Presentation is loading. Please wait.

Presentation is loading. Please wait.

Next VVSG Training Standards 101 October 15-17, 2007 Mark Skall National Institute of Standards and Technology

Published byCurtis Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "Next VVSG Training Standards 101 October 15-17, 2007 Mark Skall National Institute of Standards and Technology"— Presentation transcript:

1 Next VVSG Training Standards 101 October 15-17, 2007 Mark Skall National Institute of Standards and Technology skall@nist.gov

2 Objectives of this session Establish a common understanding of general concepts and terminology Standard, requirements, conformance Motivation for the new VVSG Set the stage for the rest of the presentations on the VVSG

3 Focus of Work Focused the work in 3 areas: Core requirements Security requirements Human factor (accessibility and usability) and privacy requirements Equivalent terms (as I speak) Voting system = System = Implementation Implementer = Developer = Manufacturer Standard = Specification

4 Outline What is a standard Conformance to Standards Conformance vs. Certification Conformance Testing Improvements to Previous Standards

5 What is a Standard? VVSG = Voluntary Standard Voluntary Use is not mandated by law or regulation If you decide to use it (claim conformance), then you need to conform to it (adhere to its requirements) Standard Established by consensus or authority, and Prescribes technical requirements to be fulfilled by a product, process or service Requirement Criteria, characteristic, behavior, or functionality that a system must do/have

6 What is a Standard? Good Standards are the Key Goal is correct, reliable software Requirements are captured in a standard Standard needs to be clear, precise, unambiguous, complete, and testable Ideal standard would be defined in a mathematical language – not English – but, it needs to be readable and understandable

7 The girl touched the cat with a feather (Girl + feather) touched cat Girl touched (cat + feather) What is a Standard? English is not Precise

8 What is a Standard? What makes a good standard? One that gets used, used correctly and implemented in a consistent manner One that defines What/who needs to implement the standard (Voting Systems, VSTLs) Normative vs. Informative (Requirements vs. Discussion) What needs to be implemented (Mandatory vs. Optional) SHALL - mandatory SHOULD – optional, recommended MAY – optional, permitted One that is modular with minimal redundancy One that is adaptable as things change One that is technology- and design- independent

9 What is a Standard? Independence Technology independent Requirements not tied to a specific technology Design independent Requirements tell developers what to build, not how to build it

10 What is a Standard? Type of Requirements Functional: Specifies that the object is capable of performing a certain action e.g., The system shall allow the voter to cast a straight party line vote Performance: Specifies not only the object is capable of performing a certain action, but also sets a benchmark for how well it performs. e.g., The system shall provide visual feedback within 1 second when the voter makes or changes a choice within a contest. Design: Specifies something about the static structure of the object. e.g., Any control buttons on a voting system must be at least 1 inch apart

11 Are Standards Enough? No Standards are worthless Unless they are implemented Standards are useless Unless they are implemented correctly That’s where conformance and testing comes in

12 Conformance Testing Requirements 100% non conforming ???? conforming Specification (VVSG) Voting System

13 Conformance Conformance Clause Conformance Clause should address 1. What Needs to Conform 2. How to conform and claim conformance 3. Subdividing and categorizing groups of requirements 4. Variability – ways a specification allows variation among conforming implementations e.g., DREs vs. OpScan

14 Conformance Terminology CONFORMANCE – the fulfillment of a product, process or service of specified requirements. (ISO Guide 2) The requirements are specified in a standard or specification as part of a conformance clause or in the body of the specification CONFORMANCE CLAUSE - a section of a specification that states all the requirements or criteria that must be satisfied to claim conformance

15 Conformance Terminology CONFORMANCE TESTING – a way to determine directly or indirectly that relevant requirements are fulfilled. Serves as a communication between buyer and sellers Buyers increased confidence Sellers substantiate claims Performed by Test Labs to determine if voting system conforms to the VVSG

16 Conformance Terminology CONFORMITY ASSSESSMENT - process necessary to perform conformance testing in accordance with a prescribed procedure and official test suite ensures that testing can be repeatable and reproducible ensures that conclusions are consistent with facts presented in the evaluation CERTIFICATION - acknowledgement that a conformity assessment was completed and the criteria established for issuing certificates was met.

