Total Security Requirements
156
Fully Compliant
151
Partially Compliant
5
Compliance Rate
96.8%
Assurance Levels
Evaluation Assurance Levels
Common Criteria defines seven levels of evaluation assurance — VoteSecured achieves EAL4+
EAL1
Functionally Tested
EAL2
Structurally Tested
EAL3
Methodically Tested
EAL4+
Our Certification Level
EAL5
Semiformally Designed
EAL6
Verified Design
EAL7
Formally Verified
Functional Requirements
Security Functional Requirements (SFR)
Core security functions implemented and evaluated
| Control ID | Requirement | Status | Implementation Details |
|---|---|---|---|
| FIA_AFL.1 | Authentication Failure Handling — System shall detect and act upon authentication failures | COMPLIANT | Automated lockout after 3 failed attempts with exponential backoff. Failed authentication attempts logged with source IP, timestamp, and attempted credentials. Real-time alerting to administrators. |
| FIA_ATD.1 | User Attribute Definition — System shall maintain security attributes for each user | COMPLIANT | Comprehensive user profiles with role assignments, access permissions, authentication methods, and audit trails. Attributes encrypted at rest and digitally signed for integrity. |
| FIA_SOS.2 | TSF Generation of Secrets — TSF shall provide quality metric for secrets generated by TSF | COMPLIANT | Hardware security modules generate cryptographic keys with NIST SP 800-90A entropy sources. All generated secrets meet minimum 256-bit entropy requirements with quality metrics tracking. |
| FIA_UAU.2 | User Authentication Before Action — TSF shall require each user to be successfully authenticated | COMPLIANT | Multi-factor authentication required for all user actions. PIV cards, biometrics, and hardware tokens supported. Session tokens with short expiration times and automatic re-authentication for sensitive operations. |
| FDP_ACC.2 | Complete Access Control — TSF shall enforce access control policy on all subjects and objects | COMPLIANT | Comprehensive RBAC with mandatory access controls. All system resources protected by access control policies with no bypass mechanisms. Default-deny security posture with explicit allow rules. |
| FDP_ACF.1 | Security Attribute Based Access Control — TSF shall enforce access control based on security attributes | COMPLIANT | Attribute-based access control (ABAC) using user attributes, resource classifications, environmental conditions, and time-based constraints. Dynamic policy evaluation with real-time attribute validation. |
Cryptography
Cryptographic Support Requirements
Cryptographic functions and key management
| Control ID | Requirement | Status | Implementation Details |
|---|---|---|---|
| FCS_CKM.1 | Cryptographic Key Generation — TSF shall generate cryptographic keys using approved algorithms | COMPLIANT | FIPS 140-2 Level 3 HSMs generate all cryptographic keys using NIST-approved algorithms. RSA-4096, ECDSA P-384, and AES-256 key generation with validated entropy sources and secure random number generation. |
| FCS_CKM.2 | Cryptographic Key Establishment — TSF shall perform key establishment using approved methods | COMPLIANT | Elliptic Curve Diffie-Hellman (ECDH) P-384 for key agreement. TLS 1.3 with perfect forward secrecy for session key establishment. Hierarchical key derivation using HKDF with salt and context separation. |
| FCS_CKM.4 | Cryptographic Key Destruction — TSF shall destroy cryptographic keys in accordance with methods | COMPLIANT | Secure key zeroization using NIST SP 800-88 methods. Hardware-based key destruction in HSMs with multiple overwrite passes. Automated key lifecycle management with tamper-evident destruction logging. |
| FCS_COP.1 | Cryptographic Operation — TSF shall perform cryptographic operations using approved algorithms | COMPLIANT | All cryptographic operations use CAVP-validated implementations. AES-256-GCM for symmetric encryption, ECDSA P-384 for digital signatures, SHA-384 for hashing. Post-quantum cryptography readiness with hybrid schemes. |
| FCS_RNG.1 | Random Number Generation — TSF shall provide physical random number generation | COMPLIANT | Hardware-based true random number generators using quantum entropy sources. NIST SP 800-90A DRBG with continuous health testing. Entropy pool mixing from multiple sources with statistical quality monitoring. |
Audit
Security Audit Requirements
Comprehensive audit trail and monitoring capabilities
| Control ID | Requirement | Status | Implementation Details |
|---|---|---|---|
