Risk Assessment

This risk assessment reviews threats and vulnerabilities identified in:

VxSuite hardware, including VxCentralScan, VxAdmin, vxMark, and VxScan. Also included are any items and peripherals needed to operate the equipment listed above (e.g., USB drives, scanners, printers).
VxSuite software and source code
VotingWorks internal communication and operation support systems.

This assessment was conducted following the framework outlined in NIST Special Publication 800-30 - Guide for Conducting Risk assessments.

For additional information on how physical, technical, and operational controls work together to meet the requirements of VVSG 14.1-C.1-4, please refer to , specifically:

Access Control
Artifact Authentication
System Integrity
Networking
Password and Credential Policies
Defense-in-Depth and Least Privilege
Cryptography
Procedural and Operational Security
Trusted Build

Please also refer to the VxSuite User Manual - v4, notably the Setup Inspection documentation.

Risk Assessment [PDF]

Risk Assessment [Excel]

PreviousVulnerability Management NextHardware Criticality and Supplier Analysis

Last updated 29 days ago