CHECKLIST for Minimum Security Procedures for Voting Systems 1S-2.015, F.A.C. with March 3, 2006 Technical Advisory, Ballot on Demand, and Beta Test

Transcription

1 CHECKLIST for Minimum Security Procedures for Voting Systems 1S-2.015, F.A.C. with March 3, 2006 Technical Advisory, Ballot on Demand, and Beta Test County: Date received: New Revised Attachments Reviewer: Default acceptance date: Start review date: End review date: Date of review letter noting exceptions: Date of review letter indicating acceptance: Verified checklist by: Date: (1) PURPOSE. This checklist provides the objective evidence of the review (2) N/A Requirement addressed (3) SECURITY PROCEDURES. Page Are the security procedures on file with the Division of Elections (DOE)? Yes No Date of the commencement of early voting for which these revisions will apply: Have these revisions been submitted at least 45 days prior to the above date: Yes No Are the revisions a result of an emergency situation or other unforeseen circumstance? Yes No Are reasons documented as to why such changes are necessary? N/A Yes No Is there a copy of the changed document that was authorized by the supervisor of elections within 5 days of the change and submitted to the Division of Elections? N/A Yes No (4) REVIEW OF SECURITY PROCEDURES. (a) The DOE shall conduct a review: Do these procedures meet the minimum requirements set forth in this rule? Yes No Has DOE notified the SOE as to the results of the review within 30 days of the date revisions to the security procedures are received? N/A Yes No Are the procedures temporarily approved until such time as the review is completed and the SOE notified accordingly? N/A Yes No Does the review letter include an enumeration of specific provisions which were found to be incomplete or otherwise do not meet the provisions of this rule? N/A Yes No (b) Has DOE reviewed these procedures in each odd numbered year, [ (4)(b), F.S.]? N/A Yes No (5) STANDARDS FOR SECURITY PROCEDURES. (a) Did the security procedures include copies of each referenced form, schedule, log or checklist or descriptions of the contents of forms, schedules, logs or checklists that vary from election to election? Yes No (b) Election Schedule. Do the procedures include an election schedule starting at least 90 days prior to each regularly scheduled election and within 20 days of the date a special election is scheduled? Yes No Does the election schedule contain the following: 1. A list of the tasks necessary to conduct the election? Yes No 2. The legal deadline, where applicable, or the tentative date each task is to be completed? Yes No 3. The position title, group or organization responsible for completing each task? Yes No (c) Ballot Preparation. Do the procedures describe the steps necessary to insure that the ballot contains the proper races, candidates and issues for each ballot variation and that the ballots can be successfully tabulated and that the ballot preparation procedures contain the following: 1. Method and materials required to determine each type of ballot or ballot variations? Yes No 2. Assignment of unique marks or other coding necessary for identifying ballot variations or precincts? N/A Yes No 3. Verification that unique marks or other coding necessary for tabulation are correct? Yes No 4. A description of system used to facilitate ballot preparation, if applicable? N/A Yes No BVSC-003 (03/13) Page 1 of 6

