Procedural Manual for the Election Assistance Commission's Voting System Testing and Certification Program, 76281-76305 [06-9751]

Agencies

• Election Assistance Commission

[Federal Register Volume 71, Number 244 (Wednesday, December 20, 2006)]
[Notices]
[Pages 76281-76305]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 06-9751]


=======================================================================
-----------------------------------------------------------------------

ELECTION ASSISTANCE COMMISSION


Procedural Manual for the Election Assistance Commission's Voting 
System Testing and Certification Program

AGENCY: United States Election Assistance Commission (EAC).

ACTION: Notice; publication of Voting System Testing and Certification 
Manual.

-----------------------------------------------------------------------

SUMMARY: The U.S. Election Assistance Commission (EAC) is publishing a 
procedural manual for its Voting System Testing and Certification 
Program. This program sets the administrative procedures for obtaining 
an EAC Certification for voting systems. Participation in the program 
is strictly voluntary. The program is mandated by the Help America Vote 
Act (HAVA) at 42 U.S.C. 15371.

FOR FURTHER INFORMATION CONTACT: Brian Hancock, Director, Voting System 
Certification, Washington, DC, (202) 566-3100, Fax: (202) 566-1392.

SUPPLEMENTARY INFORMATION:
    Background. HAVA requires that the EAC certify and decertify voting 
systems. Section 231(a)(1) of HAVA (42 U.S.C. 15371) specifically 
requires the EAC to ``... provide for the testing, certification, 
decertification and recertification of voting system hardware and 
software by accredited laboratories.'' To meet this obligation, the EAC 
has created a voluntary program to test voting systems to Federal 
voting system standards. The Voting System Testing and Certification 
Manual, published below, will set the procedures for this program.
    In creating the Certification Manual the EAC sought input from 
experts and stakeholders. Specifically, the EAC conducted meetings with 
representatives from the voting system test laboratory and voting 
system manufacturing community. The Commission also held a public 
hearing in which it received testimony from State election officials, 
the National Institute of Standards and Technology, academics, 
electronic voting system experts and public interest groups. Finally, 
the EAC sought input from the public. A draft version of the EAC Voting 
System Testing and Certification Program Manual was published with a 
request for public comment on October 2, 2006. (71 FR 57934). The pubic 
comment period was open until 5 p.m. e.d.t. on October 31, 2006. While 
this publication and public comment period were not required under the 
rulemaking, adjudicative or licensing provisions of the Administrative 
Procedures Act, all comments received were considered in the drafting 
of this final administrative manual.
    Discussion of Comments. The EAC received over 400 comments from the 
public. The majority of these comments came from voting system test 
laboratories, voting system manufacturers, and public interest groups. 
The EAC also received a number of comments from State and local 
officials and private individuals.
    The majority of comments received by the Commission raised concerns 
or questioned the meaning or application of various provisions of the 
manual. These comments were requests for clarification. Another 
significant block of comments were less specific and focused on the 
fundamental purpose behind the program or its basic methodology. 
Comments in this category included individuals who noted that 
electronic voting machines should not be used in Federal elections and 
those who disagreed with the program's fundamental structure which 
utilizes EAC accredited laboratories to test voting systems through 
direct contracting with the system's manufacturer. Finally, there were 
a range of specific recommendations on a wide variety of topics. 
Examples include: (1) Comments from manufacturers and interest groups 
requesting the EAC to provide specific timeframes or response times for 
various program elements or activities; (2) recommendations that the 
EAC Mark of,

[[Page 76282]]

Certification requirements be abolished or that the mark not be 
``permanently'' affixed to voting machines to allow for its removal in 
the event of a voting system upgrade or decertification; (3) 
recommendations from test laboratories and public interest groups that 
the EAC clarify the role of its Voting System Test Labortories, 
emphasizing that test plans, test reports and other information 
submitted under this program be submitted directly and independently by 
the test labs; (4) Comments from test laboratories recommending that 
the program provide a means for dealing with de minimis hardware 
changes; (5) recommendations from interest groups that the EAC utilize 
a third party group of technical advisors for all of its determinations 
under the program; (6) recommendations from interest groups urging the 
commission to make Certification Program documents available to the 
public; and (7) recommendations from State officials that the EAC 
contact and work with the Chief State Election Official when reviewing 
fielded voting systems, providing emergency modification waivers or 
reviewing anomaly reports.
    The EAC reviewed and considered each of the comments presented. In 
doing so, it also gathered additional information and performed 
research regarding the suggestions. The EAC's commitment to public 
participation is evident in the final version of the Certification 
Manual. The Manual has been enhanced in a number of areas in response 
to conscientious public comment. A total of six pages have been added 
to the Manual. Throughout the entire Manual the EAC added or amended 
language to clarify its procedures consistent with the comments it 
received. For example, to further clarify terminology used throughout 
the Manual almost a dozen terms were newly defined or ``Significantly 
clarified in the definition section of Chapter 1. Additionally, the EAC 
made changes to clarify the independent role of Voting System Test Labs 
in the program, require the EAC to publish its average response 
timeframes, and increase its coordination on State Election Officials. 
Examples of larger changes made in the document include an added 
section to Chapter 3 of the Manual, providing procedures for de minimis 
changes. This was put in place to deal with the numerous engineering 
change orders the Commission expects will be submitted to test 
laboratories under the program. Similarly, the EAC re-titled and re-
wrote a major portion of Chapter 10 of the Mannal (Release of 
Certification Program Information) to more clearly and affirmatively 
state EAC's policy on the release of Certification Program information.

Thomas R. Wilkey,
Executive Director, U.S. Election Assistance Commission.
BILLING CODE 6820-KF-M

[[Page 76283]]

[GRAPHIC] [TIFF OMITTED] TN20DE06.000

BILLING CODE 6820-KF-C

[[Page 76284]]

    The reporting requirements in this manual have been approved under 
the Paperwork Reduction Act of 1995, Office of Management and Budget 
Control (OMB) Number 3265-0004, expiring March 31, 2007. Persons are 
not required to respond to this collection of information unless it 
displays a currently valid OMB number. Information gathered pursuant to 
this document and its forms will be used solely to administer the EAC 
Testing and Certification Program. This program is voluntary. 
Individuals who wish to participate in the program, however, must meet 
its requirements. The estimated total annual hourly burden on the 
voting system manufacturing industry and election officials is 114 
hours. This estimate includes the time required for reviewing the 
instructions, gathering information, and completing the prescribed 
forms. Send comments regarding this burden estimate or any other aspect 
of this collection, including suggestions for reducing this burden, to 
the U.S. Election Assistance Commission, Voting System Testing and 
Certification Program, Office of the Program Director, 1225 New York 
Avenue, NW., Suite 1100, Washington, DC 20005.

