This risk assessment reviews threats and vulnerabilities identified in:
- VxSuite hardware, including VxCentralScan, VxAdmin, vxMark, and VxScan. Also included are any items and peripherals needed to operate the equipment listed above (e.g., USB drives, scanners, printers).
- VxSuite software and source code
- VotingWorks internal communication and operation support systems.
This assessment was conducted following the framework outlined in NIST Special Publication 800-30 - Guide for Conducting Risk assessments.
For additional information on how physical, technical, and operational controls work together to meet the requirements of VVSG 14.1-C.1-4, please refer to , specifically:
- access-control.md
- artifact-authentication
- system-integrity.md
- networking.md
- password-and-credential-policies.md
- defense-in-depth-and-least-privilege.md
- cryptography.md
- procedural-and-operational-security.md
- trusted-build
Please also refer to the VxSuite User Manual - v4, notably the Setup Inspection documentation.
Risk Assessment [PDF]
Risk Assessment [Excel]