RABET-V Final Pilot Summary and Next Steps

Testing non-voting election technology has received relatively little attention compared to that of voting systems. The latter has a robust voluntary program run by the Election Assistance Commission and, in many states, additional testing requirements and procedures. Non-voting election equipment, of which by some counts there are more than two dozen product categories, have no federal testing programs and, except for electronic pollbooks (ePollbooks), little or no formal testing programs at the state or local level. Even with ePollbooks, roughly 40% of states have no requirements or formal testing regime beside general requirements that apply to all information technology.

In 2019, the Center for Internet Security (CIS) sought to change that by developing a new approach to testing election technology that meets the needs of modern software design and development. Instead of employing a monolithic and lengthy approach to testing conducted after a system is fully developed or modified, Rapid Architecture-Based Election Technology Verification (RABET-V) uses an iterative, risk-based approach that supports rapid product changes by design.

CIS, from its many engagements with vendors, election officials, and other experts in the field, has high confidence that there is demand for RABET-V. The question is how to implement it properly. As such, this report will wrap up the pilot with an eye to the future as it begins the process of making RABET-V a permanent, operational interest within the election community.