SLI (then SysTest Labs) was contracted by the New York State Board of Elections (NYSBOE) to serve as the State’s federally certified Independent Testing Authority (ITA) for the purpose of examination and testing for the State Board’s certification, decertification, and re-certification of voting systems.
Two voting system manufacturers applied for certification to NSYBOE. SLI tested both products by developing test cases that support the scope of testing derived from the 2005 VVSG (Federal voting standards), New York State Law, and 6209 regulations. At its December 15, 2009 board meeting, the Board of Elections voted to certify both systems.
The voting systems’ source code and documentation were verified directly against 1,111 review requirements. All documents and each source code module provided to the state for compliance were reviewed to the best practices and coding requirements defined in the 2005 VVSG. This included a secure source code review to ensure protection against all known and suspected vendor vulnerabilities identified within prior ITA reports, voting system tests, or risk assessment final reports, and other comparable examinations performed by independent testing organizations.
Source code was compiled and built at the our Compliance Testing Facility by SLI personnel. The build scripts, vendor source code, and any modified Commercial off-the-Shelf (COTS) code were reviewed for format, structure, and functionality. All code delivered was also reviewed using both automated and manual methods to check for malicious code, Trojans, and viruses.
Functional, security, and hardware testing consisted of running 26 test cases that contained 6,730 test steps to fully cover all 1,524 testable requirements. Each test case had detailed step by step test procedures that allowed repeatability and auditing. All testing was performed at the SLI's facility and assessed the response of the voting systems when subjected to a range of conditions including end-to-end operational use, failure injection, data driven conditions, user interface testing, data referential integrity, stress, volume, performance, accessibility, usability and accuracy testing. SLI also identified and provided specific threat and vulnerability criteria against which the voting systems were tested.
In her report to the New York State Board of Commissioners, Director of Election Operations Anna Svizzero stated that “As New York is the first state in the nation to adopt the EAC’s voluntary guidelines as regulations, it necessarily subjects any voting system submitted for certification in New York to the most rigorous testing protocols in the Nation”. She goes on to state that “…after an extensive review of the testing materials submitted by SLI and NYSTEC, we have no doubt these systems can be used safely and properly by voters at elections under the conditions prescribed in Election Law,..”
SLI is proud to be an integral part of the team that brought electronic voting machines to the state of New York.
Managing Technology Risk
Wednesday, January 27, 2010