I Terms — Election Security Glossary

Internet VOTING

A description of the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational sub- units, showing their alignment with the enterprise’s…

The underlying security framework that lies beyond an enterprise’s defined boundary, but supports its information assurance (IA) and IA-enabled products, its security posture and its risk management p…

Product whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control, non-repudiation of data); correct known vulnerabilities; and/or provide…

A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.

Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes. (From: DHS SCRM PMO) (NICCS)

Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incid…

The collection of sensors, instruments and autonomous devices connected through the internet to industrial applications

(ES&S) A file known as an “interface file” that contains information about precincts, candidates and propositions, that is generated by BALLOT IMAGE MANAGER and is used to provide input to HARDWRAE PR…

(ES&S) A file known as an “intermediat e interface file” that is created using ELECTION DATA MANAGER and is used to provide input to BALLOT IMAGE MANAGER.

Internet Protocol, which is a numerical label that identifies a device and location

Internet Protocol Address. An IP Address is numeric value (nnn.nnn.nn.nn) used to uniquely identify a device within a network. The address can also be used for local networks. Many devices in an elect…

(IPSec) Provide(s) interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin …

A tool that record what a person types on a device

Synonym(s): asset

A description of security principles and an overall approach for complying with the principles that drive the system design; i.e., guidelines on the placement and implementation of specific security s…

The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. (S…

Explains proper rules of behavior for the use of agency IT systems and information. The program communicates IT security policies and procedures that need to be followed. (SP 800-50) (NISTIR)

IT Security Education seeks to integrate all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multidisciplinary study of concepts, …

An IT application or system that is solely devoted to security. For instance, intrusion detection systems (IDS) and public key infrastructure (PKI) are examples of IT security investments. (SP 800-65)…

Metrics based on IT security performance goals and objectives. (SP 800-55) (NISTIR)

T he “documentation of IT security decisions” in an organization. NIST SP 800-12 categorizes IT Security Policy into three basic types:

IT Security Training strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT security (e.g., management, systems design and dev…

Product or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities. Examples include such products as securi…

Product whose primary role is not security, but provides security services as an associated feature of its intended operating capabilities.

The requirement that voter instruction on a VOTING DEVICE cannot rely on icons alone, but must be accompanied by text. A HUMAN FACTOR identified in the 2007 VVSG.

A cloud-based identity and access management (IAM) offered by a third-party provider

The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items.

“A voting machine must bear a number that will distinguish it from any other machine.” Ind. Code §3-11-5-19.

Unique data used to represent a person’s identity and associated attributes. A name or a card number are examples of identifiers.

Used in request and response messages. Enumeration for election data-related codes in the ExternalIdentifier class. Name Value fips For FIPS codes. local-level For a code that is specific to a county …

A mark on a ballot that can be used to identif y the voter. In general, ballots containing identifying marks are void since they can be used to promote COERCION or vote-buying. Iowa Admin. Code §721-2…

Credential, and Access Management (ICAM) Programs, processes, technologies, and personnel used to create trusted digital identity representations of individuals and non-person entities (NPEs), bind th…

Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority. (FIPS 201) (NISTIR)

A certificate that provides authentication of the identity claimed. Within the National Security System (NSS) public key infrastructure (PKI), identity certificates may be used only for authentication…

The process by which a Credentials Service Provider (CSP) and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person. (SP 800…

The process of making a person’s identity known to the personal identity verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s releva…

Smart card, metal key, or other physical object used to authenticate identity.

Tests enabling an information system to authenticate users or resources. (CNSSI-4009) (NISTIR)

The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with thos…

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user) where access authorizations to specific objects are assigned based…

A security policy based on the identities and/or attributes of the object (system resource) being accessed and of the subject (user, group of users, process, or device) requesting access. (SP 800-33) …

A “vote that is not legally countable.” Texas Elec. Code §221.003(b). “ A voter who cast an illegal vote may be compelled, after the illegality has been established to the satisfaction of the tribunal…

Casting a vote in contravention of law. Voting more than once at any election in a state, or depositing more than one ballot for the same o ffice, or knowingly attempting to vote when not entitled to …

Used in request and response messages. Signature optionally includes this class to indicate that a file contains an image of a voter’s signature. Image uses File as a base class, thus attributes of Fi…

Introduction of deceptive messages or signals into an adversary's telecommunications signals. See also Communications Deception and Manipulative Communications Deception. (CNSSI-4009) (NISTIR)

The effect on organizational operations, organizational assets, individuals, other organizations, or the Nation (including the national security interests of the United States) of a loss of confidenti…

The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information,…

The assessed potential impact resulting from a compromise of the confidentiality, integrity, or availability of an information type, expressed as a value of low, moderate, or high.