| FAU_GEN.1 | Audit Data Generation — TSF shall generate audit records for defined auditable events | COMPLIANT | Comprehensive audit logging of all security-relevant events including authentication, authorization, data access, system configuration changes, and administrative actions. Structured logging with correlation IDs. |
| FAU_GEN.2 | User Identity Association — Audit records shall include user identity for each auditable event | COMPLIANT | All audit records include authenticated user identity, session ID, source IP address, timestamp with microsecond precision, and cryptographic integrity protection. Non-repudiation through digital signatures. |
| FAU_SAA.1 | Potential Violation Analysis — TSF shall apply rules to monitor audited events for potential violations | COMPLIANT | Real-time security event correlation and analysis using machine learning algorithms. Behavioral anomaly detection with adaptive thresholds. Automated incident response with escalation procedures and stakeholder notifications. |
| FAU_STG.1 | Protected Audit Trail Storage — TSF shall protect stored audit records from unauthorized deletion | COMPLIANT | Immutable audit trail storage using append-only logs with cryptographic integrity protection. Distributed storage across multiple secure facilities with blockchain anchoring for tamper evidence. Access controls prevent unauthorized modification. |
Assurance
EAL4+ Assurance Requirements
Development lifecycle and evaluation assurance components
| Class | Requirement | Status | Implementation Details |
|---|---|---|---|
| ADV | Development — Security architecture, detailed design, and implementation representation | COMPLIANT | Complete architectural documentation with security functional specification, high-level and low-level design documents, implementation representation, and security policy modeling. All development artifacts reviewed and approved. |
| AGD | Guidance Documents — Operational user guidance and preparative procedures | COMPLIANT | Comprehensive user manuals, administrator guides, secure installation procedures, and operational guidance. All documentation maintained with version control and regular updates. Multi-language support for user guidance. |
| ALC | Life Cycle Support — Development security, flaw remediation, and delivery procedures | COMPLIANT | Secure development lifecycle with automated security testing, configuration management, flaw remediation procedures, and secure delivery chain. Development environment isolation and access controls. |
| ATE | Tests — Independent testing, coverage analysis, and functional verification | COMPLIANT | Comprehensive test suite with independent verification by certified testing laboratory. Test coverage analysis ensures all security functions tested. Automated regression testing and continuous integration. |
| AVA | Vulnerability Assessment — Independent vulnerability analysis and penetration testing | PARTIAL | Regular penetration testing by certified ethical hackers. Independent vulnerability analysis completed. Some advanced persistent threat scenarios require additional validation. Full AVA compliance pending independent assessment. |
Protection Profiles
Protection Profile Compliance
Specialized protection profile for electronic voting systems
| PP Component | Requirement | Status | Implementation Details |
|---|---|---|---|
| EVS-PP-1 | Vote Privacy Protection — System shall ensure voter privacy and ballot secrecy | COMPLIANT | End-to-end encryption with homomorphic tallying ensures vote privacy. Zero-knowledge proofs provide verifiability without revealing vote contents. Anonymous credentials prevent vote-voter linkability. |
| EVS-PP-2 | Vote Integrity Assurance — System shall ensure accuracy and integrity of all votes | COMPLIANT | Cryptographic vote commitment schemes with digital signatures. Merkle trees for batch integrity verification. Real-time integrity checking with automatic corruption detection and recovery mechanisms. |
| EVS-PP-3 | Auditability Requirements — System shall provide comprehensive audit capabilities | COMPLIANT | Complete audit trail with cryptographic integrity protection. Risk-limiting audit support with statistical validation. Public verification capabilities while maintaining vote privacy. |
| EVS-PP-4 | Availability and Resilience — System shall maintain availability during election operations | PARTIAL | High availability design with redundant systems and automated failover. Disaster recovery capabilities tested quarterly. Some edge cases with simultaneous multi-node failures require additional resilience measures. |