Table of Contents

1. Introduction
2. Manufacturer Registration
3. When Voting Systems Must Be Submitted for Testing and 
Certification
4. Certification Testing and Technical Review
5. Grant of Certification
6. Denial of Certification
7. Decertification
8. Quality Monitoring Program
9. Requests for Interpretations
10. Release of Certification Program Information
Appendix A. Manufacturer Registration Application Form
Appendix B. Application for Voting System Testing Form
Appendix C. Voting System Anomaly Reporting Form

Introduction

    1.1. Background. The Federal Election Commission (FEC) adopted 
the first formal set of voluntary Federal standards for computer-
based voting systems in January 1990. At that time, no national 
program or organization existed to test and certify such systems to 
the standards. The National Association of State Election Directors 
(NASED) stepped up to fill this void in 1994. NASED is an 
independent, nongovernmental organization of State election 
officials. The organization formed the Nation's first national 
program to test and qualify voting systems to the new Federal 
standards. The organization worked for more than a decade, on a 
strictly voluntary basis, to help ensure the reliability, 
consistency, and accuracy of voting systems fielded in the United 
States. In late 2002, Congress passed the Help America Vote Act of 
2002 (HAVA). HAVA created the U.S. Election Assistance Commission 
(EAC) and assigned to the EAC the responsibility for both setting 
voting system standards and providing for the testing and 
certification of voting systems. This mandate represented the first 
time the Federal government provided for the voluntary testing, 
certification, and decertification of voting systems nationwide. In 
response to this HAVA requirement, the EAC has developed the Voting 
System Testing and Certification Program (Certification Program).
    1.2. Authority. HAVA requires that the EAC certify and decertify 
voting systems. Section 231(a)(1) of HAVA specifically requires the 
EAC to ``* * * provide for the testing, certification, 
decertification and recertification of voting system hardware and 
software by accredited laboratories.'' The EAC has the sole 
authority to grant certification or withdraw certification at the 
Federal level, including the authority to grant, maintain, extend, 
suspend, and withdraw the right to retain or use any certificates, 
marks, or other indicators of certification.
    1.3. Scope. This Manual provides the procedural requirements of 
the EAC Voting System Testing and Certification Program. Although 
participation in the program is voluntary, adherence to the 
program's procedural requirements is mandatory for participants. The 
procedural requirements of this Manual supersede any prior voting 
system certification requirements issued by the EAC.
    1.4. Purpose. The primary purpose of the EAC Certification 
Program Manual is to provide clear procedures to Manufacturers for 
the testing and certification of voting systems to specified Federal 
standards consistent with the requirements of HAVA Section 
231(a)(1). The program, however, also serves to do the following:
    1.4.1. Support State certification programs.
    1.4.2. Support local election officials in the areas of 
acceptance testing and pre-election system verification.
    1.4.3. Increase quality control in voting system manufacturing.
    1.4.4. Increase voter confidence in the use of voting systems.
    1.5. Manual. This Manual is a comprehensive presentation of the 
EAC Voting System Testing and Certification Program. It is intended 
to establish all of the program's administrative requirements.
    1.5.1. Contents. The contents of the Manual serve as an overview 
of the program itself. The Manual contains the following chapters:
    1.5.1.1. Manufacturer Registration. Under the program, a 
Manufacturer is required to register with the EAC prior to 
participation. This registration provides the EAC with needed 
information and requires the Manufacturer to agree to the 
requirements of the Certification Program. This chapter sets out the 
requirements and procedures for registration.
    1.5.1.2. When Voting Systems Must Be Submitted for Testing and 
Certification. All voting systems must be submitted consistent with 
this Manual before they may receive a certification from the EAC. 
This chapter discusses the various circumstances that require 
submission to obtain or maintain a certification.
    1.5.1.3. Certification Testing and Review. Under this program, 
the testing and review process requires the completion of an 
application, employment of an EAC-accredited laboratory for system 
testing, and technical analysis of the laboratory test report by the 
EAC. The result of this process is an Initial Decision on 
Certification. This chapter discusses the required steps for voting 
system testing and review.
    1.5.1.4. Grant of Certification. If an Initial Decision to grant 
certification is made, the Manufacturer must take additional steps 
before the Manufacturer may be issued a certification. These steps 
require the Manufacturer to document the performance of a trusted 
build (see definition at Section 1.16), the deposit of software into 
a repository, and the creation of system identification tools. This 
chapter outlines the action that a Manufacturer must take to receive 
a certification and the Manufacturer's post-certification 
responsibilities.
    1.5.1.5. Denial of Certification. If an Initial Decision to deny 
certification is made, the Manufacturer has certain rights and 
responsibilities under the program. This chapter contains procedures 
for requesting reconsideration, opportunity to cure defects, and 
appeal.
    1.5.1.6. Decertification. Decertification is the process by 
which the EAC revokes a certification it previously granted to a 
voting system. It is an important part of the Certification Program 
because it serves to ensure that the requirements of the program are 
followed and that certified voting systems fielded for use in 
Federal elections maintain the same level of quality as those 
presented for testing. This chapter sets procedures for 
Decertification and explains the Manufacturer's rights and 
responsibilities during that process.
    1.5.1.7. Quality Monitoring Program. Under the Certification 
Program, EAC will implement a quality monitoring process that will 
help ensure that voting systems certified by the EAC are the same 
systems sold by Manufacturers. The quality monitoring process is a 
mandatory part of the program and includes elements such as fielded 
voting system review, anomaly reporting, and manufacturing site 
visits. This chapter sets forth the requirements of the Quality 
Monitoring Program.
    1.5.1.8. Requests for Interpretations. An Interpretation is a 
means by which a registered Manufacturer or Voting System Test 
Laboratory (VSTL) may seek. clarification on a specific Voluntary 
Voting System Guidelines (VVSG) standard. This chapter outlines the 
policy, requirements, and procedures for requesting an 
Interpretation.
    1.5.1.9. Release of Certification Program Information. Federal 
law protects certain types of information individuals provided the 
government from release. This chapter outlines the program's 
policies, sets procedures, and discusses responsibilities associated 
with the public release of potential protected commercial 
information.
    1.5.2. Maintenance and Revision. This Manual, which sets the 
procedural