A variant of quota used in proportional representation systemswhich use the Largest Remainder Method, deined as the toal valid vote divided by the number of seats to be filled in the electoral distric…

A person who impersonates a registered voter and, as such, offers to vote at any election, is guilty of a … felony. S. D. Codified Laws §12-26-7.

Electronic device or electronic equipment modification designed to gain unauthorized interception of information-bearing emanations.

Statement by a vendor indicating the capabilities, features, and optional functions as well as extensions that have been implemented. Also know as implementation conformance statement.

A ballot not marked in accordance with law, hence not to be counted. Miss. Code §23-15-547.

Voting that occurs in an official location under the supervision of election workers.

An “individual who failed to vote in the preced ing federal general election and whose name was placed on an inactive list.” Mont. Code Ann. §13-1-101(14).

A “list of INACTIVE ELECTORS.” Mont. Code Ann. §13-1-101(15).

A registered voter whose address is believed to have changed and who has failed to respond to notice to confirm his address. Utah Code §20A-1-102(29). “An inactive voter must be allowed to vote, sign …

A mechanism that locks, suspends, or logs off a user after a specified period of inactivity.

Type of incident involving accidental exposure of information to an individual not authorized access.

Misleading actions to deceive others about who an individual/group is or what the individual or group is doing

A “voter who, due to incapacity, is unable to co mplete his ballot.” N. J. Stat. Ann. §19:57-2. The definition is incorrect in that it fails to incorporate the word “absentee.”

An occurrence that results in actual or potential jeopardy to the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or …

The mitigation of violations of security policies and recommended practices.

The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.

A “record made by election judges in the polli ng place on election day of unusual events that occurred in that polling place on election day.” Minn. Rules §8220.0250.18a.

See incident handling.

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attack against an organization’s information systems(s).

VOTING POLL WATCHER, a COUNTING POLL WATCHER, and an INSPECTING POLL WATCHER. Utah Code §20A-1-102(85). Li kewise, Alaska Stat. §15.10.170. Also CHALLENGER, OBSERVER.

The “list of all of the voters in a municipality which is used by election officials at a voting place to record which voters have been issued a ballot at an election.” Me. Rev. Stat. §21-A- 1(21).

The “list of all of the voters in a municipality which is used by election officials at a voting place to record which voters have been issued a ballot at an election.” Me. Rev. Stat. §21-A- 1(21).

System flaw that exists when the operating system does not check all parameters fully for accuracy and consistency, thus making the system vulnerable to penetration. (CNSSI-4009) (NISTIR)

An electoral outcome that differs from the outcome that would be found by a full manual tabulation of the votes on all ballots validly cast in the election. (“Outcome” refers to the consequence of the…

Evidence that tends to increase the likelihood of fault or guilt. (SP 800-72) (NISTIR)

A “candidate for the same office which he or she holds at the time of filing the nomination papers, and was elected to that office by a vote of the people.” Cal. Elec. Code §13107(a)(2). See also APPO…

The ability of a disabled voter to vote without requiring a human assistant to whom her vote would be revealed.

“Ballots voted for any person whose name does not appear on the machine as a nominated candidate for office, are referred to … as independent ballots.” Iowa Code §52.16.

1. A “person who is running for nomination or election to a public office but who does not represent a political party.” Wyo. Stat. §22-1-102(a)(xvi). A “ candidate in a nonpartisan election or a cand…

Deprecated, replaced by Voting System Testing Laboratory. Organization certified by the National Association of State Election Directors (NASED) to perform qualification testing.

