The voting system is designed to accurately, completely, and robustly carry out election processes.
The voting system is designed using commonly-accepted election process specifications.
The voting system is designed to function correctly under real-world operating conditions.
Voting system design supports evaluation methods enabling testers to clearly distinguish systems that correctly implement specified properties from those that do not.
The voting system is implemented using high quality best practices.
The voting system and its software are implemented using trustworthy materials and best practices in software development.
The voting system is implemented using best practice user-centered design methods, for a wide range of representative voters, including those with and without disabilities, and election workers.
Derived:
Traced From:
The voting system is designed to support interoperability in its interfaces to external systems, its interfaces to internal components, its data, and its peripherals.
Voting system data that is imported, exported, or otherwise reported, is in an interoperable format.
Derived:
- 4.1-A Data export and exchange format
- 4.1-B Election programming data input and output
- 4.1-C Tabulator report data
- 4.1-D Exchange of cast vote records
- 4.1-E Exchange of voting device election logs
- 4.1-F Specification of common format usage
- 4.1-G Public specification of manufacturer native formats
- 4.1-H Common format across manufacturers
Traced From:
- 4.1-A Data export and exchange format
- 4.1-B Election programming data input and output
- 4.1-C Tabulator report data
- 4.1-D Exchange of cast vote records
- 4.1-E Exchange of voting device election logs
- 4.1-F Specification of common format usage
- 4.1-G Public specification of manufacturer native formats
- 4.1-H Common format across manufacturers
Standard, publicly-available formats for other types of data are used, where available.
Widely-used hardware interfaces and communications protocols are used.
The election definition device MUST provide for the logical definition of the ballot, including the definition of the number of allowable votes for each contest.
The election definition device MUST provide for the logical definition of administrative subdivisions, where the list contests varies between subdivisions.
The election definition device MUST be capable of collecting and maintaining Contests and their associated labels and instructions; Candidate names and their associated labels; and Ballot questions and their associated text.
The election definition device MUST enable EOs to define multiple election districts.
The election definition device MUST enable EOs to associate a minimum of 3 identifiers each for administration subdivisions, election districts, contests, and candidates.
Voting devices must provide support for the non-restrictive, publicly-available NIST SP Common Data Format (CDF) specifications for data inputs and output: • Election programming data, NIST SP 1500-100 • Election results data, NIST SP 1500-100 • Election event logging data, NIST SP 1500-101 • Voter registration-related data, NIST SP 1500-102 • Cast vote records, NIST SP 1500-103 • Ballot definition data, NIST SP 1500-104
Discussion
Manufacturers can use any proprietary input or output data formats or internal data formats, as long as they also provide support for the NIST SP specifications. Implementations that do this using translations or conversions from a proprietary format would be considered in conformance.
Source: New requirement
Derived From:
Traced To:
• input or output of election programming data; • input or output of ballot programming data; and • pre-election reports.
Discussion
This requirement concerns input of pre-election data into an election definition device, such as for identification of political geography, contest, candidate, ballot data, and other pre-election information used to setup an election and produce ballots. It also concerns reports of pre-election data from the election definition device. The NIST SP specifications, where applicable, can be supported using translations or conversions from manufacturer-proprietary formats.
Source: New requirement
Derived From:
Traced To:
Tabulators must include support for the NIST CDF specifications for election results reporting data.
Discussion
This requirement deals with reporting of election results reporting data from tabulators such as an EMS. Optical scanners, including CCOS and PCOS, generally do this using exports of cast vote records/
Source: New requirement
Derived From:
Refined By:
Satisfied By:
Traced To:
Traced From:
Devices that export or import CVRs must support the NIST CDF specifications that apply to export and import of CVRs.
Discussion
Devices that export or import CVRs typically include the EMS, CCOS and PCOS, other vote-capture devices, and audit devices.
Source: New requirement
Derived From:
Traced To:
Traced From:
Voting devices must support the export or import of election log data using the NIST SP 1500-101 specification.
Discussion
This requirement refers to election logs and not system logs provided by common operating systems such as Microsoft Windows or Apple IOS. This requirement does not mandate that manufacturers use the format for storing election log information; a manufacturer can meet this requirement by conversion or translation from a native format into the NIST SP 1500-101 format.
Source: New requirement
Derived From:
Traced To:
The voting device or election system manufacturer must provide a specification describing how the manufacturer has implemented a NIST SP 1500 CDF specification that applies to the manufacturer’s specific voting devices and data. This includes such items as descriptions of elements, attributes, constraints, extensions, syntax and semantics of the format, and definitions for data fields and schemas.
Discussion
Conformance to a common data format does not guarantee data interoperability. The manufacturer must document fully how it has interpreted and implemented a NIST CDF specification for its voting devices and the types of data exchanged orexported.
Source: New requirement
Derived From:
Verified By:
Traced To:
Traced From:
Where a NIST SP 1500 CDF specification or other interoperable interchange specification does not exist for a particular area of data interchange, the voting device manufacturer must provide a specification for its native format, describing how the manufacturer has implemented the native format that applies to the manufacturer’s specific voting devices and data. This includes such items as descriptions of elements, attributes, constraints, extensions, syntax and semantics of the format, and definitions for data fields and schemas.
Discussion
This requirement is essentially the same as requirement 4.1-F but applies to the manufacturer’s own native formats where a NIST CDF specification does not exist.
Source: New requirement
Derived From:
Traced To:
The voting system manufacturer must support the NIST SP 1500 CDF specifications for export and interchange of data and reports across its major device categories.
Discussion
Different equipment from the same manufacturer will be interoperable with the respect to data format. For example, a common ballot definition will apply to all manufacturer vote-capture devices and not be specific to each device. Export of data (such as reports and CVRs) will use a common format across all devices.
Source: New requirement
Derived From:
Traced To:
The manufacturer must submit a report providing documentation that the system was developed following best practices for a user-centered design process. The report must include, at a minimum:
•A listing of user-centered design methods used •The types of voters and election workers included in those methods •How those methods were integrated into the overall implementation process •How the results of those methods contributed to developing the final features and design of the voting system
Derived From:
Traced To: