Comment :  4. The Guidelines contain little threat analysis, let alone the formal analysis that should constitute their security recommendations' backbone. In particular, the Guidelines are entirely
silent on the issue of fraud conducted by insiders, such as unscrupulous vendors or elections officials, and do little to prevent it.

Just as one example, Vol. II, §1.3.1.4 (integration testing) includes a security component, but it is focused entirely on external threats, not those posed by unscrupulous vendors (or by rogue employees of vendors lacking sufficient internal
controls):

The test lab may meet these testing requirements by confirming the proper
implementation of proven commercial security software.