[[Page 76285]]

requirements for a new Federal program, is expected to be improved 
and expanded as experience and circumstances dictate. The Manual 
will be reviewed periodically and updated to meet the needs of the 
EAC, Manufacturers, VSTLs, election officials, and public policy. 
The EAC is responsible for revising this document. All revisions 
will be made consistent with Federal law. Substantive input from 
stakeholders and the public will be sought whenever possible, at the 
discretion of the agency. Changes in policy requiring immediate 
implementation will be noticed via policy memoranda and will be 
issued to each registered Manufacturer. Changes, addendums, or 
updated versions will also be posted to the EAC Web site at https://
www.eac.gov.
    1.6. Program Methodology. EAC's Voting System Testing and 
Certification Program is but one part of the overall conformity 
assessment process that includes companion efforts at the State and 
local levels.
    1.6.1. Federal and State Roles. The process to ensure that 
voting equipment meets the technical requirements is a distributed, 
cooperative effort of Federal, State, and local officials in the 
United States. Working with voting equipment Manufacturers, these 
officials each have unique responsibility for ensuring that the 
equipment a voter uses on Election Day meets specific requirements.
    1.6.1.1. The EAC Program has primary responsibility for ensuring 
that voting systems submitted under this program meet Federal 
standards established for voting systems.
    1.6.1.2. State officials have responsibility for testing voting 
systems to ensure that they will support the specific requirements 
of each individual State. States may use EAC VSTLs to perform 
testing of voting systems to unique State requirements while the 
systems are being tested to Federal standards. The EAC will not, 
however, certify voting systems to State requirements.
    1.6.1.3. State or local officials are responsible for making the 
final purchase choice. They are responsible for deciding which 
system offers the best fit and total value for their specific State 
or local jurisdiction.
    1.6.1.4. State or local officials are also responsible for 
acceptance testing to ensure that the equipment delivered is 
identical to the equipment certified on the Federal and State 
levels, is fully operational, and meets the contractual requirements 
of the purchase.
    1.6.1.5. State or local officials should perform pre-election 
logic and accuracy testing to confirm that equipment is operating 
properly and is unmodified from its certified state.
    1.6.2. Conformity Assessment Generally. Conformity assessment is 
a system established to ensure that a product or service meets the 
requirements that apply to it. Many conformity assessment systems 
exist to protect the quality and ensure compliance with requirements 
of products and services. All conformity assessment systems attempt 
to answer a variety of questions:
    1.6.2.1. What specifications are required of an acceptable 
system? For voting systems, the EAC voting system standards (VVSG 
and Voting System Standards [VSS]) address this issue. States and 
local jurisdictions also have supplementing standards.
    1.6.2.2. How are systems tested against required specifications? 
The EAC Voting System Testing and Certification Program is a central 
element of the larger conformity assessment system. The program, as 
set forth in this Manual, provides for the testing and certification 
of voting systems to identified versions of the VVSG. The Testing 
and Certification Program's purpose is to ensure that State and 
local jurisdictions receive voting systems that meet the 
requirements of the VVSG.
    1.6.2.3. Are the testing authorities qualified to make an 
accurate evaluation? The EAC accredits VSTLs, after the National 
Institute of Standards and Technology (NIST) National Voluntary Lab 
Accreditation Program (NVLAP) has reviewed their technical 
competence and lab practices, to ensure these test authorities are 
fully qualified. Furthermore, EAC technical experts review all test 
reports from accredited laboratories to ensure an accurate and 
complete evaluation. Many States provide similar reviews of 
laboratory reports.
    1.6.2.4. Will Manufacturers deliver units within manufacturing 
tolerances to those tested? The VVSG and this Manual require that 
vendors have appropriate change management and quality control 
processes to control the quality and configuration of their 
products. The Certification Program provides mechanisms for the EAC 
to verify Manufacturer quality processes through field system 
testing and manufacturing site visits. States have implemented 
policies for acceptance of delivered units.
    1.7. Program Personnel. All EAC personnel and contractors 
associated with this program will be held to the highest ethical 
standards. All agents of the EAC involved in the Certification 
Program will be subject to conflict-of-interest reporting and 
review, consistent with Federal law and regulation.
    1.8. Program Records. The EAC Program Director is responsible 
for maintaining accurate records to demonstrate that the testing and 
certification program procedures have been effectively fulfilled and 
to ensure the traceability, repeatability, and reproducibility of 
testing and test report review. All records will be maintained, 
managed, secured, stored, archived, and disposed of in accordance 
with Federal law, Federal regulations, and procedures of the EAC.
    1.9. Submission of Documents. Any documents submitted pursuant 
to the requirements of this Manual shall be submitted:
    1.9.1. If sent electronically, via secure e-mail or physical 
delivery of a compact disk, unless otherwise specified.
    1.9.2. In a Microsoft Word or Adobe PDF file, formatted to 
protect the document from alteration.
    1.9.3. With a proper signature when required by this Manual. 
Documents that require an authorized signature may be signed with an 
electronic representation or image of the signature of an authorized 
management representative and must meet any and all subsequent 
requirements established by the Program Director regarding security.
    1.9.4. If sent via physical delivery, by Certified Mail\TM\ (or 
similar means that allows tracking) to the following address: 
Testing and Certification Program Director, U.S. Election Assistance 
Commission, 1225 New York Avenue, NW., Suite 1100, Washington, DC 
20005.
    1.10. Receipt of Documents--Manufacturer. For purposes of this 
Manual, a document, notice, or other communication is considered 
received by a Manufacturer upon one of the following:
    1.10.1. The actual, documented date the correspondence was 
received (either electronically or physically) at the Manufacturer's 
place of business, or
    1.10.2. If no documentation of the actual delivery date exists, 
the date of constructive receipt of the communication. For 
electronic correspondence, documents will be constructively received 
the day after the date sent. For mail correspondence, the document 
will be constructively received 3 days after the date sent.
    1.10.3. The term ``receipt'' shall mean the date a document or 
correspondence arrives (either electronically or physically) at the 
Manufacturer's place of business. Arrival does not require that an 
agent of the Manufacturer open, read, or review the correspondence.
    1.11. Receipt of Documents--EAC. For purposes of this Manual, a 
document, notice, or other communication is considered received by 
the EAC upon its physical or electronic arrival at the agency. All 
documents received by the agency will be physically or 
electronically date stamped. This stamp shall serve as the date of 
receipt. Documents received after the regular business day (5 p.m. 
Eastern Standard Time), will be treated as if received on the next 
business day.
    1.12. EAC Response Timeframes. In recognition of the 
responsibilities and challenges facing Manufacturers as they work to 
meet the requirements imposed by this program, State certification 
programs, customers, State law and production schedules, the EAC 
will provide timeframes for its response to significant program 
elements. This shall be done by providing current metrics on EAC's 
Web site regarding the actual average EAC response time for (1) 
approving Test Plans, (2) issuing Initial Decisions, and (3) issuing 
Certificates of Conformance.
    1.13. Records Retention--Manufacturers. The Manufacturer is 
responsible for ensuring that all documents submitted to the EAC or 
that otherwise serve as the basis for the certification of a voting 
system are retained. A copy of all such records shall be retained as 
long as a voting system is offered for sale or supported by a 
Manufacturer and for 5 years thereafter.
    1.14. Record Retention--EAC. The EAC shall retain all records 
associated with the certification of a voting system as long as such 
system is fielded in a State or local election jurisdiction for use 
in Federal elections. The records shall otherwise be retained or 
disposed of consistent with Federal statutes and regulations.
    1.15. Publication and Release of Documents. The EAC will release 
documents

