the quick start management guide for - eac.gov start guide - voting...the quick start management...

The Quick Start Management Guide for

Voting System Security is a snapshot of

processes and procedures for local election

administrators to use when implementing

security measures for their voting systems.

It is a guide that highlights priority items

essential to securing a voting system.

A comprehensive set of Management

Guidelines is under development and will

be released in modules in 2007 and 2008.

�

Qu

ick

Sta

rt M

anag

emen

t G

uid

e fo

r V

oti

ng

Sys

tem

Sec

ur

ity

Software Security

• EnsurethatthesoftwareinstalledonthevotingsystemistheexactversionthathasbeencertifiedbyyourState,theNationalAssociationofStateElectionDirectors(NASED),and/ortheElectionAssistanceCommission’sVotingSystemTestingandCertificationProgram.Ifyouhaveanyreasontosuspectthatyourvotingsystemsoftwarehasbeencompromised,reinstallthevotingsystemsoftwarebyusingthecertifiedcopyofthesoftwareobtaineddi-rectlyfromyourStateelectionofficeorthelaboratorythattestedthevotingsystem.

• Donotallowanysoftwareonyourvote-tabulatingcomputerexceptthevotingsystemsoftwareitself.Specifically,donotallowofficeautomationsoftware,suchasMicrosoft®Word,PowerPoint,andExcel,ornetworkingsoftware,suchase-mailandnetworkbrowsers.

• Verifythatyourvotingsystemisnotconnectedtoanynetworkoutsidethedirectcontroloftheelectionoffice.Allunusedconnectionsonthevotingsystemsshouldbesealed,includinguniversalserialbus(USB),parallel,andotherports.

• Familiarizeyourselfwiththecontentoftheauditlogsonyourvotingsystemandlearntoprintthem.

• Consideranyresultstransmittedelectronicallyfromtheprecincttothecentralofficetobeunofficialandverifythemagainsttheresultscontainedonthemediathatarephysicallytransported

�Q

uic

k S

tart

Man

agem

ent

Gu

ide

for

Vo

tin

g S

yste

m S

ecu

rit

y

tothecentraloffice.Example:Reload all voting machine memory cards into the central tabulation computer to validate any unofficial results that are transmitted via modem to your office on election night.

Policies and Procedures

• Developaspecificprocedureformonitoringeachpersonwhohasaccesstoyourvotingsystem,includingyourelectionofficestaff,vendorpersonnel,andvisitorstoyouroffice.

• Requirepositiveidentificationofeachpersonwhorequestsaccesstothevotingsystem.Keepalogofeveryonewhoaccessesthevotingsystem.Thislogshouldincludetheperson’sname,thepurposeoftheaccess,thedateandtimetheaccessbegins,andthetimetheaccessends.Theentriesinthislogmustbecomplete.Example:“System Maintenance” is not an acceptable entry. The entry should state who accessed the system, exactly what maintenance was performed and why it was necessary, when the maintenance work began, and when it ended.

• Issuepasswordstostaffthatwillallowthemtoperformonlyauthorizedfunctionsonthevotingsystem.Itishighlyrecommendedthatmembersoftheelectionstaffworkinpairswheneverpossible.Thisprocedurewillgreatlyreducethepotentialforaccidentalerrorsandvirtuallyeliminateanyopportunityfordeliberatemischieforfraudbyarogueemployee.

�

Qu

ick

Sta

rt M

anag

emen

t G

uid

e fo

r V

oti

ng

Sys

tem

Sec

ur

ity

• Controltheaccessofvendorpersonneltoyoursystemuntilyouareabsolutelycertainthatanychange,upgrade,ormaintenancethattheyintendtoperformhasalreadybeenapprovedbytheFederaland/oryourStatecertificationprocess.Itisessentialthatthevendorneverbeallowedaccesstothevotingsystemwithoutamemberoftheelectionofficestaffpresent.Inthiscontext,anonvendorconsultantworkingundercontractwiththeelectionofficeisconsideredtobeamemberoftheelectionofficestaff;however,consultantsshouldbemonitoredascloselyasvendorpersonnel.