Entity that reviews the soundness of independent tests and system compliance with all stated security controls and risk mitigation actions. IVAs will be designated by the authorizing official as neede…

(IV&V) A comprehensive review, analysis, and testing, (software and/or hardware) performed by an objective third party to confirm (i.e., verify) that the requirements are correctly defined, and to con…

“Records produced by a VOTE-CAPTURE DEVICE that supports VOTER VERIFICATION (e.g., VVPAT and EBM).” 2007 VVSG. Indiana ballot A ballot containing a list in columns of all candidates of each party, ena…

Without assistance from an election worker or other person.

A figure which is designed to measure the degree of deviation from proportionality in the allocation of seats to parties or groupings which participated in the election. It is most commonly defined as…

Recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack.

The mechanism by which a selection for a specific contest option automatically selects other linked contest options. An example is a straight party selection that causes indirect selections for all co…

Allowing the voter to verify a representation of her ballot by using a software or hardware intermediary. Cf. DIRECTLY VERIFIABLE.

A citizen of the United States or an alien lawfully admitted for permanent residence. Agencies may, consistent with individual practice, choose to extend the protections of the Privacy Act and EGovern…

Ability to associate positively the identity of a user with the time, method, and degree of access to an information system.

An assessment object that includes people applying specifications, mechanisms, or activities.

General term that encompasses several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configur…

The use of Internet of Things technologies in manufacturing and industry. (UK 2016)

A high-speed, low-latency interconnect standard used in high-performance computing (HPC), supercomputers, and AI data centers

Natural language description, possibly supplemented by mathematical arguments, demonstrating the correspondence of the functional specification to the high-level design. (CNSSI-4009) (NISTIR)

Facility (SCIF) An area, room, group of rooms, buildings, or installation certified and accredited as meeting Director of National Intelligence security standards for the processing, storage, and/or d…

Professional (C. F. D.) Individual who works IA issues and has real world experience plus appropriate IA training and education commensurate with their level of IA responsibility.

Individual who works IA issues and has real-world experience plus appropriate IA training and education commensurate with their level of IA responsibility. (CNSSI-4009) (NISTIR)

In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the …

An application (hardware and/or software) that provides one or more Information Assurance capabilities in support of the overall security and operational objectives of a system.

See information systems security manager (ISSM).

See information systems security officer (ISSO).

Notification that is generated when an Information Assurance vulnerability may result in an immediate and potentially severe threat to DoD systems and information; this alert requires corrective actio…

Addresses new vulnerabilities that do not pose an immediate risk to DoD systems, but are significant enough that noncompliance with the corrective action could escalate the risk.

A three-part concept for information sharing, independent of, and across information systems and security domains that 1) identifies information sharing participants as individual members, 2) contains…

The aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information.

Procedure to ensure that information transfers within an information system are not made in violation of the security policy.

The planning, budgeting, manipulating, and controlling of information throughout its life cycle.

The integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision-making of adve…

Official with statutory or operational authority for specified information and responsibility for establishing the controls for its generation, classification, collection, processing, dissemination, a…

Information and related resources, such as personnel, equipment, funds, and information technology.

The planning, budgeting, organizing, directing, training, controlling, and management activities associated with the burden, collection, creation, use, and dissemination of information by agencies.

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide - integrity, confidentiality, and availability.

Individual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization’s core missions and business processes are adequately addre…

An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational s…

(ISCM) program A program established to collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls.

A program established to collect information in accordance with preestablished metrics, utilizing information readily available in part through implemented security controls. (SP 800-137) (NISTIR)

Aggregate of directives, regulations, and rules that prescribe how an organization manages, protects, and distributes information.

Formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place …

The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the potential for unauthorized a…

An exchange of data, information, and/or knowledge to manage risks or respond to incidents.

(ISE) 1. An approach that facilitates the sharing of terrorism and homeland security information.

Operational entities formed by critical infrastructure owners and operators to gather, analyze, appropriately sanitize, and disseminate intelligence and information related to critical infrastructure.…

“Any formal or informal entity or collaboration created or employed by public or private sector organizations, for purposes of gathering and analyzing critical infrastructure information in order to b…

Individual or group that helps to ensure the careful and responsible management of federal information belonging to the Nation as a whole, regardless of the entity or source that may have originated, …

A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

See authorization boundary.

A discrete, identifiable information technology asset (e.g., hardware, software, firmware) that represents a building block of an information system. Information system components include commercial i…

Management policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or…

The phases through which an information system passes, typically characterized as initiation, development, operation, and termination (i.e., sanitization, disposal and/or destruction).

