RABET-V Glossary#
- Accredited Assessor Organization#
A business entity who has gone through the accessor accreditation process and guides the assessment of a product to generate maturity scores for the RTP.
- Activity#
A self-contained aspect of the RABET-V program. Each activity has a process with inputs, outputs, and a workflow.
- Architecture Assessment#
An evaluation of a product’s architectural support for the RABET-V security control families by an accredited assessor organization to determine how mature the architecture is that supports each security service.
- Architecture Maturity Score#
A numerical value assigned by an accredited accessor organization that examines the product’s components at both the system and software levels to develop a picture of risk and risk mitigation to answer the questions “how well-designed is the architecture underlying the product?”.
- BPMN#
- Business Process Model and Notation#
A “graphical notation that depicts the steps in a business process. BPMN depicts the end to end flow of a business process. The notation has been specifically designed to coordinate the sequence of processes and the messages that flow between different process participants in a related set of activities.” See the BPMN website.
- Component#
(RABET-V Component Diagrams) A modular unit included in one or more products’ that interacts with its environment using well-defined interfaces.
- Composite Service#
A security service component that is composed of two or more coupled security service components in order to provide functionality. Most composites will consist of a security service that surfaces at the system level (core service), and an adaptor that uses or implements that service (dependent service).
- Function#
A discrete piece of functionality provided by the product. Represented as a “port” in the UML Component diagram.
- In-scope Services#
A service component of the product that executes any of the control family functions.
- Initial Product Submission#
A first-time submission for a {term}`product
’ to the RABET-V process that includes statements about the product and the RTP that will be used throughout each RABET-V activity. - Isolation#
The “degree of effectiveness and efficiency with which it is possible to assess the impact on a product or system of an intended change to one or more of its parts, or to diagnose a product for deficiencies or causes of failures, or to identify parts to be modified” (ISO 25010:2011).
- Modularity#
The “degree to which a system or computer program is composed of discrete components such that a change to one component has minimal impact on other components” (ISO 24765).
- Organizational Assessment#
An evaluation of the quality of a registered technology provider’s product development practices by an {term}
accredited assessor organization <Accredited Assessor Organization>to determine how mature a product’s software assurance is including usability and accessibility.- Organizational Maturity Score#
A numerical value assigned by an accredited accessor that measures the quality of a technology provider’s product development practices to answer the question “how good is the organization at developing technology products?”.
- Port#
A bundle of interfaces that provides system functionality.
- Product#
An election technology submitted to RABET-V such as a voter registration database, an electronic pollbook, the website of a government election authority, or another non-voting election technology.
- Product Implementation Score#
A numerical value assigned by an accredited accessor that determines the ability for the system to prevent unintended actions or output to answer the question “does the product prevent unintended outcomes?”
- Product Revision#
A specific version of the product submitted to RABET-V.
- Product Revision Submission#
A submission by the Registered Technology Provider that includes all changes being made to a product that has already been through the RABET-V process.
- Product Submission#
The set of information and artifacts provided by the Registered Technology Provider necessary to initiate or revise the RABET-V process.
- Product Verification#
An attestation of whether a product prevents unintended outcomes outlined in claims made by the registered technology provider’s.
- RABET-V Administrator#
The organization responsible for overseeing and executing the RABET-V Program. CIS is the administrator for the program.
- RABET-V Iteration#
A complete cycle through the RABET-V activities with a unique product revision. The first iteration is called the Initial Iteration.
- RABET-V Portal#
A platform for accredited assessors, RTPs, and state/local jurisdictions to register for the RABET-V program and communicate about RABET-V activities. Click here to register or log-in to the Portal.
- RABET-V Public Listing Site#
A website maintained by CIS that identifies current RABET-V Listed Products.
- RABET-V Strategic Advisory Committee#
A group composed of representatives from national election official associations, the EAC, the sector coordinating committee, and members of the accessibility and disability communities who provide feedback on the strategic direction of RABET-V.
- Reliability#
The “degree to which a system, product or component performs specified functions under specified conditions for a specified period of time” (ISO 25010:2011).
- Required Security Services#
Mechanisms used to provide confidentiality, integrity authentication, source authentication and/or support non-repudiation of information.
- RTP#
- Registered Technology Provider#
An organization that develops election technology and has registered for the RABET-V program.
- Security Control Family#
A group of security services that supports the security goals. See RABET-V control families.
- Security Enclave#
Collection of components connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location, according to the UAF.
- Security Service#
A capability that supports one, or many, of the security goals (NIST definition). Multiple security services (or controls) are collected in a security control family.
- Security Services Architecture#
An architectural view created in the architecture assessment which identifies components and maps them to the 10 security control families.
- Services#
A system level component that provides data processing capabilities.
- Test Plan#
A unique assessment scheme for each product built from the results of the organizational and architecture maturity scores, which stays valid as long as there are no changes impacting the organizational and architecture maturity scores during the current RABET-V iteration.
- Transparent Service#
A security service that is not directly or indirectly invoked by the system.