2 5. Description of the method to verify that the ballots and the ballot variations are accurately prepared and printed. Yes No (d) Preparation and Configuration of Tabulation System. 1. Do the procedures relating to the preparation and configuration of the tabulation system include the following: a. A description of the ballot definition and verification process? Yes No b. A description of the steps necessary to program the system? Yes No c. A description of the process to install the program and the procedures for verification of correctness of the coding? Yes No 2. Do the procedures describe the test materials utilized and the voting system tests performed prior to the conduct of the public logic and accuracy tests? Yes No (e) Logic and Accuracy Test. Do the procedures for use with electronic and electromechanical voting systems describe the following aspects of the logic and accuracy test as required by Section , F.S.: 1. The test performed including the test materials that were utilized? Yes No 2. How the programs, ballots, and other test materials are sealed, secured and retained? Yes No (f) Filing election parameters. Do the procedures include filing with the Division of Elections a copy of the software and parameters used within the voting system to define the tabulation and reporting instructions for each election regardless of filings for previous elections and include the following: 1. A copy of the voting system software? (Note: This is satisfied by the system acquisition filing.) Yes No 2. A copy of the administrative database used to define the election? Yes No 3. A copy of all election-specific files generated and used by the system? Yes No 4. A statement documenting the release level of the precinct tabulation equipment and firmware; Yes No (Note: The above is satisfied by the system acquisition filing.) 5. A statement signed by the person who created the election definition, if the election definition was created by an individual who is not an employee of the supervisor of elections? N/A Yes No If Yes, then the parameters shall include a statement in substantially the following form: ELECTION PARAMETER STATEMENT Pursuant to Section , F.S., whoever knowingly makes false statement in writing with the intent to mislead a public servant in the performance of his or her official duty, shall be guilty of a misdemeanor of the second degree, punishable as provided in Section or , F.S. The election coding for County was assembled according to specified procedures using (name of system and Florida certification number). Furthermore, included with the election materials is a duplicate copy of the administrative database used to define the election, a copy of the voting system software, a copy of all election-specific files generated and used by the system and a document stating the release level of the precinct tabulation equipment and firmware. To the best of my knowledge and belief, the foregoing statement is truthful. Signature of the Person Coding the Election. (g) Pre-election Steps for Voting Systems. Do the procedures for use with voting devices include the following: 1. A description of how the number of voting devices for each precinct is determined? Yes No 2. A description of each component of the public test, including any test materials utilized? Yes No 3. A description of the process to seal and secure the voting devices and a description of the record to be kept on which the identification numbers, seal numbers and protective counter numbers for voting devices are noted? Yes No 4. A description of the process for retaining the test results and any records of the proceedings? Yes No (h) Ballot Distribution. Do the procedures, where paper ballots are used, include the following: 1. A description of how the number and variations of ballots for each precinct is determined? Yes No 2. A description of the method for securing the ballots? Yes No 3. A description of the process for distributing the ballots to precincts, to include an accounting of who distributed and who received the ballots, the date, and how they were checked? Yes No (i) Distribution of Precinct Equipment. Do the procedures describe the steps for distributing voting system equipment to the precincts? Yes No BVSC-003 (04/13) Page 2 of 6

