SLI Compliance provides independent verification and validation of voting systems to ensure only proper versions of the software and no unauthorized software is present that could exploit any vulnerabilities. We sample hash codes from the Trusted Build and perform validation tests on the system onsite.
Our team conducts system audits and tests to ensure that the deployed system is identical to the certified baseline and that no improper data entry or security penetration occurred that would affect count accuracy.
We conduct audits to ensure security techniques being used are valid and that effective security procedures are contained in the design. Security features are compared for validity against NIST Special Publications and ANSI Standards and Guidelines. We ensure that techniques being used are effective as built and can recommend enhanced techniques that should be implemented where needed. Overall, the end-to-end security process is reviewed to identify any weakness in the security chain.
The SLI Compliance team pays particular attention to any aspects of the overall design that could place the system at risk. We use FIPS Compliant hashing algorithms to provide independent verification and validation to confirm the software and data have not been modified in any manner from the originally test baseline. Finally, where risks are identified, we itemize corrective actions and compensating controls, including system configurations and architecture that can mitigate risks.