Password Maintenance

• Designatesomeoneintheelectionofficeasthepasswordadministrator.Thispersonshouldbeeitherthechiefelectionofficeroraseniormemberoftheelectionofficestaff.Thepasswordadministratorperformsthefollowingduties:

1. Issuespasswords.

2. Maintainsamasterlistofallpasswordsissued.

3. Reissuesallpasswordsperiodically.

4. Monitorspasswordusage.

Aprintedcopyofthemasterlistofpasswordsshouldbekeptbythepasswordadministratorinasafeandsecureplaceatalltimesandshouldonlybeusedintheeventofanofficeemergency.

• Neverissueasystempasswordtoanyone(includingvendorpersonnel)otherthananemployeeoftheelectionoffice.

�Q

uic

k S

tart

Man

agem

ent

Gu

ide

for

Vo

tin

g S

yste

m S

ecu

rit

y

Physical Security

• Engagecountyandmunicipalinformationtechnologystaffand/orlocalcommunitycollegeortechnicalschoolstafftohelpconductasecurityreviewandestablishandimplementapplicableelectionmanagementsystemsecuritymeasures.

• Createorupdateappropriateprocedurestoensurethatabsenteeandemergencyballotblankpaperstocksarecontrolledatalltimes.

• Developphysicalsecurityproceduresandsafeguardstodocumentthecontrolledphysicalaccesstovotingsystemsandthefacilitywherethesystemsarestored.Documentallsecurity-relatedrepairsandmodificationstothephysicalcomponentsofthefacilitywherevotingsystemsarestored.Example:walls, doors, locks, cameras, alarm systems.

• Reviewelectionofficeworkareastoensurethatofficespaceisappropriatelyisolatedandthatundetectedaccessbyunauthorizedindividualsisnotpossible.Reviewvotingequipmentstorageandworkareastoensurethatonlyauthorizedpersonnelhaveaccesstothem.

• Maintainalistofpersonnelwhohavekeystoelectionofficeworkareasandvotingequipmentstoragetoensurethatallkeysareaccountedforandonlyauthorizedpersonnelhavekeys.Developproceduresandpoliciesrequiringthatkeysorcombinationlocksbechangedforeachelectioncycle.

�

Qu

ick

Sta

rt M

anag

emen

t G

uid

e fo

r V

oti

ng

Sys

tem

Sec

ur

ity

• Developchain-of-custodyprocedures,usetamper-evidentseals,andimplementinventorycontrol/assetmanagementprocessestoensurethatvotingunitsandassociatedequipmentareproperlyandsecurelycontrolledandaccountedforatalltimesthroughouttheelectionadministrationprocess.

• Reviewallelectionaudittrailcheckliststoensurethattheyincorporatetwo-personintegritysecuritymeasures,suchasdualsignoff.

Personnel Security

• Establishqualificationguidelinesforchoos-ingtheperson(s)whowilloperateandadministerthevotingsystemandperformbackgroundchecksonelectionofficialswhoareauthorizedtodefineandconfigureelectionsandmaintainvotingdevices.

• Allowonlyauthorizedpersonneltophysicallyaccessthevotingsystem.Fortrackingpurposes,issueeachstaffmemberauniqueentrycode.

• Requirestaffmemberstowearidentificationbadgesatalltimes.Whenvisitors,vendors,maintenancepersonnel,andothernonstaffindividualsenterelectionofficeworkareas,logtheirentryandexitdatesandtimes,recordthepurposeoftheirvisit,andissuethemnumberedtemporaryidentificationbadges.

• Ateachpollingplaceestablishthenumberofpersonnelneededandidentifytheirdu-ties,maintainseparationofdutiesforpollmanagers,incorporatetwo-personintegrity

�Q

uic

k S

tart

Man

agem

ent

Gu

ide

for

Vo

tin

g S

yste

m S

ecu

rit

y

securitymeasures,andprovideadequatesecurityforelectionequipmentatalltimes.Establishpoliciesand/orproceduresforvisitorsandobserversinthepollingplace.

Securing the Voting Devices During Preparation and Transport to the Precinct

• Securethevotingdeviceswithtamper-proof,numberedsealsandrecordtheserialnum-bersforeachdevice.Thesenumbersshouldbeverifiedduringsetupattheprecinct.