[[Page 76286]]

consistent with the requirements of Federal law. It is EAC policy to 
make the certification process as open and public as possible. Any 
documents (or portions thereof) submitted under this program will be 
made available to the public unless specifically protected from 
release by law. The primary means for making this information 
available is through the EAC Web site.
    1.16. Definitions. For purposes of this Manual, the terms listed 
below have the following definitions.
    Appeal. A formal process by which the EAC is petitioned to 
reconsider an Agency Decision.
    Appeal Authority. The individual or individuals appointed to 
serve as the determination authority on appeal.
    Build Environment. The disk or other media that holds the source 
code, compiler, linker, integrated development environments (IDE), 
and/or other necessary files for the compilation and on which the 
compiler will store the resulting executable code.
    Certificate of Conformance. The certificate issued by the EAC 
when a system has been found to meet the requirements of the VVSG. 
The document conveys certification of a system.
    Commission. The U.S. Election Assistance Commission, as an 
agency.
    Commissioners. The serving commissioners of the U.S. Election 
Assistance Commission.
    Component. A discrete and identifiable element of hardware or 
software within a larger voting system.
    Compiler. A computer program that translates programs expressed 
in a high-level language into machine language equivalents.
    Days. Calendar days, unless otherwise noted. When counting days, 
for the purpose of submitting or receiving a document, the count 
shall begin on the first full calendar day after the date the 
document was received.
    Disk Image. An exact copy of the entire contents of a computer 
disk.
    Election Official. A State or local government employee who has 
as one of his or her primary duties the management or administration 
of a Federal election.
    Federal Election. Any primary, general, runoff, or special 
Election in which a candidate for Federal office (President, 
Senator, or Representative) appears on the ballot.
    Fielded Voting System. A voting system purchased or leased by a 
State or local government that is being used in a Federal election.
    File Signature. A signature of a file or set of files produced 
using a HASH algorithm. A file signature, sometimes called a HASH 
value, creates a value that is computationally infeasible of being 
produced by two similar but different files. File signatures are 
used to verify that files are unmodified from their original 
versions.
    HASH Algorithm. An algorithm that maps a bit string of arbitrary 
length to a shorter, fixed-length bit string. (A HASH uniquely 
identifies a file similar to the way a fingerprint identifies an 
individual. Likewise, as an individual cannot be recreated from his 
or her fingerprint, a file cannot be recreated from a HASH. The HASH 
algorithm used primarily in the NIST (National Software Reference 
Library), and this program is the Secure HASH Algorithm (SHA-1) 
specified in Federal Information Processing Standard (FIPS) 180-1.)
    Installation Device. A device containing program files, 
software, and installation instructions for installing an 
application (program) onto a computer. Examples of such devices 
include installation disks, flash memory cards, and PCMCIA cards.
    Integration Testing. The end-to-end testing of a full system 
configured for use in an election to assure that all legitimate 
configurations meet applicable standards.
    Linker. A computer program that takes one or more objects 
generated by compilers and assembles them into a single executable 
program.
    Manufacturer. The entity with ownership and control over a 
voting system submitted for certification.
    Mark of Conformance. A uniform notice permanently posted on a 
voting system that signifies that it has been certified by the EAC.
    Memorandum for the Record. A written statement drafted to 
document an event or finding, without a specific addressee other 
than the pertinent file.
    Proprietary Information. Commercial information or trade secrets 
protected from release under the Freedom of Information Act (FOIA) 
and the Trade Secrets Act.
    System Identification Tools. Tools created by a Manufacturer of 
voting systems that allow elections officials to verify that the 
hardware and software of systems purchased are identical to the 
systems certified by the EAC.
    Technical Reviewers. Technical experts in the areas of voting 
system technology and conformity assessment appointed by the EAC to 
provide expert guidance.
    Testing and Certification Decision Authority. The EAC Executive 
Director or Acting Executive Director.
    Testing and Certification Program Director. The individual 
appointed by the EAC Executive Director to administer and manage the 
Testing and Certification Program.
    Trusted Build. A witnessed software build where source code is 
converted to machine-readable binary instructions (executable code) 
in a manner providing security measures that help ensure that the 
executable code is a verifiable and faithful representation of the 
source code.
    Voting System. The total combination of mechanical, 
electromechanical, and electronic equipment (including the software, 
firmware, and documentation required to program, control, and 
support the equipment) that is used to define ballots, cast and 
count votes, report or display election results, connect the voting 
system to the voter registration system, and maintain and produce 
any audit trail information.
    Voting System Standards. Voluntary voting system standards 
developed by the FEC. Voting System Standards have been published 
twice: once in 1990 and again in 2002. The Help America Vote Act 
made the 2002 Voting System Standards EAC guidance. All new voting 
system standards are issued by the EAC as Voluntary Voting System 
Guidelines.
    Voting System Test Laboratories. Laboratories accredited by the 
EAC to test voting systems to EAC approved voting system standards. 
Each Voting System Test Laboratory (VSTL) must be accredited by the 
National Voluntary Laboratory Accreditation Program (NVLAP) and 
recommended by the National Institute of Standards Technology (NIST) 
before it may receive an EAC accreditation. NVLAP provides third 
party accreditation to testing and calibration laboratories. NVLAP 
is in full conformance with the standards of the International 
Organization for Standardization (ISO) and the International 
Electrotechnical Commission (IEC), including ISO/IEC Guide 17025 and 
17011.
    Voluntary Voting System Guidelines. Voluntary voting system 
standards developed, adopted, and published by the EAC. The 
guidelines are identified by version number and date.
    1.17. Acronyms and Abbreviations. For purposes of this Manual, 
the acronyms and abbreviations listed below represent the following 
terms.