3 (j) Election Board Duties. 1. Do the procedures, when paper ballots are used, include the following Election Board duties: a. Verifying the receipt of the correct number of ballots and verifying that they are the proper ballots for that precinct? Yes No b. Checking the operability or readiness of the voting devices? Yes No c. Checking and sealing the ballot box? Yes No d. Handling of spoiled ballots? Yes No e. Handling write-in and provisional ballots? Yes No f. Accounting for all ballots after the polls close? Yes No 2. Do the procedures for use with voting devices include the following Election Board duties: a. Verifying the identification numbers, seal numbers, and protective counter numbers of precinct tabulation and/or voting devices? Yes No b. Checking the operability or readiness of the voting device? Yes No c. Verifying that the public counters are set at zero on each voting device? Yes No d. Securing a printed record from each voting device, if applicable? Yes No e. Checking the correctness of the ballot? N/A Yes No f. Preparing voting devices for voting? Yes No g. Verifying that the correct number of voter authorization slips were received? N/A Yes No h. Checking and sealing the voter authorization slips container(s)? N/A Yes No i. Handling write-in ballots? Yes No j. Handling voting system malfunctions? Yes No k. Securing voting machines at the close of the polls to prevent further voting? Yes No l. Accounting for all voter authorization slips received? N/A Yes No m. Recording and verifying the votes cast? Yes No (k) Transport of Ballots and/or Election Materials. Do the procedures describe the steps necessary to ensure a complete record of the chain of custody of ballots and/or election materials and include the following: 1. A description of the method and equipment used to transport all ballots and/or election materials? Yes No 2. A method of recording the names of the individuals who transport the ballots and/or election materials from one site to another and the time they left the sending site? Yes No 3. A method of recording the time the individuals who transport the ballots and/or election materials arrived at the receiving site and the name of the individual at the receiving site who accepted the ballots and/or election materials. Yes No (l) Receiving and Preparing the Ballots for Central and Regional Counting. Do the counting procedures describe the process of receiving and preparing voted ballots, election data and/or memory devices for the following: 1. Verification that all of the ballot containers are properly secured and accounted for and that the seal numbers are correct? Yes No 2. Verification that the ballot container(s) for each precinct contain voted ballots including provisional ballots, unused ballots, spoiled ballots and write-in ballots as shown to exist on the forms completed by each election board for that purpose? Yes No 3. Inspection of the paper ballots to identify those that must be duplicated or upon which voter intent is unclear, thus requiring a determination by the Canvassing Board and a record to be kept of which paper ballots are submitted to the Canvassing Board and the disposition of those paper ballots? Yes No 4. Description of the process for duplicating and recording the voted paper ballots which are damaged or defective? Yes No (m) Tabulation of Vote. 1. Do the procedures for use with central and regional processing sites describe ballot tabulation for each of the following steps: a. Counting and reconciliation of voted paper ballots? Yes No b. Processing, tabulation and accumulation of voted ballots and election data? Yes No c. Processing and recording of all write-in and provisional ballots? Yes No d. The process for handling unreadable ballots and returning any duplicates to tabulation? Yes No e. Backup and recovery of tabulated results and voting system programs for electronic or electromechanical voting systems? Yes No f. Describe the procedure for public viewing of the tabulation process and access to results? Yes No 2. Do the procedures describe the steps necessary for vote tabulation in the precincts? Yes No BVSC-003 (04/13) Page 3 of 6

4 3. Do the procedures for use in the precincts include a description of ballot tabulation for each of the following steps: a. Printing of precinct results and results from individual tabulating devices? Yes No b. Processing and recording of write-in votes? Yes No c. Endorsing a copy of the precinct results by the Election Board? Yes No d. Posting of precinct results? Yes No e. Transporting of precinct results to central or regional site? Yes No f. Consolidation of precinct and provisional ballot results? Yes No g. Public viewing of the tabulation process and access to results? Yes No 4. Are there procedures for resolving discrepancies between counted ballots and voted ballots including any other discrepancies found during the tabulation process? Yes No (n) Electronic Access to Voting Systems. Do the procedures identify methods of electronic access to the vote tabulation system, including procedures for authorizing electronic access and specific functions, and specifying methods for detecting, controlling and reporting access to the vote tabulation system? Yes No (o) Absentee Ballot Handling. Do the procedures have a description of absentee ballot handling that includes the following: 1. A description of process for determining and verifying absentee ballot variations? Yes No 2. A description for process to assure voters are issued the proper absentee ballot? Yes No 3. A process for precluding voters from voting at the polls and casting an absentee ballot? Yes No 4. A process for opening valid absentee ballots in preparation for tabulation? Yes No 5. A process for recording the receipt of advance absentee ballots, regular absentee ballots, State write-in ballots and Federal write-in ballots and determining which ones should be counted if more than one per voter is received? Yes No 6. A description of security measures for storing absentee ballots and related materials prior to and after an election? Yes No (p) Ballot Security. Is there a description of ballot accountability and security beginning with their receipt from a printer until such time as they are destroyed and do the procedures for each location describe physical security, identify who has authorized access, and identify who has the authority to permit access? Yes No (q) Voting System Maintenance and Storage. Is there a description of the maintenance and testing performed on all components of the system to assure that it is in proper working order and is within manufacturer s operating specifications and do the procedures describe storage and non-operational maintenance of the voting devices? Yes No (6) ACCESS TO TABULATION PROGRAM SOURCE CODE. (a) Has the Division of Elections granted the SOE access to the vote tabulation program source code that is to be used in an election? N/A Yes No (b) Are modifications to tabulation program source code certified by the Division? N/A Yes No Specific Authority FS. Law Implemented (4) FS. History New , Formerly 1C-7.15, 1C-7.015, Amended , BVSC-003 (04/13) Page 4 of 6