17 Conformance Testing One can only test for requirements in the standard Testing is not exhaustive – can only show presence, not absence, of errors

18 Conformance Testing VVSG VVSG includes testing requirements for Test Labs VVSG indicates General testing approaches Test method is indicated for each requirement Documentation to be provided pre and post testing Different methods for testing VVSG does not contain the actual tests

19 Conformance VS. Certification Standard (VVSG) Conformance clause, requirements Conformance Testing (VSTLs) Test suite (test software, test scripts, test criteria) Conformity Assessment (EAC + VSTLs) Process - policy and procedures for testing Certification (EAC) qualified bodies to do the testing and certification Control Board - advisory and arbiter

20 Improvements to Previous Standards Define what it means for a voting system to conform Create precise, testable requirements Refine and clarify requirements from previous voting standards Create new core, security and HF requirements Create performance benchmark requirements Address new technological advances Add security, accessibility, and usability requirements

21 Improvements to Previous Standards What it means to conform to the VVSG Conformance Clause defines What is normative vs informative Conformance is 100% - no partial conformance Classes Implementation statement Extensions Software independence

22 Improvements to Previous Standards Create precise, testable requirements Precise and unambiguous Only 1 interpretation Everyone understands what is meant Testable Ability to determine that requirement has been met – implies that there is a method to test the requirement

23 Improvements to Previous Standards Create precise, testable requirements NEED Example of 2002 requirement that was rewritten in VVSG

24 Improvements to Previous Standards Create performance benchmark requirements Need example Address new technological advances Add security, accessibility, and usability requirements

25 Improvements to Previous Standards Address new technological advances, including DREs Wireless VVPAT EBMs ????

26 Improvements to Previous Standards Additional security, accessibility, and usability requirements, including Independent voter-verifiable records Expanded security coverage Cryptography Setup inspection Software Installation Access control Security Integrity management Communication security Expanded human factors Usability benchmarks Plain language, Alternative Languages, Icons and Language End-to-end accessibility Accessibility of paper records Synchronized audio and video

Download ppt "Next VVSG Training Standards 101 October 15-17, 2007 Mark Skall National Institute of Standards and Technology"

Similar presentations

EHR-S Conformance Considerations Lynne S. Rosenthal National Institute of Standards and Technology August 2004.

EHR-S Conformance Considerations Lynne S. Rosenthal National Institute of Standards and Technology August 2004.
TGDC Meeting, December 2011 Usability and Accessibility (U&A) Research Update Sharon J. Laskowski, Ph.D.

TGDC Meeting, December 2011 Usability and Accessibility (U&A) Research Update Sharon J. Laskowski, Ph.D.
QA Programs for Local Health Departments

QA Programs for Local Health Departments
Computer Applications in Testing and Assessment James P. Sampson, Jr. Florida State University Copyright 2002 by James P. Sampson, Jr., All Rights Reserved.

Computer Applications in Testing and Assessment James P. Sampson, Jr. Florida State University Copyright 2002 by James P. Sampson, Jr., All Rights Reserved.
Writing Quality Specifications July 9, 2004 Mark Skall Acting Director, Information Technology Laboratory National Institute of Standards and Technology.

Writing Quality Specifications July 9, 2004 Mark Skall Acting Director, Information Technology Laboratory National Institute of Standards and Technology.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, 18-19 March 2010.

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Contractor Management and ISO 14001:2004

Contractor Management and ISO 14001:2004
EMS Auditing Definitions

EMS Auditing Definitions
Planning a measurement program What is a metrics plan? A metrics plan must describe the who, what, where, when, how, and why of metrics. It begins with.

Planning a measurement program What is a metrics plan? A metrics plan must describe the who, what, where, when, how, and why of metrics. It begins with.
TGDC Meeting, Jan 2011 VVSG 1.1 Test Suite Status Mary Brady National Institute of Standards and Technology

TGDC Meeting, Jan 2011 VVSG 1.1 Test Suite Status Mary Brady National Institute of Standards and Technology
Purpose of the Standards

Purpose of the Standards
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality - continued So let’s move on to ‘exactly’ what we mean.

OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality - continued So let’s move on to ‘exactly’ what we mean.
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
PROJECT DATECLIENT October 16, 2014 ALABAMA SCIENCE TEACHERS STEM-IQ GEARSEF Orientation.

PROJECT DATECLIENT October 16, 2014 ALABAMA SCIENCE TEACHERS STEM-IQ GEARSEF Orientation.
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology

12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
Effectively applying ISO9001:2000 clauses 5 and 8

Effectively applying ISO9001:2000 clauses 5 and 8
Quality Management Systems P.Suriya Prakash Final Mech Vcet

Quality Management Systems P.Suriya Prakash Final Mech Vcet
TGDC Meeting, July 2011 Usability and Accessibility Test Methods: Preliminary Findings on Validation Sharon Laskowski, Ph.D. Manager, NIST Visualization.

TGDC Meeting, July 2011 Usability and Accessibility Test Methods: Preliminary Findings on Validation Sharon Laskowski, Ph.D. Manager, NIST Visualization.

Similar presentations

Ads by Google