# System Security Architecture Description

This section describe the overall system security architecture of VxSuite and the measures taken to thwart attacks on the proper operation of elections on VxSuite.

{% hint style="success" %}
**Requirement 14.1-C.1** – the use of **cryptography** to secure VxSuite – is covered by

* the certificates and signatures used by smartcards, see [Access Control / Smartcard Keys and Certificates](https://docs.voting.works/vxsuite-tdp-v3.1/access-control#smartcard-keys-and-certificates).
* digital signatures applied to all files exchanged between system components, see [Artifact Authentication](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/artifact-authentication).
* hard-drive partition hashes, as well as kernel and bootloader signature, used as part of secure-boot, see [System Integrity](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/system-integrity).
* additional details on encryption vs. authentication and the type and size of cryptographic keys we use is provided in [cryptography](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/cryptography "mention")
  {% endhint %}

{% hint style="success" %}
**Requirement 14.1-C.2** – the use of **malware protection** to secure VxSuite – is covered by the secure boot and safe mounting of external drives covered in [System Integrity](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/system-integrity).
{% endhint %}

{% hint style="success" %}
**Requirement 14.1-C.3** – the use of **a firewall** to secure VxSuite – is covered in [Networking](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/networking).
{% endhint %}

{% hint style="success" %}
**Requirement 14.1-C.4** – the use of **system configurations** to secure VxSuite – is covered by:

* [Password and Credential Policies](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/password-and-credential-policies)
* aspects of secure-boot as described in [System Integrity](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/system-integrity).
  {% endhint %}

{% hint style="success" %}
**Requirement 11.4-A** – on **least privilege** – is covered by [Defense in Depth and Least Privilege](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/defense-in-depth-and-least-privilege).
{% endhint %}

{% hint style="success" %}
**Requirements 13.3-A, 13.3-C, 13.3-D** are covered by [cryptography](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/cryptography "mention")
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.