5 TECHNICAL ADVISORY March 3, 2006 Pre-election Steps for Voting Systems: 1) Are election equipment and media uniquely and permanently identified? Yes No a. Is there a description of the inventory system for these items? Yes No b. Is there a description for tracking the custody of election media from its storage location through the election process to final post-election disposition and return to storage? Yes No c. Is there a description of the chain of custody utilizing two or more individuals for checking and verification checking? Yes No 2) Is there a description of the secured location(s) for storing election media when not in use and for when the media is coded, prepared, and installed into its voting device? Yes No a. Does the coding/preparing/installing process guard against election media from being left unattended or in an unsecured location once it has been coded for an election? Yes No i. Is the coded election media immediately loaded into a voting device and made secured or placed in a secured, controlled environment and inventoried? Yes No b. Is the election media sealed in its relevant voting device with one or more uniquely identified tamper-resistant or tamper-evident seals? Yes No i. Is there a combined master identification log of the election media, voting device and seal(s), if applicable? N/A Yes No ii. Is there a combined master identification log of the election media, container(s), and seal(s) that are independent of a voting device, if applicable? N/A Yes No c. Is there a description for tracking the custody of voting devices once they are loaded with the election media? Yes No d. Does the chain of custody utilize two or more individuals to check and verify a transfer? Yes No 3) Is there a description of a recovery plan that should be followed should there be indication of a security breach in the change of custody procedures Yes No 4) Is there a description of training plans for election officials, staff and temporary workers that address these security procedures and any relevant work instructions Yes No Transport of Ballots and/or Election Material: 1) Is there a description of a secure location for storing and transporting voting system devices once the election parameters are loaded? Yes No a. Does each storage location have an inventory of its contents? Yes No b. Is there a description of the transfer in the chain of custody that includes checking and verification checking of the seals when voting devices are left unattended? Yes No 2) Is there a description of a recovery plan that should be followed should there be indication of a security breach in accountability, the change of custody, or the seals? Yes No 3) Is there a description of training plans for election officials, staff and temporary workers that address these security procedures and any relevant work instructions? Yes No Election Access to Voting Systems: 1. Is there a process/policy for changing the default passwords and encryption keys? Yes No a. Are the access control keys and passwords maintained in a secured environment and do the position descriptions define who has access to these items? Yes No b. Does the SOE authorize a change in the keys and passwords and does the position description for the individual that implements the change have this delegated authority? Yes No c. Is the degree of access defined in each position description and maintained at that level within the election management system and/or equipment? Yes No 2. Is there a process for witnessing all access to any voting system device, election media or election management system that requires the use of encryption keys? Yes No a. Is there a description or an access log or an authorization list for the individuals who utilize these encryption keys/passwords to gain access to any relevant element of the voting system? Yes No 3) Is there a description of training plans for election officials, staff and temporary workers that address these security procedures and any relevant work instructions Yes No BVSC-003 (04/13) Page 5 of 6

6 Optional County s Ballot on Demand: 1. Is there a written process for having ballot on demand? N/A Yes No Optional County s Beta Test: 1. Is there a written process for having a secondary (i.e., backup) voting system? N/A Yes No 2. Is there a written process for removing the change or modification after the beta test? N/A Yes No Absentee/Early Voting Totals: 1. Is there a written process for uploading Absentee and Early Voting totals before 7pm on election day? N/A Yes No 2. Is there a written process to prevent Absentee and Early Voting results from being released prior to the closing of the polls on election day? N/A Yes No Optional Anti-virus Software: 1. Does the election management system s computer have installed anti-virus software? N/A Yes No If yes, 2. How often the anti-virus software is updated? 3. Method to upload the anti-virus software s data? BVSC-003 (04/13) Page 6 of 6