Certification Program. The EAC Voting System Testing and 
Certification Program
Decision Authority. Testing and Certification Decision Authority
EAC. United States Election Assistance Commission
FEC. Federal Election Commission
HAVA. Help America Vote Act of 2002 (42 U.S.C. 15301 et seq.)
Labs or Laboratories. Voting System Test Laboratories
NASED. National Association of State Election Directors
NIST. National Institute of Standards and Technology
NVLAP. National Voluntary Laboratory Accreditation Program
Program Director. Director of the EAC Testing and Certification 
Program
VSS. Voting System Standards
VSTL. Voting System Test Laboratory
VVSG. Voluntary Voting System Guidelines

2. Manufacturer Registration

    2.1. Overview. Manufacturer Registration is the process by which 
voting system Manufacturers make initial contact with the EAC and 
provide information essential to participate in the EAC Voting 
System Testing and Certification Program. Before a Manufacturer of a 
voting system can submit an application to have a voting system 
certified by the EAC, the Manufacturer must be registered. This 
process requires the Manufacturer to provide certain contact 
information and agree to certain requirements of the Certification 
Program. After successfully registering, the Manufacturer will 
receive an identification code.
    2.2. Registration Required. To submit a voting system for 
certification or otherwise participate in the EAC voluntary Voting 
System Testing and Certification Program, a Manufacturer must 
register with the EAC. Registration does not constitute an EAC 
endorsement of the Manufacturer or its products. Registration of a 
Manufacturer is not a certification of that Manufacturer's products.

[[Page 76287]]

    2.3. Registration Requirements. The registration process will 
require the voting system Manufacturer to provide certain 
information to the EAC. This information is necessary to enable the 
EAC to administer the Certification Program and communicate 
effectively with the Manufacturer. The registration process also 
requires the Manufacturer to agree to certain Certification Program 
requirements. These requirements relate to the Manufacturer's duties 
and responsibilities under the program. For this program to succeed, 
it is vital that a Manufacturer know and assent to these duties at 
the outset of the program.
    2.3.1. Information. Manufacturers are required to provide the 
following information.
    2.3.1.1. The Manufacturer's organizational information:
    2.3.1.1.1. The official name of the Manufacturer.
    2.3.1.1.2. The address of the Manufacturer's official place of 
business.
    2.3.1.1.3. A description of how the Manufacturer is organized 
(i.e., type of corporation or partnership).
    2.3.1.1.4. Names of officers and/or members of the board of 
directors.
    2.3.1.1.5. Names of all partners and members (if organized as a 
partnership or limited liability corporation).
    2.3.1.1.6. Identification of any individual, organization, or 
entity with a controlling ownership interest in the Manufacturer.
    2.3.1.2. The identity of an individual authorized to represent 
and make binding commitments and management determinations for the 
Manufacturer (management representative). The following information 
is required for the management representative:
    2.3.1.2.1. Name and title.
    2.3.1.2.2. Mailing and physical addresses.
    2.3.1.2.3. Telephone number, fax number, and e-mail address.
    2.3.1.3. The identity of an individual authorized to provide 
technical information on behalf of the Manufacturer (technical 
representative). The following information is required for the 
technical representative:
    2.3.1.3.1. Name and title.
    2.3.1.3.2. Mailing and physical addresses.
    2.3.1.3.3. Telephone number, fax number, and e-mail address.
    2.3.1.4. The Manufacturer's written policies regarding its 
quality assurance system. This policy must be consistent with 
guidance provided in the VVSG and this Manual.
    2.3.1.5. The Manufacturer's written polices regarding internal 
procedures for controlling and managing changes to and versions of 
its voting systems. Such polices shall be consistent with this 
Manual and guidance provided in the VVSG.
    2.3.1.6. The Manufacturer's written polices on document 
retention. Such policies must be consistent with the requirements of 
this Manual.
    2.3.1.7. A list of all manufacturing and/or assembly facilities 
used by the Manufacturer and the name and contact information of a 
person at each facility. The following information is required for a 
person at each facility:
    2.3.1.7.1. Name and title.
    2.3.1.7.2. Mailing and physical addresses.
    2.3.1.7.3. Telephone number, fax number, and e-mail address.
    2.3.2. Agreements. Manufacturers are required to take or abstain 
from certain actions to protect the integrity of the Certification 
Program and promote quality assurance. Manufacturers are required to 
agree to the following program requirements:
    2.3.2.1. Represent a voting system as certified only when it is 
authorized by the EAC and is consistent with the procedures and 
requirements of this Manual.
    2.3.2.2. Produce and affix an EAC certification label to all 
production units of the certified system. Such labels must meet the 
requirements set forth in Chapter 5 of this Manual.
    2.3.2.3. Notify the EAC of changes to any system previously 
certified by the EAC pursuant to the requirements of this Manual 
(see Chapter 3). Such systems shall be submitted for testing and 
additional certification when required.
    2.3.2.4. Permit an EAC representative to verify the 
Manufacturer's quality control procedures by cooperating with EAC 
efforts to test and review fielded voting systems consistent with 
Section 8.6 of this Manual.
    2.3.2.5. Permit an EAC representative to verify the 
Manufacturer's quality control procedures by conducting periodic 
inspections of manufacturing facilities consistent with Chapter 8 of 
this Manual.
    2.3.2.6. Cooperate with any EAC inquiries and investigations 
into a certified system's compliance with VVSG standards or the 
procedural requirements of this Manual consistent with Chapter 7.
    2.3.2.7. Report to the Program Director any known malfunction of 
a voting system holding an EAC Certification. A malfunction is a 
failure of a voting system, not caused solely by operator or 
administrative error, which causes the system to cease operation 
during a Federal election or otherwise results in data loss. 
Malfunction notifications should be consolidated into one report. 
This report should identify the location, nature, date, impact, and 
resolution (if any) of the malfunction and be filed within 60 days 
of any Federal election.
    2.3.2.8. Certify that the entity is not barred or otherwise 
prohibited by statute, regulation, or ruling from doing business in 
the United States.
    2.3.2.9. Adhere to all procedural requirements of this Manual.
    2.4. Registration Process. Generally, registration is 
accomplished through use of an EAC registration form. After the EAC 
has received a registration form and other required registration 
documents, the agency reviews the information for completeness 
before approval.
    2.4.1. Application Process. To become a registered voting system 
Manufacturer, one must apply by submitting a Manufacturer 
Registration Application Form (Appendix A). This form will be used 
as the means for the Manufacturer to provide the information and 
agree to the responsibilities required in Section 2.3, above.
    2.4.1.1. Application Form. In order for the EAC to accept and 
process the registration form, the applicant must adhere to the 
following requirements:
    2.4.1.1.1. All fields must be completed by the Manufacturer.
    2.4.1.1.2. All required attachments prescribed by the form and 
this Manual must be identified, completed, and forwarded in a timely 
manner to the EAC (e.g., Manufacturer's quality control and system 
change policies ).
    2.4.1.1.3. The application form must be affixed with the 
handwritten signature (including a digital representation of the 
handwritten signature) of the authorized representative of the 
vendor.
    2.4.1.2. Availability and Use of the Form. The Manufacturer 
Registration Application Form may be accessed through the EAC Web 
site at https://www.eac.gov. Instructions for completing and 
submitting the form are included on the Web site. The Web site will 
also provide contact information regarding questions about the form 
or the application process.
    2.4.2. EAC Review Process. The EAC will review all registration 
applications.
    2.4.2.1. After the application form and required attachments 
have been submitted, the applicant will receive an acknowledgment 
that the EAC has received the submission and that the application 
will be processed.
    2.4.2.2. If an incomplete form is submitted or an attachment is 
not provided, the EAC will notify the Manufacturer and request the 
information. Registration applications will not be processed until 
they are complete.
    2.4.2.3. Upon receipt of the completed registration form and 
accompanying documentation, the EAC will review the information for 
sufficiency. If the EAC requires clarification or additional 
information, the EAC will contact the Manufacturer and request the 
needed information.
    2.4.2.4. Upon satisfactory completion of a registration 
application's sufficiency review, the EAC will notify the 
Manufacturer that it has been registered.
    2.5. Registered Manufacturers. After a Manufacturer has received 
notice that it is registered, it will receive an identification code 
and will be eligible to participate in the voluntary voting system 
Certification Program.
    2.5.1. Manufacturer Code. Registered Manufacturers will be 
issued a unique, three-letter identification code. This code will be 
used to identify the Manufacturer and its products.
    2.5.2. Continuing Responsibility To Report. Registered 
Manufacturers are required to keep all registration information up 
to date. Manufacturers must submit a revised application form to the 
EAC within 30 days of any changes to the information required on the 
application form. Manufacturers will remain registered participants 
in the program during this update process.
    2.5.3. Program Information Updates. Registered Manufacturers 
will be automatically provided timely information relevant to the 
Certification Program.
    2.5.4. Web site Postings. The EAC will add the Manufacturer to 
the EAC listing of registered voting system Manufacturers publicly 
available at https://www.eac.gov.

