Penetration testing (Pen testing)

1. An evaluation method that enables researchers to search for vulnerabilities in a system.

Source: Election Terminology Glossary - Draft, National Institute of Standards and Technology (NIST), https://pages.nist.gov/ElectionGlossary/

2. An evaluation method that enables researcher to search for vulnerabilities in a system. Election systems, such as the VR (voter registration) system, are periodically submitted to pen test to determine their vulnerabilities to cyber attacks.

Source: Information Technology Terminology, U.S. Election Assistance Commission, https://www.eac.gov/documents/2017/09/21/information-technology-terminology-security

3. Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.

Source: The State and Local Election Cybersecurity Playbook, Defending Digital Democracy Project, Harvard Kennedy School Belfer Center for Science and International Affairs, https://www.belfercenter.org/sites/default/files/files/publication/StateLocalPlaybook%201.1.pdf; Source: U.S. Cyberspace Solarium Commission, March 2020, https://subscriber.politicopro.com/f/?id=00000170-c638-d8f7-a7f1-f63b33510000