Official responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.

The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; a…

Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for maintaining the appropriate operational…

A capability provided by an information system that facilitates information processing, storage, or transmission.

Risk that arises through the loss of confidentiality, integrity, or availability of information or information systems considering impacts to organizational operations and assets, individuals, other o…

(INFOSEC) boundary An imaginary definable perimeter encompassing all the critical functions in an INFOSEC product and separating them from all other functions within the product.

Individual assigned responsibility for conducting information system security engineering activities.

Process that captures and refines information security requirements and ensures their integration into information technology component products and information systems through purposeful security des…

Modification of any fielded hardware, firmware, software, or portion thereof, under NSA configuration control.

Individual responsible for the information assurance of a program, organization, system, or enclave.

Individual assigned responsibility for maintaining the appropriate operational security posture for an information system or program. (CNSSI-4009) (NISTIR)

In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g…

Item (chip, module, assembly, or equipment), technique, or service that performs or relates to information systems security. (CNSSI-4009) (NISTIR)

Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, trans…

See information system component.

A specific category of information (e.g., privacy, medical, proprietary, financial, investigative, contractor sensitive, security management), defined by an organization or in some instances, by a spe…

A qualitative measure of the importance of the information based upon factors such as the level of robustness of the information assurance (IA) controls allocated to the protection of information base…

Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

(ICT) Includes all categories of ubiquitous technology used for the gathering, storing, transmitting, retrieving, or processing of information (e.g., microelectronics, printed circuit boards, computin…

(2) the practices and associated documentation used--

The processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection

Signals sent by infrared light from one device to another device. This is how most television remote controls function; the remote sends infrared (a/k/a IR) signals to the television which then does s…

The framework of interdependent networks and systems comprising identifiable industries, institutions (including people and procedures), and distribution capabilities that provide a reliable flow of p…

A software application of Hart InterCivic that converts external data for importation into BOSS.

See security control inheritance.

The process of tabulating ballots before any RECOUNT. 8 N. C. Admin. Code §09.0107(a). Cf. SECOND RECOUNT.

The preliminary counting of some or all ballots cast in a jurisdiction with results subject to final count; typically conducted at the end of general voting day; does not typically include the count o…

“All steps taken to prepare ABSENTEE BALLOTS for tabulation, except for the reading of ballots by an electronic vote tallying system. Initial processing includes, but is not limited to: Removal of the…

A preliminary RECOUNT to which a candidate is entitled by law if certain grounds are present. Texas Elec. Code §212.022. In Texas, no ground is required to obtain an initial recount if voting was cond…

The “time taken from when the voter performs some detectible action (such as pressing a button) to when the voting system begins responding in some obvious way (such as an audible response or any chan…

A vector used in defining the starting point of an encryption process within a cryptographic algorithm. (FIPS 140-2) (NISTIR)

Setting the state of a cryptographic logic prior to key generation, encryption, or other operating mode. (CNSSI-4009) (NISTIR)

A method of having laws enacted by the public di rectly instead of through a legislative body. “The people may propose and enact laws by the initiative.” Wyo. Stat. §22-24-101. The “process by which t…

The entity that initiates an authentication exchange. (FIPS 196) (NISTIR)

The American network of knowledge, capabilities, and people—including those in aca- demia, National Laboratories, and the private sector—that turns ideas into innovations, transforms discoveries into …

A CLASS of voting systems that claim to exhibit SOFTWARE INDEPENDENCE but which do not use INDEPENDENT VOTER-VERIFIABLE RECORDS, hence for which there may not be testable requirements in the VVSG. 200…

The states vary widely in providing a procedure to be followed if a voting machine is found not to be working during an election. “When a ny voting or counting device becomes inoperative in whole or i…

Input Validations Attacks are where an attacker intentionally sends unusual input in the hopes of confusing an application.

A person or group of persons within an organization who pose a potential risk through violating security policies.

Any person with authorized access to any United States Government resource to include personnel, facilities, information, equipment, networks, or systems.

The threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through es…

A coordinated collection of capabilities authorized by the Department/Agency (D/A) that is organized to deter, detect, and mitigate the unauthorized disclosure of sensitive information.

