and Transparency Subcommittee (STS) Conference Call
Participants: Alicia Clay, Allan Eustis, Angela Orbaugh, Barbara Guttman, Bill Burr, David Wagner, Helen Purcell, John Kelsey, Nelson Hastings, Quynh Dang, Rene Peralta, Ron Rivest, Wendy HAvens
Administrative Updates - Allan Eustis:
SW Independent/Dependent and Innovation Class Presentation Details - Bill Burr
Plan to advocate developing a process where we can address an innovation class of voting machines that would include end-to-end, and possibly IV, solutions. The reason for a process instead of requirements is that (we) don't feel we're ready to write the kind of requirements that would be used for a test lab process except for very particular designs that would cut off innovation in an area that has hardly begun to develop.
The discussion will be about what that process will look like and when we'll have an outline for it, and who will be responsible for organizing it. This (evaluation panel) depends on experts doing it. There will be a lot of issues how this is put together, panel members - paid, FACA? Who will be motivated to put together a credible proposal and what is our role?
This will be a recommendation put forth. It is an EAC decision to implement and run the panel/group.
The evaluation process demands a high level of expertise. It is important to get a good panel, and this should be discussed. The process from the vendor's point of view: is it a one shot demand to build a credible system with the new innovation or is there an introductory period to get buy-in to a general idea of a new development. Maybe this should be done as a grant process to develop the new technology.
[NOTE: EAC is going to Congress to get authority for certain things like collecting money and assigning it out. Also to assign vendors to certain labs.]
Innovation class evaluation models were discussed: First one looks like an AES competition followed by the FIPS module evaluation. Second model looks like FDA (clinical trial) approval. A couple of states have talked about doing pilots with new systems.
There are costs for the vendors in developing new hardware; and cost for the experts evaluating them. Patents were discussed - if a vendor comes up with new technology, they may want to patent it so other vendors are not able to start with their work. Opinions were expressed that this shouldn't be a competition, but maybe it should be a qualification process.
Question came up about whether there should be a competition for the cryptographic algorithm protocol that the academic could do, and then once appropriate algorithms or protocols from that competition, you let the business community pick up from there.
An interesting discussion on examples, possibilities, and processes for how this would work took place, taking into account some entirely new technology and also changing existing profiles.
The innovation class model may want to be done also at a minor level taking into account machines that were pre-certified but have enough new variations to warrant a review.
We want to keep in mind that we created this innovation class for a specific reason. For the December meeting, we should get agreement from the TGDC that this is a good direction to proceed in and then when the standard comes up for review in four years, we can look into how to expand on the innovation class or how to expand on existing profiles. It still has to be determined if we can lay out a process for the innovation class by July. Consensus seemed to be that it could be done. We need criteria for when the project begins. We have to have barriers for people to enter the grant competition so we only get credible proposals.
Systems would still have to go through ITA/VSTL for testing, but they would have to go through a special security panel to make sure they meet security requirements. There needs to be a review of the design and implementation at some time.
For things where we can write testable requirements, the test labs will be able to evaluate systems. When we get into innovation class, we won't be able to write requirements that are testable, i.e., the crypto protocol or an IV system. [Testing labs hire contractors, and they should be able to hire the experts that could do the evaluations. A lot of pressure is on the manufacturers to do the testing, part of the process is getting independent reviews and tests of new systems.]
For the December meeting we're looking for their approval to proceed in this direction, and we will provide them with a process in VVSG 07. Is the process specified in the standard or separate (in July as well)? There must be a path within the standard that tells you where the process is - we may have to leave some details vague. There should be no mention of possible grants.
We need to start having some substantive discussions with EAC about what should be in the standards and what should be outside the standards. We're looking for buy-in from the TGDC in December and if it goes in the final for VVSG 07 it could be determined that the EAC will work with NIST to come up with the process. STS should draft a resolution for the December meeting saying that TGDC supports the innovation class and asks NIST to develop the process.
STS Agenda Items for December TGDC Meeting
Presenters are still being decided for each section of the agenda.
#1 - Restructuring
the security components of VVSG 2007 (very high level discussion) (30
#2 - Position
on SW dependent systems and the innovation class alternative (white
paper posted) (90 min)
#3 - Significant
changes in requirements (60 min)
There should be good abstracts/summaries at the beginnings of all our white papers. Papers are due to Allan by Wednesday, November 22, cob. Slides to Allan by Wednesday a.m., November 29.
to send email about developing standards for software IV, some NIST
staff feel we could/should be doing more work, and some disagree. This
issue should be discussed before meeting. Some EAC members feel we should
be forthcoming with more requirements for this class. John Kelsey needs
to be ready to discuss.
Charter for TGDC runs through June 2007.
Next meeting, Tuesday, November 28, 2006.
policy / security notice / accessibility statement