Statutes, codes, and regulations
New Jersey Administrative Code
Title 15 - STATEChapter 10 - ELECTIONS
Subchapter 7 - ELECTRONIC POLL BOOKS
Section 15:10-7.6 - Requirements for e-poll book system review

N.J. Admin. Code § 15:10-7.6

Download
PDF
Current through Register Vol. 56, No. 24, December 18, 2024
Section 15:10-7.6 - Requirements for e-poll book system review
(a) The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) shall conduct a security review of any e-poll book system vendor that submits an e-poll book system to the Secretary of State for use in New Jersey. The security review shall include existing processes for the review of the State of New Jersey Security Due Diligence-Third-Party Information Security Questionnaire and Ownership Disclosure Form. The e-poll book system vendor shall cooperate with NJCICC's security review.
(b) The DGE shall conduct testing and examination of the e-poll book system to confirm that the e-poll book system meets all system and security requirements set forth in this subchapter.
(c) Any vendor proposing to offer a new or modified e-poll book system may only seek review of a system that is free of known regulatory or functional issues, problems, and abnormalities.
(d) For a submission to be considered complete and ready for review, the vendor must:
1. Submit in writing, to the Division of Elections, a request for e-poll book system approval. This request, written on the vendor's letterhead, must list the following:
i. All hardware devices to be reviewed;
ii. All software versions to be reviewed;
iii. All features to be reviewed;
iv. Any U.S. states or territories where this has already been approved for use; and
v. Email and telephone contact information for both administrative and technical questions;
2. Transport the following to the Division of Gaming Enforcement (DGE), at the vendor's expense:
i. Production samples of hardware devices being reviewed;
ii. Production versions of all software and firmware being reviewed;
iii. All additional software and hardware required to perform testing, including software capable of performing a load test with a configurable number of simultaneous voters;
iv. All manuals required to administrate and operate the e-poll book system;
v. Settings for the e-poll book system to comply with all applicable New Jersey rules;
vi. Copies of all quality assurance testing results for tests that were already performed;
vii. Source code for all software and firmware of products being reviewed; and
viii. A detailed network architecture diagram of the e-poll book system;
3. Submit a copy of the vendor's information security plan to the DGE; and
4. Complete and submit the State of New Jersey Security Due Diligence-Third-Party Information Security Questionnaire and Ownership Disclosure Form to the NJCCIC.
(e) The review of an e-poll book system vendor and e-poll book system shall be completed no later than 60 days after a complete submission is received. The DGE shall provide the Secretary of State with the outcome of its testing and examination and a recommendation as to whether the e-poll system is compliant with the technical requirements. The NJCCIC shall provide the Secretary of State with the results of its security review and a recommendation as to whether the vendor is following information security best practices. The Secretary of State shall review the results of the DGE's testing and examination of the e-poll book system, as well as the recommendation of the DGE, and the outcome of the NJCCIC's security review of the e-poll book vendor, as well as the recommendation of the NJCCIC, and issue one of two possible letters stating the outcome of the review:
1. A certificate of approval letter stating the e-poll book system is approved for use in the State of New Jersey and all conditions required for its proper use; or
2. A rejection letter stating the product is not approved for use in the State of New Jersey. This letter shall list the deficiencies and problems with the submitted e-poll book system that prevented approval.
(f) Nothing in this section shall prohibit the Secretary of State from adding, modifying, or removing conditions in an approval letter issued, pursuant to (e)1 above, as necessary, to ensure the security, integrity, and functionality of the e-poll book system or of the electoral process in this State.
(g) The vendor shall be responsible for the removal of all items transported to the DGE for review.

N.J. Admin. Code § 15:10-7.6