Three dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify …

A “person selected … to witness the receipt a nd safe deposit of voted and counted ballots.” Utah Code §20A-1-102(30).

Examination of a product design, product, process or installation and determination of its conformity with specific requirements or, on the basis of professional judgment, with general requirements. N…

The “subdivision of the COUNTING BOARD consisting of at least two (2) individuals responsible for inspecting ballots for improper marking, OVERVOTING, WRITE-INS, damage to the ballot and CHAD removal.…

The “inspector shall be the principal administra tive officer of the preci nct election board.” 26 Okla. Stat. §2-216. Likewise in Wisconsin.

One of two ELECTION OFFICIALS, of different parties, who have “shall have charge of the ballots and shall furnish them to the voters.” N. H. Rev. Stat. §658:25.

A vote variation which allows each voter to rank contest options in order of the voter’s preference, in which votes are counted in rounds using a series of runoff tabulations to defeat contest options…

SAMPLE Ballot. N. J. Stat. Ann. §19:49-4. Likewise, SC.

The “physical and technical aspects of conn ections between systems and devices, which include hardware and firmware, protocols, etc. … Systems and devices that are integratable are designed such that…

CCI (controlled cryptographic items) component A CCI component that is designed to be incorporated into an otherwise unclassified communication or information processing equipment or system to form a …

The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify effo…

(1) Prevention of unauthorized modification of information. (2) Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.

See checksum. Rationale: The concept of an integrity check value is included in the term "checksum." As such, it is not necessary to distinguish between the two terms.

Creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights…

All activities that agencies within the Intelligence Community are authorized to conduct pursuant to Executive Order (E. O.) 12333, United States Intelligence Activities.

(IC) Intelligence Community and elements of the Intelligence Community refers to:

A state of mind or desire to achieve an objective.

Control or navigation option that enables voters to operate and interact with the voting system, used in conjunction with a display format.

A document that regulates security-relevant aspects of an intended connection between an agency and an external system. It regulates the security interface between any two systems operating under two …

All “persons charged with any duty under the election laws … any manufacturer of or dealer in mechanical voting machines, voting devices or components thereof and agents of such manufacturer or dealer…

Matters of vital interest to the United States to include national security, public safety, national economic security, the safe and reliable functioning of “critical infrastructure”, and the availabi…

Common boundary between independent systems or modules where interactions take place.

Technical document describing interface controls and identifying the authorities and responsibilities for ensuring the operation of such controls. This document is baselined during the preliminary des…

See IFC FILE.

A document in the TDP to “describe external interfaces (programmatic, human, and network) provided by each of the computer components of the voting system (examples of components are DRE, Central Tabu…

In some states, an employer may not interfere with an employee’s right to run for public office. The offense consists of “an employer making, adopting, enforcing or attempting to enforce any order, ru…

(IATO) (C. F. D.) Temporary authorization granted by principal accrediting authority (PAA) or authorizing official (AO) for an information system to process information based on preliminary results of…

Temporary authorization to test an information system in a specified operational information environment within the time frame and under the conditions or constraints enumerated in the written authori…

(IATT) Temporary authorization to test an information system in a specified operational information environment within the timeframe and under the conditions or constraints enumerated in the written a…

A Certification Authority that is subordinate to another CA, and has a CA subordinate to itself. (SP 800-32) (NISTIR)

See IFF FILE.

Any “political party organized under the laws of this state whose candidate for governor or nominees for presidential electors received less th an twenty per cent but not less than ten per cent of the…

A human readable record, resident on the voting machine, used to track all activities of that machine. This log records every activity performed on or by the machine indicating the event and when it h…

A network where: (i) the establishment, maintenance, and provisioning of security controls are under the direct control of organizational employees or contractors; or (ii) cryptographic encapsulation …

Hardware, firmware, or software features within an information system that restrict access to resources to only authorized subjects.

Security testing conducted from inside the organization’s security perimeter. (SP 800-115) (NISTIR)

International Foundation FOR Election Systems

The single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share (a) the protocol suite specified by the Internet Architecture Board (IAB) …

Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.

Organization that provides access to the Internet for customers or members. Examples include AT&T, Comcast, etc.

The return of a voted ballot or voter information packet by email or through the use of an Internet supported application.

