Current through Register Vol. 46, No. 8, February 21, 2024
Section 6210.11 - Voting systems security
County board election officials shall take all steps necessary to ensure that the voting systems and election processes entrusted to them are protected against errors, accidents and malicious or fraudulent manipulation, consistent with voting system security procedures developed by the State Board.(a) The county board shall establish procedures and policies which protect the voting system facility itself, the voting systems stored therein, and servers and computer systems used therein. The county board shall also ensure that any security features or processes recommended by the vendor, such as virus protections, shall be implemented. The county board shall further provide within the facility, locked, secure storage for all ballots, system test materials, copies of software, copies of ballot programming, programming devices, memory devices, disability access devices, voting system keys, key cards, and all ancillary devices or voting system components and materials.(b) County boards shall adopt security procedures which restrict and document all access to voting systems, computer systems, software, firmware, system components, programming, test materials and any other ballot creation, counting or other system components. All programming, maintenance testing, pre-qualification and post-election testing and canvassing/recanvassing, shall be conducted by bi-partisan teams and be performed in secure, restricted-access space, and logs shall be maintained indicating task/staff assignments, time in and out, security password change dates and other such pertinent data.(c) Internal security procedures shall require the frequent changing of passwords at established intervals, including prior to setup for use in any election. (1) If at any time the county board discovers that any password has been lost, shared or otherwise compromised, all passwords shall be changed.(2) If persons with administrative passwords are assisting in the performance of election tasks not related to the administration of the voting system, they shall perform such work using their staff password, and not their administrative password.(d) The county board shall maintain a log, in a manner prescribed by the State Board, which clearly tracks a chain of custody for each voting system. (1) A log shall be maintained for each voting system, identifying the placement of and serial number on each tamper-evident seal used to secure the voting system and its devices while in the custody of the county board, used to secure the device for delivery to poll sites, and for the securing and return of same, after the close of polls. (i) At any stage of the administration, programming or conduct of an election, if a tamper-evident seal is found to have been compromised, or if serial numbers as logged do not match those on the device, the matter shall be immediately documented and investigated.(ii) The county board shall adopt procedures which direct their actions in such investigations, and which identify methods for the resolution or amelioration of such breaches of security.(2) A copy of county board security procedures and policies shall be filed with the State Board upon adoption.(e) The voting system supporting software, the election management software (EMS) and the specific election configuration and ballot configuration for each election shall be maintained under control of the county board and placed in secure locked storage at all times when not in use. Master copies of all election configuration and ballot configuration shall be retained in secured locked storage as designated by the county commissioners and separate from the location of working copies, from the time of completion of pre-qualification demonstration testing and for as long after the election as required by law, these regulations, as ordered by a court, or as directed by the State Board.(f) The county board shall enforce the provisions of the Election Law which relate to canvassing and recanvassing of votes cast in an election, as well as these regulations and directives of the State Board.(g) The voting system and any computers or other peripheral devices shall be dedicated solely to election configuration, ballot configuration (layout) and vote counting functions, including tests listed in section 6210.2 of this Part pre-qualification and post-election testing. The system components used specifically for voting, such as any scanner, DRE or ballot marking device, shall not be capable of being networked: no modem, telecommunications nor wireless communications devices may be components of a voting system. Other components that are not physically or electronically connected to a scanner, DRE, ballot marking device or other component used specifically for voting may be configured as a closed network which can not be connected to any other internal or external network. Such closed network may be used for the preparation of ballot configuration (layout) and vote counting functions. Any EMS system configured as a closed network requires prior approval and testing by the State Board of Elections. No unapproved software or hardware may be installed or run at any time on any part of the voting system.(h) Audit records shall be prepared for all phases of election configuration and ballot configuration using devices under the care, custody and control of the county board. Such audit records shall address the election configuration and ballot configuration phase, pre-qualification tests, and voting and ballot-counting operations. The voting system supporting software shall log and report audit data such that: (1) Systems shall provide the capability to create and maintain a real-time audit record to record and provide the operator or election inspector with continuous updates on voting system status.(2) All systems shall include a real-time clock as part of the system's hardware. The system shall maintain an absolute record of the time and date or a record relative to some event whose time and data are known and recorded.(3) All audit record entries shall include the time-and-date stamp.(4) The generation of audit record entries shall not be able to be terminated or altered by program control, hardware control or by the intervention of any person. The physical security and integrity of the record shall be maintained at all times.(5) The system shall be capable of printing a copy of the audit record.(6) Any and all reports produced by the printer shall be retained by the county board in accordance with Election Law and these regulations.(i) All vote counting programs, including the voting system supporting software and the specific election configuration and ballot configuration coding for each election, shall be available for inspection by the State Board.(j) The county board shall adopt a contingency plan, which addresses how an election shall be configured, tested, conducted, and tabulated, in the event of an unanticipated or unavoidable event. Such plan shall, at a minimum, identify an alternate site within the county, from which election management, administrative or canvassing tasks can be conducted, in the event their own facility is unavailable to them or otherwise compromised.(k) Following voting and ballot accounting, the ballots as originally secured at the close of polls on Election Day, shall be reassembled, packaged, sealed and labeled. (1) The county board shall develop a written plan for the retention and storage of the foregoing, and any other data processing materials related to the vote counting, and of all documentation of the election.(2) All such ballots, materials and documents shall be placed in locked storage in a secure location and shall remain there until the expiration of the period for challenging elections and for as long as required by law, State Board regulations, or unless a court orders their release.(l) Voting systems and election management systems shall be implemented such that the county board's voting system will only accept election configuration and ballot configuration from that board's election management system and an election management system will only accept results from that board's voting systems, unless two or more county boards enter into a mutually-acceptable written agreement to share election configuration and ballot configuration programming services. A copy of such written agreement shall be filed with the State Board.
N.Y. Comp. Codes R. & Regs. Tit. 9 § 6210.11Amended, New York State Register May 21, 2014/Volume XXXVI, Issue 20, eff.5/21/2014