[[Page 76288]]

    2.6. Suspension of Registration. Manufacturers are required to 
establish policies and operate within the EAC Certification Program 
consistent with the procedural requirements presented in this 
Manual. When Manufacturers engage in management activities that are 
inconsistent with this Manual or fail to cooperate with the EAC in 
violation the Certification Program's requirements, their 
registration may be suspended until such time as the problem is 
remedied.
    2.6.1. Procedures. When a Manufacturer's activities violate the 
procedural requirements of this Manual, the Manufacturer will be 
notified of the violations, given an opportunity to respond, and 
provided the steps required to bring itself into compliance.
    2.6.1.1. Notice. Manufacturers shall be provided written notice 
that they have taken action inconsistent with or acted in violation 
of the requirements of this Manual. The notice will state the 
violations and the specific steps required to cure them. The notice 
will also provide Manufacturers with 30 days (or a greater period of 
time as stated by the Program Director) to (1) respond to the notice 
and/or (2) cure the defect.
    2.6.1.2. Manufacturer Action. The Manufacturer is required to 
either respond in a timely manner to the notice (demonstrating that 
it was not in violation of program requirements) or cure the 
violations identified in a timely manner. In any case, the 
Manufacturer's action must be approved by the Program Director to 
prevent suspension.
    2.6.1.3. Non-Compliance. If the Manufacturer fails to respond in 
a timely manner, is unable to provide a cure or response that is 
acceptable to the Program Director, or otherwise refuses to 
cooperate, the Program Director may suspend the Manufacturer's 
registration. The Program Director shall issue a notice of his or 
her intent to suspend the registration and provide the Manufacturer 
five (5) business days to object to the action and submit 
information in support of the objection.
    2.6.1.4. Suspension. After notice and opportunity to be heard 
(consistent with the above), the Program Director may suspend a 
Manufacturer's registration. The suspension shall be noticed in 
writing. The notice must inform the Manufacturer of the steps that 
can be taken to remedy the violations and lift the suspension.
    2.6.2. Effect of Suspension. A suspended Manufacturer may not 
submit a voting system for certification under this program. This 
prohibition includes a ban on the submission of modifications and 
changes to certified system. A suspension shall remain in effect 
until lifted. Suspended Manufacturers will have their registration 
status reflected on the EAC Web site. Manufacturers have the right 
to remedy a non-compliance issue at any time and lift a suspension 
consistent with EAC guidance. Failure of a Manufacturer to follow 
the requirements of this section may also result in Decertification 
of voting systems consistent with Chapter 7 of this Manual.