A concept that describes everyday physical objects being connected to the internet and identifying themselves to other devices.

The extent to which systems from different manufacturers and devices with different system configurations can communicate with each other.

The “determination through OPERATIONAL TESTING of whether existing products are able to cooperate meaningfully for some purpose. It c onsists of bringing together existing products, configuring them t…

One who translates for people communicating in different languages.

The Voting Process Voting equipment failures, inadequate supplies, disasters, or anything that prevents voting.

Voting equipment failures, inadequate supplies, disasters, or anything that prevents voting.

A “former resident and registered voter in … Missouri [who moves] to another state after the deadline to register to vote in any presidentia l election in the new state and who otherwise possesses the…

A type of assessment method that is characterized by the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or lead…

“Intimidation consists of: (i) Inducing, or attemp ting to induce, fear in an election official or elector by use of threats of force, violence, ha rm or loss, or any form of economic retaliation, for…

A computer network, especially one based on Internet technology, that an organization uses for its own internal (and usually private) purposes and that is closed to outsiders.

A “registered voter of [Missour i] who moves from one election authority's jurisdiction in the state to another election authority's jurisdiction in the state after the last day authorized in this cha…

A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without havi…

The process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents.

A hardware or software application that detects and reports a suspected security breach, policy violation, or other compromise that may adversely affect the network.

(IDS), (network-based) IDSs which detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting m…

Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incid…

The process of monitoring the events occurring in a computer system or network, analyzing them for signs of possible incidents, and attempting to stop detected possible incidents.

Intrusion Prevention System: Software that has all the capabilities of an intrusion detection system and can also attempt to stop possible incidents.

A group of cyber security incidents that share similar cyber actors, methods, or signatures.

A ballot that is not to be counted for any of a number of specified reasons. An “official cast ballot discovered at the time the votes are counted which does not comply with the requirements for votin…

A that is cast but is not in compliance with law, e.g. an OVERVOTE.” 21-A Maine Rev Stat. §21-A-696-2.

Votes which cannot be counted in favour of any participant in an election due to accidental or deliberate errors of marking by the voter.

An error, mistake, or omission that results in your vote not counting towards the final election result.

(a) The physical or virtual verification of the presence of each item of COMSEC material charged to a COMSEC account.

Series of transformations that converts ciphertext to plaintext using the Cipher Key. (FIPS 197) (NISTIR)

A NICE Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence

A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to col…

A clue that a malicious entity has gained, or is attempting to gain, unauthorised access to the network or assets connected to the network

Refers to the series of behaviors that a cybercriminal exhibits prior to executing a cyberattack.

Clues and evidence of a data breach

See Indicators of Compromise

A set of communication rules or protocols for setting up secure connections over a network

(ES&S) A web-based program for election resu lts reporting that allows jurisdictions to customize their own reports.

“Ballots voted for any person whose name doe s not appear on the ballot as a nominated candidate for office are referred to … as ‘irregular ballots’.” R. I. Gen. Laws §17-19-31.

Something that is not correct or acceptable, such as when the rules, laws, or usual ways of doing things have not been followed.

To give something to someone in an official manner.

When an official authority, election clerk or poll worker gives a voter a ballot to vote.

The “area(s) on or between lines separating ISSUES.” Ark. Register §108.00.02-003.300(c). Cf. CANDIDATE AREA.

The net mission/business impact considering:

A DRE product of ES&S. iVotronic Image manager (ES&S) A Java application that is part of the ES&S Unity suite for designing bitmap ballots for the IVOTRONIC. Abbreviated IVIM.

A term that can be used to describe malware in general use (thereby making attribution difficult) or an unpatched or unknown vulnerability discovered in an information system.

EARLY VOTING. La. Rev. Stat. Ann. §18:1309.1.

A “procedure in which a voter may come in person to a DISABILITY ACCESS LOCATION and cast a ballot during the DISABILITY ACCESS VOTING PERIOD.” R. C. W. §29A.46.030.

The “recording and counting of ballots on au tomatic tabulating equipment provided by the election authority in the same precinct polling place in which those ballots have been cast.” 10 Ill. Comp. St…

A VOTING STATE of a VOTE-CAPTURE DEVICE when the device has been activated for a VOTING SESSION and a ballot has been presented to a voter. 2007 VVSG.