SLI Compliance® offers election officials worldwide a host of election-related services, from general election and voting systems certification programs to analysis and audit of pre- and post-election system performance. Forensic Analysis helps to ensure electronic voting systems are appropriate for use. SLI Compliance can assist by making certain that the configuration of the certified election system is maintained during deployment and that election data integrity is preserved during all phases from set-up to counting and recording and transmission of results. Our services can be provided either pre- or post- elections.

Pre-election Forensics Services

  • SLI Compliance conducts system audits and test elections to ensure that the deployed system is identical to the certified baseline and that no improper data entry or security penetration occurred that would affect count accuracy.
  • SLI Compliance conducts audits to ensure security techniques being used are valid and that effective security procedures are contained in the design. Security features are compared for validity against NIST Special Publications, EAC Guidelines, and ANSI Standards & Guidelines.
  • SLI Compliance ensures that techniques being used are effective as built and can recommend enhanced techniques that should be implemented where needed.
  • SLI Compliance reviews the end-to-end security process to identify any weaknesses in the security chain. We pay particular attention to any aspects of the overall design that could place the system at risk.
  • In addition, to component or feature-level tests, SLI’s end-to-end security and forensic analysis test methods are designed to validate the security of all aspects of the system. Testing can include voter registration, the creation of ballots, the transmission of ballots and receiving of marked ballots, the recording and tallying of results, providing voter confidentiality, and the audit/recount process.
  • SLI Compliance uses FIPS compliant hashing algorithms to provide independent verification and validation to confirm the software and data have not been modified in any manner from the originally tested baseline.
  • Source Code is exposed to various tools to determine possible security risks. SLI Compliance checks the as‐built software to verify that error checking is performing as expected, the system reacts to the errors and there are methods in place to prevent issues like buffer overflows, pointers not being freed, penetration attacks, and unauthorized insertions of code.
  • Security algorithms and security policies are reviewed to validate correct implementation. Our experience shows that cryptographically compliant modules may be present, but if the security policies are not correctly implemented, the system may not be secure or compliant.

Post-election Forensics Services

  • SLI Compliance compares the static and semi-static files of the voting system and each of its components through before and after images to ensure the system is functioning and tabulating according to specified parameters.
  • SLI Compliance ensures that the code contains no hidden functionality, back doors, Trojan horses, conditional compilation flags, test flags, or hardcoded passwords.
  • SLI Compliance confirms election systems haven’t been compromised or contain unauthorized updates. SLI Compliance identifies any and all added, altered or deleted files, programs, scripts or other operating components.
  • Risks identified by SLI Compliance are itemized corrective actions and compensating controls, including system configurations and architecture that can mitigate risks.

FOR MORE INFORMATION, CONTACT US TODAY!

Whitepapers:

Election Auditing

  • I want to thank you again for SLI's independent assessment of Broomfield's election procedures and subsequent development of updated election procedures. SLI's work assisted the City Council greatly in understanding the strengths and weaknesses of existing systems and helped restore confidence in these systems for future elections.

    James L. Becklenberg

    Former Assistant City and County Manager

  • It is with sincere gratitude and appreciation that we unconditionally recommend SLI. Our effort to obtain Meaningful Use Stage 2 Certification for our community health software platform required significant interpretation of the federal guidelines that SLI provided in plain English, on an as needed, and always timely basis. The staff is outstanding and their attitude is nothing less than grace under pressure. To keep it all together, with client after client struggling to interpret often vague federal guidelines, is laudable. The bottom line is that we had a choice, and we went with a recommendation for SLI based on a couple interviews with folks that preceded us, and it turned out to be the best possible decision.

    Milton Allione

    President

  • I sought SLI’s assistance in providing information to me on testing practices for the Uniform Voting System (UVS) that the State of Colorado is seeking. I also worked with them as they developed a report for the Colorado Voter Access and Modernized Elections Commission on an assessment of voting system technology in Colorado. The results provided by SLI were valuable and helped the state make key decisions regarding Colorado's UVS strategy. As our project moves forward, we expect to call upon SLI to test one or more proposed systems to meet Colorado Voting System Certification Standards.

    Al Davidson

    Former Program Manager

  • The SLI team, in my opinion, was outstanding. I truly appreciated this process and all the guidance they provided. Not only did this team well represent themselves and the expertise they possess, but also well represented the SLI organization. I would highly recommend SLI to anyone...

    Norman Joseph

    Vice President, Product Management

  • We are so gratified that our cumulative efforts have yielded the much-needed results. I must hasten to add that the work of the entire SLI team has lent so much credibility to this entire electoral process. For this alone, you have the gratitude of not just this member of the Technical Evaluation Committee, but more likely that of an entire nation.

    Tim Diaz de Rivera

    Director General, National Computing Center