# System Security Architecture Description

This section describe the overall system security architecture of VxSuite and the measures taken to thwart attacks on the proper operation of elections on VxSuite.

{% hint style="success" %}
**Requirement 14.1-C.1** – the use of **cryptography** to secure VxSuite – is covered by

* the certificates and signatures used by smartcards, see [Access Control / Smartcard Keys and Certificates](https://docs.voting.works/vxsuite-tdp-v3.1/access-control#smartcard-keys-and-certificates).
* digital signatures applied to all files exchanged between system components, see [Artifact Authentication](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/artifact-authentication).
* hard-drive partition hashes, as well as kernel and bootloader signature, used as part of secure-boot, see [System Integrity](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/system-integrity).
* additional details on encryption vs. authentication and the type and size of cryptographic keys we use is provided in [cryptography](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/cryptography "mention")
  {% endhint %}

{% hint style="success" %}
**Requirement 14.1-C.2** – the use of **malware protection** to secure VxSuite – is covered by the secure boot and safe mounting of external drives covered in [System Integrity](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/system-integrity).
{% endhint %}

{% hint style="success" %}
**Requirement 14.1-C.3** – the use of **a firewall** to secure VxSuite – is covered in [Networking](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/networking).
{% endhint %}

{% hint style="success" %}
**Requirement 14.1-C.4** – the use of **system configurations** to secure VxSuite – is covered by:

* [Password and Credential Policies](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/password-and-credential-policies)
* aspects of secure-boot as described in [System Integrity](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/system-integrity).
  {% endhint %}

{% hint style="success" %}
**Requirement 11.4-A** – on **least privilege** – is covered by [Defense in Depth and Least Privilege](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/defense-in-depth-and-least-privilege).
{% endhint %}

{% hint style="success" %}
**Requirements 13.3-A, 13.3-C, 13.3-D** are covered by [cryptography](https://docs.voting.works/vxsuite-tdp-v3.1/system-security-architecture-description/cryptography "mention")
{% endhint %}