3. When Voting Systems Must Be Submitted for Testing and Certification

    3.1. Overview. An EAC certification signifies that a voting 
system has been successfully tested to identified voting system 
standards adopted by the EAC. Only the EAC can issue a Federal 
certification. Ultimately, systems must be submitted for testing and 
certification under this program to receive this certification. 
Systems will usually be submitted when (1) they are new to the 
marketplace, (2) they have never before received an EAC 
certification, (3) they are modified, or (4) the Manufacturer wishes 
to test a previously certified system to a different (newer) 
standard. This chapter also discusses the submission of de minimis 
changes, which may not require additional testing and certification, 
as well as provisional, pre-election emergency modifications, which 
provide for pre-election, emergency waivers.
    3.2. What Is an EAC Certification? Certification is the process 
by which the EAC, through testing and evaluation conducted by an 
accredited Voting System Test Laboratory, validates that a voting 
system meets the requirements set forth in existing voting system 
testing standards (Voting System Standards [VSS] or VVSG), and 
performs according to the Manufacturers specifications for the 
system. An EAC certification may be issued only by the EAC in 
accordance with the procedures presented in this Manual. 
Certifications issued by other bodies (e.g., the National 
Association of State Election Directors and State certification 
programs) are not EAC certifications.
    3.2.1. Type of Voting Systems Certified. The EAC Certification 
Program is designed to test and certify electromechanical and 
electronic voting systems. The EAC will not accept for certification 
review voting systems that do not contain any electronic components. 
Ultimately, the determination of whether a voting system may be 
submitted for testing and certification under this program is solely 
at the discretion of the EAC.
    3.2.2. Voting System Standards. Voting systems certified under 
this program are tested to a set of voluntary standards providing 
requirements that voting systems must meet to receive a Federal 
certification. Currently, these standards are referred to as 
Voluntary Voting System Guidelines (in the past they were called 
Voting System Standards).
    3.2.2.1. Versions--Availability and Identification. Voluntary 
Voting System Guidelines (or applicable Voting System Standards) are 
published by the EAC and are available on the EAC Web site (https://
www.eac.gov). The standards will be routinely updated. Versions will 
be identified by version number and/or release date.
    3.2.2.2. Versions--Basis for Certification. The EAC will 
promulgate which version or versions of the standards it will accept 
as the basis for testing and certification.
    This effort may be accomplished through the setting of an 
implementation date for a particular version's applicability, the 
setting of a date by which testing to a particular version is 
mandatory, or the setting of a date by which the EAC will no longer 
test to a particular standard. The EAC will certify only those 
voting systems tested to standards that the EAC has identified as 
valid for certification.
    3.2.2.2.1. End date. When a version's status as the basis of an 
EAC certification is set to expire on a certain date, the submission 
of the system's test report will be the controlling event (see 
Chapter 4). This requirement means the system's test report must be 
received by the EAC on or before the end date to be certified to the 
terminating standard.
    3.2.2.2.2. Start date. When a version's status as the basis of 
an EAC certification is set to begin on a certain date, the 
submission of the system's application for certification will be the 
controlling event (see Chapter 4). This requirement means the 
system's application, requesting certification to the new standard, 
will not be accepted by the EAC until the start date.
    3.2.2.3. Version--Manufacturer's Option. When the EAC has 
authorized certification to more than one version of the standards, 
the Manufacturer must choose which version it wishes to have its 
voting system tested against. The voting system will then be 
certified to that version of the standards. Manufacturers must 
ensure that all applications for certification identify a particular 
version of the standards.
    3.2.2.4. Emerging Technologies. If a voting system or component 
thereof is eligible for a certification under this program (see 
Section 3.2.1.) and employs technology that is not addressed by a 
currently accepted version of the VVSG or VSS, the relevant 
technology shall be subjected to full integration testing and shall 
be tested to ensure that it operates to the Manufacturer's 
specifications. The remainder of the system will be tested to the 
applicable Federal standards. Information on emerging technologies 
will be forwarded to the EAC's Technical Guidelines Development 
Committee (TGDC).
    3.2.3. Significance of an EAC Certification. An EAC 
certification is an official recognition that a voting system (in a 
specific configuration or configurations) has been tested to and has 
met an identified set of Federal voting standards. An EAC 
certification is not any of the following:
    3.2.3.1. An endorsement of a Manufacturer, voting system, or any 
of the system's components.
    3.2.3.2. A Federal warranty of the voting system or any of its 
components.
    3.2.3.3. A determination that a voting system, when fielded, 
will be operated in a manner that meets all HAVA requirements.
    3.2.3.4. A substitute for State or local certification and 
testing.
    3.2.3.5. A determination that the system is ready for use in an 
election.
    3.2.3.6. A determination that any particular component of a 
certified system is itself certified for use outside the certified 
configuration.
    3.3. Effect of the EAC Certification Program on Other National 
Certifications. Before the creation of the EAC Certification 
Program, national voting system qualification was conducted by a 
private membership organization, the National Association of

[[Page 76289]]

State Election Directors (NASED). NASED offered a qualification for 
voting systems for more than a decade, using standards issued by the 
Federal government. The EAC Certification Program does not repeal 
NASED-issued qualifications. All voting systems previously qualified 
under the NASED program retain their NASED qualification consistent 
with State law; however, a NASED-qualified voting system is not an 
EAC-certified system and is treated like an uncertified system for 
purposes of the EAC Certification Program.
    3.4. When Certification Is Required Under the Program. To obtain 
or maintain an EAC certification, Manufacturers must submit a voting 
system for testing and certification under this program. Such action 
is usually required for (1) new systems not previously tested to any 
standard; (2) existing systems not previously certified by the EAC; 
(3) previously certified systems that have been modified; (4) 
systems or technology specifically identified for retesting by the 
EAC; or (5) previously certified systems that the Manufacturer seeks 
to upgrade to a higher standard (e.g., a more recent version of the 
VVSG).
    3.4.1. New System Certification. For purposes of this Manual, 
new systems are defined as voting systems that have not been 
previously tested to applicable Federal standards. New voting 
systems must be fully tested and submitted to the EAC according to 
the requirements of Chapter 4 of this Manual.
    3.4.2. System Not Previously EAC Certified. This term describes 
any voting system not previously certified by the EAC, including 
systems previously tested and qualified by NASED or systems 
previously tested and denied certification by the EAC. Such systems 
must be fully tested and submitted to the EAC according to the 
requirements of Chapter 4 of this Manual.
    3.4.3. Modification. A modification is any change to a 
previously EAC-certified voting system's hardware, software, or 
firmware that is not a de minimis change. Any modification to a 
voting system will require testing and review by the EAC according 
to the requirements of Chapter 4 of this Manual.
    3.4.4. EAC Identified Systems. Manufacturers may be required to 
submit systems previously certified by the EAC for retesting. This 
may occur when the EAC determines that the original tests conducted 
on the voting system are now insufficient to demonstrate compliance 
with Federal standards in light of newly discovered threats or 
information.
    3.4.5. Certification Upgrade. This term defines any system 
previously certified by the EAC but submitted for additional testing 
and certification to a higher standard (e.g., to a newer version of 
the VVSG). Any such system must be tested to the new standards and 
submitted to the EAC per Chapter 4 of this Manual.
    3.5. De Minimis Changes. A de minimis change is a change to 
voting system hardware that is so minor in nature and effect that it 
requires no additional testing and certification. Such changes, 
however, require VSTL review and endorsement as well as EAC 
approval. Any proposed change not accepted as a de minimis change is 
a modification and shall be submitted for testing and review 
consistent with the requirements of this Manual. An approved de 
minimis change is not a modification.
    3.5.1. De Minimis Change--Defined. A de minimis change is a 
change to a certified voting system's hardware, the nature of which 
will not materially alter the system's reliability, functionality, 
capability, or operation. Software and firmware modifications are 
not de minimis changes. In order for a hardware change to qualify as 
a de minimis change, it must not only maintain, unaltered, the 
reliability, functionality, capability and operability of a system, 
it shall also ensure that when hardware is replaced, the original 
hardware and the replacement hardware are electronically and 
mechanically interchangeable and have identical functionality and 
tolerances. Under no circumstance shall a change be considered a de 
minimis change if it has reasonable and identifiable potential to 
impact the system's operation and compliance with applicable voting 
system standards.
    3.5.2. De Minimis Change--Procedure. Manufacturers who wish to 
implement a proposed de minimis change must submit it for VSTL 
review and endorsement and EAC approval. A proposed change is not a 
de minimis change and may not be implemented as such until it has 
been approved in writing by the EAC.
    3.5.2.1. VSTL Review. Manufacturers must submit any proposed de 
minimis change to an EAC VSTL for review and endorsement. The 
Manufacturer will provide the VSTL (1) a detailed description of the 
change; (2) a description of the facts giving rise to or 
necessitating the change; (3) the basis for its determination that 
the change will not alter the system's reliability, functionality, 
or operation; and (4) upon request of the VSTL, a sample voting 
system at issue or any relevant technical information needed to make 
the determination. The VSTL will review the proposed de minimis 
change and make an independent determination as to whether the 
change meets the definition of de minimis change or requires the 
voting system to go through additional testing as a system 
modification. If the VSTL determines that a de minimis change is 
appropriate, it shall endorse the proposed change as a de minimis 
change. If the VSTL determines that modification testing and 
certification should be performed, it shall reject the proposed 
change. Endorsed changes shall be forwarded to the EAC Program 
Director for final approval. Rejected changes shall be returned to 
the Manufacturer for resubmission as system modifications.
    3.5.2.2. VSTL Endorsed Changes. The VSTL shall forward to the 
EAC any change it has endorsed as de minimis. The VSTL shall forward 
its endorsement in a package that includes:
    3.5.2.2.1. The Manufacturer's initial description of the de 
minimis change, a narrative of facts giving rise to or necessitating 
the change, and the determination that the change will not alter the 
system's reliability, functionality, or operation.
    3.5.2.2.2. The written determination of the VSTL endorsement of 
the de minimis change. The endorsement document must explain why the 
VSTL, in its engineering judgment, determined that the proposed de 
minimis change met the definition in this section and otherwise does 
not require additional testing and certification.
    3.5.2.3. EAC Action. The EAC will review all proposed de minimis 
changes endorsed by the VSTL. The EAC has sole authority to 
determine whether any VSTL endorsed change constitutes a de minimis 
change under this section. The EAC will inform the Manufacturer and 
VSTL of its determination in writing.
    3.5.2.3.1. EAC approval. If the EAC approves the change as a de 
minimis change, it shall provide written notice to the Manufacturer 
and VSTL. The EAC will maintain copies of all approved de minimis 
changes and otherwise track such changes.
    3.5.2.3.2. EAC denial. If the EAC determines that a proposed de 
minimis change cannot be approved, it will inform the VSTL and 
Manufacturer of its decision. The proposed change will be considered 
a modification and require testing and certification consistent with 
this Manual.
    3.5.3. De Minimis Change--Effect of EAC Approval. EAC approval 
of a de minimis change permits the Manufacturer to implement the 
proposed change (as identified, endorsed, and approved) without 
additional modification testing and certification. Fielding an 
engineering change not approved by the EAC is a basis for system 
Decertification.
    3.6. Provisional, Pre-Election Emergency Modification. To deal 
with extraordinary pre-election emergency situations, the EAC has 
developed a special provisional modification process. This process 
is to be used only for the emergency situations indicated and only 
when there is a clear and compelling need for temporary relief until 
the regular certification process can be followed.
    3.6.1. Purpose. The purpose of this section is to allow a 
mechanism within the EAC Certification Program for Manufacturers to 
modify EAC-certified voting systems in emergency situations 
immediately before an election. This situation arises when a 
modification to a voting system is required and an election deadline 
is imminent, preventing the completion of the full certification 
process (and State and/or local testing process) in time for 
Election Day. In such situations the EAC may issue a waiver to the 
Manufacturer, granting it leave to make the modification without 
submission for modification testing and certification.
    3.6.2. General Requirements. A request for an emergency 
modification waiver may be made by a Manufacturer only in 
conjunction with the State election official whose jurisdiction(s) 
would be adversely affected if the requested modification were not 
implemented before Election Day. Requests must be submitted at least 
5 calendar days before an election. Only systems previously 
certified are eligible for such a waiver. To receive a waiver, a 
Manufacturer must demonstrate the following:
    3.6.2.1. The modification is functionally or legally required; 
that is, the system cannot be fielded in an election without the 
change.
    3.6.2.2. The voting system requiring modification is needed by 
State or local