• Developanoperationalplanthatdefinesthevotingdevicesthatwillbedelivered.Theplanshouldalsodescribewhereandwhenthedeviceswillbedeliveredandwhowilldeliverthem.

Securing the Voting Devices During In-Person Absentee and/or Early Voting

• Usethesameprocedurestoprepare,test,deliver,andsetupin-personabsenteeand/orearlyvotingdevicesasthoseusedtoprepare,test,deliver,andsetupvotingdevicesthatareusedinthepollingplacesonElectionDay.

• Placevotingstoragemediainthesamevotingdeviceseachmorningandremovethemediaeachnight.

• Close,seal,andsecurethevotingdevicesattheendofeachday.Securethevotingstoragemediaeachnightinatamper-prooflocation,preferablywithintheelectionoffice.

�

Qu

ick

Sta

rt M

anag

emen

t G

uid

e fo

r V

oti

ng

Sys

tem

Sec

ur

ity

• Verifythenumbersonallprotectivesealsandpubliccountersbeforethevotingde-vicesareusedforvotingthenextmorning.

Securing the Voting Devices on Election Day

• Requirethepollmanagertoverifyandsignoffontheserialnumbersofallvotingdevicesandnecessaryelectionsupplies.Example:ballot activation devices, administrator devices, communication equipment, closing seals.

• Requirethepollmanagertoverifythenumbersofallsealsand/ortamper-resis-tanttapeonallvotingdevicesandinspectthevotingdevicesforanyevidenceoftampering.Requirethepollmanagerandallpollworkerstouseachecklisttoverifythatallopeningprocedureswerefollowedandthensignoffonthatchecklist.

• Controlaccesstothevotingdevice’spowercontrol,countercontrols,andelectionresultsstoragemedia.Thepollingplaceshouldbearrangedsothattheexteriorofthevotingdeviceisinplainviewofthepollmanager(s)atalltimes.

• Allowonlypollmanagersandregisteredvotersinthevotingdevicearea.Avotershouldnotbeallowedtoenterthisareauntilavotingdeviceisavailableforhisorheruse.Thepollmanagershouldmaintaincontrolofadministratorandballotactivationdevices.

�Q

uic

k S

tart

Man

agem

ent

Gu

ide

for

Vo

tin

g S

yste

m S

ecu

rit

y

• Encouragepollmanagerstoperiodicallyverifythenumberofvotersprocessedagainstthenumberofvotesrecorded(viapubliccounter)onthevotingdevicesandtocomparethatnumberwiththetotalnumberofsignaturesrecordedinthepollbook.

Securing the Voting Devices During Tabulation

• Useanumbered,sealedpouchtotransportstoragemediafromthepollingplacetothelocalelectionofficeordesignatedcollectionpoint.

• Establishprocedurestosecurelytransportelectionresultsfromopticalscannerstovote-tabulationcomputersiftheopticalscannersarenotlocatedinthesameloca-tionaswherevotetabulationtakesplace.

• Verifytheunofficialresultstransmittedbymodemfromtheprecinctstothecentralelectionofficebyperformingaseparatecountoftheelectionresultstoragemediacontainingtheoriginalvotescast.

• Allowonlyauthorizedelectionofficialsinthetabulationequipmentroom.

• Considerusinguniformedsecurityorpoliceofficerstosecuretheballotroomand/orvotingequipmentduringtabulation.

• Encouragepollmanagerstoperiodicallyverifythenumberofvotersprocessedagainstthenumberofvotesrecorded(viapubliccounter)onthevotingdevicesandtocomparethatnumberwiththetotalnumberofsignaturesrecordedinthepollbook.

�

Qu

ick

Sta

rt M

anag

emen

t G

uid

e fo

r V

oti

ng

Sys

tem

Sec

ur

ity

Securing the Voting Devices During Storage and Post Election

• Verifythatallvotingdevicesarereturnedtostorage,confirmthatthedeviceshavenotbeentamperedwithduringtransport,andsignoffonthereceiptofthevotingdevices.

• Maintainaninventoryofelectionmaterials,includingvotingdevices,administratorandballotactivationdevices,sealenvelopes,voterregistration(poll)lists,electionresulttapesandprintouts,fieldsupervisors’reports,pollworkers’dailylogs,reconciliationreports,auditdata,andotheritems.