[[Page 76290]]

election officials to conduct a pending Federal election.
    3.6.2.3. The voting system to be modified has previously been 
certified by the EAC.
    3.6.2.4. The modification cannot be tested by a VSTL and 
submitted to the EAC for certification, consistent with the 
procedural requirements of this Manual, at least 30 days before the 
pending Federal election.
    3.6.2.5. Relevant State law requires Federal certification of 
the requested modification.
    3.6.2.6. The Manufacturer has taken steps to ensure that the 
modification will properly function as designed, is suitably 
integrated with the system, and otherwise will not negatively affect 
system reliability, functionality, or accuracy.
    3.6.2.7. The Manufacturer (through a VSTL) has completed as much 
of the evaluation testing as possible for the modification and has 
provided the results of such testing to the EAC.
    3.6.2.8. The emergency modification is required and otherwise 
supported by the Chief State Election Official seeking to field the 
voting system in an impending Federal election.
    3.6.3. Request for Waiver. A Manufacturer's request for waiver 
shall be made in writing to the Decision Authority and shall include 
the following elements:
    3.6.3.1. A signed statement providing sufficient description, 
background, information, documentation, and other evidence necessary 
to demonstrate that the request for a waiver meets each of the eight 
requirements stated in Section 3.5.2 above.
    3.6.3.2. A signed statement from the Chief State Election 
Official requiring the emergency modification. This signed statement 
shall identify the pending election creating the emergency situation 
and attest that (1) the modification is required to field the 
system, (2) State law (citation) requires EAC action to field the 
system in an election, and (3) normal timelines required under the 
EAC Certification Program cannot be met.
    3.6.3.3. A signed statement from a VSTL that there is 
insufficient time to perform necessary testing and complete the 
certification process. The statement shall also state what testing 
the VSTL has performed on the modification to date, provide the 
results of such tests, and state the schedule for completion of 
testing.
    3.6.3.4. A detailed description of the modification, the need 
for the modification, how it was developed, how it addresses the 
need for which it was designed, its impact on the voting system, and 
how the modification will be fielded or implemented in a timely 
manner consistent with the Manufacturer's quality control program.
    3.6.3.5. All documentation of tests performed on the 
modification by the Manufacturer, a laboratory, or other third 
party.
    3.6.3.6. A stated agreement signed by the Manufacturer's 
representative agreeing to take the following action:
    3.6.3.6.1. Submit for testing and certification, consistent with 
Chapter 4 of this Manual, any voting system receiving a waiver under 
this section that has not already been submitted. This action shall 
be taken immediately.
    3.6.3.6.2. Abstain from representing the modified system as EAC 
certified. The modified system has not been certified; rather, the 
originally certified system has received a waiver providing the 
Manufacturer leave to modify it.
    3.6.3.6.3. Submit a report to the EAC regarding the performance 
of the modified voting system within 60 days of the Federal election 
that served as the basis for the waiver. This report shall (at a 
minimum) identify and describe any (1) performance failures, (2) 
technical failures, (3) security failures, and/or (4) accuracy 
problems.
    3.6.4. EAC Review. The EAC will re